Inactive C:\WINDOWS\Installer\MSI.... & WidgiToolbarFF.dll.5

G

gingcarlisle

Hello,

I'm having problems with my work PC (running XP professional), files are going missing which subsequently means some software programs are not working. The problem may have come from a Trojan which I assumed my AV had taken care of. I have ESET NOD32 anti virus and I would like to include the log from this.

Also to follow will be the malwarebytes log and the gmer log, however, I can't get the DSS program to work. I am disconnecting from the internet and turning off the AV however there seems to be some script protection still running, which I can't seem to disable.

Many thanks in advance.

ESET:

29/08/2012 14:34:44 Real-time file system protection file C:\WINDOWS\Installer\MSI1F1.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
29/08/2012 14:34:32 Real-time file system protection file C:\WINDOWS\Installer\MSI1F0.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
29/08/2012 14:34:30 Real-time file system protection file C:\WINDOWS\Installer\MSI1EF.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
29/08/2012 14:34:28 Real-time file system protection file C:\WINDOWS\Installer\MSI1EB.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
29/08/2012 14:34:28 Real-time file system protection file C:\WINDOWS\Installer\MSI1ED.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
29/08/2012 14:34:27 Real-time file system protection file C:\WINDOWS\Installer\MSI1EA.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
29/08/2012 14:34:27 Real-time file system protection file C:\WINDOWS\Installer\MSI1EC.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
23/08/2012 12:09:06 Real-time file system protection file C:\WINDOWS\Installer\MSI3C0D.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
23/08/2012 12:09:04 Real-time file system protection file C:\WINDOWS\Installer\MSI3C0C.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
22/08/2012 11:03:26 Real-time file system protection file C:\WINDOWS\Installer\MSI202.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
22/08/2012 11:03:26 Real-time file system protection file C:\WINDOWS\Installer\MSI205.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
21/08/2012 16:30:33 HTTP filter archive http://sports-livez.com/channel/ch-5.php JS/TrojanDownloader.Iframe.NKE trojan connection terminated - quarantined WORKSTATION02\Jacqui Scott Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
21/08/2012 14:29:48 HTTP filter archive http://sports-livez.com/channel/ch-7.php JS/TrojanDownloader.Iframe.NKG trojan connection terminated - quarantined WORKSTATION02\Jacqui Scott Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
16/08/2012 08:08:58 Real-time file system protection file C:\WINDOWS\Installer\MSI1C8.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
16/08/2012 08:08:58 Real-time file system protection file C:\WINDOWS\Installer\MSI1C7.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
16/08/2012 08:08:40 Real-time file system protection file C:\WINDOWS\Installer\MSI1C4.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
16/08/2012 08:07:56 Real-time file system protection file C:\WINDOWS\Installer\MSI1C3.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
16/08/2012 08:07:52 Real-time file system protection file C:\WINDOWS\Installer\MSI1C2.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
16/08/2012 08:07:44 Real-time file system protection file C:\WINDOWS\Installer\MSI1C1.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
16/08/2012 08:07:41 Real-time file system protection file C:\WINDOWS\Installer\MSI1BE.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
16/08/2012 08:07:36 Real-time file system protection file C:\WINDOWS\Installer\MSI1BC.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
16/08/2012 08:07:36 Real-time file system protection file C:\WINDOWS\Installer\MSI1BB.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
15/08/2012 16:13:51 Real-time file system protection file C:\WINDOWS\Installer\MSICF5F.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
15/08/2012 16:13:39 Real-time file system protection file C:\WINDOWS\Installer\MSICF5E.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
15/08/2012 16:13:32 Real-time file system protection file C:\WINDOWS\Installer\MSICF5D.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
15/08/2012 16:13:13 Real-time file system protection file C:\WINDOWS\Installer\MSICF5C.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
15/08/2012 16:13:08 Real-time file system protection file C:\WINDOWS\Installer\MSICF5B.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
15/08/2012 16:13:02 Real-time file system protection file C:\WINDOWS\Installer\MSICF5A.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
15/08/2012 16:13:01 Real-time file system protection file C:\WINDOWS\Installer\MSICF59.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
09/08/2012 15:59:24 Real-time file system protection file C:\WINDOWS\Installer\MSI91DD.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
09/08/2012 15:59:20 Real-time file system protection file C:\WINDOWS\Installer\MSI91DC.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
09/08/2012 15:59:15 Real-time file system protection file C:\WINDOWS\Installer\MSI91DB.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
09/08/2012 15:59:11 Real-time file system protection file C:\WINDOWS\Installer\MSI91DA.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
09/08/2012 15:59:07 Real-time file system protection file C:\WINDOWS\Installer\MSI91D9.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
09/08/2012 15:59:05 Real-time file system protection file C:\WINDOWS\Installer\MSI91D8.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
09/08/2012 15:59:05 Real-time file system protection file C:\WINDOWS\Installer\MSI91D7.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
08/08/2012 15:58:36 Real-time file system protection file C:\WINDOWS\Installer\MSI6246.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
08/08/2012 15:58:32 Real-time file system protection file C:\WINDOWS\Installer\MSI6245.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/08/2012 15:49:10 Real-time file system protection file C:\WINDOWS\Installer\MSI7BBB.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/08/2012 15:49:05 Real-time file system protection file C:\WINDOWS\Installer\MSI7BBA.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/08/2012 15:49:02 Real-time file system protection file C:\WINDOWS\Installer\MSI7BB9.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/08/2012 15:48:58 Real-time file system protection file C:\WINDOWS\Installer\MSI7BB8.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/08/2012 15:48:54 Real-time file system protection file C:\WINDOWS\Installer\MSI7BB7.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/08/2012 15:48:54 Real-time file system protection file C:\WINDOWS\Installer\MSI7BB6.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/08/2012 15:48:54 Real-time file system protection file C:\WINDOWS\Installer\MSI7BB5.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
01/08/2012 15:48:37 Real-time file system protection file C:\WINDOWS\Installer\MSI3BE1.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
01/08/2012 15:48:37 Real-time file system protection file C:\WINDOWS\Installer\MSI3BDE.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
31/07/2012 15:49:02 Real-time file system protection file C:\WINDOWS\Installer\MSIC5E.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
31/07/2012 15:48:57 Real-time file system protection file C:\WINDOWS\Installer\MSIC5D.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
31/07/2012 15:48:52 Real-time file system protection file C:\WINDOWS\Installer\MSIC5C.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
31/07/2012 15:48:47 Real-time file system protection file C:\WINDOWS\Installer\MSIC5B.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
31/07/2012 15:48:43 Real-time file system protection file C:\WINDOWS\Installer\MSIC5A.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
31/07/2012 15:48:42 Real-time file system protection file C:\WINDOWS\Installer\MSIC58.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
31/07/2012 15:48:41 Real-time file system protection file C:\WINDOWS\Installer\MSIC59.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
26/07/2012 15:36:34 Real-time file system protection file C:\WINDOWS\Installer\MSI3FA1.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
26/07/2012 15:36:32 Real-time file system protection file C:\WINDOWS\Installer\MSI3FA0.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
25/07/2012 12:24:13 Real-time file system protection file C:\WINDOWS\Installer\MSI194.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
25/07/2012 12:24:02 Real-time file system protection file C:\WINDOWS\Installer\MSI193.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
25/07/2012 12:23:55 Real-time file system protection file C:\WINDOWS\Installer\MSI190.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
25/07/2012 12:23:33 Real-time file system protection file C:\WINDOWS\Installer\MSI189.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
25/07/2012 12:23:30 Real-time file system protection file C:\WINDOWS\Installer\MSI164.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
25/07/2012 12:23:21 Real-time file system protection file C:\WINDOWS\Installer\MSI13C.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
25/07/2012 12:22:54 Real-time file system protection file C:\WINDOWS\Installer\MSI13B.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
24/07/2012 15:03:40 Real-time file system protection file C:\WINDOWS\Installer\MSI1A4.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
24/07/2012 15:03:36 Real-time file system protection file C:\WINDOWS\Installer\MSI1A3.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
24/07/2012 15:03:19 Real-time file system protection file C:\WINDOWS\Installer\MSI1A1.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
24/07/2012 15:03:06 Real-time file system protection file C:\WINDOWS\Installer\MSI19F.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
24/07/2012 15:02:49 Real-time file system protection file C:\WINDOWS\Installer\MSI19C.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
24/07/2012 15:02:42 Real-time file system protection file C:\WINDOWS\Installer\MSI197.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
24/07/2012 15:02:42 Real-time file system protection file C:\WINDOWS\Installer\MSI196.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
24/07/2012 15:02:41 Real-time file system protection file C:\WINDOWS\Installer\MSI19A.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
19/07/2012 15:38:29 Real-time file system protection file C:\WINDOWS\Installer\MSIB4A0.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
19/07/2012 15:38:26 Real-time file system protection file C:\WINDOWS\Installer\MSIB496.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
19/07/2012 15:38:11 Real-time file system protection file C:\WINDOWS\Installer\MSIB48D.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
19/07/2012 15:37:17 Real-time file system protection file C:\WINDOWS\Installer\MSIB47F.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
19/07/2012 15:34:43 Real-time file system protection file C:\WINDOWS\Installer\MSIB440.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
19/07/2012 15:34:09 Real-time file system protection file C:\WINDOWS\Installer\MSIB423.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
19/07/2012 15:33:57 Real-time file system protection file C:\WINDOWS\Installer\MSIB41A.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
19/07/2012 15:33:31 Real-time file system protection file C:\WINDOWS\Installer\MSIB411.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
19/07/2012 15:33:08 Real-time file system protection file C:\WINDOWS\Installer\MSIB408.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
18/07/2012 15:31:20 Real-time file system protection file C:\WINDOWS\Installer\MSI5A73.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
18/07/2012 15:31:15 Real-time file system protection file C:\WINDOWS\Installer\MSI5A72.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
18/07/2012 15:31:10 Real-time file system protection file C:\WINDOWS\Installer\MSI5A71.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
18/07/2012 15:31:05 Real-time file system protection file C:\WINDOWS\Installer\MSI5A70.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
18/07/2012 15:30:58 Real-time file system protection file C:\WINDOWS\Installer\MSI5A6F.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
18/07/2012 15:30:55 Real-time file system protection file C:\WINDOWS\Installer\MSI5A6D.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
18/07/2012 15:30:55 Real-time file system protection file C:\WINDOWS\Installer\MSI5A6E.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
12/07/2012 15:29:26 Real-time file system protection file C:\WINDOWS\Installer\MSI12B1.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
12/07/2012 15:29:21 Real-time file system protection file C:\WINDOWS\Installer\MSI12A5.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
12/07/2012 15:29:18 Real-time file system protection file C:\WINDOWS\Installer\MSI12A4.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
12/07/2012 15:29:14 Real-time file system protection file C:\WINDOWS\Installer\MSI12A3.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
12/07/2012 15:29:13 Real-time file system protection file C:\WINDOWS\Installer\MSI12A1.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
12/07/2012 15:29:13 Real-time file system protection file C:\WINDOWS\Installer\MSI129F.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
12/07/2012 15:29:13 Real-time file system protection file C:\WINDOWS\Installer\MSI12A0.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
11/07/2012 15:29:41 Real-time file system protection file C:\WINDOWS\Installer\MSIAFDC.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
11/07/2012 15:29:33 Real-time file system protection file C:\WINDOWS\Installer\MSIAFDB.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
11/07/2012 15:29:24 Real-time file system protection file C:\WINDOWS\Installer\MSIAFDA.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
11/07/2012 15:29:03 Real-time file system protection file C:\WINDOWS\Installer\MSIAFD6.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
11/07/2012 15:28:57 Real-time file system protection file C:\WINDOWS\Installer\MSIAFD3.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
11/07/2012 15:28:57 Real-time file system protection file C:\WINDOWS\Installer\MSIAFD4.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
11/07/2012 15:28:56 Real-time file system protection file C:\WINDOWS\Installer\MSIAFD5.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
05/07/2012 15:23:50 Real-time file system protection file C:\WINDOWS\Installer\MSI8177.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
05/07/2012 15:23:46 Real-time file system protection file C:\WINDOWS\Installer\MSI8176.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
05/07/2012 15:23:43 Real-time file system protection file C:\WINDOWS\Installer\MSI8175.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
05/07/2012 15:23:39 Real-time file system protection file C:\WINDOWS\Installer\MSI8174.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
05/07/2012 15:23:39 Real-time file system protection file C:\WINDOWS\Installer\MSI816F.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
05/07/2012 15:23:39 Real-time file system protection file C:\WINDOWS\Installer\MSI8173.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
05/07/2012 15:23:39 Real-time file system protection file C:\WINDOWS\Installer\MSI8172.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
04/07/2012 15:23:16 Real-time file system protection file C:\WINDOWS\Installer\MSI4295.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
04/07/2012 15:23:12 Real-time file system protection file C:\WINDOWS\Installer\MSI4294.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
04/07/2012 15:23:08 Real-time file system protection file C:\WINDOWS\Installer\MSI4293.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
04/07/2012 15:23:04 Real-time file system protection file C:\WINDOWS\Installer\MSI4292.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
04/07/2012 15:23:01 Real-time file system protection file C:\WINDOWS\Installer\MSI4291.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
04/07/2012 15:22:58 Real-time file system protection file C:\WINDOWS\Installer\MSI4290.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
04/07/2012 15:22:58 Real-time file system protection file C:\WINDOWS\Installer\MSI428F.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
03/07/2012 15:26:09 Real-time file system protection file C:\WINDOWS\Installer\MSI352.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
03/07/2012 15:26:05 Real-time file system protection file C:\WINDOWS\Installer\MSI34F.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
03/07/2012 15:25:50 Real-time file system protection file C:\WINDOWS\Installer\MSI34E.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
03/07/2012 15:25:39 Real-time file system protection file C:\WINDOWS\Installer\MSI34D.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
03/07/2012 15:25:09 Real-time file system protection file C:\WINDOWS\Installer\MSI34B.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
03/07/2012 15:25:06 Real-time file system protection file C:\WINDOWS\Installer\MSI346.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
03/07/2012 15:25:06 Real-time file system protection file C:\WINDOWS\Installer\MSI347.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
03/07/2012 15:25:05 Real-time file system protection file C:\WINDOWS\Installer\MSI348.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
03/07/2012 12:46:59 HTTP filter archive http://sports-livez.com/sopcast/sop-1.php JS/TrojanDownloader.Iframe.NKG trojan connection terminated - quarantined WORKSTATION02\Jacqui Scott Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
02/07/2012 15:20:13 Real-time file system protection file C:\WINDOWS\Installer\MSI3450.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/07/2012 15:20:06 Real-time file system protection file C:\WINDOWS\Installer\MSI3438.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/07/2012 15:20:01 Real-time file system protection file C:\WINDOWS\Installer\MSI3436.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/07/2012 15:19:58 Real-time file system protection file C:\WINDOWS\Installer\MSI3432.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/07/2012 15:19:53 Real-time file system protection file C:\WINDOWS\Installer\MSI342F.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/07/2012 15:19:51 Real-time file system protection file C:\WINDOWS\Installer\MSI3426.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
02/07/2012 15:19:51 Real-time file system protection file C:\WINDOWS\Installer\MSI342A.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\msiexec.exe.
19/06/2012 15:02:53 Real-time file system protection file C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\msiexec.exe.
08/06/2012 14:07:19 HTTP filter archive http://sports-livez.com/channel/ch-8.php JS/TrojanDownloader.Iframe.NKE trojan connection terminated - quarantined WORKSTATION02\Jacqui Scott Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
08/06/2012 14:06:49 HTTP filter archive http://sports-livez.com/channel/ch-7.php JS/TrojanDownloader.Iframe.NKG trojan connection terminated - quarantined WORKSTATION02\Jacqui Scott Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe

Malwarebytes:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.30.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jacqui Scott :: WORKSTATION02 [administrator]

30/08/2012 08:48:02
mbam-log-2012-08-30 (08-48-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315509
Time elapsed: 1 hour(s), 2 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-30 09:55:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.3.06
Running: fx2ut849.exe; Driver: C:\DOCUME~1\JACQUI~1\LOCALS~1\Temp\awdorpoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.15 ----
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
# AdwCleaner v2.000 - Logfile created 08/30/2012 at 17:38:32
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jacqui Scott - WORKSTATION02
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jacqui Scott\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Jacqui Scott\Application Data\Mozilla\Firefox\Profiles\vlmmkf64.default\searchplugins\Askcom.xml
File Found : C:\WINDOWS\system32\conduitEngine.tmp
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\Jacqui Scott\Application Data\Mozilla\Firefox\Profiles\vlmmkf64.default\extensions\toolbar@ask.com
Folder Found : C:\Documents and Settings\Jacqui Scott\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\Jacqui Scott\Application Data\pdfforge
Folder Found : C:\Documents and Settings\Jacqui Scott\Application Data\PriceGong
Folder Found : C:\Documents and Settings\Jacqui Scott\Application Data\Search Settings
Folder Found : C:\Documents and Settings\Jacqui Scott\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Jacqui Scott\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Jacqui Scott\Local Settings\Application Data\ConduitEngine
Folder Found : C:\Documents and Settings\Jacqui Scott\Local Settings\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\Jacqui Scott\Local Settings\Application Data\SearchElf_1.2
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Common Files\spigot
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\pdfforge Toolbar
Folder Found : C:\Program Files\SearchElf_1.2
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F4E6547E-325B-403C-A3BB-AD29ED37A92F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E6547E-325B-403C-A3BB-AD29ED37A92F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\SearchElf_1.2
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C7B222D-4441-4C9C-8890-C7E50F76D269}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4E6547E-325B-403C-A3BB-AD29ED37A92F}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2769726
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\Description
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B520030-D500-4386-AC2C-2FB3443A4A6C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F2185AB-E587-4D0C-AEE0-9FB77E8C213B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B91AF3DD-4E1E-49DE-9D6C-D937AB63CC27}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchElf_1.2 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E6547E-325B-403C-A3BB-AD29ED37A92F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3C7B222D-4441-4C9C-8890-C7E50F76D269}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchElf_1.2 Toolbar
Key Found : HKLM\Software\pdfforge
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\SearchElf_1.2
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F4E6547E-325B-403C-A3BB-AD29ED37A92F}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F4E6547E-325B-403C-A3BB-AD29ED37A92F}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Jacqui Scott\Application Data\Mozilla\Firefox\Profiles\vlmmkf64.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://uk.search.yahoo.com/search?fr=greentre[...]
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Jacqui Scott\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10864 octets] - [30/08/2012 17:38:32]

########## EOF - C:\AdwCleaner[R1].txt - [10925 octets] ##########
 
Good work, now please do the following:

Remove the Adware.
  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
Please post the log.


ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
# AdwCleaner v2.000 - Logfile created 08/31/2012 at 13:20:57
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jacqui Scott - WORKSTATION02
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jacqui Scott\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Jacqui Scott\Application Data\Mozilla\Firefox\Profiles\vlmmkf64.default\searchplugins\Askcom.xml
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\Jacqui Scott\Application Data\Mozilla\Firefox\Profiles\vlmmkf64.default\extensions\toolbar@ask.com
Folder Deleted : C:\Documents and Settings\Jacqui Scott\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Jacqui Scott\Application Data\pdfforge
Folder Deleted : C:\Documents and Settings\Jacqui Scott\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Jacqui Scott\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Jacqui Scott\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Jacqui Scott\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Jacqui Scott\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\Jacqui Scott\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Jacqui Scott\Local Settings\Application Data\SearchElf_1.2
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\pdfforge Toolbar
Folder Deleted : C:\Program Files\SearchElf_1.2
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F4E6547E-325B-403C-A3BB-AD29ED37A92F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E6547E-325B-403C-A3BB-AD29ED37A92F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SearchElf_1.2
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C7B222D-4441-4C9C-8890-C7E50F76D269}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4E6547E-325B-403C-A3BB-AD29ED37A92F}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2769726
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B520030-D500-4386-AC2C-2FB3443A4A6C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F2185AB-E587-4D0C-AEE0-9FB77E8C213B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B91AF3DD-4E1E-49DE-9D6C-D937AB63CC27}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchElf_1.2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E6547E-325B-403C-A3BB-AD29ED37A92F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3C7B222D-4441-4C9C-8890-C7E50F76D269}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchElf_1.2 Toolbar
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SearchElf_1.2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F4E6547E-325B-403C-A3BB-AD29ED37A92F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F4E6547E-325B-403C-A3BB-AD29ED37A92F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Jacqui Scott\Application Data\Mozilla\Firefox\Profiles\vlmmkf64.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://uk.search.yahoo.com/search?fr=greentre[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Jacqui Scott\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10995 octets] - [30/08/2012 17:38:32]
AdwCleaner[R2].txt - [11056 octets] - [31/08/2012 13:20:04]
AdwCleaner[S1].txt - [10604 octets] - [31/08/2012 13:20:57]

########## EOF - C:\AdwCleaner[S1].txt - [10665 octets] ##########
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back