Jump to content

Conduit and Hotbar infection & maybe other infections - Please help


Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16496  BrowserJavaVersion: 10.25.2

Run by john at 18:21:19 on 2013-07-25

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1918.848 [GMT -7:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\brss01a.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\DriverUpdate\DriverUpdate.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\ATSCallingCard\install\ATSHotKey.exe

C:\hp\support\hpsysdrv.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

C:\Users\john\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\john\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank


mSearchAssistant = about:blank

uURLSearchHooks: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - LocalServer32 - <no file>

mURLSearchHooks: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - LocalServer32 - <no file>

BHO: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - LocalServer32 - <no file>

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - <orphaned>

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - LocalServer32 - <no file>

uRun: [Google Update] "c:\users\john\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN31MB3G6D05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRunOnce: [Launcher] c:\windows\sminst\launcher.exe

mRunOnce: [*ATScc] c:\atscallingcard\install\startup.exe

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-Explorer: NoResolveTrack = dword:1

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.






TCP: NameServer = 192.168.1.1

TCP: Interfaces\{F795D011-9B30-4981-B2D5-540EA6685EA0} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\jxpz8zof.default\


FF - prefs.js: browser.search.selectedEngine - Google


FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: c:\users\john\appdata\local\google\update\1.3.21.149\npGoogleUpdate3.dll

FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\jxpz8zof.default\extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}\plugins\np-mswmp.dll

FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\jxpz8zof.default\extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}\plugins\npConduitFirefoxPlugin.dll

FF - plugin: c:\users\john\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\john\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\users\john\appdata\roaming\mozilla\plugins\npo1d.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2013-07-02 10:27; {0134af61-7a0c-4649-aeca-90d776060cb3}; c:\users\john\appdata\roaming\mozilla\firefox\profiles\jxpz8zof.default\extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}

FF - ExtSQL: !HIDDEN! 2009-09-07 03:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.autoDisableScopes, 0

FF - user.js: extensions.shownSelectionUI - true

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-7-25 37352]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-7-25 84024]

R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-7-25 108088]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-7-25 84744]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-16 12672]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-1 21504]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-19 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-18 701512]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-11 1153368]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-18 22856]

S2 MSWU-b97f617e;MSWU-b97f617e;c:\windows\system32\b97f617e.exe --> c:\windows\system32\b97f617e.exe [?]

S2 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe --> c:\windows\system32\f36decbb.exe [?]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-18 13024]

.

=============== Created Last 30 ================

.

2013-07-26 00:44:47 -------- d-----w- c:\users\john\appdata\roaming\Avira

2013-07-26 00:40:21 -------- d-----w- c:\programdata\APN

2013-07-26 00:38:53 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-07-26 00:38:53 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-07-26 00:38:45 -------- d-----w- c:\programdata\Avira

2013-07-26 00:38:45 -------- d-----w- c:\program files\Avira

2013-07-25 21:46:27 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll

2013-07-25 21:24:57 -------- d-----w- c:\users\john\appdata\local\HP

2013-07-25 21:16:02 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe

2013-07-25 21:16:02 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll

2013-07-25 21:16:01 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll

2013-07-25 21:14:44 499088 ----a-w- c:\windows\system32\HPWia2_OJ8600.dll

2013-07-25 21:14:44 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll

2013-07-12 18:36:29 -------- d-----w- c:\users\john\appdata\local\LogMeIn Rescue Calling Card

2013-07-11 19:21:39 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-07-07 00:19:43 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-06 16:33:31 -------- d-----w- c:\users\john\appdata\local\Temp

2013-07-06 16:04:54 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-07-06 15:50:01 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-07-06 15:46:43 -------- d-----w- c:\programdata\HitmanPro

2013-07-06 15:19:39 -------- d-sh--w- C:\$RECYCLE.BIN

2013-07-06 14:59:22 28672 --sha-w- C:\mouse.exe

2013-07-06 14:59:21 -------- d-----w- C:\Advanced Tech Support

2013-07-06 12:04:30 -------- d-sh--w- C:\ATSCallingCard

2013-07-06 12:03:48 -------- d-----w- c:\users\john\appdata\local\LogMeIn Rescue Applet

2013-07-06 11:28:09 -------- d-----w- c:\users\john\appdata\roaming\ParetoLogic

2013-07-06 11:28:09 -------- d-----w- c:\users\john\appdata\roaming\DriverCure

2013-07-06 11:27:52 -------- d-----w- c:\program files\common files\ParetoLogic

2013-07-06 11:27:49 -------- d-----w- c:\programdata\ParetoLogic

2013-07-06 11:27:49 -------- d-----w- c:\program files\ParetoLogic

2013-07-06 09:58:45 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-07-06 09:58:40 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-07-06 09:58:40 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-07-06 09:58:39 16896 ----a-w- c:\windows\system32\winusb.dll

2013-07-06 09:58:38 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-07-06 09:58:38 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-07-06 09:58:36 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-07-06 09:58:36 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-07-06 09:58:35 613888 ----a-w- c:\windows\system32\WUDFx.dll

2013-07-06 09:58:35 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-07-06 09:58:35 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2013-07-06 09:55:12 6144 ----a-w- c:\program files\internet explorer\iecompat.dll

2013-07-06 09:55:06 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-07-06 09:55:04 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2013-07-04 12:05:59 -------- d-----w- c:\users\john\appdata\local\MigWiz

2013-07-02 17:28:38 -------- d-----w- c:\users\john\appdata\local\Conduit

2013-07-02 17:27:50 -------- d-----w- c:\users\john\appdata\local\CRE

2013-07-02 17:27:42 -------- d-----r- c:\program files\Skype

.

==================== Find3M  ====================

.

2013-07-26 01:07:09 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2013-07-07 00:19:24 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-07-06 16:40:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-07-06 16:40:29 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll

2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-05-29 01:41:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-05-29 01:33:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-08 04:37:21 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-08 04:04:52 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-05-02 22:03:36 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-02 22:03:36 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-02 04:04:25 443904 ----a-w- c:\windows\system32\win32spl.dll

2013-05-02 04:03:42 37376 ----a-w- c:\windows\system32\printcom.dll

2013-05-01 10:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2013-05-01 10:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 18:22:18.05 ===============

 

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 2/23/2007 1:13:00 PM

System Uptime: 7/25/2013 6:05:29 PM (0 hours ago)

.

Motherboard: ASUSTek Computer INC. |  | NODUSM3

Processor: AMD Athlon 64 X2 Dual Core Processor 4600+ | Socket AM2  | 2000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 292 GiB total, 193.047 GiB free.

D: is FIXED (NTFS) - 6 GiB total, 0.874 GiB free.

E: is CDROM (CDFS)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7)

Advanced Tech Support Rescue Connect

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AutoUpdate

Avira Free Antivirus

Bonjour

CPUID CPU-Z 1.52.2

DivX

DriverUpdate

Enhanced Multimedia Keyboard Solution

GIMP 2.6.7

Google Chrome

Google Talk Plugin

GTK+ Runtime 2.14.7 rev a (remove only)

Hardware Diagnostic Tools

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Howie's Quick Screen Capture 1.1.1

HP Advisor

HP Connections (remove only)

HP Customer Experience Enhancements

HP Customer Feedback

HP Easy Setup - Core

HP Easy Setup - Frontend

HP Officejet Pro 8600 Basic Device Software

HP Officejet Pro 8600 Help

HP Officejet Pro 8600 Product Improvement Study

HP Picasso Media Center Add-In

HP Update

I.R.I.S. OCR

iCloud

iTunes

Java 7 Update 25

Java Auto Updater

Java 6 Update 18

Java 6 Update 29

Juniper Networks Network Connect 7.0.0

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

LightScribe  1.4.124.1

LyricsSing

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 3.5 SP1

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Works

MobileMe Control Panel

Mozilla Firefox 22.0 (x86 en-US)

Mozilla Maintenance Service

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 5.0

My HP Games

NVIDIA Drivers

OcxSetup

OpenOffice.org 3.2

Picasa 3

Pidgin

Python 2.4.3

QuickTime

Realtek High Definition Audio Driver

RegCure Pro

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Skype™ 6.3

SMPlayer 0.6.9

Soft Data Fax Modem with SmartCP

SopCast 1.1.2

Sports Connection

Spybot - Search & Destroy

Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

ViewSonic Monitor Drivers

XBMC Media Center

.

==== End Of File ===========================
Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.07.25.05

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

john :: FEZBEE [administrator]

 

Protection: Enabled

 

7/25/2013 6:29:48 PM

mbam-log-2013-07-25 (18-29-48).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 203725

Time elapsed: 7 minute(s), 56 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : john [Admin rights]

Mode : Scan -- Date : 07/25/2013 19:02:46

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 3 ¤¤¤

[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{D7459153-F1DD-46D7-B86C-7108C8779D5E}.exe - --uninstall=1 [x] -> FOUND

[V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{D7459153-F1DD-46D7-B86C-7108C8779D5E}.exe - --uninstall=1 [x] -> FOUND


 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] SSDT[75] : NtCreateSection @ 0x82674FA5 -> HOOKED (Unknown @ 0x89D84FBE)

[Address] SSDT[276] : NtRequestWaitReplyPort @ 0x82687142 -> HOOKED (Unknown @ 0x89D84FC8)

[Address] SSDT[289] : NtSetContextThread @ 0x826D62AB -> HOOKED (Unknown @ 0x89D84FC3)

[Address] SSDT[314] : NtSetSecurityObject @ 0x82603023 -> HOOKED (Unknown @ 0x89D84FCD)

[Address] SSDT[332] : NtSystemDebugControl @ 0x8263BEF1 -> HOOKED (Unknown @ 0x89D84FD2)

[Address] SSDT[334] : NtTerminateProcess @ 0x82634173 -> HOOKED (Unknown @ 0x89D84F5F)

[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89D84FE6)

[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x89D84FEB)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

::1             localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

[...]

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST332082 0AS SCSI Disk Device +++++

--- User ---

[MBR] c27ca0af705db693047314d47ea7e883

[bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 298834 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 612012240 | Size: 6408 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[0]_S_07252013_190246.txt >>
Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 07/27/2013 at 12:08:55

# Updated 19/07/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : john - FEZBEE

# Boot Mode : Normal

# Running from : C:\Users\john\Downloads\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Found : C:\END

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Found : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\searchplugins\Conduit.xml

File Found : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\searchplugins\Search_Results.xml

Folder Found : C:\Program Files\Common Files\ParetoLogic

Folder Found : C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}

Folder Found : C:\Program Files\ParetoLogic

Folder Found : C:\ProgramData\APN

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\ParetoLogic

Folder Found : C:\Users\john\AppData\Local\Conduit

Folder Found : C:\Users\john\AppData\Local\Ilivid Player

Folder Found : C:\Users\john\AppData\Local\PackageAware

Folder Found : C:\Users\john\AppData\Local\Temp\APN

Folder Found : C:\Users\john\AppData\LocalLow\AVG Security Toolbar

Folder Found : C:\Users\john\AppData\LocalLow\Conduit

Folder Found : C:\Users\john\AppData\LocalLow\Hotbar

Folder Found : C:\Users\john\AppData\LocalLow\KeyBar_1.12

Folder Found : C:\Users\john\AppData\Roaming\DriverCure

Folder Found : C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

Folder Found : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\CT3291325

Folder Found : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}

Folder Found : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\Smartbar

Folder Found : C:\Users\john\AppData\Roaming\ParetoLogic

 

***** [Registry] *****

 

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Hotbar

Key Found : HKCU\Software\AppDataLow\Software\KeyBar_1.12

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\IGearSettings

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hotbarsa

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0134AF61-7A0C-4649-AECA-90D776060CB3}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0134AF61-7A0C-4649-AECA-90D776060CB3}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Found : HKLM\SOFTWARE\Classes\CLSID\{0134AF61-7A0C-4649-AECA-90D776060CB3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{0A51D53C-6F3C-426E-B789-2A21526E6546}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3291325

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\KeyBar_1.12

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64E9CA00-8B7E-465A-960B-802B56965CB7}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF5A447E-64DD-4CC7-B37E-AA8F9B1B4855}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0134AF61-7A0C-4649-AECA-90D776060CB3}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A51D53C-6F3C-426E-B789-2A21526E6546}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Found : HKU\S-1-5-21-1846296755-3997670398-3803951554-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0134AF61-7A0C-4649-AECA-90D776060CB3}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0134AF61-7A0C-4649-AECA-90D776060CB3}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0134AF61-7A0C-4649-AECA-90D776060CB3}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16496

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\prefs.js

 

Found : user_pref("CT3291325.1000082.isPlayDisplay", "true");

Found : user_pref("CT3291325.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Found : user_pref("CT3291325.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3291325.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Found : user_pref("CT3291325.FF19Solved", "true");

Found : user_pref("CT3291325.FirstTime", "true");

Found : user_pref("CT3291325.FirstTimeFF3", "true");

Found : user_pref("CT3291325.PG_ENABLE", "dHJ1ZQ==");

Found : user_pref("CT3291325.PG_ENABLE.enc", "dHJ1ZQ==");

Found : user_pref("CT3291325.SF_JUST_INSTALLED.enc", "RkFMU0U=");

Found : user_pref("CT3291325.SF_STATUS.enc", "RU5BQkxFRA==");


Found : user_pref("CT3291325.UserID", "UN37823285912837722");

Found : user_pref("CT3291325.addressBarTakeOverEnabledInHidden", "true");

Found : user_pref("CT3291325.autoDisableScopes", -1);

Found : user_pref("CT3291325.browser.search.defaultthis.engineName", "true");

Found : user_pref("CT3291325.countryCode", "US");

Found : user_pref("CT3291325.defaultSearch", "true");

Found : user_pref("CT3291325.enableAlerts", "true");

Found : user_pref("CT3291325.enableFix404ByUser", "TRUE");

Found : user_pref("CT3291325.enableSearchFromAddressBar", "true");

Found : user_pref("CT3291325.firstTimeDialogOpened", "true");

Found : user_pref("CT3291325.fixPageNotFoundError", "true");

Found : user_pref("CT3291325.fixPageNotFoundErrorByUser", "true");

Found : user_pref("CT3291325.fixPageNotFoundErrorInHidden", "true");

Found : user_pref("CT3291325.fixUrls", true);

Found : user_pref("CT3291325.fullUserID", "UN37823285912837722.IN.20130702102657");

Found : user_pref("CT3291325.installDate", "02/07/2013 10:26:57");

Found : user_pref("CT3291325.installId", "stub.exe");

Found : user_pref("CT3291325.installSessionId", "{1D95F460-D0A7-4079-A64E-2B5BBE0A96B0}");

Found : user_pref("CT3291325.installSp", "TRUE");

Found : user_pref("CT3291325.installType", "conduitnsisintegration");

Found : user_pref("CT3291325.installUsage", "2013-07-04T11:08:02.8099177+03:00");

Found : user_pref("CT3291325.installUsageEarly", "2013-07-04T11:08:01.5911443+03:00");

Found : user_pref("CT3291325.installerVersion", "1.5.4.1");

Found : user_pref("CT3291325.isCheckedStartAsHidden", true);

Found : user_pref("CT3291325.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3291325.isFirstTimeToolbarLoading", "false");

Found : user_pref("CT3291325.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Found : user_pref("CT3291325.keyword", "true");


Found : user_pref("CT3291325.lastVersion", "10.16.7.525");

Found : user_pref("CT3291325.mam_gk_appStateReportTime.enc", "MTM3MjkyNTI5MDE2Mw==");

Found : user_pref("CT3291325.mam_gk_appState_ACplus.enc", "b2Zm");

Found : user_pref("CT3291325.mam_gk_appState_CouponBuddy.enc", "b2Zm");

Found : user_pref("CT3291325.mam_gk_appState_Easytobook.enc", "b2Zm");

Found : user_pref("CT3291325.mam_gk_appState_Easytobook_targeted.enc", "b2Zm");

Found : user_pref("CT3291325.mam_gk_appState_PriceGong.enc", "b2Zm");

Found : user_pref("CT3291325.mam_gk_appState_WindowShopper.enc", "b2Zm");

Found : user_pref("CT3291325.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]

Found : user_pref("CT3291325.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");

Found : user_pref("CT3291325.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkFDcGx1cyIsImNyaXR[...]

Found : user_pref("CT3291325.mam_gk_currentVersion.enc", "MS44LjAuNA==");

Found : user_pref("CT3291325.mam_gk_eventsCache.enc", "eyIxMGU1ZmY0ZC02MTI0LTQxYTctOWQyZC01ZGRjOTAzNjczMWQiO[...]

Found : user_pref("CT3291325.mam_gk_first_time.enc", "MQ==");

Found : user_pref("CT3291325.mam_gk_gadgetOpen.enc", "MA==");

Found : user_pref("CT3291325.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Found : user_pref("CT3291325.mam_gk_lastLoginTime.enc", "MTM3MjkyNTI4NjMyNA==");

Found : user_pref("CT3291325.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]

Found : user_pref("CT3291325.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");

Found : user_pref("CT3291325.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]

Found : user_pref("CT3291325.mam_gk_showCloseButton.enc", "dHJ1ZQ==");

Found : user_pref("CT3291325.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");

Found : user_pref("CT3291325.mam_gk_userId.enc", "YmM2YWU2Y2MtMDQ4MS00Yzk2LWI0NGYtZGVlYzlmNDZmNGEy");

Found : user_pref("CT3291325.mam_gk_user_approval_interacted.enc", "MQ==");

Found : user_pref("CT3291325.migrateAppsAndComponents", true);

Found : user_pref("CT3291325.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.c[...]

Found : user_pref("CT3291325.openThankYouPage", "false");

Found : user_pref("CT3291325.openUninstallPage", "true");



Found : user_pref("CT3291325.originalSearchEngine", "");

Found : user_pref("CT3291325.price-gong.isManagedApp", "true");

Found : user_pref("CT3291325.revertSettingsEnabled", "false");

Found : user_pref("CT3291325.search.searchAppId", "130075605210846225");

Found : user_pref("CT3291325.search.searchCount", "0");

Found : user_pref("CT3291325.searchFromAddressBarEnabledByUser", "true");

Found : user_pref("CT3291325.searchInNewTabEnabledByUser", "true");

Found : user_pref("CT3291325.searchInNewTabEnabledInHidden", "true");

Found : user_pref("CT3291325.searchRevert", "false");

Found : user_pref("CT3291325.searchSuggestEnabledByUser", "true");

Found : user_pref("CT3291325.searchUserMode", "2");

Found : user_pref("CT3291325.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3291325.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Found : user_pref("CT3291325.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Found : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Found : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Found : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Found : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Found : user_pref("CT3291325.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Found : user_pref("CT3291325.serviceLayer_services_Configuration_lastUpdate", "1373654397580");

Found : user_pref("CT3291325.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1372925280530");

Found : user_pref("CT3291325.serviceLayer_services_appsMetadata_lastUpdate", "1372925280466");

Found : user_pref("CT3291325.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372925280413");

Found : user_pref("CT3291325.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1372925279[...]

Found : user_pref("CT3291325.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1372925281895")[...]

Found : user_pref("CT3291325.serviceLayer_services_login_10.16.4.19_lastUpdate", "1372938563760");

Found : user_pref("CT3291325.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373654397731");

Found : user_pref("CT3291325.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372925280477");

Found : user_pref("CT3291325.serviceLayer_services_searchAPI_lastUpdate", "1373654397346");

Found : user_pref("CT3291325.serviceLayer_services_serviceMap_lastUpdate", "1373654397278");

Found : user_pref("CT3291325.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372925279934");

Found : user_pref("CT3291325.serviceLayer_services_toolbarSettings_lastUpdate", "1373654397380");

Found : user_pref("CT3291325.settingsINI", true);

Found : user_pref("CT3291325.shouldFirstTimeDialog", "false");

Found : user_pref("CT3291325.showToolbarPermission", "false");

Found : user_pref("CT3291325.smartbar.CTID", "CT3291325");

Found : user_pref("CT3291325.smartbar.Uninstall", "0");

Found : user_pref("CT3291325.smartbar.homepage", "true");

Found : user_pref("CT3291325.smartbar.isHidden", true);

Found : user_pref("CT3291325.smartbar.toolbarName", "KeyBar 1.12 ");

Found : user_pref("CT3291325.startPage", "true");

Found : user_pref("CT3291325.toolbarBornServerTime", "4-7-2013");

Found : user_pref("CT3291325.toolbarCurrentServerTime", "12-7-2013");

Found : user_pref("CT3291325.toolbarLoginClientTime", "Thu Jul 04 2013 01:08:00 GMT-0700 (Pacific Daylight T[...]

Found : user_pref("CT3291325.versionFromInstaller", "10.16.4.19");

Found : user_pref("CT3291325_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]


Found : user_pref("Smartbar.ConduitSearchEngineList", "");

Found : user_pref("Smartbar.ConduitSearchUrlList", "");


Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3291325");

Found : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.12 Customized Web Search");


Found : user_pref("browser.search.order.1", "Search Results");


Found : user_pref("smartbar.addressBarOwnerCTID", "CT3291325");



Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3291325");

Found : user_pref("smartbar.homePageOwnerCTID", "CT3291325");

Found : user_pref("smartbar.machineId", "HCQYPXZXHZCV5SGEN7MXYIEUVDM1SRBY2UUVMT4AXURBNV2IIZ/KTX3MCKT6US50BND[...]


 

-\\ Google Chrome v28.0.1500.72

 

File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [17855 octets] - [27/07/2013 12:08:55]

 

########## EOF - C:\AdwCleaner[R1].txt - [17916 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
MrC
Link to post
Share on other sites

# Updated 19/07/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : john - FEZBEE

# Boot Mode : Normal

# Running from : C:\Users\john\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Program Files\Conduit

 

***** [Registry] *****

 

Key Found : HKCU\Software\AppDataLow\Software\Conduit

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16496

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.72

 

File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences

 


Found [l.25] : keyword = "search.conduit.com",



 

*************************

 

AdwCleaner[R1].txt - [17986 octets] - [27/07/2013 12:08:55]

AdwCleaner[R2].txt - [18045 octets] - [28/07/2013 19:20:56]

AdwCleaner[R3].txt - [6155 octets] - [31/07/2013 21:49:32]

AdwCleaner[R4].txt - [6215 octets] - [31/07/2013 21:53:02]

AdwCleaner[R5].txt - [1521 octets] - [31/07/2013 22:47:13]

AdwCleaner[s1].txt - [18468 octets] - [28/07/2013 19:21:55]

AdwCleaner[s2].txt - [6162 octets] - [31/07/2013 21:53:21]

 

########## EOF - C:\AdwCleaner[R5].txt - [1702 octets] ##########
Link to post
Share on other sites

I had a great deal of problems trying to completing the download of _Junkware_Removal_Tool_ .  I believe I choose a different type of Junkware Removal Tool because it did not produce a ( JRT.txt ) , so I did not post this .  Instead ran AdwCleaner a few times and hit Delete as well .   Again will search for correct  "JRT" after this post .  Sorry , I got discouraged .

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.2.9 (07.30.2013:1)

OS: Windows Vista Home Premium x86

Ran by john on Wed 07/31/2013 at 23:15:17.05

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3248874F-4E60-4148-A44C-EE3F78BA0C8E}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C072DDD4-01E2-4713-86C0-EFB7CAAA3E13}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D2D561D7-63F4-4786-9534-3F920B17A824}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C072DDD4-01E2-4713-86C0-EFB7CAAA3E13}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D2D561D7-63F4-4786-9534-3F920B17A824}

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\tasks\LyricsSing Update.job

Successfully deleted: [File] "C:\Windows\tasks\driverupdate startup.job"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Program Files\conduit"

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\jxpz8zof.default\minidumps [1 files]

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\empccjjjdnnmgajlbddhbdejjjjhijeh

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 07/31/2013 at 23:17:58.36

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Looks Good.....

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

 Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.08.01.01
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
john :: FEZBEE [administrator]
 
Protection: Enabled
 
8/1/2013 10:30:25 AM
MBAM-log-2013-08-01 (10-43-19).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204181
Time elapsed: 8 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Users\john\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\john\AppData\Local\Temp\UpdUninstall.exe (PUP.Optional.InstallMonetize) -> No action taken.
 
(end)
Link to post
Share on other sites

I hope these were deleted:
 

Files Detected: 2
C:\Users\john\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\john\AppData\Local\Temp\UpdUninstall.exe (PUP.Optional.InstallMonetize) -> No action taken.

 


How is it?? MrC

Link to post
Share on other sites

Something is still not right : Google will not open correctly as before .  A window opened automatic : WARNING : type , X  "encircled in red" RunDLL , Error loading C:\Program Files\Conduit\CT3289847\plugins\TBVerifier.dll                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The Specified module could not be found .   " OK "   Box Located at bottom of the window .

Link to post
Share on other sites

Avira Free Antivirus

Report file date: Thursday, August 01, 2013  12:02

 

 

The program is running as an unrestricted full version.

Online services are available.

 

Licensee        : Avira Free Antivirus

Serial number   : 0000149996-ADJIE-0000001

Platform        : Windows Vista Home Premium

Windows version : (Service Pack 2)  [6.0.6002]

Boot mode       : Normally booted

Username        : SYSTEM

Computer name   : FEZBEE

 

Version information:

BUILD.DAT       : 13.0.0.3884    54852 Bytes   7/18/2013 22:10:00

AVSCAN.EXE      : 13.6.0.1722   634936 Bytes   7/18/2013 15:02:55

AVSCANRC.DLL    : 13.6.0.1550    52280 Bytes   7/18/2013 15:03:34

LUKE.DLL        : 13.6.0.1550    65080 Bytes   7/18/2013 15:03:18

AVSCPLR.DLL     : 13.6.0.1712    92216 Bytes   7/18/2013 15:02:55

AVREG.DLL       : 13.6.0.1550   247864 Bytes   7/18/2013 15:02:52

avlode.dll      : 13.6.2.1704   449592 Bytes   7/18/2013 15:02:51

avlode.rdf      : 13.0.1.22      26240 Bytes   7/26/2013 00:42:12

VBASE000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 18:39:01

VBASE001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 20:41:17

VBASE002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 15:03:28

VBASE003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 15:03:29

VBASE004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 00:41:55

VBASE005.VDF    : 7.11.91.177     2048 Bytes   7/23/2013 00:41:56

VBASE006.VDF    : 7.11.91.178     2048 Bytes   7/23/2013 00:41:56

VBASE007.VDF    : 7.11.91.179     2048 Bytes   7/23/2013 00:41:56

VBASE008.VDF    : 7.11.91.180     2048 Bytes   7/23/2013 00:41:56

VBASE009.VDF    : 7.11.91.181     2048 Bytes   7/23/2013 00:41:56

VBASE010.VDF    : 7.11.91.182     2048 Bytes   7/23/2013 00:41:57

VBASE011.VDF    : 7.11.91.183     2048 Bytes   7/23/2013 00:41:57

VBASE012.VDF    : 7.11.91.184     2048 Bytes   7/23/2013 00:41:57

VBASE013.VDF    : 7.11.92.32    156160 Bytes   7/24/2013 00:41:58

VBASE014.VDF    : 7.11.92.147   168960 Bytes   7/25/2013 00:41:59

VBASE015.VDF    : 7.11.93.93    419328 Bytes   7/28/2013 14:16:37

VBASE016.VDF    : 7.11.93.170  1403392 Bytes   7/29/2013 04:48:47

VBASE017.VDF    : 7.11.94.31    222208 Bytes   7/31/2013 04:48:48

VBASE018.VDF    : 7.11.94.32      2048 Bytes   7/31/2013 04:48:48

VBASE019.VDF    : 7.11.94.33      2048 Bytes   7/31/2013 04:48:48

VBASE020.VDF    : 7.11.94.34      2048 Bytes   7/31/2013 04:48:49

VBASE021.VDF    : 7.11.94.35      2048 Bytes   7/31/2013 04:48:49

VBASE022.VDF    : 7.11.94.36      2048 Bytes   7/31/2013 04:48:49

VBASE023.VDF    : 7.11.94.37      2048 Bytes   7/31/2013 04:48:49

VBASE024.VDF    : 7.11.94.38      2048 Bytes   7/31/2013 04:48:49

VBASE025.VDF    : 7.11.94.39      2048 Bytes   7/31/2013 04:48:49

VBASE026.VDF    : 7.11.94.40      2048 Bytes   7/31/2013 04:48:50

VBASE027.VDF    : 7.11.94.41      2048 Bytes   7/31/2013 04:48:50

VBASE028.VDF    : 7.11.94.42      2048 Bytes   7/31/2013 04:48:50

VBASE029.VDF    : 7.11.94.43      2048 Bytes   7/31/2013 04:48:50

VBASE030.VDF    : 7.11.94.44      2048 Bytes   7/31/2013 04:48:50

VBASE031.VDF    : 7.11.94.96     95744 Bytes    8/1/2013 16:37:37

Engine version  : 8.2.12.94 

AEVDF.DLL       : 8.1.3.4       102774 Bytes   7/18/2013 15:02:45

AESCRIPT.DLL    : 8.1.4.136     504190 Bytes   7/26/2013 17:47:08

AESCN.DLL       : 8.1.10.4      131446 Bytes   3/27/2013 05:15:12

AESBX.DLL       : 8.2.5.12      606578 Bytes  11/29/2012 19:26:08

AERDL.DLL       : 8.2.0.128     688504 Bytes   7/18/2013 15:02:45

AEPACK.DLL      : 8.3.2.24      749945 Bytes   7/18/2013 15:02:45

AEOFFICE.DLL    : 8.1.2.74      205181 Bytes   7/26/2013 17:47:07

AEHEUR.DLL      : 8.1.4.504    6046074 Bytes   7/26/2013 17:47:07

AEHELP.DLL      : 8.1.27.4      266617 Bytes   7/18/2013 15:02:37

AEGEN.DLL       : 8.1.7.10      442743 Bytes   7/26/2013 17:47:00

AEEXP.DLL       : 8.4.1.36      278903 Bytes   7/26/2013 17:47:09

AEEMU.DLL       : 8.1.3.2       393587 Bytes  11/29/2012 19:26:05

AECORE.DLL      : 8.1.31.6      201081 Bytes   7/18/2013 15:02:37

AEBB.DLL        : 8.1.1.4        53619 Bytes  11/29/2012 19:26:05

AVWINLL.DLL     : 13.6.0.1550    23608 Bytes   7/18/2013 15:02:59

AVPREF.DLL      : 13.6.0.1550    48184 Bytes   7/18/2013 15:02:52

AVREP.DLL       : 13.6.0.1550   175672 Bytes   7/18/2013 15:02:52

AVARKT.DLL      : 13.6.0.1626   258104 Bytes   7/18/2013 15:02:47

AVEVTLOG.DLL    : 13.6.0.1550   164920 Bytes   7/18/2013 15:02:50

SQLITE3.DLL     : 3.7.0.1       394824 Bytes   7/18/2013 15:03:25

AVSMTP.DLL      : 13.6.0.1550    59960 Bytes   7/18/2013 15:02:56

NETNT.DLL       : 13.6.0.1550    13368 Bytes   7/18/2013 15:03:18

RCIMAGE.DLL     : 13.4.0.360   4782880 Bytes   7/18/2013 15:03:40

RCTEXT.DLL      : 13.6.0.1624    65080 Bytes   7/18/2013 15:03:40

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Reporting...........................: default

Primary action......................: Interactive

Secondary action....................: Ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:, 

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Limit recursion depth...............: 20

Smart extensions....................: on

Macrovirus heuristic................: on

File heuristic......................: extended

 

Start of the scan: Thursday, August 01, 2013  12:02

 

Starting master boot sector scan:

Master boot sector HD0

    [iNFO]      No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

    [iNFO]      No virus was found!

Boot sector 'D:\'

    [iNFO]      No virus was found!

 

Starting search for hidden objects.

 

The scan of running processes will be started:

Scan process 'svchost.exe' - '30' Module(s) have been scanned

Scan process 'vssvc.exe' - '49' Module(s) have been scanned

Scan process 'avscan.exe' - '106' Module(s) have been scanned

Scan process 'avscan.exe' - '52' Module(s) have been scanned

Scan process 'avcenter.exe' - '74' Module(s) have been scanned

Scan process 'svchost.exe' - '21' Module(s) have been scanned

Scan process 'iPodService.exe' - '30' Module(s) have been scanned

Scan process 'GoogleCrashHandler.exe' - '23' Module(s) have been scanned

Scan process 'Skype.exe' - '117' Module(s) have been scanned

Scan process 'avgnt.exe' - '73' Module(s) have been scanned

Scan process 'jusched.exe' - '22' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '67' Module(s) have been scanned

Scan process 'hpwuschd2.exe' - '16' Module(s) have been scanned

Scan process 'RtHDVCpl.exe' - '47' Module(s) have been scanned

Scan process 'kbd.exe' - '70' Module(s) have been scanned

Scan process 'hpsysdrv.exe' - '13' Module(s) have been scanned

Scan process 'ATSHotKey.exe' - '28' Module(s) have been scanned

Scan process 'avshadow.exe' - '33' Module(s) have been scanned

Scan process 'taskeng.exe' - '78' Module(s) have been scanned

Scan process 'taskeng.exe' - '49' Module(s) have been scanned

Scan process 'Explorer.EXE' - '158' Module(s) have been scanned

Scan process 'mbamgui.exe' - '33' Module(s) have been scanned

Scan process 'Dwm.exe' - '31' Module(s) have been scanned

Scan process 'WUDFHost.exe' - '32' Module(s) have been scanned

Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned

Scan process 'xaudio.exe' - '14' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned

Scan process 'svchost.exe' - '9' Module(s) have been scanned

Scan process 'svchost.exe' - '61' Module(s) have been scanned

Scan process 'svchost.exe' - '42' Module(s) have been scanned

Scan process 'mbamservice.exe' - '44' Module(s) have been scanned

Scan process 'mbamscheduler.exe' - '32' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '20' Module(s) have been scanned

Scan process 'dsNcService.exe' - '41' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '66' Module(s) have been scanned

Scan process 'avguard.exe' - '67' Module(s) have been scanned

Scan process 'armsvc.exe' - '24' Module(s) have been scanned

Scan process 'svchost.exe' - '59' Module(s) have been scanned

Scan process 'sched.exe' - '56' Module(s) have been scanned

Scan process 'spoolsv.exe' - '87' Module(s) have been scanned

Scan process 'brss01a.exe' - '13' Module(s) have been scanned

Scan process 'brsvc01a.exe' - '13' Module(s) have been scanned

Scan process 'svchost.exe' - '91' Module(s) have been scanned

Scan process 'rundll32.exe' - '42' Module(s) have been scanned

Scan process 'svchost.exe' - '87' Module(s) have been scanned

Scan process 'SLsvc.exe' - '23' Module(s) have been scanned

Scan process 'svchost.exe' - '37' Module(s) have been scanned

Scan process 'svchost.exe' - '150' Module(s) have been scanned

Scan process 'svchost.exe' - '94' Module(s) have been scanned

Scan process 'svchost.exe' - '67' Module(s) have been scanned

Scan process 'svchost.exe' - '33' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '24' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'winlogon.exe' - '30' Module(s) have been scanned

Scan process 'lsm.exe' - '22' Module(s) have been scanned

Scan process 'lsass.exe' - '59' Module(s) have been scanned

Scan process 'services.exe' - '33' Module(s) have been scanned

Scan process 'wininit.exe' - '26' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

 

Starting to scan executable files (registry):

The registry was scanned ( '2349' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <HP>

C:\Program Files\HP Games\Tornado Jockey\Tornado.exe

  [DETECTION] Is the TR/Spy.2951336 Trojan

Begin scan in 'D:\' <Recovery>

    [0] Archive type: RSRC

    --> D:\hp\apps\APP02253\src\install\games\tornadojockey-setup.exe

        [1] Archive type: NSIS

      --> [ProgramFilesDir]/HP Games/Tornado Jockey/Tornado.exe

          [DETECTION] Is the TR/Spy.2951336 Trojan

          [WARNING]   Infected files in archives cannot be repaired

D:\hp\apps\APP02253\src\install\games\tornadojockey-setup.exe

  [DETECTION] Is the TR/Spy.2951336 Trojan

 

Beginning disinfection:

D:\hp\apps\APP02253\src\install\games\tornadojockey-setup.exe

  [DETECTION] Is the TR/Spy.2951336 Trojan

  [NOTE]      The file was moved to the quarantine directory under the name '57746513.qua'!

C:\Program Files\HP Games\Tornado Jockey\Tornado.exe

  [DETECTION] Is the TR/Spy.2951336 Trojan

  [NOTE]      The file was moved to the quarantine directory under the name '4fe34ab4.qua'!

 

 

End of the scan: Thursday, August 01, 2013  13:42

Used time:  1:39:25 Hour(s)

 

The scan has been done completely.

 

  28729 Scanned directories

 728212 Files were scanned

      3 Viruses and/or unwanted programs were found

      0 Files were classified as suspicious

      0 Files were deleted

      0 Viruses and unwanted programs were repaired

      2 Files were moved to quarantine

      0 Files were renamed

      0 Files cannot be scanned

 728209 Files not concerned

   5910 Archives were scanned

      1 Warnings

      2 Notes

 711401 Objects were scanned with rootkit scan

      0 Hidden objects were found

This was results from a Avira scan , I performed first , OK .

Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 13:52:25

# Updated 19/07/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : john - FEZBEE

# Boot Mode : Normal

# Running from : C:\Users\john\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16496

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences

 


Found [l.25] : keyword = "search.conduit.com",



 

*************************

 

AdwCleaner[R1].txt - [17986 octets] - [27/07/2013 12:08:55]

AdwCleaner[R2].txt - [18045 octets] - [28/07/2013 19:20:56]

AdwCleaner[R3].txt - [6155 octets] - [31/07/2013 21:49:32]

AdwCleaner[R4].txt - [6215 octets] - [31/07/2013 21:53:02]

AdwCleaner[R5].txt - [1771 octets] - [31/07/2013 22:47:13]

AdwCleaner[R6].txt - [1485 octets] - [01/08/2013 13:52:25]

AdwCleaner[s1].txt - [18468 octets] - [28/07/2013 19:21:55]

AdwCleaner[s2].txt - [6162 octets] - [31/07/2013 21:53:21]

 

########## EOF - C:\AdwCleaner[R6].txt - [1666 octets] ##########
Link to post
Share on other sites

 AdwCleaner v2.306 - Logfile created 08/01/2013 at 13:56:51

# Updated 19/07/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : john - FEZBEE

# Boot Mode : Normal

# Running from : C:\Users\john\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16496

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences

 


Deleted [l.25] : keyword = "search.conduit.com",



 

*************************

 

AdwCleaner[R1].txt - [17986 octets] - [27/07/2013 12:08:55]

AdwCleaner[R2].txt - [18045 octets] - [28/07/2013 19:20:56]

AdwCleaner[R3].txt - [6155 octets] - [31/07/2013 21:49:32]

AdwCleaner[R4].txt - [6215 octets] - [31/07/2013 21:53:02]

AdwCleaner[R5].txt - [1771 octets] - [31/07/2013 22:47:13]

AdwCleaner[R6].txt - [1735 octets] - [01/08/2013 13:52:25]

AdwCleaner[s1].txt - [18468 octets] - [28/07/2013 19:21:55]

AdwCleaner[s2].txt - [6162 octets] - [31/07/2013 21:53:21]

AdwCleaner[s3].txt - [1623 octets] - [01/08/2013 13:56:51]

 

########## EOF - C:\AdwCleaner[s3].txt - [1683 octets] ##########
Link to post
Share on other sites

Junkware Removal Tool (JRT) by Thisisu

Version: 5.2.9 (07.30.2013:1)

OS: Windows Vista Home Premium x86

Ran by john on Thu 08/01/2013 at 14:38:24.39

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\tasks\LyricsSing Update.job

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 08/01/2013 at 14:40:36.71

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.