WiredWX Hobby Weather ToolsLog in

 


descriptionCant get rid of Adware and computer running slow EmptyCant get rid of Adware and computer running slow

more_horiz
# AdwCleaner v3.006 - Report created 07/10/2013 at 08:06:23
# Updated 01/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Joann - JOANN-75FB9FE48
# Running from : C:\Documents and Settings\Joann\My Documents\Downloads\adwcleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\DOCUME~1\Joann\LOCALS~1\Temp\Uninstall.exe
File Found : C:\Documents and Settings\Joann\Application Data\Mozilla\Firefox\Profiles\e7hq3gpj.default\searchplugins\Conduit.xml
File Found : C:\END
Folder Found : C:\Documents and Settings\Joann\Application Data\Mozilla\Firefox\Profiles\e7hq3gpj.default\Extensions\{5a94bc06-d1eb-4c2b-bad7-58f33ca4b85c}
Folder Found C:\DOCUME~1\Joann\LOCALS~1\Temp\CT3302999
Folder Found C:\Documents and Settings\Joann\Application Data\Mozilla\Firefox\Profiles\e7hq3gpj.default\CT3302999
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\SaltarSmart

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\SaltarSmart
Key Found : HKCU\Software\smartbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\InstalledThirdPartyPrograms
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SaltarSmart
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Joann\Application Data\Mozilla\Firefox\Profiles\e7hq3gpj.default\prefs.js ]

Line Found : user_pref("extensions.crossrider.bic", "1418b3c7163b11b87479041f19438019");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Joann\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5199 octets] - [07/10/2013 08:06:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5259 octets] ##########



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.07.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Joann :: JOANN-75FB9FE48 [administrator]

10/7/2013 8:12:04 AM
mbam-log-2013-10-07 (08-12-04).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 362746
Time elapsed: 1 hour(s), 6 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\Software\SaltarSmart (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SaltarSmart (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 37
C:\Documents and Settings\All Users\Application Data\COMODO\Cis\Quarantine\data\{63BF4680-4815-4E8C-8D4C-4398B6C65CD4} (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\COMODO\Cis\Quarantine\data\{69780595-1D95-4651-ADBF-0E818ACB85D3} (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\COMODO\Cis\Quarantine\data\{FF887EEA-E4F2-4029-A540-4553EC5DEEC6} (PUP.Optional.IBryte.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\so7hpn3x.exe.part (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\Zku2mHQj.exe.part (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ZONb3yU4.exe.part (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\Browser_Update.exe\6c68e48be3d3439cb7c289b7c110033c\Browser_Update.exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\Browser_Update.exe\6c68e48be3d3439cb7c289b7c110033c\7\Browser_Update.exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\Browser_Update.exe\6c68e48be3d3439cb7c289b7c110033c\7\setup__120.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\Browser_Update.exe\6c68e48be3d3439cb7c289b7c110033c\7\software\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\Browser_Update.exe\6c68e48be3d3439cb7c289b7c110033c\7\software\SaltarSmart_tg.exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temporary Internet Files\Content.IE5\25XXNYL4\Allyrics_1060-2062_v122[1].exe (PUP.Optional.Adtool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temporary Internet Files\Content.IE5\A02J961J\Setup[1].exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temporary Internet Files\Content.IE5\A02J961J\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temporary Internet Files\Content.IE5\GJ63UC9U\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temporary Internet Files\Content.IE5\T69SJNQ6\stublogic[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\My Documents\Downloads\Browser_Update.exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\My Documents\samsung\Kies\Backup\SGH-I317M\SGH-I317M\SGH-I317M_\AUTOBACKUP\Others\Download\SoftonicDownloader_for_samsung-kies-1.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\My Documents\samsung\Kies\Backup\SGH-I317M\SGH-I317M\SGH-I317M_\AUTOBACKUP\Others\Download\SoftonicDownloader_for_samsung-kies.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\My Documents\samsung\Kies\Backup\SGH-I317M\SGH-I317M\SGH-I317M_\SGH-I317M_20130425062721\Others\Download\SoftonicDownloader_for_samsung-kies-1.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\My Documents\samsung\Kies\Backup\SGH-I317M\SGH-I317M\SGH-I317M_\SGH-I317M_20130425062721\Others\Download\SoftonicDownloader_for_samsung-kies.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Program Files\SaltarSmart\SaltarSmartBHO.dll (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1409082233-515967899-725345543-1003\Dc115.exe (PUP.Soft32Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C244F27-C8D4-470C-A32C-FAB48B1041E5}\RP1157\A0338557.exe (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C244F27-C8D4-470C-A32C-FAB48B1041E5}\RP1157\A0338558.exe (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C244F27-C8D4-470C-A32C-FAB48B1041E5}\RP1157\A0338560.exe (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\CT3302999.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joann\Local Settings\Temp\ct3302999\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)


Last edited by AngelsElf on 7th October 2013, 1:28 pm; edited 1 time in total (Reason for editing : Additional information)

descriptionCant get rid of Adware and computer running slow EmptyRe: Cant get rid of Adware and computer running slow

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:

  • Please close all open programs and internet browsers.

  • Double click on adwcleaner.exe to run the tool.

  • Click on Delete.

  • Confirm each time with OK

  • Your computer will be rebooted automatically. A text file will open after the restart.

  • Please post the content of that logfile in your reply.

  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.


*********************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum