Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

[SOLVED] VGRABBER

This is a discussion on [SOLVED] VGRABBER within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. After posting this subject in the main Forum, I followed MasterchiefXX17 instructions which I will attached the results here. Basically


Closed Thread
 
Thread Tools Search this Thread
Old 06-20-2013, 07:33 PM   #1
Registered Member
 
Join Date: Jun 2013
Posts: 27
OS: winXP



After posting this subject in the main Forum, I followed MasterchiefXX17 instructions which I will attached the results here.
Basically I first notice Vgrabber v1.5 Toolbar in my uninstall list which I was unable to remove. When I searched for Vgrabber it cannot be found but I just noticed it is in FireFox Extensions.
My OS is XP and I do have the Windows Install Disc.

For some reason I cannot paste my DDS file so therefore I just send as attachment also.

Thanks in advance for the help

PS. After posting instruction was to subscribe to my thread, but there is no SUBSCRIBE and INSTANT NOTIFICATION selections so the next selection is Download

DDS (Ver_2012-11-20.01) - FAT32_x86
Internet Explorer: 8.0.6001.18702
Run by Ru Nuts at 22:21:05 on 2013-06-13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.504.164 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\GoforFiles\GFFUpdater.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F6A7E5B1-D219-11E2-8C43-000C6E5C0C87}
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F6A7E5B1-D219-11E2-8C43-000C6E5C0C87}
uURLSearchHooks: Vgrabber v1.5 Toolbar: {73507124-6acd-43aa-b749-c3bcfefbea97} - c:\program files\vgrabber_v1.5\prxtbVgrerror.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Unit: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\documents and settings\ru nuts\local settings\application data\unitlayers\temp.dat
BHO: Sing Along: {6492E171-2427-4932-B414-33574A089F5E} - c:\program files\singalong\singalng.dll
BHO: Vgrabber v1.5 Toolbar: {73507124-6acd-43aa-b749-c3bcfefbea97} - c:\program files\vgrabber_v1.5\prxtbVgrerror.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Vgrabber v1.5 Toolbar: {73507124-6ACD-43AA-B749-C3BCFEFBEA97} - c:\program files\vgrabber_v1.5\prxtbVgrerror.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
TB: Vgrabber v1.5 Toolbar: {73507124-6acd-43aa-b749-c3bcfefbea97} - c:\program files\vgrabber_v1.5\prxtbVgrerror.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
StartupFolder: c:\docume~1\runuts~1\startm~1\programs\startup\winptr.lnk - c:\windows\winptr\winptr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3DB885C7-0664-40BA-8B89-64A57586C953} : DHCPNameServer = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dll
Notify: !SASWinLogon - g:\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
SEH: CShellExecuteHookImpl Object - {54D9498B-CF93-414F-8984-8CE7FDE0D391} - c:\program files\ewido anti-malware\shellhook.dll
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = Error!
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ru nuts\application data\mozilla\firefox\profiles\buzbinjl.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com?src=6&barid={F6A7E5B1-D219-11E2-8C43-000C6E5C0C87}&crg=3.5000006.10042&st=23&q=
FF - plugin: c:\documents and settings\ru nuts\application data\mozilla\firefox\profiles\buzbinjl.default\extensions\{73507124-6acd-43aa-b749-c3bcfefbea97}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\ru nuts\application data\mozilla\firefox\profiles\buzbinjl.default\extensions\{73507124-6acd-43aa-b749-c3bcfefbea97}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-06 22:24; [email protected]; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2013-06-06 23:51; [email protected]; c:\documents and settings\all users\application data\avg safeguard toolbar\firefoxext\15.2.0.5
FF - ExtSQL: 2013-06-07 01:28; [email protected]; c:\program files\singalong\FF
FF - ExtSQL: 2013-06-08 00:13; {73507124-6acd-43aa-b749-c3bcfefbea97}; c:\documents and settings\ru nuts\application data\mozilla\firefox\profiles\buzbinjl.default\extensions\{73507124-6acd-43aa-b749-c3bcfefbea97}
FF - ExtSQL: 2013-06-10 15:08; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\documents and settings\ru nuts\application data\mozilla\firefox\profiles\buzbinjl.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.shownSelectionUI - true
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-6 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-6 174664]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2013-6-6 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-6 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-6 368944]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-6 37664]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-6 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-6 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-6 46808]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 ewido security suite guard;ewido security suite guard;c:\program files\ewido anti-malware\ewidoguard.exe [2005-12-18 151616]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-6-6 1015984]
S1 SASDIFSV;SASDIFSV;\??\g:\superantispyware\sasdifsv.sys --> g:\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\g:\superantispyware\saskutil.sys --> g:\superantispyware\SASKUTIL.SYS [?]
.
=============== Created Last 30 ================
.
2013-06-13 06:52:35 -------- d-----w- c:\windows\SxsCaPendDel
2013-06-12 08:37:38 -------- d--h--w- c:\windows\$hf_mig$
2013-06-10 22:31:01 -------- d-----w- c:\program files\VideoLAN
2013-06-10 22:09:26 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2013-06-10 22:09:00 -------- d-----w- c:\documents and settings\ru nuts\local settings\application data\UnitLayers
2013-06-10 22:08:01 -------- d-----w- c:\program files\SweetIM
2013-06-10 22:07:15 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-06-10 22:07:15 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-06-10 22:07:14 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-06-10 20:27:45 -------- d-----w- c:\windows\WINPTR
2013-06-10 17:59:44 -------- d-----w- c:\documents and settings\ru nuts\application data\PowerISO
2013-06-10 17:56:56 -------- d-----w- c:\program files\PowerISO
2013-06-08 07:23:53 -------- d-----w- C:\unzipped
2013-06-08 07:14:20 -------- d-----w- c:\documents and settings\ru nuts\local settings\application data\CRE
2013-06-08 07:13:39 -------- d-----w- c:\documents and settings\ru nuts\application data\SearchProtect
2013-06-08 07:12:59 -------- d-----w- c:\program files\Conduit
2013-06-08 07:12:56 -------- d-----w- c:\documents and settings\ru nuts\local settings\application data\Vgrabber_v1.5
2013-06-08 07:12:48 -------- d-----w- c:\program files\Vgrabber_v1.5
2013-06-08 07:12:48 -------- d-----w- c:\documents and settings\ru nuts\local settings\application data\Conduit
2013-06-07 09:41:10 -------- d-----w- c:\documents and settings\ru nuts\application data\LibreOffice
2013-06-07 09:38:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-07 09:38:52 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-07 09:29:03 -------- d-----w- c:\windows\System64
2013-06-07 09:24:52 -------- d-----w- c:\program files\LibreOffice 4.0
2013-06-07 08:28:51 -------- d-----w- c:\program files\SingAlong
2013-06-07 08:27:55 -------- d-----w- c:\program files\GoforFiles
2013-06-07 08:27:55 -------- d-----w- c:\documents and settings\ru nuts\application data\GoforFiles
2013-06-07 07:25:30 -------- d-----w- c:\documents and settings\all users\application data\APN
2013-06-07 06:54:00 -------- d-----w- c:\documents and settings\ru nuts\local settings\application data\Mozilla
2013-06-07 06:51:25 -------- d-----w- c:\documents and settings\ru nuts\local settings\application data\AVG SafeGuard toolbar
2013-06-07 06:51:11 -------- d-----w- c:\documents and settings\all users\application data\AVG SafeGuard toolbar
2013-06-07 06:51:06 -------- d-----w- c:\documents and settings\ru nuts\application data\AVG SafeGuard toolbar
2013-06-07 06:51:00 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-06-07 06:50:50 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-06-07 06:50:43 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-06-07 06:48:45 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-06-07 05:26:19 -------- d-----w- c:\documents and settings\ru nuts\local settings\application data\Google
2013-06-07 05:25:56 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-07 05:25:55 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-07 05:25:55 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-07 05:25:53 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-07 05:23:28 41664 ----a-w- c:\windows\avastSS.scr
2013-06-07 05:22:12 -------- d-----w- c:\program files\AVAST Software
2013-06-07 05:20:48 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-06-07 00:47:08 -------- d-sh--w- c:\documents and settings\ru nuts\PrivacIE
2013-06-07 00:45:10 -------- d-sh--w- c:\documents and settings\ru nuts\IETldCache
2013-06-07 00:42:31 -------- d--h--w- c:\windows\ie8
2013-06-06 23:42:03 -------- d-----w- c:\windows\ServicePackFiles
2013-06-06 23:40:37 2897920 ------w- c:\windows\system32\xpsp2res.dll
2013-06-06 22:23:08 -------- d-s---w- c:\documents and settings\ru nuts\UserData
2013-06-06 18:40:06 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2013-06-06 18:39:35 -------- d--h--w- c:\documents and settings\all users\application data\{52AC600B-5800-407E-99FF-83CD0669760B}
2013-06-06 18:39:25 -------- d-----w- c:\program files\Lavasoft
2013-06-06 08:47:26 69632 ----a-w- c:\windows\uinst001.exe
2013-06-06 08:41:50 -------- d-----w- C:\Intel
2013-06-06 08:41:49 155648 ----a-r- c:\windows\system32\igfxres.dll
2013-06-06 08:39:33 -------- d-----w- c:\documents and settings\ru nuts\local settings\application data\Adobe
2013-06-06 01:32:06 17024 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-06-06 01:24:15 471040 ----a-r- c:\windows\system32\ialmgdev.dll
2013-06-06 01:11:20 89088 ----a-w- c:\windows\system32\drivers\ianswxp.sys
2013-06-06 01:10:21 -------- d-----w- C:\IntelPRO
2013-06-05 03:51:45 -------- d-----w- c:\program files\ewido anti-malware
2013-06-05 03:36:52 -------- d-----w- c:\documents and settings\ru nuts\local settings\application data\IsolatedStorage
2013-06-05 03:36:45 -------- d-----w- c:\documents and settings\ru nuts\local settings\application data\HP
2013-06-05 03:36:39 -------- d-----w- c:\documents and settings\ru nuts\local settings\application data\ApplicationHistory
2013-06-05 01:40:28 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2013-06-05 01:39:56 -------- d-s---w- c:\windows\system32\Microsoft
2013-06-05 01:35:01 -------- d-----w- c:\windows\peernet
2013-06-05 01:35:00 -------- d-----w- c:\windows\provisioning
2013-06-05 01:31:11 -------- d-----w- c:\windows\system32\ReinstallBackups
2013-06-05 01:29:59 385024 ----a-w- c:\program files\netmeeting\callcont.dll
2013-06-05 01:28:57 -------- d-----w- c:\windows\EHome
2013-06-04 23:08:05 -------- d-----w- c:\documents and settings\ru nuts\application data\SUPERAntiSpyware.com
2013-06-04 23:08:04 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-06-04 22:56:00 -------- d-----w- c:\program files\common files\Sonic Shared
2013-06-04 22:55:17 -------- d-----w- c:\program files\common files\HP
2013-06-04 22:52:59 -------- d-----w- c:\windows\system32\URTTemp
2013-06-04 22:51:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2013-06-04 22:51:01 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2013-06-04 22:50:41 72192 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp43a.dll
2013-06-04 22:50:41 37376 ----a-w- c:\windows\system32\hpz3l43a.dll
2013-06-04 22:50:40 77824 ----a-r- c:\windows\system32\hpzids01.dll
2013-06-04 22:49:27 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2013-06-04 22:49:27 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2013-06-04 22:49:27 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2013-06-04 22:49:27 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2013-06-04 22:49:27 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2013-06-04 22:49:27 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2013-06-04 22:48:43 -------- d-----w- c:\program files\HP
2013-06-04 22:29:44 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2013-06-04 22:29:44 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-06-04 22:29:43 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-06-04 22:29:39 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2013-06-04 20:04:39 37888 ----a-w- c:\windows\system32\setupnt.dll
2013-06-02 18:57:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-06-02 18:56:44 -------- d-----w- c:\windows\ShellNew
2013-06-01 08:08:25 283648 ----a-w- c:\windows\uninst.exe
2013-06-01 08:08:11 -------- d-----w- c:\documents and settings\ru nuts\WINDOWS
2013-06-01 08:07:45 -------- d-----w- C:\My Documents
2013-06-01 08:07:44 77312 ----a-w- c:\windows\system32\TWAIN_32.DLL
2013-06-01 08:07:44 212480 ----a-w- c:\windows\system32\pcdlib32.dll
2013-06-01 08:04:09 96768 ----a-w- c:\windows\SlantAdj.dll
2013-06-01 08:04:09 73216 ----a-w- c:\windows\ADE.DLL
2013-06-01 08:04:09 3136 ----a-w- c:\windows\Ade001.bin
2013-06-01 08:04:05 -------- d-----w- c:\program files\EPSON
2013-06-01 08:02:53 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2013-06-01 08:02:53 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2013-06-01 08:02:53 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2013-06-01 08:02:53 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2013-06-01 08:02:52 602244 ------w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2013-06-01 07:58:48 2916352 ------w- c:\windows\UNNMP.exe
2013-06-01 07:57:19 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2013-06-01 07:55:41 2977792 ------w- c:\windows\UNNeroVision.exe
2013-06-01 07:55:41 24064 ------w- c:\windows\system32\msxml3a.dll
2013-06-01 07:55:02 476320 ------w- c:\windows\system32\ImagXpr7.dll
2013-06-01 07:55:02 471040 ------w- c:\windows\system32\ImagXRA7.dll
2013-06-01 07:55:02 38912 ------w- c:\windows\system32\picn20.dll
2013-06-01 07:55:02 364544 ------w- c:\windows\system32\TwnLib4.dll
2013-06-01 07:55:02 262144 ------w- c:\windows\system32\ImagXR7.dll
2013-06-01 07:55:02 1568768 ------w- c:\windows\system32\ImagX7.dll
2013-06-01 07:55:02 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2013-06-01 07:54:26 -------- d-----w- c:\windows\RegisteredPackages
2013-06-01 07:54:04 83456 ----a-w- c:\windows\system32\l3codecx.ax
2013-06-01 07:54:04 12288 ----a-w- c:\windows\system32\ksolay.ax
2013-06-01 07:54:03 46592 ----a-w- c:\windows\system32\dxdllreg.exe
2013-06-01 07:30:42 -------- d-sh--w- C:\Recycled
.
==================== Find3M ====================
.
.
============= FINISH: 22:22:33.98 ===============
Attached Files
File Type: zip attach.zip (2.4 KB, 42 views)
File Type: zip ark.zip (9.4 KB, 41 views)
File Type: txt dds.txt (20.2 KB, 53 views)
loftytopp is offline  
Sponsored Links
Advertisement
 
Old 06-26-2013, 10:03 PM   #2
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hi loftytopp and welcome,

This tool should make quick work of removing vGrabber. Please download AdwCleaner onto your Desktop, from the link below:

AdwCleaner Download

Double click on AdwCleaner.exe to run the tool.

Click on Search.

A logfile will automatically open after the scan has finished. Please attach that logfile in your reply.

You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the scan order number.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-28-2013, 11:54 PM   #3
Registered Member
 
Join Date: Jun 2013
Posts: 27
OS: winXP



Ried
Here is the Logfile of Adwcleaner;
Thanks

# AdwCleaner v2.303 - Logfile created 06/29/2013 at 23:48:22
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Ru Nuts - URNUTS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ru Nuts\My Documents\DownLoads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Ru Nuts\Application Data\Mozilla\Firefox\Profiles\buzbinjl.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Found : C:\END
Folder Found : C:\DOCUME~1\RUNUTS~1\LOCALS~1\Temp\CT3293216
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Downloader
Folder Found : C:\Documents and Settings\Ru Nuts\Application Data\DSite
Folder Found : C:\Documents and Settings\Ru Nuts\Application Data\Mozilla\Firefox\Profiles\buzbinjl.default\CT3293216
Folder Found : C:\Documents and Settings\Ru Nuts\Application Data\Mozilla\Firefox\Profiles\buzbinjl.default\extensions\{73507124-6acd-43aa-b749-c3bcfefbea97}
Folder Found : C:\Documents and Settings\Ru Nuts\Application Data\Mozilla\Firefox\Profiles\buzbinjl.default\extensions\[email protected]
Folder Found : C:\Documents and Settings\Ru Nuts\Application Data\Mozilla\Firefox\Profiles\buzbinjl.default\Smartbar
Folder Found : C:\Documents and Settings\Ru Nuts\Application Data\Mozilla\Firefox\Profiles\buzbinjl.default\SweetPacksToolbarData
Folder Found : C:\Documents and Settings\Ru Nuts\Application Data\SearchProtect
Folder Found : C:\Documents and Settings\Ru Nuts\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Ru Nuts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Documents and Settings\Ru Nuts\Local Settings\Application Data\Vgrabber_v1.5
Folder Found : C:\Documents and Settings\Ru Nuts\Local Settings\Application Data\Zoom_Downloader
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Vgrabber_v1.5
Folder Found : C:\Program Files\Zoom Downloader

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{73507124-6ACD-43AA-B749-C3BCFEFBEA97}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73507124-6ACD-43AA-B749-C3BCFEFBEA97}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Vgrabber_v1.5
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{73507124-6ACD-43AA-B749-C3BCFEFBEA97}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9817FDB5-8C5F-45F7-8740-6DEBD0AEAAE9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{250BECD2-5C43-48CF-A3C6-666338526D67}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73507124-6ACD-43AA-B749-C3BCFEFBEA97}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vgrabber_v1.5 Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\Vgrabber_v1.5
Key Found : HKU\S-1-5-21-746137067-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-746137067-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{73507124-6ACD-43AA-B749-C3BCFEFBEA97}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{73507124-6ACD-43AA-B749-C3BCFEFBEA97}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DownloadManager]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{73507124-6ACD-43AA-B749-C3BCFEFBEA97}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F6A7E5B1-D219-11E2-8C43-000C6E5C0C87}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F6A7E5B1-D219-11E2-8C43-000C6E5C0C87}

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Ru Nuts\Application Data\Mozilla\Firefox\Profiles\buzbinjl.default\prefs.js

Found : user_pref("CT3293216.1000082.isPlayDisplay", "true");
Found : user_pref("CT3293216.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Found : user_pref("CT3293216.1000234.TWC_TMP_city", "LOS ANGELES");
Found : user_pref("CT3293216.1000234.TWC_TMP_country", "US");
Found : user_pref("CT3293216.1000234.TWC_country", "UNITED STATES");
Found : user_pref("CT3293216.1000234.TWC_locId", "USCA0638");
Found : user_pref("CT3293216.1000234.TWC_location", "Los Angeles, CA");
Found : user_pref("CT3293216.1000234.TWC_region", "US");
Found : user_pref("CT3293216.1000234.TWC_temp_dis", "f");
Found : user_pref("CT3293216.1000234.TWC_wind_dis", "mph");
Found : user_pref("CT3293216.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"75F\",\"temperat[...]
Found : user_pref("CT3293216.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3293216.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3293216.FF19Solved", "true");
Found : user_pref("CT3293216.FirstTime", "true");
Found : user_pref("CT3293216.FirstTimeFF3", "true");
Found : user_pref("CT3293216.PG_ENABLE", "dHJ1ZQ==");
Found : user_pref("CT3293216.PG_ENABLE.enc", "dHJ1ZQ==");
Found : user_pref("CT3293216.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Found : user_pref("CT3293216.SF_STATUS.enc", "RU5BQkxFRA==");
Found : user_pref("CT3293216.UserID", "UN41638849167696643");
Found : user_pref("CT3293216.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3293216.addressUrlXPETakeover", "true");
Found : user_pref("CT3293216.autoDisableScopes", 0);
Found : user_pref("CT3293216.defaultSearch", "false");
Found : user_pref("CT3293216.embeddedsData", "[{\"appId\":\"130084258888001381\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3293216.enableAlerts", "true");
Found : user_pref("CT3293216.enableFix404ByUser", "TRUE");
Found : user_pref("CT3293216.enableSearchFromAddressBar", "true");
Found : user_pref("CT3293216.firstTimeDialogOpened", "true");
Found : user_pref("CT3293216.fixPageNotFoundError", "true");
Found : user_pref("CT3293216.fixPageNotFoundErrorByUser", "true");
Found : user_pref("CT3293216.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3293216.fixUrls", true);
Found : user_pref("CT3293216.installDate", "8/6/2013 0:13:37");
Found : user_pref("CT3293216.installId", "conduitinstaller.exe");
Found : user_pref("CT3293216.installSessionId", "-1");
Found : user_pref("CT3293216.installSp", "TRUE");
Found : user_pref("CT3293216.installType", "conduitnsisintegration");
Found : user_pref("CT3293216.installUsage", "2013-06-07T10:08:21.250071+03:00");
Found : user_pref("CT3293216.installUsageEarly", "2013-06-07T10:08:17.4124464+03:00");
Found : user_pref("CT3293216.installerVersion", "1.4.2.3");
Found : user_pref("CT3293216.isCheckedStartAsHidden", true);
Found : user_pref("CT3293216.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3293216.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3293216.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3293216.keyword", "true");
Found : user_pref("CT3293216.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Found : user_pref("CT3293216.lastVersion", "10.16.2.509");
Found : user_pref("CT3293216.mam_gk_appStateReportTime.enc", "MTM3MDg4NjcyOTEyMQ==");
Found : user_pref("CT3293216.mam_gk_appState_CouponBuddy.enc", "b2Zm");
Found : user_pref("CT3293216.mam_gk_appState_Easytobook.enc", "b2Zm");
Found : user_pref("CT3293216.mam_gk_appState_Easytobook_targeted.enc", "b2Zm");
Found : user_pref("CT3293216.mam_gk_appState_PriceGong.enc", "b2Zm");
Found : user_pref("CT3293216.mam_gk_appState_WindowShopper.enc", "b2Zm");
Found : user_pref("CT3293216.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT3293216.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Found : user_pref("CT3293216.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5Iiw[...]
Found : user_pref("CT3293216.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Found : user_pref("CT3293216.mam_gk_eventsCache.enc", "eyIwMmYyNDg4NS1lZDA2LTQ1ZDEtYjg2NS05NWZmNWY5YzAzNGUiO[...]
Found : user_pref("CT3293216.mam_gk_first_time.enc", "MQ==");
Found : user_pref("CT3293216.mam_gk_gadgetOpen.enc", "MA==");
Found : user_pref("CT3293216.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Found : user_pref("CT3293216.mam_gk_lastLoginTime.enc", "MTM3MDg4NjcyNTMwMA==");
Found : user_pref("CT3293216.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Found : user_pref("CT3293216.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT3293216.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3293216.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Found : user_pref("CT3293216.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Found : user_pref("CT3293216.mam_gk_userId.enc", "NWUyMmIzMjItZDg5Yi00YTdkLWJiMTItYTViY2ZlNDllZjg1");
Found : user_pref("CT3293216.mam_gk_user_approval_interacted.enc", "MQ==");
Found : user_pref("CT3293216.migrateAppsAndComponents", true);
Found : user_pref("CT3293216.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3293216.openThankYouPage", "false");
Found : user_pref("CT3293216.openUninstallPage", "true");
Found : user_pref("CT3293216.originalSearchAddressUrl", "");
Found : user_pref("CT3293216.revertSettingsEnabled", "FALSE");
Found : user_pref("CT3293216.search.searchAppId", "130084258888001381");
Found : user_pref("CT3293216.search.searchCount", "0");
Found : user_pref("CT3293216.searchInNewTabEnabledByUser", "false");
Found : user_pref("CT3293216.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3293216.searchRevert", "FALSE");
Found : user_pref("CT3293216.searchUserMode", "2");
Found : user_pref("CT3293216.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3293216.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3293216.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3293216.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3293216.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3293216.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3293216.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3293216.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1370675664971");
Found : user_pref("CT3293216.serviceLayer_services_appsMetadata_lastUpdate", "1370899289508");
Found : user_pref("CT3293216.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370675667088");
Found : user_pref("CT3293216.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1370675660[...]
Found : user_pref("CT3293216.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1370675666892")[...]
Found : user_pref("CT3293216.serviceLayer_services_location_lastUpdate", "1372146685438");
Found : user_pref("CT3293216.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372146692028");
Found : user_pref("CT3293216.serviceLayer_services_login_10.16.2.9_lastUpdate", "1370899497221");
Found : user_pref("CT3293216.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370675668186");
Found : user_pref("CT3293216.serviceLayer_services_searchAPI_lastUpdate", "1370899394444");
Found : user_pref("CT3293216.serviceLayer_services_serviceMap_lastUpdate", "1372146681607");
Found : user_pref("CT3293216.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370675664610");
Found : user_pref("CT3293216.serviceLayer_services_toolbarSettings_lastUpdate", "1372146685628");
Found : user_pref("CT3293216.serviceLayer_services_translation_lastUpdate", "1372146695343");
Found : user_pref("CT3293216.settingsINI", true);
Found : user_pref("CT3293216.shouldFirstTimeDialog", "false");
Found : user_pref("CT3293216.showToolbarPermission", "false");
Found : user_pref("CT3293216.smartbar.CTID", "CT3293216");
Found : user_pref("CT3293216.smartbar.Uninstall", "0");
Found : user_pref("CT3293216.smartbar.isHidden", true);
Found : user_pref("CT3293216.smartbar.toolbarName", "Vgrabber v1.5 ");
Found : user_pref("CT3293216.startPage", "false");
Found : user_pref("CT3293216.toolbarBornServerTime", "7-6-2013");
Found : user_pref("CT3293216.toolbarCurrentServerTime", "24-6-2013");
Found : user_pref("CT3293216.toolbarLoginClientTime", "Sat Jun 08 2013 00:14:25 GMT-0700 (Pacific Standard T[...]
Found : user_pref("CT3293216.versionFromInstaller", "10.16.2.9");
Found : user_pref("CT3293216_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("browser.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid={F6A7E5B1-D219-11E2-8C43-[...]
Found : user_pref("keyword.URL", "hxxp://start.sweetpacks.com?src=6&barid={F6A7E5B1-D219-11E2-8C43-000C6E5C0[...]
Found : user_pref("smartbar.addressBarOwnerCTID", "CT3293216");
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.machineId", "2JLZTPK2FVESQVV4OG+EBQ+QE04");
Found : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Found : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
Found : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
Found : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Found : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1372309651386");
Found : user_pref("sweetim.toolbar.Visibility.enable", "true");
Found : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Found : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");
Found : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
Found : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
Found : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
Found : user_pref("sweetim.toolbar.defaultProvider", "bng");
Found : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Found : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Found : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Found : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Found : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Found : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Found : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Found : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Found : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Found : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Found : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Found : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Found : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Found : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Found : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Found : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Found : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Found : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Found : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Found : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Found : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Found : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Found : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.newtab.created", "true");
Found : user_pref("sweetim.toolbar.newtab.enable", "true");
Found : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=[...]
Found : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Found : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Found : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Found : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Found : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Found : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Found : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Found : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Found : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Found : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Found : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Found : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Found : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Found : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Found : user_pref("sweetim.toolbar.scripts.2.callback", "");
Found : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Found : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Found : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Found : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Found : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Found : user_pref("sweetim.toolbar.searchguard.enable", "false");
Found : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Found : user_pref("sweetim.toolbar.simapp_id", "{F6A7E5B1-D219-11E2-8C43-000C6E5C0C87}");
Found : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?bar[...]
Found : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://toolbar.sweetpacks.com");
Found : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
Found : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");
Found : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");
Found : user_pref("sweetim.toolbar.version", "1.13.0.1");
Found : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Found : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Found : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks")[...]

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Ru Nuts\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.24] : search_url = "hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={F6A7E5B1-D219-11E2-8C43-000C6E5C0C87}&crg=3.5000006.10042&st=23",
Found [l.2147] : homepage = "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F6A7E5B1-D219-11E2-8C43-000C6E5C0C87}",

*************************

AdwCleaner[R1].txt - [26702 octets] - [29/06/2013 23:48:22]

########## EOF - C:\AdwCleaner[R1].txt - [26763 octets] ##########
Attached Files
File Type: txt AdwCleaner[R1]Logfile.txt (26.2 KB, 47 views)
loftytopp is offline  
Sponsored Links
Advertisement
 
Old 06-29-2013, 08:02 AM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hi,

Good, please run another scan with AdwCleaner and this time click the Delete button.

It will require a reboot, so be sure to close any work you may have open.

How is the machine behaving now?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-30-2013, 01:18 AM   #5
Registered Member
 
Join Date: Jun 2013
Posts: 27
OS: winXP



Ried
Run Adwcleaner and click Delete Removes VGRABBER from my system.

I am so greatfull for all of the assistance I received from this forum.
A big Thank You.
loftytopp is offline  
Old 06-30-2013, 01:45 AM   #6
Registered Member
 
Join Date: Jun 2013
Posts: 27
OS: winXP



I forgot to mention that I am not able to display System Information, I thought that VGRABBER was stopping it.
But now VGRABBER is deleted I still cannot display System Informmation.
Any suggestions on this.
loftytopp is offline  
Old 06-30-2013, 05:28 AM   #7
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hi loftytopp,

A quick search on that issue led me here https://www.techsupportforum.com/foru...tml#post592397

Try that and see if it helps. If not, it is a Windows XP issue and as such, you'd be better served starting a thread in that area and let the XP experts guide you furhter.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Vgrabber
In my uninstall list I have Vgrabber v1.5 Toolbar that I can not remove. Can some one help with uninstalling this nuisance. Thanks
loftytopp Windows XP Support 7 06-30-2013 01:27 AM
Recurring virus trying to access my computer every two minutes. Logs attached.
About a month ago a trojan manifesting itself as "Live Security Platinum" started to take over my computer, despite having McAfee running (I should have listened when I heard McAfee is terrible). I got rid of the virus using Malwarebytes, and hoped that would be the end of it. A few days...
gkhigg Virus/Trojan/Spyware Help 3 07-21-2012 10:15 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:01 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts