Results 1 to 5 of 5
  1. #1
    Member
    Join Date
    Jun 2004
    Posts
    90
    Points
    5

    Cool Problems with firefox and Gmail

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 05/16/2013 at 08:15 AM

    Application Version : 5.6.1020

    Core Rules Database Version : 10407
    Trace Rules Database Version: 8219

    Scan type : Complete Scan
    Total Scan Time : 03:26:30

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 821
    Memory threats detected : 0
    Registry items scanned : 72096
    Registry threats detected : 0
    File items scanned : 298029
    File threats detected : 1

    Trojan.Agent/Gen-Crypt
    C:\USERS\LEANN\DESKTOP\WINDOWS STUFF\SMITFRAUDFIX\SMITFRAUDFIX\RESTART.EXE


    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.05.16.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16576
    Leann :: LEANN-PC [administrator]

    5/16/2013 8:29:47 AM
    mbam-log-2013-05-16 (08-29-47).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 743616
    Time elapsed: 1 hour(s), 49 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 10:51:19 AM, on 5/16/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16576)

    FIREFOX: 21.0 (en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\Greenshot\Greenshot.exe
    C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013\Planner\PLNRnote.exe
    C:\Program Files (x86)\jmesoft\hotkey.exe
    C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
    C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
    C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
    C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\Leann\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Updater For Verizon Toolbar - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
    O2 - BHO: Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
    O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
    O4 - HKLM\..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AddressBookReminderApp] C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013\ReminderApp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013\Planner\PLNRnote.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (file missing) (HKCU)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: OddLedSrv - Wistron Corporation - C:\Program Files (x86)\Lenovo\OddSrv\OddLedSrv.exe
    O23 - Service: OddSrv - Wistron Corporation - C:\Program Files (x86)\Lenovo\OddSrv\OddSrv.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12635 bytes


    OS: MS Windows 7 HP 64 bit
    Processor: IntelCore i7 CPU Q720 @1.60GHz
    Memory: 8GB 0 remaining DIMM slots
    HD Capacity: 906.34 GB FREE: 798.92 GB

    A couple of issues: in the past month my GMail account is suspected as hacked as it sent out 2 messages with a couple weeks of one another. I ran a scan of my system with the eset_smart security 5.2.9.1 which came up empty. I changed my password after the first hack. After the 2nd hack I am running the sweeps identified and posted above in addition to another scan with eset.

    Problems beyond the "hack" included atypical functioning of Firefox. I have had problems with GMail, page loading problems and needing to shut out of GMail, use CCleaner, and restart.

    I use Facebook and "some" games on Facebook (I know, I know) can not be accessed with Firefox at all. I get the whole page could not be loaded thing. I can access these same games as usual with Internet Explorer -- but I want Firefox back, I feel safer.

    I reset Firefox yesterday* and have the same problems with GMail and Facebook.

    I was able to quar. the Trojan agent discovered with SuperAntispyware Free edition.

    I am not certain if there are other steps I should take or if I should be all set. Thank you in advance for your support.

    Leann

    *CURRENT Firefox has almost all pages listed as from an untrusted source. If I choose to allow the page it does not come up formatted properly. To access my Gmail account for example, I get:

    This Connection is Untrusted



    You have asked Firefox to connect
    securely to www.google.com, but we can't confirm that your connection is secure.
    Normally, when you try to connect securely,
    sites will present trusted identification to prove that you are
    going to the right place. However, this site's identity can't be verified.



    What Should I Do?

    If you usually connect to
    this site without problems, this error could mean that someone is
    trying to impersonate the site, and you shouldn't continue.
    Last edited by lpmtnmvr; 05-16-2013 at 11:26 AM. Reason: additional information
    "Encourage one another and build one another up!"

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    please run the following tools and post their logs.

    1.
    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
    • Click the Delete button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[R1].txt.


    2.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Scan
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


    Things to include in your next reply::
    AdwCleaner log
    Roguekiller log
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. The Following User Says Thank You to fireman4it For This Useful Post:


  4. #3
    Member
    Join Date
    Jun 2004
    Posts
    90
    Points
    5

    Default

    # AdwCleaner v2.301 - Logfile created 05/21/2013 at 19:47:06
    # Updated 16/05/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Leann - LEANN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Leann\Downloads\adwcleaner.exe
    # Option [Search]


    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Leann [Admin rights]
    Mode : Scan -- Date : 05/21/2013 19:50:48
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [TASK][SUSP PATH] {E38E627B-B81A-48E3-94A9-5B5B31A95D6D} : C:\Users\Leann\AppData\Local\Amazon\Kindle\application\Kindle.exe [7] -> FOUND
    [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST31000528AS ATA Device +++++
    --- User ---
    [MBR] b7a93805edacc878812d7e7989399df2
    [BSP] 5cafccd8003e1a1148e9878e7482b0de : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 928093 Mo
    2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1900941312 | Size: 25675 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: HP Photosmart Premi USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_05212013_02d1950.txt >>
    RKreport[1]_S_05212013_02d1950.txt




    I selected delete for the checked items. It processed the request, but they are still there in red.

    I checked out Firefox just in case that might have done the trick, but I still get the same page error messages.

    OK my wise friend - what are my next steps. THANK YOU so very much for getting back to me!!

    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\eybwy3lx.default\searchplugins\Ask.xml
    Folder Found : C:\Program Files (x86)\verizontb
    Folder Found : C:\ProgramData\ParetoLogic
    Folder Found : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\eybwy3lx.default\verizontb
    Folder Found : C:\Users\Bill_2\AppData\Roaming\Mozilla\Firefox\Profiles\2mcyppk6.default\Smartbar
    Folder Found : C:\Users\Bill_2\AppData\Roaming\Mozilla\Firefox\Profiles\2mcyppk6.default\verizontb
    Folder Found : C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5lie9rkd.default\verizontb
    Folder Found : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xqx2owcm.default\verizontb
    Folder Found : C:\Users\Leann\AppData\LocalLow\verizontb
    Folder Found : C:\Users\Leann\AppData\Roaming\ParetoLogic

    ***** [Registry] *****

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96673559-E653-4CDC-8923-F89347A952C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8D96645-337C-419B-8792-B6C126145811}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96673559-E653-4CDC-8923-F89347A952C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96673559-E653-4CDC-8923-F89347A952C0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F8D96645-337C-419B-8792-B6C126145811}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96673559-E653-4CDC-8923-F89347A952C0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8D96645-337C-419B-8792-B6C126145811}
    Key Found : HKU\S-1-5-21-2606147088-3579770068-1141534751-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F8D96645-337C-419B-8792-B6C126145811}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16576

    [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.juno.com/search?action=minisearch&source=minisearch_cc
    [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.juno.com/search?action=minisearch&source=minisearch_cc
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.juno.com/search?action=minisearch&source=minisearch_cc&mn=0
    [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Par défaut)] = hxxp://search.juno.com/search?action=minisearch&source=minisearch_cc&mn=0

    -\\ Mozilla Firefox v21.0 (en-US)

    File : C:\Users\Leann\AppData\Roaming\Mozilla\Firefox\Profiles\r91rk5gb.default-1368643209530\prefs.js

    [OK] File is clean.

    File : C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5lie9rkd.default\prefs.js

    [OK] File is clean.

    File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\eybwy3lx.default\prefs.js

    [OK] File is clean.

    File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\xqx2owcm.default\prefs.js

    [OK] File is clean.

    File : C:\Users\Bill_2\AppData\Roaming\Mozilla\Firefox\Profiles\2mcyppk6.default\prefs.js

    Found : user_pref("CT3201318.1000082.isDisplayHidden", "true");
    Found : user_pref("CT3201318.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Found : user_pref("CT3201318.1000234.TWC_TMP_city", "BUFFALO");
    Found : user_pref("CT3201318.1000234.TWC_TMP_country", "US");
    Found : user_pref("CT3201318.1000234.TWC_locId", "USNY0181");
    Found : user_pref("CT3201318.1000234.TWC_location", "Buffalo, NY");
    Found : user_pref("CT3201318.1000234.TWC_region", "US");
    Found : user_pref("CT3201318.1000234.TWC_temp_dis", "f");
    Found : user_pref("CT3201318.1000234.TWC_wind_dis", "mph");
    Found : user_pref("CT3201318.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"48°F\",\"temperat[...]
    Found : user_pref("CT3201318.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3201318.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Found : user_pref("CT3201318.FirstTime", "true");
    Found : user_pref("CT3201318.FirstTimeFF3", "true");
    Found : user_pref("CT3201318.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT320[...]
    Found : user_pref("CT3201318.UserID", "UN44509271590004185");
    Found : user_pref("CT3201318.addressBarTakeOverEnabledInHidden", "true");
    Found : user_pref("CT3201318.browser.search.defaultthis.engineName", true);
    Found : user_pref("CT3201318.cbcountry_001", "VVM=");
    Found : user_pref("CT3201318.cbfirsttime", "TW9uIE9jdCAyMiAyMDEyIDAwOjU1OjAzIEdNVC0wNDAwIChFYXN0ZXJuIERheWxp[...]
    Found : user_pref("CT3201318.embeddedsData", "[{\"appId\":\"129768733323172459\",\"apiPermissions\":{\"cross[...]
    Found : user_pref("CT3201318.enableAlerts", "always");
    Found : user_pref("CT3201318.event_data", "JTVCJTVE");
    Found : user_pref("CT3201318.fired_events", "AA==");
    Found : user_pref("CT3201318.firstTimeDialogOpened", "true");
    Found : user_pref("CT3201318.fixPageNotFoundErrorInHidden", "true");
    Found : user_pref("CT3201318.fixUrls", true);
    Found : user_pref("CT3201318.installType", "Unknown");
    Found : user_pref("CT3201318.isCheckedStartAsHidden", true);
    Found : user_pref("CT3201318.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3201318.isFirstTimeToolbarLoading", "false");
    Found : user_pref("CT3201318.isNewTabEnabled", true);
    Found : user_pref("CT3201318.isPerformedSmartBarTransition", "true");
    Found : user_pref("CT3201318.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Found : user_pref("CT3201318.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Found : user_pref("CT3201318.key_date", "MjI=");
    Found : user_pref("CT3201318.keyword", true);
    Found : user_pref("CT3201318.migrateAppsAndComponents", true);
    Found : user_pref("CT3201318.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
    Found : user_pref("CT3201318.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
    Found : user_pref("CT3201318.search.searchAppId", "129768733323172459");
    Found : user_pref("CT3201318.search.searchCount", "0");
    Found : user_pref("CT3201318.searchInNewTabEnabledInHidden", "true");
    Found : user_pref("CT3201318.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3201318.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Found : user_pref("CT3201318.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
    Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Found : user_pref("CT3201318.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350881700879");
    Found : user_pref("CT3201318.serviceLayer_services_appsMetadata_lastUpdate", "1350881700893");
    Found : user_pref("CT3201318.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350881701973");
    Found : user_pref("CT3201318.serviceLayer_services_login_10.13.1.89_lastUpdate", "1350881740554");
    Found : user_pref("CT3201318.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13508[...]
    Found : user_pref("CT3201318.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13508[...]
    Found : user_pref("CT3201318.serviceLayer_services_optimizer_lastUpdate", "1350881701394");
    Found : user_pref("CT3201318.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350881702010");
    Found : user_pref("CT3201318.serviceLayer_services_searchAPI_lastUpdate", "1350881700688");
    Found : user_pref("CT3201318.serviceLayer_services_serviceMap_lastUpdate", "1350881700481");
    Found : user_pref("CT3201318.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350881701940");
    Found : user_pref("CT3201318.serviceLayer_services_toolbarSettings_lastUpdate", "1350881700627");
    Found : user_pref("CT3201318.serviceLayer_services_translation_lastUpdate", "1350881700903");
    Found : user_pref("CT3201318.settingsINI", true);
    Found : user_pref("CT3201318.smartbar.CTID", "CT3201318");
    Found : user_pref("CT3201318.smartbar.Uninstall", "0");
    Found : user_pref("CT3201318.smartbar.homepage", true);
    Found : user_pref("CT3201318.smartbar.toolbarName", "FLV Runner ");
    Found : user_pref("CT3201318.toolbarBornServerTime", "22-10-2012");
    Found : user_pref("CT3201318.toolbarCurrentServerTime", "22-10-2012");
    Found : user_pref("CT3201318_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=1[...]
    Found : user_pref("Smartbar.ConduitSearchEngineList", "FLV Runner Customized Web Search");
    Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318[...]
    Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3201318");
    Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&q=[...]

    *************************

    AdwCleaner[R1].txt - [10586 octets] - [21/05/2013 19:42:37]
    AdwCleaner[R2].txt - [10450 octets] - [21/05/2013 19:47:06]

    ########## EOF - C:\AdwCleaner[R2].txt - [10511 octets] ##########
    "Encourage one another and build one another up!"

  5. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Please run the tools again using these directions and post their logs.

    1.
    • Re-Run RogueKiller
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Delete
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



    2.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello.

    There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
    If you are the topic starter and need this topic reopened, send me a message.

    Everyone else, please begin a new topic.

    With Regards,
    fireman4it
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-