Jump to content


Photo
- - - - -

Conduit and Hotbar infection & maybe other infections - Please help


  • This topic is locked This topic is locked
35 replies to this topic

#1 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 25 July 2013 - 08:46 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16496  BrowserJavaVersion: 10.25.2
Run by john at 18:21:19 on 2013-07-25
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1918.848 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\brss01a.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\ATSCallingCard\install\ATSHotKey.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Users\john\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\john\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mSearchAssistant = about:blank
uURLSearchHooks: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - LocalServer32 - <no file>
mURLSearchHooks: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - LocalServer32 - <no file>
BHO: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - LocalServer32 - <no file>
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - LocalServer32 - <no file>
uRun: [Google Update] "c:\users\john\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN31MB3G6D05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
mRunOnce: [*ATScc] c:\atscallingcard\install\startup.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F795D011-9B30-4981-B2D5-540EA6685EA0} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\jxpz8zof.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\users\john\appdata\local\google\update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\jxpz8zof.default\extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}\plugins\np-mswmp.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\jxpz8zof.default\extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-02 10:27; {0134af61-7a0c-4649-aeca-90d776060cb3}; c:\users\john\appdata\roaming\mozilla\firefox\profiles\jxpz8zof.default\extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}
FF - ExtSQL: !HIDDEN! 2009-09-07 03:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.autoDisableScopes, 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-7-25 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-7-25 84024]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-7-25 108088]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-7-25 84744]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-16 12672]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-1 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-19 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-18 701512]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-11 1153368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-18 22856]
S2 MSWU-b97f617e;MSWU-b97f617e;c:\windows\system32\b97f617e.exe --> c:\windows\system32\b97f617e.exe [?]
S2 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe --> c:\windows\system32\f36decbb.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-18 13024]
.
=============== Created Last 30 ================
.
2013-07-26 00:44:47 -------- d-----w- c:\users\john\appdata\roaming\Avira
2013-07-26 00:40:21 -------- d-----w- c:\programdata\APN
2013-07-26 00:38:53 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-07-26 00:38:53 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-07-26 00:38:45 -------- d-----w- c:\programdata\Avira
2013-07-26 00:38:45 -------- d-----w- c:\program files\Avira
2013-07-25 21:46:27 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll
2013-07-25 21:24:57 -------- d-----w- c:\users\john\appdata\local\HP
2013-07-25 21:16:02 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe
2013-07-25 21:16:02 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll
2013-07-25 21:16:01 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll
2013-07-25 21:14:44 499088 ----a-w- c:\windows\system32\HPWia2_OJ8600.dll
2013-07-25 21:14:44 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll
2013-07-12 18:36:29 -------- d-----w- c:\users\john\appdata\local\LogMeIn Rescue Calling Card
2013-07-11 19:21:39 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-07-07 00:19:43 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-06 16:33:31 -------- d-----w- c:\users\john\appdata\local\Temp
2013-07-06 16:04:54 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-07-06 15:50:01 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-06 15:46:43 -------- d-----w- c:\programdata\HitmanPro
2013-07-06 15:19:39 -------- d-sh--w- C:\$RECYCLE.BIN
2013-07-06 14:59:22 28672 --sha-w- C:\mouse.exe
2013-07-06 14:59:21 -------- d-----w- C:\Advanced Tech Support
2013-07-06 12:04:30 -------- d-sh--w- C:\ATSCallingCard
2013-07-06 12:03:48 -------- d-----w- c:\users\john\appdata\local\LogMeIn Rescue Applet
2013-07-06 11:28:09 -------- d-----w- c:\users\john\appdata\roaming\ParetoLogic
2013-07-06 11:28:09 -------- d-----w- c:\users\john\appdata\roaming\DriverCure
2013-07-06 11:27:52 -------- d-----w- c:\program files\common files\ParetoLogic
2013-07-06 11:27:49 -------- d-----w- c:\programdata\ParetoLogic
2013-07-06 11:27:49 -------- d-----w- c:\program files\ParetoLogic
2013-07-06 09:58:45 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-07-06 09:58:40 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-07-06 09:58:40 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-07-06 09:58:39 16896 ----a-w- c:\windows\system32\winusb.dll
2013-07-06 09:58:38 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-07-06 09:58:38 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-07-06 09:58:36 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-07-06 09:58:36 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-07-06 09:58:35 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-07-06 09:58:35 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-07-06 09:58:35 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-07-06 09:55:12 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2013-07-06 09:55:06 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-07-06 09:55:04 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-04 12:05:59 -------- d-----w- c:\users\john\appdata\local\MigWiz
2013-07-02 17:28:38 -------- d-----w- c:\users\john\appdata\local\Conduit
2013-07-02 17:27:50 -------- d-----w- c:\users\john\appdata\local\CRE
2013-07-02 17:27:42 -------- d-----r- c:\program files\Skype
.
==================== Find3M  ====================
.
2013-07-26 01:07:09 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-07-07 00:19:24 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-06 16:40:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-06 16:40:29 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll
2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-08 04:37:21 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 04:04:52 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-05-02 22:03:36 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03:36 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 04:04:25 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:03:42 37376 ----a-w- c:\windows\system32\printcom.dll
2013-05-01 10:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 10:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 18:22:18.05 ===============
 


#2 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 25 July 2013 - 08:49 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 2/23/2007 1:13:00 PM
System Uptime: 7/25/2013 6:05:29 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | NODUSM3
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | Socket AM2  | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 292 GiB total, 193.047 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.874 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Advanced Tech Support Rescue Connect
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Avira Free Antivirus
Bonjour
CPUID CPU-Z 1.52.2
DivX
DriverUpdate
Enhanced Multimedia Keyboard Solution
GIMP 2.6.7
Google Chrome
Google Talk Plugin
GTK+ Runtime 2.14.7 rev a (remove only)
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Howie's Quick Screen Capture 1.1.1
HP Advisor
HP Connections (remove only)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Picasso Media Center Add-In
HP Update
I.R.I.S. OCR
iCloud
iTunes
Java 7 Update 25
Java Auto Updater
Java™ 6 Update 18
Java™ 6 Update 29
Juniper Networks Network Connect 7.0.0
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
LightScribe  1.4.124.1
LyricsSing
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
My HP Games
NVIDIA Drivers
OcxSetup
OpenOffice.org 3.2
Picasa 3
Pidgin
Python 2.4.3
QuickTime
Realtek High Definition Audio Driver
RegCure Pro
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Skype™ 6.3
SMPlayer 0.6.9
Soft Data Fax Modem with SmartCP
SopCast 1.1.2
Sports Connection
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
ViewSonic Monitor Drivers
XBMC Media Center
.
==== End Of File ===========================


#3 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 25 July 2013 - 08:51 PM

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.25.05
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
john :: FEZBEE [administrator]
 
Protection: Enabled
 
7/25/2013 6:29:48 PM
mbam-log-2013-07-25 (18-29-48).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203725
Time elapsed: 7 minute(s), 56 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 25 July 2013 - 08:54 PM

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


MrC


Note:
Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 25 July 2013 - 09:05 PM

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : john [Admin rights]
Mode : Scan -- Date : 07/25/2013 19:02:46
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{D7459153-F1DD-46D7-B86C-7108C8779D5E}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{D7459153-F1DD-46D7-B86C-7108C8779D5E}.exe - --uninstall=1 [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[75] : NtCreateSection @ 0x82674FA5 -> HOOKED (Unknown @ 0x89D84FBE)
[Address] SSDT[276] : NtRequestWaitReplyPort @ 0x82687142 -> HOOKED (Unknown @ 0x89D84FC8)
[Address] SSDT[289] : NtSetContextThread @ 0x826D62AB -> HOOKED (Unknown @ 0x89D84FC3)
[Address] SSDT[314] : NtSetSecurityObject @ 0x82603023 -> HOOKED (Unknown @ 0x89D84FCD)
[Address] SSDT[332] : NtSystemDebugControl @ 0x8263BEF1 -> HOOKED (Unknown @ 0x89D84FD2)
[Address] SSDT[334] : NtTerminateProcess @ 0x82634173 -> HOOKED (Unknown @ 0x89D84F5F)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89D84FE6)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x89D84FEB)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
::1             localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST332082 0AS SCSI Disk Device +++++
--- User ---
[MBR] c27ca0af705db693047314d47ea7e883
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 298834 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 612012240 | Size: 6408 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[0]_S_07252013_190246.txt >>


#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 25 July 2013 - 09:19 PM

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:
Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 28 July 2013 - 09:26 AM

# AdwCleaner v2.306 - Logfile created 07/27/2013 at 12:08:55
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : john - FEZBEE
# Boot Mode : Normal
# Running from : C:\Users\john\Downloads\adwcleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\searchplugins\Conduit.xml
File Found : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\searchplugins\Search_Results.xml
Folder Found : C:\Program Files\Common Files\ParetoLogic
Folder Found : C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Folder Found : C:\Program Files\ParetoLogic
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\Users\john\AppData\Local\Conduit
Folder Found : C:\Users\john\AppData\Local\Ilivid Player
Folder Found : C:\Users\john\AppData\Local\PackageAware
Folder Found : C:\Users\john\AppData\Local\Temp\APN
Folder Found : C:\Users\john\AppData\LocalLow\AVG Security Toolbar
Folder Found : C:\Users\john\AppData\LocalLow\Conduit
Folder Found : C:\Users\john\AppData\LocalLow\Hotbar
Folder Found : C:\Users\john\AppData\LocalLow\KeyBar_1.12
Folder Found : C:\Users\john\AppData\Roaming\DriverCure
Folder Found : C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Found : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\CT3291325
Folder Found : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}
Folder Found : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\Smartbar
Folder Found : C:\Users\john\AppData\Roaming\ParetoLogic
 
***** [Registry] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Hotbar
Key Found : HKCU\Software\AppDataLow\Software\KeyBar_1.12
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hotbarsa
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0A51D53C-6F3C-426E-B789-2A21526E6546}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3291325
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\KeyBar_1.12
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64E9CA00-8B7E-465A-960B-802B56965CB7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF5A447E-64DD-4CC7-B37E-AA8F9B1B4855}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A51D53C-6F3C-426E-B789-2A21526E6546}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKU\S-1-5-21-1846296755-3997670398-3803951554-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16496
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v22.0 (en-US)
 
File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\prefs.js
 
Found : user_pref("CT3291325.1000082.isPlayDisplay", "true");
Found : user_pref("CT3291325.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3291325.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3291325.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3291325.FF19Solved", "true");
Found : user_pref("CT3291325.FirstTime", "true");
Found : user_pref("CT3291325.FirstTimeFF3", "true");
Found : user_pref("CT3291325.PG_ENABLE", "dHJ1ZQ==");
Found : user_pref("CT3291325.PG_ENABLE.enc", "dHJ1ZQ==");
Found : user_pref("CT3291325.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Found : user_pref("CT3291325.SF_STATUS.enc", "RU5BQkxFRA==");
Found : user_pref("CT3291325.UserID", "UN37823285912837722");
Found : user_pref("CT3291325.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3291325.autoDisableScopes", -1);
Found : user_pref("CT3291325.browser.search.defaultthis.engineName", "true");
Found : user_pref("CT3291325.countryCode", "US");
Found : user_pref("CT3291325.defaultSearch", "true");
Found : user_pref("CT3291325.enableAlerts", "true");
Found : user_pref("CT3291325.enableFix404ByUser", "TRUE");
Found : user_pref("CT3291325.enableSearchFromAddressBar", "true");
Found : user_pref("CT3291325.firstTimeDialogOpened", "true");
Found : user_pref("CT3291325.fixPageNotFoundError", "true");
Found : user_pref("CT3291325.fixPageNotFoundErrorByUser", "true");
Found : user_pref("CT3291325.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3291325.fixUrls", true);
Found : user_pref("CT3291325.fullUserID", "UN37823285912837722.IN.20130702102657");
Found : user_pref("CT3291325.installDate", "02/07/2013 10:26:57");
Found : user_pref("CT3291325.installId", "stub.exe");
Found : user_pref("CT3291325.installSessionId", "{1D95F460-D0A7-4079-A64E-2B5BBE0A96B0}");
Found : user_pref("CT3291325.installSp", "TRUE");
Found : user_pref("CT3291325.installType", "conduitnsisintegration");
Found : user_pref("CT3291325.installUsage", "2013-07-04T11:08:02.8099177+03:00");
Found : user_pref("CT3291325.installUsageEarly", "2013-07-04T11:08:01.5911443+03:00");
Found : user_pref("CT3291325.installerVersion", "1.5.4.1");
Found : user_pref("CT3291325.isCheckedStartAsHidden", true);
Found : user_pref("CT3291325.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3291325.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3291325.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3291325.keyword", "true");
Found : user_pref("CT3291325.lastVersion", "10.16.7.525");
Found : user_pref("CT3291325.mam_gk_appStateReportTime.enc", "MTM3MjkyNTI5MDE2Mw==");
Found : user_pref("CT3291325.mam_gk_appState_ACplus.enc", "b2Zm");
Found : user_pref("CT3291325.mam_gk_appState_CouponBuddy.enc", "b2Zm");
Found : user_pref("CT3291325.mam_gk_appState_Easytobook.enc", "b2Zm");
Found : user_pref("CT3291325.mam_gk_appState_Easytobook_targeted.enc", "b2Zm");
Found : user_pref("CT3291325.mam_gk_appState_PriceGong.enc", "b2Zm");
Found : user_pref("CT3291325.mam_gk_appState_WindowShopper.enc", "b2Zm");
Found : user_pref("CT3291325.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT3291325.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Found : user_pref("CT3291325.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkFDcGx1cyIsImNyaXR[...]
Found : user_pref("CT3291325.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Found : user_pref("CT3291325.mam_gk_eventsCache.enc", "eyIxMGU1ZmY0ZC02MTI0LTQxYTctOWQyZC01ZGRjOTAzNjczMWQiO[...]
Found : user_pref("CT3291325.mam_gk_first_time.enc", "MQ==");
Found : user_pref("CT3291325.mam_gk_gadgetOpen.enc", "MA==");
Found : user_pref("CT3291325.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Found : user_pref("CT3291325.mam_gk_lastLoginTime.enc", "MTM3MjkyNTI4NjMyNA==");
Found : user_pref("CT3291325.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Found : user_pref("CT3291325.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT3291325.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3291325.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Found : user_pref("CT3291325.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Found : user_pref("CT3291325.mam_gk_userId.enc", "YmM2YWU2Y2MtMDQ4MS00Yzk2LWI0NGYtZGVlYzlmNDZmNGEy");
Found : user_pref("CT3291325.mam_gk_user_approval_interacted.enc", "MQ==");
Found : user_pref("CT3291325.migrateAppsAndComponents", true);
Found : user_pref("CT3291325.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.c[...]
Found : user_pref("CT3291325.openThankYouPage", "false");
Found : user_pref("CT3291325.openUninstallPage", "true");
Found : user_pref("CT3291325.originalSearchEngine", "");
Found : user_pref("CT3291325.price-gong.isManagedApp", "true");
Found : user_pref("CT3291325.revertSettingsEnabled", "false");
Found : user_pref("CT3291325.search.searchAppId", "130075605210846225");
Found : user_pref("CT3291325.search.searchCount", "0");
Found : user_pref("CT3291325.searchFromAddressBarEnabledByUser", "true");
Found : user_pref("CT3291325.searchInNewTabEnabledByUser", "true");
Found : user_pref("CT3291325.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3291325.searchRevert", "false");
Found : user_pref("CT3291325.searchSuggestEnabledByUser", "true");
Found : user_pref("CT3291325.searchUserMode", "2");
Found : user_pref("CT3291325.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3291325.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3291325.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3291325.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3291325.serviceLayer_services_Configuration_lastUpdate", "1373654397580");
Found : user_pref("CT3291325.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1372925280530");
Found : user_pref("CT3291325.serviceLayer_services_appsMetadata_lastUpdate", "1372925280466");
Found : user_pref("CT3291325.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372925280413");
Found : user_pref("CT3291325.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1372925279[...]
Found : user_pref("CT3291325.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1372925281895")[...]
Found : user_pref("CT3291325.serviceLayer_services_login_10.16.4.19_lastUpdate", "1372938563760");
Found : user_pref("CT3291325.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373654397731");
Found : user_pref("CT3291325.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372925280477");
Found : user_pref("CT3291325.serviceLayer_services_searchAPI_lastUpdate", "1373654397346");
Found : user_pref("CT3291325.serviceLayer_services_serviceMap_lastUpdate", "1373654397278");
Found : user_pref("CT3291325.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372925279934");
Found : user_pref("CT3291325.serviceLayer_services_toolbarSettings_lastUpdate", "1373654397380");
Found : user_pref("CT3291325.settingsINI", true);
Found : user_pref("CT3291325.shouldFirstTimeDialog", "false");
Found : user_pref("CT3291325.showToolbarPermission", "false");
Found : user_pref("CT3291325.smartbar.CTID", "CT3291325");
Found : user_pref("CT3291325.smartbar.Uninstall", "0");
Found : user_pref("CT3291325.smartbar.homepage", "true");
Found : user_pref("CT3291325.smartbar.isHidden", true);
Found : user_pref("CT3291325.smartbar.toolbarName", "KeyBar 1.12 ");
Found : user_pref("CT3291325.startPage", "true");
Found : user_pref("CT3291325.toolbarBornServerTime", "4-7-2013");
Found : user_pref("CT3291325.toolbarCurrentServerTime", "12-7-2013");
Found : user_pref("CT3291325.toolbarLoginClientTime", "Thu Jul 04 2013 01:08:00 GMT-0700 (Pacific Daylight T[...]
Found : user_pref("CT3291325.versionFromInstaller", "10.16.4.19");
Found : user_pref("CT3291325_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3291325");
Found : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.12 Customized Web Search");
Found : user_pref("browser.search.order.1", "Search Results");
Found : user_pref("smartbar.addressBarOwnerCTID", "CT3291325");
Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3291325");
Found : user_pref("smartbar.homePageOwnerCTID", "CT3291325");
Found : user_pref("smartbar.machineId", "HCQYPXZXHZCV5SGEN7MXYIEUVDM1SRBY2UUVMT4AXURBNV2IIZ/KTX3MCKT6US50BND[...]
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [17855 octets] - [27/07/2013 12:08:55]
 
########## EOF - C:\AdwCleaner[R1].txt - [17916 octets] ##########


#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 July 2013 - 09:49 AM

Lots of adware found....lets clear it out.....
  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Then......

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 July 2013 - 10:44 AM

How are we doing??
 
Do you still need help or can I close this post??
 
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 01 August 2013 - 12:51 AM

 
 


#11 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 01 August 2013 - 12:54 AM

# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : john - FEZBEE
# Boot Mode : Normal
# Running from : C:\Users\john\Desktop\adwcleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Found : C:\Program Files\Conduit
 
***** [Registry] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16496
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v22.0 (en-US)
 
File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Found [l.25] : keyword = "search.conduit.com",
 
*************************
 
AdwCleaner[R1].txt - [17986 octets] - [27/07/2013 12:08:55]
AdwCleaner[R2].txt - [18045 octets] - [28/07/2013 19:20:56]
AdwCleaner[R3].txt - [6155 octets] - [31/07/2013 21:49:32]
AdwCleaner[R4].txt - [6215 octets] - [31/07/2013 21:53:02]
AdwCleaner[R5].txt - [1521 octets] - [31/07/2013 22:47:13]
AdwCleaner[S1].txt - [18468 octets] - [28/07/2013 19:21:55]
AdwCleaner[S2].txt - [6162 octets] - [31/07/2013 21:53:21]
 
########## EOF - C:\AdwCleaner[R5].txt - [1702 octets] ##########


#12 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 01 August 2013 - 01:06 AM

I had a great deal of problems trying to completing the download of _Junkware_Removal_Tool_ .  I believe I choose a different type of Junkware Removal Tool because it did not produce a ( JRT.txt ) , so I did not post this .  Instead ran AdwCleaner a few times and hit Delete as well .   Again will search for correct  "JRT" after this post .  Sorry , I got discouraged .



#13 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 01 August 2013 - 01:23 AM

~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by john on Wed 07/31/2013 at 23:15:17.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3248874F-4E60-4148-A44C-EE3F78BA0C8E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C072DDD4-01E2-4713-86C0-EFB7CAAA3E13}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D2D561D7-63F4-4786-9534-3F920B17A824}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C072DDD4-01E2-4713-86C0-EFB7CAAA3E13}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D2D561D7-63F4-4786-9534-3F920B17A824}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\tasks\LyricsSing Update.job
Successfully deleted: [File] "C:\Windows\tasks\driverupdate startup.job"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\conduit"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\jxpz8zof.default\minidumps [1 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\empccjjjdnnmgajlbddhbdejjjjhijeh
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/31/2013 at 23:17:58.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#14 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 01 August 2013 - 07:25 AM

Looks Good.....

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 01 August 2013 - 12:46 PM

 Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.08.01.01
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
john :: FEZBEE [administrator]
 
Protection: Enabled
 
8/1/2013 10:30:25 AM
MBAM-log-2013-08-01 (10-43-19).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204181
Time elapsed: 8 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Users\john\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\john\AppData\Local\Temp\UpdUninstall.exe (PUP.Optional.InstallMonetize) -> No action taken.
 
(end)


#16 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 01 August 2013 - 01:03 PM

I hope these were deleted:
 

Files Detected: 2
C:\Users\john\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\john\AppData\Local\Temp\UpdUninstall.exe (PUP.Optional.InstallMonetize) -> No action taken.

 


How is it?? MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#17 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 01 August 2013 - 01:18 PM

Something is still not right : Google will not open correctly as before .  A window opened automatic : WARNING : type , X  "encircled in red" RunDLL , Error loading C:\Program Files\Conduit\CT3289847\plugins\TBVerifier.dll                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The Specified module could not be found .   " OK "   Box Located at bottom of the window .



#18 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 01 August 2013 - 01:29 PM

Maybe , re-run AdwCleaner , Click on Delete button .  Then repeat Junkware Removal Tool , process correctly the first time .  And post each results again JRT.txt .  Then finally what I did today , repeated ?



#19 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 01 August 2013 - 01:58 PM

Yes, try that....MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#20 J_Black

J_Black

    New Member

  • Members
  • Pip
  • 23 posts

Posted 01 August 2013 - 03:49 PM

Avira Free Antivirus
Report file date: Thursday, August 01, 2013  12:02
 
 
The program is running as an unrestricted full version.
Online services are available.
 
Licensee        : Avira Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows Vista ™ Home Premium
Windows version : (Service Pack 2)  [6.0.6002]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : FEZBEE
 
Version information:
BUILD.DAT       : 13.0.0.3884    54852 Bytes   7/18/2013 22:10:00
AVSCAN.EXE      : 13.6.0.1722   634936 Bytes   7/18/2013 15:02:55
AVSCANRC.DLL    : 13.6.0.1550    52280 Bytes   7/18/2013 15:03:34
LUKE.DLL        : 13.6.0.1550    65080 Bytes   7/18/2013 15:03:18
AVSCPLR.DLL     : 13.6.0.1712    92216 Bytes   7/18/2013 15:02:55
AVREG.DLL       : 13.6.0.1550   247864 Bytes   7/18/2013 15:02:52
avlode.dll      : 13.6.2.1704   449592 Bytes   7/18/2013 15:02:51
avlode.rdf      : 13.0.1.22      26240 Bytes   7/26/2013 00:42:12
VBASE000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 18:39:01
VBASE001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 20:41:17
VBASE002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 15:03:28
VBASE003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 15:03:29
VBASE004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 00:41:55
VBASE005.VDF    : 7.11.91.177     2048 Bytes   7/23/2013 00:41:56
VBASE006.VDF    : 7.11.91.178     2048 Bytes   7/23/2013 00:41:56
VBASE007.VDF    : 7.11.91.179     2048 Bytes   7/23/2013 00:41:56
VBASE008.VDF    : 7.11.91.180     2048 Bytes   7/23/2013 00:41:56
VBASE009.VDF    : 7.11.91.181     2048 Bytes   7/23/2013 00:41:56
VBASE010.VDF    : 7.11.91.182     2048 Bytes   7/23/2013 00:41:57
VBASE011.VDF    : 7.11.91.183     2048 Bytes   7/23/2013 00:41:57
VBASE012.VDF    : 7.11.91.184     2048 Bytes   7/23/2013 00:41:57
VBASE013.VDF    : 7.11.92.32    156160 Bytes   7/24/2013 00:41:58
VBASE014.VDF    : 7.11.92.147   168960 Bytes   7/25/2013 00:41:59
VBASE015.VDF    : 7.11.93.93    419328 Bytes   7/28/2013 14:16:37
VBASE016.VDF    : 7.11.93.170  1403392 Bytes   7/29/2013 04:48:47
VBASE017.VDF    : 7.11.94.31    222208 Bytes   7/31/2013 04:48:48
VBASE018.VDF    : 7.11.94.32      2048 Bytes   7/31/2013 04:48:48
VBASE019.VDF    : 7.11.94.33      2048 Bytes   7/31/2013 04:48:48
VBASE020.VDF    : 7.11.94.34      2048 Bytes   7/31/2013 04:48:49
VBASE021.VDF    : 7.11.94.35      2048 Bytes   7/31/2013 04:48:49
VBASE022.VDF    : 7.11.94.36      2048 Bytes   7/31/2013 04:48:49
VBASE023.VDF    : 7.11.94.37      2048 Bytes   7/31/2013 04:48:49
VBASE024.VDF    : 7.11.94.38      2048 Bytes   7/31/2013 04:48:49
VBASE025.VDF    : 7.11.94.39      2048 Bytes   7/31/2013 04:48:49
VBASE026.VDF    : 7.11.94.40      2048 Bytes   7/31/2013 04:48:50
VBASE027.VDF    : 7.11.94.41      2048 Bytes   7/31/2013 04:48:50
VBASE028.VDF    : 7.11.94.42      2048 Bytes   7/31/2013 04:48:50
VBASE029.VDF    : 7.11.94.43      2048 Bytes   7/31/2013 04:48:50
VBASE030.VDF    : 7.11.94.44      2048 Bytes   7/31/2013 04:48:50
VBASE031.VDF    : 7.11.94.96     95744 Bytes    8/1/2013 16:37:37
Engine version  : 8.2.12.94 
AEVDF.DLL       : 8.1.3.4       102774 Bytes   7/18/2013 15:02:45
AESCRIPT.DLL    : 8.1.4.136     504190 Bytes   7/26/2013 17:47:08
AESCN.DLL       : 8.1.10.4      131446 Bytes   3/27/2013 05:15:12
AESBX.DLL       : 8.2.5.12      606578 Bytes  11/29/2012 19:26:08
AERDL.DLL       : 8.2.0.128     688504 Bytes   7/18/2013 15:02:45
AEPACK.DLL      : 8.3.2.24      749945 Bytes   7/18/2013 15:02:45
AEOFFICE.DLL    : 8.1.2.74      205181 Bytes   7/26/2013 17:47:07
AEHEUR.DLL      : 8.1.4.504    6046074 Bytes   7/26/2013 17:47:07
AEHELP.DLL      : 8.1.27.4      266617 Bytes   7/18/2013 15:02:37
AEGEN.DLL       : 8.1.7.10      442743 Bytes   7/26/2013 17:47:00
AEEXP.DLL       : 8.4.1.36      278903 Bytes   7/26/2013 17:47:09
AEEMU.DLL       : 8.1.3.2       393587 Bytes  11/29/2012 19:26:05
AECORE.DLL      : 8.1.31.6      201081 Bytes   7/18/2013 15:02:37
AEBB.DLL        : 8.1.1.4        53619 Bytes  11/29/2012 19:26:05
AVWINLL.DLL     : 13.6.0.1550    23608 Bytes   7/18/2013 15:02:59
AVPREF.DLL      : 13.6.0.1550    48184 Bytes   7/18/2013 15:02:52
AVREP.DLL       : 13.6.0.1550   175672 Bytes   7/18/2013 15:02:52
AVARKT.DLL      : 13.6.0.1626   258104 Bytes   7/18/2013 15:02:47
AVEVTLOG.DLL    : 13.6.0.1550   164920 Bytes   7/18/2013 15:02:50
SQLITE3.DLL     : 3.7.0.1       394824 Bytes   7/18/2013 15:03:25
AVSMTP.DLL      : 13.6.0.1550    59960 Bytes   7/18/2013 15:02:56
NETNT.DLL       : 13.6.0.1550    13368 Bytes   7/18/2013 15:03:18
RCIMAGE.DLL     : 13.4.0.360   4782880 Bytes   7/18/2013 15:03:40
RCTEXT.DLL      : 13.6.0.1624    65080 Bytes   7/18/2013 15:03:40
 
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, 
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
 
Start of the scan: Thursday, August 01, 2013  12:02
 
Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
 
Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!
 
Starting search for hidden objects.
 
The scan of running processes will be started:
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '106' Module(s) have been scanned
Scan process 'avscan.exe' - '52' Module(s) have been scanned
Scan process 'avcenter.exe' - '74' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'iPodService.exe' - '30' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '23' Module(s) have been scanned
Scan process 'Skype.exe' - '117' Module(s) have been scanned
Scan process 'avgnt.exe' - '73' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '67' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '16' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '47' Module(s) have been scanned
Scan process 'kbd.exe' - '70' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '13' Module(s) have been scanned
Scan process 'ATSHotKey.exe' - '28' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'taskeng.exe' - '78' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'Explorer.EXE' - '158' Module(s) have been scanned
Scan process 'mbamgui.exe' - '33' Module(s) have been scanned
Scan process 'Dwm.exe' - '31' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '32' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '9' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'mbamservice.exe' - '44' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '32' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '20' Module(s) have been scanned
Scan process 'dsNcService.exe' - '41' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '66' Module(s) have been scanned
Scan process 'avguard.exe' - '67' Module(s) have been scanned
Scan process 'armsvc.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '87' Module(s) have been scanned
Scan process 'brss01a.exe' - '13' Module(s) have been scanned
Scan process 'brsvc01a.exe' - '13' Module(s) have been scanned
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'rundll32.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '150' Module(s) have been scanned
Scan process 'svchost.exe' - '94' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
 
Starting to scan executable files (registry):
The registry was scanned ( '2349' files ).
 
 
Starting the file scan:
 
Begin scan in 'C:\' <HP>
C:\Program Files\HP Games\Tornado Jockey\Tornado.exe
  [DETECTION] Is the TR/Spy.2951336 Trojan
Begin scan in 'D:\' <Recovery>
    [0] Archive type: RSRC
    --> D:\hp\apps\APP02253\src\install\games\tornadojockey-setup.exe
        [1] Archive type: NSIS
      --> [ProgramFilesDir]/HP Games/Tornado Jockey/Tornado.exe
          [DETECTION] Is the TR/Spy.2951336 Trojan
          [WARNING]   Infected files in archives cannot be repaired
D:\hp\apps\APP02253\src\install\games\tornadojockey-setup.exe
  [DETECTION] Is the TR/Spy.2951336 Trojan
 
Beginning disinfection:
D:\hp\apps\APP02253\src\install\games\tornadojockey-setup.exe
  [DETECTION] Is the TR/Spy.2951336 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '57746513.qua'!
C:\Program Files\HP Games\Tornado Jockey\Tornado.exe
  [DETECTION] Is the TR/Spy.2951336 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '4fe34ab4.qua'!
 
 
End of the scan: Thursday, August 01, 2013  13:42
Used time:  1:39:25 Hour(s)
 
The scan has been done completely.
 
  28729 Scanned directories
 728212 Files were scanned
      3 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      2 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 728209 Files not concerned
   5910 Archives were scanned
      1 Warnings
      2 Notes
 711401 Objects were scanned with rootkit scan
      0 Hidden objects were found
This was results from a Avira scan , I performed first , OK .





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users