|
| I was reading a tractor forum and opened a new tab to look up something. Normally it opens to a blank page. This time it didn't. This time I got this:
I'll start scanning and checking but in the mean time I'm Pooh Bear Windows XP fully updated |
Follow-Up Postings:
|
| Ghribi.Search is a hijacker Could you run the program below, a box will pop up click on save file, save it to your desk top then double click it. Download AdwCleaner http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplo
de/2-adwcleaner Double click on AdwCleaner.exe to run the tool. Right click in the adwCleaner.exe and select "run as adminstrator" 1 Click the Search button. 2 A logfile will automatically open after the scan has finished. 3 Please post the content of that logfile in your next reply. 4 Or you can find the logfile at C:\AdwCleaner[R1].txt. Joe |
Here is a link that might be useful: adwcleaner
|
- Posted by poohbear2767 Dunlap Tn USA (My Page) on Tue, Dec 25, 12 at 23:51
| Deleting Log Files |
Here is a link that might be useful: AdwCleaner.txt
This post was edited by poohbear2767 on Fri, Jan 4, 13 at 14:56
|
| That's why I like to ask for logs. however I don't see Ghribi.Search but lots of other crap mostly www.conduit.com and you don't want that an all the other stuff it adds, so lets, Rescan with AdwCleaner. |
|
- Posted by poohbear2767 (My Page) on Wed, Dec 26, 12 at 0:19
| I typed Spyware Blaster, I meant Super AntiSpyware. I ran a scan with it and it found 3 critical items. I'll re-run the other scan and post the results. Thanks. Pooh Bear |
|
- Posted by poohbear2767 (My Page) on Wed, Dec 26, 12 at 0:41
| Super AntiSpyware found 3 critical, a bunch of tracking cookies, and YonToo. I don't remember what YonToo is used for or why I allowed it to be installed. I re-ran AdwCleaner and let it delete whatever it wanted to and then reboot. Here is the log. And a new tab still opens to that search engine. --------------------- # AdwCleaner v2.103 - Logfile created 12/25/2012 at 23:30:58 # Updated 25/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Pooh Bear - POOHS-COMPUTER # Boot Mode : Normal # Running from : C:\Documents and Settings\Pooh Bear\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** File Deleted : C:\WINDOWS\system32\Uninstall.exe Installer Data\Mozilla\Firefox\Profiles\3ajte1di.default\Conduit Data\Mozilla\Firefox\Profiles\3ajte1di.default\extensions\plugin@yonto
o.com ***** [Registry] ***** Key Deleted : HKCU\Software\Headlight HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\"FD72061E- 9FDE- 484D-A58A-0BAB4151CAD8> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\"DF7770F7-832 F-4BD F-B144-100EDDD0C3AE> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\"FD72061E-9FD E-484 D-A58A-0BAB4151CAD8> HKLM\SOFTWARE\Classes\AppID\"CFDAFE39-20CE-451D-BD45-A37452F39CF0> HKLM\SOFTWARE\Classes\CLSID\"10DE7085-6A1E-4D41-A7BF-9AF93E351401> HKLM\SOFTWARE\Classes\CLSID\"7E84186E-B5DE-4226-8A66-6E49C6B511B4> HKLM\SOFTWARE\Classes\CLSID\"80922EE0-8A76-46AE-95D5-BD3C3FE0708D> HKLM\SOFTWARE\Classes\CLSID\"99066096-8989-4612-841F-621A01D54AD7> HKLM\SOFTWARE\Classes\CLSID\"DF7770F7-832F-4BDF-B144-100EDDD0C3AE> HKLM\SOFTWARE\Classes\CLSID\"FD72061E-9FDE-484D-A58A-0BAB4151CAD8> HKLM\SOFTWARE\Classes\CLSID\"FE9271F2-6EFD-44B0-A826-84C829536E93> HKLM\SOFTWARE\Classes\Interface\"10DE7085-6A1E-4D41-A7BF-9AF93E351401> HKLM\SOFTWARE\Classes\Interface\"1AD27395-1659-4DFF-A319-2CFA243861A5> HKLM\SOFTWARE\Classes\Interface\"66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE> HKLM\SOFTWARE\Classes\TypeLib\"11549FE4-7C5A-4C17-9FC3-56FC5162A994> HKLM\SOFTWARE\Classes\TypeLib\"D372567D-67C1-4B29-B3F0-159B52B3E967> HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedl
c Management\ARPCache\"889DF117-14D1-44EE-9F31-C5FB5D47F68B> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\"FD72061E-9FDE-484D-A58A-0BAB4151CAD8> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\"DF7770 F7-83 2F-4BDF-B144-100EDDD0C3AE> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"889DF117-14D 1-44E E-9F31-C5FB5D47F68B> ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v4.0.1 (en-US) File : C:\Documents and Settings\Pooh Bear\Application Data\Mozilla\Firefox\Profiles\3ajte1di.default\prefs.js C:\Documents and Settings\Pooh Bear\Application Data\Mozilla\Firefox\Profiles\3ajte1di.default\user.js ... Deleted ! Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); "hxxp://grouping.services.conduit.com/"); GMT-0500 (Central Daylight Time)"); 23:08:23 GMT-0500 (Central Dayligh[...] "hxxp://translation.users.conduit.com/Translation.ashx[...] 23:08:36 GMT-0500 (Central Daylight Time)"[...] "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); "Search::hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...] 2010 23:08:36 GMT-0500 (Central Dayli[...] "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] 23:09:53 GMT-0500 (Central Daylight Ti[...] 2010 23:08:20 GMT-0500 (Central Day[...] "1269281492"); "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSour[...] "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] "chrome://browser-region/locale/region.pr[...] Apr 30 2010 00:09:53 GMT-0500 (Centr[...] "hxxp://alert.client.conduit.com"); 29 2010 23:08:20 GMT-0500 (Central D[...] "1234796400"); "hxxp://alert.services.conduit.com"); ""e97fe779-42f0-4229-84d2-720c858e430b>"); File : C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\jxj04usg.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Documents and Settings\Pooh Bear\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [9866 octets] - [25/12/2012 22:47:10] ########## EOF - C:\AdwCleaner[S1].txt - [10320 octets] ########## |
|
| OK. Good work there, Looks like adwCleaner does not have the definition file for Ghribi.Search I'm unfamiliar with Ghribi.Search too, But while you scanned, I researched, looks like spybot will remove it, ************************************************************ Spybot search an Destroy says it will remove it, as listed above, along with other stuff, So I'd download that and scan with it, that should get rid of Ghribi.Search for you. Joe PS Calling it a nite, will check back tomorrow. |
Here is a link that might be useful: Spybot
|
| Edit, You can always check the add remove programs list too, never know sometimes these things get listed there and can be removed that way. Does not hurt to check You can run adwCleaner once more this time choose uninstall and remove the program. Joe |
This post was edited by zep516 on Wed, Dec 26, 12 at 0:56
|
| PB, If you decide to use Spyboy S&D on your XP system consider using the prior version of v1.6.2 rather than v2. There have been reports of problems with the current version particularly on older systems. In fact, on the bottom of Z's linked page v1.6.2 is identified as "Still available for older PCs". The current definitions are right below it. Though v2 is suitable for Vista I still have the older version on this system and I have had no operational concerns. DA |
|
- Posted by poohbear2767 (My Page) on Wed, Dec 26, 12 at 18:28
| I ran v2 and it took all night and then some. Still didn't clean it. I will try v1.6.2 Maybe I should run from safe mode? Pooh Bear |
|
| OK. Try that. Do you have Hijackthis installed? Like to see a scan. Also, Open Firefox got to Tools at the top. If it wasn't in Extensions then click [b]PlugIns[/b] and see if it is in there. Let me know how this works. |
|
- Posted by poohbear2767 (My Page) on Wed, Dec 26, 12 at 22:31
| MBAM scan came up clean. SAS scan came up clean. Spybot scan came up clean, both versions. Nothing found in add/remove programs. Nothing found in extensions or plug ins for Firefox. Now to run Hijack This to see what it finds. Pooh Bear |
|
| Post the log report please. |
|
- Posted by poohbear2767 (My Page) on Wed, Dec 26, 12 at 23:10
| Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:08:13 PM, on 12/26/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 -- |
|
| Nothing there. Up in the browser click the small down arrow next to the Google Icon in the Google search box, does Ghribi show there? |
|
- Posted by poohbear2767 (My Page) on Wed, Dec 26, 12 at 23:29
| I opened a new tab to check and got this: Resource Limit Is Reached I clicked Home and it takes me to my home page (google) and Pooh Bear |
|
| This is a big scan, I usually don't do it here the results maybe to big for the forum. The scan itself only takes 5mins, see if you can do it. Download OTL to your desktop. See link below. |
Here is a link that might be useful: OTL
|
| If the scan will not post to the forum because it's 2 big, the only other thing I could suggest is to try reinstalling Firefox, from what I see you're using version 4 for whatever reason, the link is below |
Here is a link that might be useful: oldapps.com/firefox
This post was edited by zep516 on Thu, Dec 27, 12 at 1:20
|
- Posted by poohbear2767 Dunlap Tn USA (My Page) on Thu, Dec 27, 12 at 0:58
| A HouseCall scan came up clean. Here is a screen shot of the settings I used for OTL.
|
This post was edited by poohbear2767 on Thu, Dec 27, 12 at 1:01
|
| Do you know what this is: FF - prefs.js..extensions.enabledAddons: download_YouTube_ghribi@gmail.com:1.0.0 That's what I see from a quick look in the OTL.TXT Log under the FF(Firefox)settings. Tomorrow we can delete it, I'm just not 100 % what it is, and I need to sign off for now. But I can prepare a few deletions and include that, and also take a closer look at other lines in the log. Thank you for posting those logs like that. |
This post was edited by zep516 on Thu, Dec 27, 12 at 1:21
|
- Posted by poohbear2767 (My Page) on Thu, Dec 27, 12 at 12:36
| 1 Click YouTube Video Download. I removed that from add-ons and it fixed the problem. Thank you so much for your help with this. ~One VERY grateful Pooh Bear |
|
- Posted by ravencajun (My Page) on Thu, Dec 27, 12 at 14:34
| That is very helpful to know that it is coming along for the ride with that add on. I felt sure it was one of the notorious redirects tdss variants at first. I have never seen this one either Joe. Learn something new every day LOL good work to you too Pooh |
|
- Posted by poohbear2767 (My Page) on Thu, Dec 27, 12 at 16:59
| I have now updated to FireFox 12.0 and Easy YouTube Video Downloader 6.6 Again, thanks for the help. Pooh Bear |
|
| Glad you beat up on your bad guy. Curious though, why did you not go to current version of firefox - think its 17.01 last I knew. |
|
- Posted by poohbear2767 Dunlap Tn USA (My Page) on Thu, Dec 27, 12 at 21:47
| Didn't the latest version of FF have a security flaw? I only hit the update (Help>>About FF>>Check For Updates) once. It updated to v12. I'll do it again and see what I get. Edit - Ok, now I'm at v17.0.1 after another update. Pooh Bear |
This post was edited by poohbear2767 on Thu, Dec 27, 12 at 21:52
|
| poohbear please follow up, for additional clean up measures. note You're running out of free space! Windows needs 20% or more to run efficently. Please run OTL again. Under the Custom Scans/Fixes box at the bottom paste in the following text between the stars :otl :Files :commands ************************************************************ Post that directly to the forum. |
|
- Posted by poohbear2767 (My Page) on Sat, Dec 29, 12 at 18:39
| My hard drive is full because I recently did a bulk download of You Tube files. Normally I keep everything nice and tidy. I do need to burn some stuff off to data DVDs. I ran the scan. Twice. Both times I pasted that into the Pooh Bear |
|
- Posted by poohbear2767 Dunlap Tn USA (My Page) on Sat, Dec 29, 12 at 21:41
| Sorry it took so long to get back to this. I went into the hospital right after I posted. I just now got home and I really don't feel like dealing with this at the moment. Thank you for your help. Pooh Bear |
This post was edited by poohbear2767 on Fri, Jan 4, 13 at 14:55
|
| Hi, poohbear2767 Can you edit that and delete the log now, I don't want it here, sorry about that. |
Please Note: Only registered members are able to post messages to this forum. If you are a member, please log in. If you aren't yet a member, join now!
Return to the Computer Help Forum
Instructions
- You must be a registered member and logged in to post messages on our forums.
- Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review the contents and make changes.
- After posting your message, you may need to refresh the forum page in order to see it.
- It is illegal to post copyrighted material without the owner's consent.
- HTML codes are allowed in the message field only.
- No advertising is allowed in any of the forums.
- If you would like to practice posting or uploading photos, please visit our Test forum.
- If you need assistance, please Contact Us and we will be happy to help.