Virus badly infected
Solved/Closed
verns87
Ambucias
- Posts
- 7
- Registration date
- Friday December 23, 2011
- Status
- Member
- Last seen
- January 5, 2012
Ambucias
- Posts
- 47366
- Registration date
- Monday February 1, 2010
- Status
- Moderator
- Last seen
- September 1, 2021
Related:
- The main idm executive file is damaged it's possible that it was infected with a virus
- The main idm executive file is damaged - Best answers
- Idm executive file is damaged fix - Best answers
- About Internet Download Manager ✓ - Forum - Viruses/Security
- The main idm executive file is damaged it's possible that it was infected with a virus แก้ยังไง - Forum - Viruses/Security
- The main idm executive file is damaged ✓ - Forum - Recovery software
- How to dl the idm - Forum - Downloading
- The file is damaged and could not be repaired illustrator ✓ - Forum - Office Software
13 replies
Ambucias
Jan 3, 2012 at 05:57 AM
- Posts
- 47366
- Registration date
- Monday February 1, 2010
- Status
- Moderator
- Last seen
- September 1, 2021
Jan 3, 2012 at 05:57 AM
Hello Vern
I thought that you had thrown in the towel.
System restoration was an excellent idea!
A sluggish system is much easier to fix than the problem you had before, only be able to boot in safe mode.
Did you flush the contents of the prefetch folder as I had asked you? If not, please do so. (As I recall, it contained over 50 infected files)
Do you wish to send me another ZHP Diag log to see what is in there now?
I thought that you had thrown in the towel.
System restoration was an excellent idea!
A sluggish system is much easier to fix than the problem you had before, only be able to boot in safe mode.
Did you flush the contents of the prefetch folder as I had asked you? If not, please do so. (As I recall, it contained over 50 infected files)
Do you wish to send me another ZHP Diag log to see what is in there now?
verns87
Jan 3, 2012 at 07:41 AM
- Posts
- 7
- Registration date
- Friday December 23, 2011
- Status
- Member
- Last seen
- January 5, 2012
Jan 3, 2012 at 07:41 AM
I forget...what is the prefetch folder?
Here is a new log.
http://speedy.sh/pjsn8/ZHPDiag.txt
Here is a new log.
http://speedy.sh/pjsn8/ZHPDiag.txt
Ambucias
Jan 3, 2012 at 04:26 PM
- Posts
- 47366
- Registration date
- Monday February 1, 2010
- Status
- Moderator
- Last seen
- September 1, 2021
Jan 3, 2012 at 04:26 PM
You are (I mean your system) still infected with adware, rogue etc.
The rollback to a previous date reinstalled Spybot and installed Tea Timer which will certainly come in conflict with you main Antivirus and chew on your ram and make your system sluggish. One antivirus scanning engine is quite sufficient. The same goes for Avast. If you paid for Malwarebyte, I suggest you keep only that one.
1. Open Explorer and in the left pane, go down to Windows and search for a folder called "prefetch". Click on that folder. All that you see in the right pane is malware. Select all files and delete them.
2. Empty your recycle bin.
I am not sure that you are sending me a updated log.
Please remove all of ZHP Diag using the add/remove program utility. Redownload ZHP Diag and send me a brand spanking new log.
While you in the add/remove program utility, you may remove the extra antivirus programs you have.
Catch you tomorrow morning 5AM Illinois time.
The rollback to a previous date reinstalled Spybot and installed Tea Timer which will certainly come in conflict with you main Antivirus and chew on your ram and make your system sluggish. One antivirus scanning engine is quite sufficient. The same goes for Avast. If you paid for Malwarebyte, I suggest you keep only that one.
1. Open Explorer and in the left pane, go down to Windows and search for a folder called "prefetch". Click on that folder. All that you see in the right pane is malware. Select all files and delete them.
2. Empty your recycle bin.
I am not sure that you are sending me a updated log.
Please remove all of ZHP Diag using the add/remove program utility. Redownload ZHP Diag and send me a brand spanking new log.
While you in the add/remove program utility, you may remove the extra antivirus programs you have.
Catch you tomorrow morning 5AM Illinois time.
verns87
Jan 3, 2012 at 05:32 PM
- Posts
- 7
- Registration date
- Friday December 23, 2011
- Status
- Member
- Last seen
- January 5, 2012
Jan 3, 2012 at 05:32 PM
Ok, I deleted the contents of the prefetch folder...as well as any other antivirus program, other than MBAM (I did not pay for MBAM), but I went ahead and deleted Avast for now, just in case it was a cause of the problem. I then uninstalled and then re-downloaded ZHP and here is a new log.
http://speedy.sh/bmM4U/ZHPDiag.txt
http://speedy.sh/bmM4U/ZHPDiag.txt
Didn't find the answer you are looking for?
Ask a question
verns87
Jan 3, 2012 at 05:39 PM
- Posts
- 7
- Registration date
- Friday December 23, 2011
- Status
- Member
- Last seen
- January 5, 2012
Jan 3, 2012 at 05:39 PM
Success!!!
I restarted in normal mode and after starting up a bit slow everything is working. I am currently running MBAM again and will then just wait to see what you have to say before I restart to see if it works again (not sure if this might be a one time thing or not). But something must have done it...whether it was the prefetch, or deleting AVAST or whatever. I am sure it is far from free of virus/malware but it's a start!
I restarted in normal mode and after starting up a bit slow everything is working. I am currently running MBAM again and will then just wait to see what you have to say before I restart to see if it works again (not sure if this might be a one time thing or not). But something must have done it...whether it was the prefetch, or deleting AVAST or whatever. I am sure it is far from free of virus/malware but it's a start!
Ambucias
Jan 4, 2012 at 04:38 AM
- Posts
- 47366
- Registration date
- Monday February 1, 2010
- Status
- Moderator
- Last seen
- September 1, 2021
Jan 4, 2012 at 04:38 AM
Hi Success, so far yes, but not for long.
The log shows multiple infections including a rogue and a Trojan Horse called Tracur.
Let me know what MBAM found and deleted.
We will see after and we will use ZHP Fix.
The log shows multiple infections including a rogue and a Trojan Horse called Tracur.
Let me know what MBAM found and deleted.
We will see after and we will use ZHP Fix.
verns87
Jan 4, 2012 at 07:00 AM
- Posts
- 7
- Registration date
- Friday December 23, 2011
- Status
- Member
- Last seen
- January 5, 2012
Jan 4, 2012 at 07:00 AM
MBAM didn't find anything.
Ambucias
Jan 4, 2012 at 04:16 PM
- Posts
- 47366
- Registration date
- Monday February 1, 2010
- Status
- Moderator
- Last seen
- September 1, 2021
Jan 4, 2012 at 04:16 PM
On your desktop, click on ZHP Fix.
Once it's open, click on the big H (which means Hospital Help)
1. Copy the following and paste in the main screen.
2. Click on Go
3. Close ZHP Fix
4. Send me a new log but please make sure, before you generate a new log that all previous logs have been deleted from your system.
Here is what to copy and paste
M3 - MFPP: Plugins - [Tyler] -- C:\Program Files\Mozilla FireFox\searchplugins\bing-zugo.xml[HKCU\Software\Ask.com] [HKCU\Software\AskToolbar]
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\DOCUME~1\Tyler\LOCALS~1\Temp\0.9308806720922289.exe (.not file.)
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.AboutPrivacyUrl", "http://www.conduit.com");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.CTID", "CT2720081")
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.CurrentServerDate", "18-9-2010
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.DialogsAlignMode", "LTR");)
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.DownloadReferralCookieData",
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.EMailNotifierPollDate", "Sat Sep 18 2010 12:04:34 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedLastCount129248891425073064", 80);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedPollDate129225116238185771", "Sat Sep 18 2010 11:57:25 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedPollDate129225147492879732", "Sat Sep 18 2010 11:57:25 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedPollDate129245643951202078", "Sat Sep 18 2010 11:57:25 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedPollDate129245643951202084", "Sat Sep 18 2010 11:57:25 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedTTL129225116238185771", 40);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedTTL129225147492879732", 40);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedTTL129245643951202078", 40);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedTTL129245643951202084", 40);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FirstServerDate", "18-9-2010");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FirstTime", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FirstTimeFF3", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FirstTimeSettingsDone", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FixPageNotFoundErrors", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.GroupingServerCheckInterval", 1440);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.GroupingServiceUrl", "http://grouping.services.conduit.com/");O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.Initialize", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.InitializeCommonPrefs", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.InstallationAndCookieDataSentCount", 1);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.InstallationType", "UnknownIntegration");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.InstalledDate", "Sat Sep 18 2010 11:57:24 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.InvalidateCache", false);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.IsGrouping", false);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.IsMulticommunity", false);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.IsOpenThankYouPage", false);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.IsOpenUninstallPage", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.LanguagePackLastCheckTime", "Sat Sep 18 2010 11:57:26 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.LanguagePackReloadIntervalMM", 1440);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.LastLogin_2.7.2.0", "Sat Sep 18 2010 11:57:25 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.LatestVersion", "2.7.2.0");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.Locale", "en");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.LoginCache", 4);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.MCDetectTooltipHeight", "83");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.MCDetectTooltipWidth", "295");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioIsPodcast", false);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioLastCheckTime", "Sat Sep 18 2010 11:57:27 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioLastUpdateIPServer", "3");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioLastUpdateServer", "129248947734170000"); =>
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioMediaID", "21079850");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioMediaType", "Media Player");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioMenuSelectedID", "EBRadioMenu_CT272008121079850"); O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioStationName", "AHL%20-%20Grand%20Rapids%20Griffins");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioStationURL", "http://cdncon.wm.llnwd.net/cdncon_neulion1_ahl_griffins?eid=2037&pid=2037&gid=101]]");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SearchInNewTabEnabled", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SearchInNewTabIntervalMM", 1440);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SearchInNewTabLastCheckTime", "Sat Sep 18 2010 11:57:26 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SettingsLastCheckTime", "Sat Sep 18 2010 11:57:24 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SettingsLastUpdate", "1284635544");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.ThirdPartyComponentsInterval", 504);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.ThirdPartyComponentsLastCheck", "Sat Sep 18 2010 11:57:23 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.ThirdPartyComponentsLastUpdate", "1246790578");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.UserID", "UN63401295221016158");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.WeatherNetwork", "");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.WeatherPollDate", "Sat Sep 18 2010 11:57:26 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.WeatherUnit", "F");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.alertChannelId", "1112366");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.clientLogIsEnabled", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.myStuffEnabled", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.myStuffPublihserMinWidth", 400);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.ToolbarsList", "CT2720081"); => Infection BT (Possible)
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.ToolbarsList2", "CT2720081");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Sep 18 2010 11:57:26 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Sat Sep 18 2010 11:57:27 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.twitter.user_2557521.LastCheckTime", "Sat Sep 18 2010 11:57:27 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Sat Sep 18 2010 11:57:27 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Sat Sep 18 2010 11:57:27 GMT-0500 (Central Daylight Time)");
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (Adware.MyWebSearch)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF]
SS - | Demand 1/3/2012 6144 | (MEMSWEEP2) . (.Sophos Plc.) - C:\WINDOWS\system32\3.tmp
Once it's open, click on the big H (which means Hospital Help)
1. Copy the following and paste in the main screen.
2. Click on Go
3. Close ZHP Fix
4. Send me a new log but please make sure, before you generate a new log that all previous logs have been deleted from your system.
Here is what to copy and paste
M3 - MFPP: Plugins - [Tyler] -- C:\Program Files\Mozilla FireFox\searchplugins\bing-zugo.xml[HKCU\Software\Ask.com] [HKCU\Software\AskToolbar]
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\DOCUME~1\Tyler\LOCALS~1\Temp\0.9308806720922289.exe (.not file.)
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.AboutPrivacyUrl", "http://www.conduit.com");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.CTID", "CT2720081")
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.CurrentServerDate", "18-9-2010
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.DialogsAlignMode", "LTR");)
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.DownloadReferralCookieData",
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.EMailNotifierPollDate", "Sat Sep 18 2010 12:04:34 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedLastCount129248891425073064", 80);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedPollDate129225116238185771", "Sat Sep 18 2010 11:57:25 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedPollDate129225147492879732", "Sat Sep 18 2010 11:57:25 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedPollDate129245643951202078", "Sat Sep 18 2010 11:57:25 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedPollDate129245643951202084", "Sat Sep 18 2010 11:57:25 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedTTL129225116238185771", 40);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedTTL129225147492879732", 40);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedTTL129245643951202078", 40);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FeedTTL129245643951202084", 40);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FirstServerDate", "18-9-2010");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FirstTime", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FirstTimeFF3", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FirstTimeSettingsDone", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.FixPageNotFoundErrors", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.GroupingServerCheckInterval", 1440);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.GroupingServiceUrl", "http://grouping.services.conduit.com/");O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.Initialize", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.InitializeCommonPrefs", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.InstallationAndCookieDataSentCount", 1);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.InstallationType", "UnknownIntegration");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.InstalledDate", "Sat Sep 18 2010 11:57:24 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.InvalidateCache", false);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.IsGrouping", false);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.IsMulticommunity", false);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.IsOpenThankYouPage", false);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.IsOpenUninstallPage", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.LanguagePackLastCheckTime", "Sat Sep 18 2010 11:57:26 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.LanguagePackReloadIntervalMM", 1440);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.LastLogin_2.7.2.0", "Sat Sep 18 2010 11:57:25 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.LatestVersion", "2.7.2.0");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.Locale", "en");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.LoginCache", 4);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.MCDetectTooltipHeight", "83");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.MCDetectTooltipWidth", "295");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioIsPodcast", false);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioLastCheckTime", "Sat Sep 18 2010 11:57:27 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioLastUpdateIPServer", "3");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioLastUpdateServer", "129248947734170000"); =>
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioMediaID", "21079850");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioMediaType", "Media Player");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioMenuSelectedID", "EBRadioMenu_CT272008121079850"); O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioStationName", "AHL%20-%20Grand%20Rapids%20Griffins");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.RadioStationURL", "http://cdncon.wm.llnwd.net/cdncon_neulion1_ahl_griffins?eid=2037&pid=2037&gid=101]]");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SearchInNewTabEnabled", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SearchInNewTabIntervalMM", 1440);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SearchInNewTabLastCheckTime", "Sat Sep 18 2010 11:57:26 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SettingsLastCheckTime", "Sat Sep 18 2010 11:57:24 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.SettingsLastUpdate", "1284635544");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.ThirdPartyComponentsInterval", 504);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.ThirdPartyComponentsLastCheck", "Sat Sep 18 2010 11:57:23 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.ThirdPartyComponentsLastUpdate", "1246790578");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.UserID", "UN63401295221016158");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.WeatherNetwork", "");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.WeatherPollDate", "Sat Sep 18 2010 11:57:26 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.WeatherUnit", "F");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.alertChannelId", "1112366");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.clientLogIsEnabled", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.myStuffEnabled", true);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.myStuffPublihserMinWidth", 400);
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CT2720081.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.ToolbarsList", "CT2720081"); => Infection BT (Possible)
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.ToolbarsList2", "CT2720081");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Sep 18 2010 11:57:26 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Sat Sep 18 2010 11:57:27 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.twitter.user_2557521.LastCheckTime", "Sat Sep 18 2010 11:57:27 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Sat Sep 18 2010 11:57:27 GMT-0500 (Central Daylight Time)");
O69 - SBI: prefs.js [Tyler - yem2jtmo.default] user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Sat Sep 18 2010 11:57:27 GMT-0500 (Central Daylight Time)");
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (Adware.MyWebSearch)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF]
SS - | Demand 1/3/2012 6144 | (MEMSWEEP2) . (.Sophos Plc.) - C:\WINDOWS\system32\3.tmp
verns87
Jan 4, 2012 at 09:43 PM
- Posts
- 7
- Registration date
- Friday December 23, 2011
- Status
- Member
- Last seen
- January 5, 2012
Jan 4, 2012 at 09:43 PM
Did the following. Here are the two logs. The first is the fixlog after running ZHPFix
The second log is the ZHP diag report (I made sure it was the new one)
http://speedy.sh/vXNNr/ZHPFixReport.txt
http://speedy.sh/kqPPv/ZHPDiag.txt
The second log is the ZHP diag report (I made sure it was the new one)
http://speedy.sh/vXNNr/ZHPFixReport.txt
http://speedy.sh/kqPPv/ZHPDiag.txt
ashu44
Jan 5, 2012 at 01:37 AM
- Posts
- 17
- Registration date
- Friday December 9, 2011
- Status
- Member
- Last seen
- January 5, 2012
Jan 5, 2012 at 01:37 AM
Thanx Ambucias bro your sharing is very useful.....
Ambucias
Jan 5, 2012 at 05:01 AM
- Posts
- 47366
- Registration date
- Monday February 1, 2010
- Status
- Moderator
- Last seen
- September 1, 2021
Jan 5, 2012 at 05:01 AM
Thank God for small mercies we are almost there.
No more rogues and all Trojan Horses have been sent to the glue factory.
There is only two minor bugs called Bt or browser helper object infections which may redirect your browser to unwanted sites and possibly reinfect your system with more damaging stuff.
The following instructions should conclude my intervention.
PHASE ONE
1. Open Explorer
2. Left pane, find "ask.com" or asknow
3. Click on that file and delete it
4. Again in program files, find and delete: Mozilla FireFox\searchplugins\bing-zugo.xml
5. Delete this useless file:
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
6. Delete:
C:\Program Files\Conduit
It seems that you have listening to the radio, that application and the corresponding files in your browser favorites should be deleted.
PHASE TWO
1. You really don't need Net Framework which is used to develop software. It takes useless space on your disk.
Go to your control panel, add/remove software, and delete it.
2. Do the same for these applications:
Crawler Spyware Terminator
Malwarebyte
3. Reinstall Avast NOW and update
PHASE THREE
download, install and run this totally free yet very efficient registry cleaner :
https://ccm.net/download/download-13339-eusing-free-registry-cleaner
Delete all items found. (in you case there may several hundreds)
PHASE FOUR
1. Create a new restore point, you may name it "Kioskea" or Ambucias;-)
(all programs, tool, Restore)
PHASE FIVE (LAST)
Now, for a better performance you must defragment your disk
Download, install and run this defragmenting utility.
https://ccm.net/download/download-1454-defraggler
That's it, you're on your way to heaven...and don't take any wodden nickels.
No more rogues and all Trojan Horses have been sent to the glue factory.
There is only two minor bugs called Bt or browser helper object infections which may redirect your browser to unwanted sites and possibly reinfect your system with more damaging stuff.
The following instructions should conclude my intervention.
PHASE ONE
1. Open Explorer
2. Left pane, find "ask.com" or asknow
3. Click on that file and delete it
4. Again in program files, find and delete: Mozilla FireFox\searchplugins\bing-zugo.xml
5. Delete this useless file:
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
6. Delete:
C:\Program Files\Conduit
It seems that you have listening to the radio, that application and the corresponding files in your browser favorites should be deleted.
PHASE TWO
1. You really don't need Net Framework which is used to develop software. It takes useless space on your disk.
Go to your control panel, add/remove software, and delete it.
2. Do the same for these applications:
Crawler Spyware Terminator
Malwarebyte
3. Reinstall Avast NOW and update
PHASE THREE
download, install and run this totally free yet very efficient registry cleaner :
https://ccm.net/download/download-13339-eusing-free-registry-cleaner
Delete all items found. (in you case there may several hundreds)
PHASE FOUR
1. Create a new restore point, you may name it "Kioskea" or Ambucias;-)
(all programs, tool, Restore)
PHASE FIVE (LAST)
Now, for a better performance you must defragment your disk
Download, install and run this defragmenting utility.
https://ccm.net/download/download-1454-defraggler
That's it, you're on your way to heaven...and don't take any wodden nickels.
verns87
Jan 5, 2012 at 05:07 PM
- Posts
- 7
- Registration date
- Friday December 23, 2011
- Status
- Member
- Last seen
- January 5, 2012
Jan 5, 2012 at 05:07 PM
Thank you Thank you Thank you Thank you Thank you Thank you Thank you Thank you!!!!
I can't tell you how much I appreciate it. I never thought that this would be fixable without reformatting!!!!!
You are a true computer genius!
I can't tell you how much I appreciate it. I never thought that this would be fixable without reformatting!!!!!
You are a true computer genius!
Ambucias
Jan 6, 2012 at 04:35 AM
- Posts
- 47366
- Registration date
- Monday February 1, 2010
- Status
- Moderator
- Last seen
- September 1, 2021
Jan 6, 2012 at 04:35 AM
You are making me blush! You are most welcome!
Two last pieces of advice. Whenever download an application, before launching it, click right on the icon and scan for viruses; it's not 100% but it sometimes helps.
Avast is not the best antivirus application. I recommend Kaspersky and F-Secure; however, don't touch Norton, even with a ten foot pole.
Two last pieces of advice. Whenever download an application, before launching it, click right on the icon and scan for viruses; it's not 100% but it sometimes helps.
Avast is not the best antivirus application. I recommend Kaspersky and F-Secure; however, don't touch Norton, even with a ten foot pole.