Win32.downloader.gen

[Atmashine]

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.31.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mark :: BIGCOMPY [administrator]

3/31/2013 5:29:47 PM
mbam-log-2013-03-31 (17-29-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243843
Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_intl (Hijacker.intl) -> Data: http://shell.windows.com/fileassoc/f...ID=%04x&Ext=%s -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_XMLLookup (Hijacker.XMLLookup) -> Data: http://shell.windows.com/fileassoc/f...ID=%04x&Ext=%s -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://shell.windows.com/fileassoc/%...dir.asp?Ext=%s -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/f...ID=%04x&Ext=%s) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/f...ID=%04x&Ext=%s) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%...dir.asp?Ext=%s) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Mark\My Documents\Downloads\speedy-bubbles.exe (Adware.Gamevance) -> Quarantined and deleted successfully.

(end)

[Dakeyras]

Hi.

Computer is running fine now. The original symptoms, a window randomly popping up showing "Installing Windows Update", game windows minimizing on their own, and Spybot detecting it, are all gone.

Good, carry out the below for myself please and in turn post the requested two logs and we will then go from there.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

Code:

firewall.cpl

Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On(recommended) if it is not pre-selected >> OK.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

• Double-click on adwcleaner.exe to launch the application.
• Now click on the Delete tab >> follow the prompts and reboot your machine if not advised to.
• Please post the contents of the log file created in your next post.

Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like S1.

Check Hard Disk For Errors:

Click on Start >> Run... and cut/paste in the following and click on OK

Code:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next post.

[Atmashine]

-Reset SP3 Firewall.
-AdwCleaner log:

# AdwCleaner v2.200 - Logfile created 04/04/2013 at 00:28:52
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Mark - BIGCOMPY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Mark\My Documents\Downloads\AdwCleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak
Deleted on reboot : C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak
Deleted on reboot : C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\Conduit
Folder Deleted : C:\Documents and Settings\Mark\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Mark\Local Settings\Application Data\Vid-Saver
Folder Deleted : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\xwx02f6d.default\extensions\crossriderapp3491@crossrider.com
Folder Deleted : C:\Documents and Settings\Ruth\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Vid-Saver

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Vid-Saver
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vid-Saver
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver
Key Deleted : HKLM\Software\TENCENT

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\prefs.js

C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\user.js ... Deleted !

Deleted : user_pref("CT2611275.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2611275.CTID", "ct2611275");
Deleted : user_pref("CT2611275.CurrentServerDate", "29-10-2010");
Deleted : user_pref("CT2611275.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2611275.DownloadReferralCookieData", "");
Deleted : user_pref("CT2611275.EMailNotifierPollDate", "Fri Oct 29 2010 16:28:13 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2611275.FirstServerDate", "14-10-2010");
Deleted : user_pref("CT2611275.FirstTime", true);
Deleted : user_pref("CT2611275.FirstTimeFF3", true);
Deleted : user_pref("CT2611275.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2611275.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2611275.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2611275.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2611275.Initialize", true);
Deleted : user_pref("CT2611275.InitializeCommonPrefs", true);
Deleted : user_pref("CT2611275.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2611275.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2611275.InstalledDate", "Thu Oct 14 2010 00:13:14 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2611275.IsGrouping", false);
Deleted : user_pref("CT2611275.IsMulticommunity", false);
Deleted : user_pref("CT2611275.IsOpenThankYouPage", false);
Deleted : user_pref("CT2611275.IsOpenUninstallPage", true);
Deleted : user_pref("CT2611275.LanguagePackLastCheckTime", "Thu Oct 14 2010 00:13:26 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2611275.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2611275.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2611275.LastLogin_2.6.0.15", "Fri Oct 29 2010 12:53:11 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2611275.LatestVersion", "2.6.0.15");
Deleted : user_pref("CT2611275.Locale", "en");
Deleted : user_pref("CT2611275.LoginCache", 4);
Deleted : user_pref("CT2611275.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2611275.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2611275.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2611275.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2611275.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2611275.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2611275.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Deleted : user_pref("CT2611275.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2611275.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2611275.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2611275.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2611275.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2611275.SettingsLastCheckTime", "Thu Oct 14 2010 00:13:13 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2611275.SettingsLastUpdate", "1286735934");
Deleted : user_pref("CT2611275.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2611275.ThirdPartyComponentsLastCheck", "Thu Oct 14 2010 00:13:12 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2611275.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2611275.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2611275.UserID", "UN91929333570904557");
Deleted : user_pref("CT2611275.alertChannelId", "1004080");
Deleted : user_pref("CT2611275.clientLogIsEnabled", true);
Deleted : user_pref("CT2611275.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2611275.components.1000082", false);
Deleted : user_pref("CT2611275.components.1000234", false);
Deleted : user_pref("CT2611275.ct2611275.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2611275.ct2611275.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2611275.ct2611275.LanguagePackLastCheckTime", "Thu Oct 28 2010 14:56:42 GMT-0500 (Centr[...]
Deleted : user_pref("CT2611275.ct2611275.Locale", "en");
Deleted : user_pref("CT2611275.ct2611275.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2611275.ct2611275.SearchInNewTabLastCheckTime", "Fri Oct 29 2010 14:56:40 GMT-0500 (Cen[...]
Deleted : user_pref("CT2611275.ct2611275.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2611275.ct2611275.SettingsLastCheckTime", "Fri Oct 29 2010 12:53:09 GMT-0500 (Central D[...]
Deleted : user_pref("CT2611275.ct2611275.SettingsLastUpdate", "1286735934");
Deleted : user_pref("CT2611275.ct2611275.ThirdPartyComponentsLastCheck", "Thu Oct 14 2010 00:13:25 GMT-0500 (C[...]
Deleted : user_pref("CT2611275.ct2611275.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2611275.myStuffEnabled", true);
Deleted : user_pref("CT2611275.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2611275.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2611275.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2611275.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2611275.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2645238.CTID", "ct2645238");
Deleted : user_pref("CT2645238.CurrentServerDate", "7-12-2010");
Deleted : user_pref("CT2645238.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2645238.DownloadReferralCookieData", "");
Deleted : user_pref("CT2645238.EMailNotifierPollDate", "Mon Dec 06 2010 20:00:58 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2645238.FirstServerDate", "19-11-2010");
Deleted : user_pref("CT2645238.FirstTime", true);
Deleted : user_pref("CT2645238.FirstTimeFF3", true);
Deleted : user_pref("CT2645238.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2645238.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2645238.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2645238.Initialize", true);
Deleted : user_pref("CT2645238.InitializeCommonPrefs", true);
Deleted : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2645238.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2645238.InstalledDate", "Fri Nov 19 2010 07:10:54 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT2645238.IsGrouping", false);
Deleted : user_pref("CT2645238.IsMulticommunity", false);
Deleted : user_pref("CT2645238.IsOpenThankYouPage", false);
Deleted : user_pref("CT2645238.IsOpenUninstallPage", true);
Deleted : user_pref("CT2645238.LanguagePackLastCheckTime", "Fri Nov 19 2010 07:11:11 GMT-0600 (Central Standar[...]
Deleted : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2645238.LastLogin_2.6.0.15", "Mon Dec 06 2010 18:05:55 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2645238.LatestVersion", "2.6.0.15");
Deleted : user_pref("CT2645238.Locale", "en");
Deleted : user_pref("CT2645238.LoginCache", 4);
Deleted : user_pref("CT2645238.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2645238.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2645238.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2645238.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2645238.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...]
Deleted : user_pref("CT2645238.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2645238.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2645238.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2645238.SettingsLastCheckTime", "Fri Nov 19 2010 07:10:53 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2645238.SettingsLastUpdate", "1289931348");
Deleted : user_pref("CT2645238.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Fri Nov 19 2010 07:10:53 GMT-0600 (Central Sta[...]
Deleted : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2645238.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2645238.UserID", "UN46595232636334849");
Deleted : user_pref("CT2645238.alertChannelId", "1037922");
Deleted : user_pref("CT2645238.clientLogIsEnabled", false);
Deleted : user_pref("CT2645238.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2645238.components.1000082", false);
Deleted : user_pref("CT2645238.components.1000234", false);
Deleted : user_pref("CT2645238.ct2645238.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2645238.ct2645238.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2645238.ct2645238.LanguagePackLastCheckTime", "Mon Dec 06 2010 14:05:57 GMT-0600 (Centr[...]
Deleted : user_pref("CT2645238.ct2645238.Locale", "en");
Deleted : user_pref("CT2645238.ct2645238.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2645238.ct2645238.SearchInNewTabLastCheckTime", "Mon Dec 06 2010 14:05:55 GMT-0600 (Cen[...]
Deleted : user_pref("CT2645238.ct2645238.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2645238.ct2645238.SettingsLastCheckTime", "Mon Dec 06 2010 14:05:54 GMT-0600 (Central S[...]
Deleted : user_pref("CT2645238.ct2645238.SettingsLastUpdate", "1291050874");
Deleted : user_pref("CT2645238.ct2645238.ThirdPartyComponentsLastCheck", "Fri Nov 19 2010 07:11:10 GMT-0600 (C[...]
Deleted : user_pref("CT2645238.ct2645238.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2645238.myStuffEnabled", true);
Deleted : user_pref("CT2645238.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2645238.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2645238.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://searc[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2611275,CT2645238");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2611275,CT2645238");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Dec 06 2010 14:05:55 GMT-0600 (Cen[...]
Deleted : user_pref("extensions.crossriderapp3491.adsOldValue", -1);

File : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\xwx02f6d.default\prefs.js

Deleted : user_pref("extensions.crossriderapp3491.adsOldValue", -1);

-\\ Google Chrome v26.0.1410.43

File : C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.53] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.56] : keyword = "search.conduit.com",
Deleted [l.60] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN42[...]
Deleted [l.61] : suggest_url = "hxxp://suggest.search.conduit.com/Suggest.ashx?q=[{searchTerms}]"
Deleted [l.2314] : homepage = "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN42288082829407223&UM[...]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [17077 octets] - [04/04/2013 00:28:52]

########## EOF - C:\AdwCleaner[S1].txt - [17138 octets] ##########



Checkhd.txt:
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
Deleting index entry LOCALS~1 in index $I30 of file 75281.

Errors found. CHKDSK cannot continue in read-only mode.

[Dakeyras]

Hi.

Reset SP3 Firewall

Acknowledged.

AdwCleaner log

I see you ran it from this location:-

Running from : C:\Documents and Settings\Mark\My Documents\Downloads\AdwCleaner (1).exe

And appears to be a second download of the executable, not a problem as we have finished with this tool now anyway.

Launch it again except this time click on the Uninstall tab >> follow the prompts and it will self delete itself and logs created etc.

Next:

Now it looks like your machine's main drive could do with a spot of in-depth maintenance so we will address that first followed by a online scan.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

• Please download TFC to your desktop,
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• Click the Start button in the bottom left of TFC
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

I advise you consider keeping TFC on your desktop after I give the all clear and run it say at least once per week as it is a very effective piece of software for cleaning out temp' files etc.

Next:-

• Click Start >> Run... then type in CMD and click on OK.
• At the Command Prompt C:\ > type the following:
• CD C:\ and hit the Enter/Return key.
• Now type in DEFRAG C: -F
• A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
• This may take some time, when completed the Command Prompt C:\ > will appear.
• Now type in CHKDSK C: /R and hit the Enter/Return key.
• When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

• Hit the Y key then at the Command Prompt C:\ >
• Type in EXIT and and hit the Enter/Return key.
• Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:



Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here to run the scan...
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

1. Scan for potentially unwanted applications
2. Scan for potentially unsafe applications
3. Enable Anti-Stealth Technology

• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Next:

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• ESET Online Scanner Log.

[Dakeyras]

Hi.

Do you still require assistance, everything OK ?

Reason asking is that normally I would close a topic after three days with no response, however in this instance I have opted for some leeway taking into account my prior advice about Hard-Drive Maintenance/Repair etc.

With the aforementioned in mind, please respond within the next twenty four hours or I will close this topic as inactive, thank you.

[Atmashine]

Sorry, I am still getting through the scanning, it was interrupted a couple times.

[Atmashine]

I'm now on the Eset Online part.

[Dakeyras]

Acknowledged.

[Dakeyras]

Due to the lack of feedback this Topic is closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

[Dakeyras]

Re-opened per OP's request...