Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Need help restoring Firewall after downloading MyPoints tool bar

(In Progress)
(!)

fsumm's Avatar
fsumm fsumm is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
16-Aug-2012, 11:39 PM #16
Results of ESET scan:

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Documents and Settings\Fran\Application Data\Sun\Java\Deployment\cache\6.0\57\1b72f2f9-45448cdc Java/Exploit.CVE-2012-1723.AB trojan
C:\Documents and Settings\Fran\My Documents\Downloads\7zip_Setup.exe a variant of Win32/Adware.iBryte.C application
C:\Documents and Settings\Fran\My Documents\Downloads\setup(1).exe a variant of Win32/Kryptik.AHQA trojan
C:\Documents and Settings\Fran\My Documents\Downloads\setup(2).exe a variant of Win32/Kryptik.AHQA trojan
C:\Documents and Settings\Fran\My Documents\Downloads\setup.exe a variant of Win32/Kryptik.AHQA trojan
C:\Documents and Settings\Fran\My Documents\Downloads\signup-form.exe a variant of Win32/OpenInstall application
C:\Qoobox\Quarantine\C\Documents and Settings\Fran\lapqeteazore.exe.vir a variant of Win32/Kryptik.AJIK trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Fran\_lapqeteazore_.exe.zip a variant of Win32/Kryptik.AJIK trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Fran\Local Settings\Application Data\{79c5b42a-6f80-130f-a7b1-deaf4a560f7e}\n.vir Win32/Sirefef.EV trojan
C:\Qoobox\Quarantine\C\WINDOWS\Installer\{79c5b42a-6f80-130f-a7b1-deaf4a560f7e}\n.vir Win32/Sirefef.EV trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\40f4961a9b556c6e.sys.vir Win32/TrojanDownloader.Necurs.A trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_40f4961a9b556c6e_.sys.zip Win32/TrojanDownloader.Necurs.A trojan
C:\System Volume Information\_restore{66715DF3-A820-4045-B3DC-0E1217986A03}\RP5\A0000323.exe a variant of Win32/Kryptik.AJIK trojan
C:\System Volume Information\_restore{66715DF3-A820-4045-B3DC-0E1217986A03}\RP5\A0000324.sys Win32/TrojanDownloader.Necurs.A trojan
jimbo100's Avatar
jimbo100 jimbo100 is offline jimbo100 is a malware removal trainee.
jimbo100 has a Photo Album
Computer Specs
Malware Removal Trainee with 185 posts.
 
Join Date: Jul 2011
Location: United Kingdom
Experience: The learning never stops
19-Aug-2012, 05:00 PM #17
Hi. Sorry for the delay. We need to use Combofix to remove a few files.

Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code:
    ClearJavaCache::
    
    File::
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll
    C:\Documents and Settings\Fran\My Documents\Downloads\7zip_Setup.exe 
    C:\Documents and Settings\Fran\My Documents\Downloads\setup(1).exe
    C:\Documents and Settings\Fran\My Documents\Downloads\setup(2).exe
    C:\Documents and Settings\Fran\My Documents\Downloads\setup.exe
    C:\Documents and Settings\Fran\My Documents\Downloads\signup-form.exe
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
fsumm's Avatar
fsumm fsumm is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
20-Aug-2012, 01:49 PM #18
ComboFix 12-08-20.02 - Fran 08/20/2012 11:23:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.575 [GMT -6:00]
Running from: c:\documents and settings\Fran\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Fran\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll"
"c:\documents and settings\Fran\My Documents\Downloads\7zip_Setup.exe"
"c:\documents and settings\Fran\My Documents\Downloads\setup(1).exe"
"c:\documents and settings\Fran\My Documents\Downloads\setup(2).exe"
"c:\documents and settings\Fran\My Documents\Downloads\setup.exe"
"c:\documents and settings\Fran\My Documents\Downloads\signup-form.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Fran\My Documents\Downloads\7zip_Setup.exe
c:\documents and settings\Fran\My Documents\Downloads\setup(1).exe
c:\documents and settings\Fran\My Documents\Downloads\setup(2).exe
c:\documents and settings\Fran\My Documents\Downloads\setup.exe
c:\documents and settings\Fran\My Documents\Downloads\signup-form.exe
c:\windows\system32\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 16:43 . 2012-07-16 08:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B158B2DC-372A-4CB5-8D8E-7F343FEF7924}\mpengine.dll
2012-08-17 00:14 . 2012-08-17 00:14 -------- d-----w- c:\program files\ESET
2012-08-17 00:04 . 2012-07-16 08:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-03 14:25 . 2012-08-03 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-08-03 14:25 . 2012-08-03 14:25 -------- d-----w- c:\program files\Security Task Manager
2012-08-01 18:15 . 2012-08-01 18:15 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-01 17:30 . 2012-08-01 17:30 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-01 15:41 . 2012-08-01 17:14 -------- d-----w- c:\windows\system32\MpEngineStore
2012-08-01 14:54 . 2012-08-01 14:54 -------- d-----w- c:\documents and settings\Fran\Application Data\ElevatedDiagnostics
2012-08-01 14:25 . 2012-08-01 14:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 01:42 . 2011-12-15 17:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 01:42 . 2011-12-01 17:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-10 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 23:35 . 2011-11-30 15:58 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 04:32 . 2004-08-10 11:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 21:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19 . 2011-11-30 15:58 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 21:19 . 2011-11-30 15:58 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19 . 2011-11-30 15:58 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 21:19 . 2011-11-30 15:58 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 21:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 21:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 21:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:19 . 2011-11-30 15:58 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 21:19 . 2011-11-30 15:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 21:18 . 2011-12-01 15:27 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 21:18 . 2011-12-01 15:27 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 21:18 . 2011-12-01 15:27 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 18:25 . 2011-12-01 15:00 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-18 14:07 . 2011-12-01 17:17 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_16.28.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-20 16:32 . 2012-08-20 16:32 16384 c:\windows\Temp\Perflib_Perfdata_80c.dat
+ 2012-08-17 01:42 . 2012-08-17 01:42 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-08-17 00:42 . 2012-08-17 00:42 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-17 00:42 . 2012-08-17 00:42 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
+ 2011-12-15 17:28 . 2012-08-17 01:42 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2011-12-15 17:28 . 2012-08-03 15:42 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\JP2KLib.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\adobearm.exe
+ 2012-08-17 01:42 . 2012-08-17 01:42 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\AGM.dll
+ 2012-07-28 01:47 . 2012-07-28 01:47 13123584 c:\windows\Installer\1697d.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 03:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2011-12-1 106551]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2005-12-22 5513216]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [1/30/2012 11:50 PM 793048]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [12/1/2011 9:51 AM 472644]
S1 mkhbclcj;mkhbclcj;\??\c:\windows\system32\drivers\mkhbclcj.sys --> c:\windows\system32\drivers\mkhbclcj.sys [?]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/15/2011 11:28 AM 250056]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Fran\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Fran\LOCALS~1\Temp\CFcatchme.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 2:31 PM 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RSVP
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-15 01:42]
.
2012-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-08-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 23:03]
.
2012-08-17 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2012-01-31 21:06]
.
2012-08-17 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\PC Tools\PC Tools Registry Mechanic\Update.exe [2012-01-31 21:06]
.
2012-08-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-06-07 03:33]
.
2012-08-20 c:\windows\Tasks\User_Feed_Synchronization-{D788EB22-BD64-424F-B03D-4A6C0C682E5D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://espn.go.com/motion/detect.html
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\documents and settings\Fran\Application Data\Mozilla\Firefox\Profiles\y5ng535c.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-20 11:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-20 11:37:14
ComboFix-quarantined-files.txt 2012-08-20 17:37
ComboFix2.txt 2012-08-06 16:38
.
Pre-Run: 125,989,220,352 bytes free
Post-Run: 125,997,400,064 bytes free
.
- - End Of File - - 6F2F4E0DB7473244724C183D0A30B55E
fsumm's Avatar
fsumm fsumm is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
22-Aug-2012, 03:17 PM #19
I just want to make sure you got this last reply from me. I've been told by MyPoints.com how to remove the toolbar and I'm wondering if I should just try that as I'm desparate to get my PC back? I appreciate all you are doing but I'm under the gun I'm afraid. Thanks!
fsumm's Avatar
fsumm fsumm is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
25-Aug-2012, 04:03 PM #20
Lightbulb re sending my reply
Jimbo,

While digging on TechGuy.com for your direct contact info, I can see I didn't get your entire message last Sunday. Apparantly you also asked " Also please tell me if you are still being redirected after performing the above and the browser you are using"

I am not aware that I have reported being redirected - have I said that before or are you gathering I am cos of the info I have sent? I am using Firefox.

Today I've rerun the scan you asked for last Sunday and it's pasted below. PLEASE REPLY ASAP as I'm desparate to get this reolved. Thanks!!!

ComboFix 12-08-25.04 - Fran 08/25/2012 13:24:46.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.666 [GMT -6:00]
Running from: c:\documents and settings\Fran\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Fran\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
FILE ::
"c:\documents and settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll"
"c:\documents and settings\Fran\My Documents\Downloads\7zip_Setup.exe"
"c:\documents and settings\Fran\My Documents\Downloads\setup(1).exe"
"c:\documents and settings\Fran\My Documents\Downloads\setup(2).exe"
"c:\documents and settings\Fran\My Documents\Downloads\setup.exe"
"c:\documents and settings\Fran\My Documents\Downloads\signup-form.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
.
.
2012-08-25 19:10 . 2012-08-25 19:10 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF59A015-2A5A-4733-A407-540727046009}\MpKsld765d6ee.sys
2012-08-23 15:58 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF59A015-2A5A-4733-A407-540727046009}\mpengine.dll
2012-08-21 20:52 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-17 00:14 . 2012-08-17 00:14 -------- d-----w- c:\program files\ESET
2012-08-03 14:25 . 2012-08-03 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-08-03 14:25 . 2012-08-03 14:25 -------- d-----w- c:\program files\Security Task Manager
2012-08-01 18:15 . 2012-08-01 18:15 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-01 17:30 . 2012-08-01 17:30 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-01 15:41 . 2012-08-01 17:14 -------- d-----w- c:\windows\system32\MpEngineStore
2012-08-01 14:54 . 2012-08-01 14:54 -------- d-----w- c:\documents and settings\Fran\Application Data\ElevatedDiagnostics
2012-08-01 14:25 . 2012-08-01 14:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 01:42 . 2011-12-15 17:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 01:42 . 2011-12-01 17:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-10 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 23:35 . 2011-11-30 15:58 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 04:32 . 2004-08-10 11:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 21:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19 . 2011-11-30 15:58 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 21:19 . 2011-11-30 15:58 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19 . 2011-11-30 15:58 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 21:19 . 2011-11-30 15:58 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 21:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 21:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 21:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:19 . 2011-11-30 15:58 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 21:19 . 2011-11-30 15:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 21:18 . 2011-12-01 15:27 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 21:18 . 2011-12-01 15:27 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 21:18 . 2011-12-01 15:27 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-18 14:07 . 2011-12-01 17:17 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_16.28.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-25 18:24 . 2012-08-25 18:24 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat
- 2011-12-01 15:00 . 2012-05-31 18:25 237072 c:\windows\system32\MpSigStub.exe
+ 2011-12-01 15:00 . 2012-01-31 12:44 237072 c:\windows\system32\MpSigStub.exe
+ 2012-08-17 01:42 . 2012-08-17 01:42 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-08-17 00:42 . 2012-08-17 00:42 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-17 00:42 . 2012-08-17 00:42 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
- 2011-12-15 17:28 . 2012-08-03 15:42 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-12-15 17:28 . 2012-08-17 01:42 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\JP2KLib.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\adobearm.exe
+ 2012-08-17 01:42 . 2012-08-17 01:42 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\AGM.dll
+ 2012-07-28 01:47 . 2012-07-28 01:47 13123584 c:\windows\Installer\1697d.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 03:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2011-12-1 106551]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2005-12-22 5513216]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 MpKsld765d6ee;MpKsld765d6ee;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF59A015-2A5A-4733-A407-540727046009}\MpKsld765d6ee.sys [8/25/2012 1:10 PM 29904]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [1/30/2012 11:50 PM 793048]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [12/1/2011 9:51 AM 472644]
S1 mkhbclcj;mkhbclcj;\??\c:\windows\system32\drivers\mkhbclcj.sys --> c:\windows\system32\drivers\mkhbclcj.sys [?]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/15/2011 11:28 AM 250056]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Fran\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Fran\LOCALS~1\Temp\CFcatchme.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 2:31 PM 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLD765D6EE
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-15 01:42]
.
2012-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-08-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 23:03]
.
2012-08-24 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2012-01-31 21:06]
.
2012-08-24 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\PC Tools\PC Tools Registry Mechanic\Update.exe [2012-01-31 21:06]
.
2012-08-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-06-07 03:33]
.
2012-08-25 c:\windows\Tasks\User_Feed_Synchronization-{D788EB22-BD64-424F-B03D-4A6C0C682E5D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://espn.go.com/motion/detect.html
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\documents and settings\Fran\Application Data\Mozilla\Firefox\Profiles\y5ng535c.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-25 13:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\WININET.dll
c:\windows\system32\hcwhook.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-08-25 13:39:21
ComboFix-quarantined-files.txt 2012-08-25 19:39
ComboFix2.txt 2012-08-20 17:37
ComboFix3.txt 2012-08-06 16:38
.
Pre-Run: 125,934,641,152 bytes free
Post-Run: 125,929,930,752 bytes free
.
- - End Of File - - 037BE2CBA188F9407360A068D5970226
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
25-Aug-2012, 04:30 PM #21
Hi,

My name is Jeff. I will be taking over for Jimbo while he is gone. Let me look this over briefly and I will return shortly.
fsumm's Avatar
fsumm fsumm is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
25-Aug-2012, 04:44 PM #22
Awesome!! Thank you and it's great to see you are in the US too - Jimbo is in the UK
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,004 posts.
 
Join Date: Aug 2003
25-Aug-2012, 04:46 PM #23
Fsumm,

Jeff has graciously offered to take over but would you mind waiting a bit longer? jimbo100 has had to wait for his post to be approved but I'm sure he will be along to continue this with you by the end of the day or tomorrow at the latest.
__________________
Microsoft MVP - Consumer Security
fsumm's Avatar
fsumm fsumm is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
25-Aug-2012, 04:50 PM #24
I'm just grateful that you guys are so vigilent. Hopefully we can move forward quickly and maybe even have this solved today? It's been a long process and I really appreciate Jimbo's diligence.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,004 posts.
 
Join Date: Aug 2003
25-Aug-2012, 05:55 PM #25
Thanks for your patience.
jimbo100's Avatar
jimbo100 jimbo100 is offline jimbo100 is a malware removal trainee.
jimbo100 has a Photo Album
Computer Specs
Malware Removal Trainee with 185 posts.
 
Join Date: Jul 2011
Location: United Kingdom
Experience: The learning never stops
25-Aug-2012, 11:28 PM #26
Hi there. Can you please remove the following program(s) as they are known to be linked with third party applications that produce unwanted adverts and are not trustworthy.

Uninstall Program(s) using Add or Remove Programs
  • Click "start" on the taskbar and then click on the "Control Panel" icon.
  • Please doubleclick the "Add or Remove Programs" icon
  • A list of programs installed will be "populated" this may take a bit of time.
  • If they exist, uninstall the following by clicking on the following entries and selecting "remove":
    Ask toolbar
    (or anything ask related)
Additional instructions can be found here

Next:
Update Java

It is critical to have the latest version of Java installed, because older versions are a security risk that malware often exploits.
  • To get the latest version of Java please go here.
  • Please select "Agree and Start Free Download".
  • Once downloaded please follow the on screen wizard to install it.
  • When installed, please go to Start -> Control Panel -> Add or Remove Ppograms.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there:
    Select any found and choose remove.

Could you please post me the link you were looking at for the removal of MyPoints. What other issues are you having other than MyPoints? Is it now possible to enable Microsoft Security Essentials real time protection? Please post the issues you are having so we can tackle them and wrap up this thread. By the way, which browser are you using most of the time?

Thanks
fsumm's Avatar
fsumm fsumm is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
26-Aug-2012, 10:28 AM #27
I followed the program removal instructions and could not remove all references to the Ask tool bar. Here what I got:
The error message was "The feature you are trying to us in on a network resource that is
unavailable.

Click OK to try again or enter an alternative path to folder containing the installation package "Ask Toolbar.msi" in the box below

(This is what's in the box now):


C:\DOCUME~1\Fran\LOCALS~1\Temp\{948AD5B9-A013-40DF-87B6-B77518DA4298}\


Then I installed Java w/o a problem and I am able to turn on the firewall in MS Security now so that's huge progress thanks!!


Here's what I got from MyPoints:
How do I uninstall the MyPoints toolbar?

To uninstall the MyPoints toolbar from your Internet Explorer or Firefox browser you have two options. You can either:
  • From the toolbar logo dropdown, choose "Uninstall"
or
  • Open your computer's Control Panel then select "Add or Remove Programs."
  • Find MyPoints in the list of installed applications and click on it.
  • Click on the "Change/Remove" button.
jimbo100's Avatar
jimbo100 jimbo100 is offline jimbo100 is a malware removal trainee.
jimbo100 has a Photo Album
Computer Specs
Malware Removal Trainee with 185 posts.
 
Join Date: Jul 2011
Location: United Kingdom
Experience: The learning never stops
27-Aug-2012, 02:27 PM #28
Hey there.

Let's run a tool that will deal with the ask toolbar.

Please download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
fsumm's Avatar
fsumm fsumm is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
28-Aug-2012, 08:22 AM #29
Thanks, Jimbo. I'm SO GRATEFUL fir thew help from you guys

Here's the log I got from AdwCleaner:


# AdwCleaner v1.801 - Logfile created 08/28/2012 at 06:19:58
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Fran - FRAN-A706F34BFF
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Fran\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Fran\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Fran\Application Data\Mozilla\Firefox\Profiles\y5ng535c.default\FCTB
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Wajam
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Documents and Settings\Fran\Application Data\Mozilla\Firefox\Profiles\y5ng535c.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\Fran\Application Data\Mozilla\Firefox\Profiles\y5ng535c.default\searchplugins\web-search.xml
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Fran\Application Data\Mozilla\Firefox\Profiles\y5ng535c.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Web Search");
Found : user_pref("extensions.asktb.abar-war-timeout", "4000");
Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Found : user_pref("extensions.asktb.cbid", "TV");
Found : user_pref("extensions.asktb.config-updated", false);
Found : user_pref("extensions.asktb.crumb", "2012.04.02+10.22.31-toolbar020iad-US-RGVudmVyLENPLFVuaXRlZCBTdG[...]
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Found : user_pref("extensions.asktb.displaybehavior", "");
Found : user_pref("extensions.asktb.displaytext", "");
Found : user_pref("extensions.asktb.dtid", "YYYYYYYYUS");
Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USCO0105");
Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1334252502946");
Found : user_pref("extensions.asktb.last-search-timestamp", "1335217323052");
Found : user_pref("extensions.asktb.last-v", "3.14.1.100009");
Found : user_pref("extensions.asktb.locale", "en_US");
Found : user_pref("extensions.asktb.location", "Denver,CO,United States");
Found : user_pref("extensions.asktb.lstation", "");
Found : user_pref("extensions.asktb.news-native-on", true);
Found : user_pref("extensions.asktb.o", "100000031");
Found : user_pref("extensions.asktb.pstate", "");
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.search-history-queries", "tj maxx locations||map of denver colorado||lip[...]
Found : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.socialmini-first", true);
Found : user_pref("extensions.asktb.socialmini-interval", "1200000");
Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Found : user_pref("extensions.asktb.socialmini-max-items", "30");
Found : user_pref("extensions.asktb.socialmini-native-on", true);
Found : user_pref("extensions.asktb.socialmini-speed", "10000");
Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Found : user_pref("extensions.asktb.to", "");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.2799403.KeywordHistory ", "rockies%2520baseball%[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.AutoSearchEventData", "auto%20search");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.ClearCacheDate", 28);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.DNSCatch", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.DisplayEULA", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.FirstLaunchShown", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.LoadLayoutDate.60497", 28);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.MailLastCheckTime", 1346155008);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.NewTabSearchEventData" , "tab%20search");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.RemoveAllData", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.ShowRecommendedOptions ", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.StateReportDate", "1345989521955");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.TopRightSearchEventDat a", "top%20right%20search[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.api.settings.fctoolbar 51ef49d2624b41948b971c468[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.beforeInstallSaved", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.beforeinstall.homepage ", "data%3Atext/plain%2Cb[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.beforeinstall.search", "Ask.com");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.customNewTab", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.helpUsImprove", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.hideOthers", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.processAddrBar", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.remove_search", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.restoreSearch", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.searchHistory", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.showFirstLaunchOptions ", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.tb_lang", "en");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.tool_id", "60497");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_id", "80009403");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_key", "e65262202fa84c6118bf99eb95052bcaeba[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_layouts", "60497");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_lnames", "MyPoints%20Point%20Finder");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.yahooSearch", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.AutoSearchEventData", "auto%20search");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.ClearCacheDate", 28);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DNSCatch", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DisplayEULA", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.EBOMode", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.FirstLaunchShown", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.InstallDomain", "freecause.com");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.InstallType", "standard");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.LoadLayoutDate.100815" , 28);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.NewTabSearchEventData" , "tab%20search");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.ShowRecommendedOptions ", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.StateReportDate", "1345989521827");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.TopRightSearchEventDat a", "top%20right%20search[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeInstallSaved", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstall.homepage ", "data%3Atext/plain%2Cb[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstall.search", "Ask.com");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.customNewTab", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.helpUsImprove", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.hideOthers", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.partnerauth", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.processAddrBar", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.restoreSearch", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.runcmd.", "bb_acct_status_1346155008");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.searchHistory", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.session", "A8F540AEB15ACBCA8930AC6D6AF24F82B66B[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.showFirstLaunchOptions ", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.tb_lang", "en");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.tool_id", "100815");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_id", "108957468");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_key", "fc9baaed1cb6c299ad778ac7cf120827873[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_layouts", "100815");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_lnames", "fcreward.100815.b");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.yahooSearch", true);

-\\ Google Chrome v17.0.963.6

File : C:\Documents and Settings\Fran\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R2].txt - [13932 octets] - [28/08/2012 06:19:58]

########## EOF - C:\AdwCleaner[R2].txt - [14061 octets] ##########
jimbo100's Avatar
jimbo100 jimbo100 is offline jimbo100 is a malware removal trainee.
jimbo100 has a Photo Album
Computer Specs
Malware Removal Trainee with 185 posts.
 
Join Date: Jul 2011
Location: United Kingdom
Experience: The learning never stops
29-Aug-2012, 11:37 AM #30
Hi, can you please run the program again and press Delete. The last time you run the program, you pressed search.

Thanks.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑