Jump to content

J_Black

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Reputation

0 Neutral
  1. RogueKiller V8.6.4 [Jul 29 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : john [Admin rights] Mode : Remove -- Date : 08/02/2013 02:55:14 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{D7459153-F1DD-46D7-B86C-7108C8779D5E}.exe - --uninstall=1 [x] -> DELETED [V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{D7459153-F1DD-46D7-B86C-7108C8779D5E}.exe - --uninstall=1 [x] -> DELETED ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[75] : NtCreateSection @ 0x8266AFA5 -> HOOKED (Unknown @ 0x89D4FB06) [Address] SSDT[276] : NtRequestWaitReplyPort @ 0x8267D142 -> HOOKED (Unknown @ 0x89D4FB10) [Address] SSDT[289] : NtSetContextThread @ 0x826CC2AB -> HOOKED (Unknown @ 0x89D4FB0B) [Address] SSDT[314] : NtSetSecurityObject @ 0x825F9023 -> HOOKED (Unknown @ 0x89D4FB15) [Address] SSDT[332] : NtSystemDebugControl @ 0x82631EF1 -> HOOKED (Unknown @ 0x89D4FB1A) [Address] SSDT[334] : NtTerminateProcess @ 0x8262A173 -> HOOKED (Unknown @ 0x89D4FAA7) [Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89D4FB2E) [Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x89D4FB33) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST332082 0AS SCSI Disk Device +++++ --- User --- [MBR] c27ca0af705db693047314d47ea7e883 [bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 298834 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 612012240 | Size: 6408 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_D_08022013_025514.txt >> RKreport[0]_S_07252013_190246.txt;RKreport[0]_S_08022013_024924.txt Could not sleep , ran a scan using RogueKiller : here are the results , after I deleted the threats found .
  2. Junkware Removal Tool (JRT) by Thisisu Version: 5.2.9 (07.30.2013:1) OS: Windows Vista Home Premium x86 Ran by john on Thu 08/01/2013 at 14:38:24.39 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\tasks\LyricsSing Update.job ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 08/01/2013 at 14:40:36.71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3. # AdwCleaner v2.306 - Logfile created 08/01/2013 at 17:36:13 # Updated 19/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : john - FEZBEE # Boot Mode : Normal # Running from : C:\Users\john\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [17986 octets] - [27/07/2013 12:08:55] AdwCleaner[R2].txt - [18045 octets] - [28/07/2013 19:20:56] AdwCleaner[R3].txt - [6155 octets] - [31/07/2013 21:49:32] AdwCleaner[R4].txt - [6215 octets] - [31/07/2013 21:53:02] AdwCleaner[R5].txt - [1771 octets] - [31/07/2013 22:47:13] AdwCleaner[R6].txt - [1735 octets] - [01/08/2013 13:52:25] AdwCleaner[R7].txt - [0 octets] - [01/08/2013 17:34:19] AdwCleaner[s1].txt - [18468 octets] - [28/07/2013 19:21:55] AdwCleaner[s2].txt - [6162 octets] - [31/07/2013 21:53:21] AdwCleaner[s3].txt - [1752 octets] - [01/08/2013 13:56:51] AdwCleaner[s4].txt - [1411 octets] - [01/08/2013 17:36:13] ########## EOF - C:\AdwCleaner[s4].txt - [1471 octets] ##########
  4. # AdwCleaner v2.306 - Logfile created 08/01/2013 at 17:34:19 # Updated 19/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : john - FEZBEE # Boot Mode : Normal # Running from : C:\Users\john\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [17986 octets] - [27/07/2013 12:08:55] AdwCleaner[R2].txt - [18045 octets] - [28/07/2013 19:20:56] AdwCleaner[R3].txt - [6155 octets] - [31/07/2013 21:49:32] AdwCleaner[R4].txt - [6215 octets] - [31/07/2013 21:53:02] AdwCleaner[R5].txt - [1771 octets] - [31/07/2013 22:47:13] AdwCleaner[R6].txt - [1735 octets] - [01/08/2013 13:52:25] AdwCleaner[R7].txt - [1173 octets] - [01/08/2013 17:34:19] AdwCleaner[s1].txt - [18468 octets] - [28/07/2013 19:21:55] AdwCleaner[s2].txt - [6162 octets] - [31/07/2013 21:53:21] AdwCleaner[s3].txt - [1752 octets] - [01/08/2013 13:56:51] ########## EOF - C:\AdwCleaner[R7].txt - [1414 octets] ##########
  5. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.01.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 john :: FEZBEE [administrator] Protection: Enabled 8/1/2013 4:35:26 PM mbam-log-2013-08-01 (16-35-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204088 Time elapsed: 7 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.01.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 john :: FEZBEE [administrator] Protection: Enabled 8/1/2013 3:21:13 PM mbam-log-2013-08-01 (15-21-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204101 Time elapsed: 6 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\john\AppData\Local\Temp\dlLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. (end) This is the second scan results of Malwarebytes Pro scan , I have done 5 scans today I believe and posted after each . I hope this gives you a cleared picture of things which are wrong with my system . So as to fix and remove all the unwanted ADWARE , CONDUIT , PUP , etc.
  7. Junkware Removal Tool (JRT) by Thisisu Version: 5.2.9 (07.30.2013:1) OS: Windows Vista Home Premium x86 Ran by john on Thu 08/01/2013 at 14:38:24.39 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\tasks\LyricsSing Update.job ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 08/01/2013 at 14:40:36.71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8. AdwCleaner v2.306 - Logfile created 08/01/2013 at 13:56:51 # Updated 19/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : john - FEZBEE # Boot Mode : Normal # Running from : C:\Users\john\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.25] : keyword = "search.conduit.com", ************************* AdwCleaner[R1].txt - [17986 octets] - [27/07/2013 12:08:55] AdwCleaner[R2].txt - [18045 octets] - [28/07/2013 19:20:56] AdwCleaner[R3].txt - [6155 octets] - [31/07/2013 21:49:32] AdwCleaner[R4].txt - [6215 octets] - [31/07/2013 21:53:02] AdwCleaner[R5].txt - [1771 octets] - [31/07/2013 22:47:13] AdwCleaner[R6].txt - [1735 octets] - [01/08/2013 13:52:25] AdwCleaner[s1].txt - [18468 octets] - [28/07/2013 19:21:55] AdwCleaner[s2].txt - [6162 octets] - [31/07/2013 21:53:21] AdwCleaner[s3].txt - [1623 octets] - [01/08/2013 13:56:51] ########## EOF - C:\AdwCleaner[s3].txt - [1683 octets] ##########
  9. # AdwCleaner v2.306 - Logfile created 08/01/2013 at 13:52:25 # Updated 19/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : john - FEZBEE # Boot Mode : Normal # Running from : C:\Users\john\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.25] : keyword = "search.conduit.com", ************************* AdwCleaner[R1].txt - [17986 octets] - [27/07/2013 12:08:55] AdwCleaner[R2].txt - [18045 octets] - [28/07/2013 19:20:56] AdwCleaner[R3].txt - [6155 octets] - [31/07/2013 21:49:32] AdwCleaner[R4].txt - [6215 octets] - [31/07/2013 21:53:02] AdwCleaner[R5].txt - [1771 octets] - [31/07/2013 22:47:13] AdwCleaner[R6].txt - [1485 octets] - [01/08/2013 13:52:25] AdwCleaner[s1].txt - [18468 octets] - [28/07/2013 19:21:55] AdwCleaner[s2].txt - [6162 octets] - [31/07/2013 21:53:21] ########## EOF - C:\AdwCleaner[R6].txt - [1666 octets] ##########
  10. Avira Free Antivirus Report file date: Thursday, August 01, 2013 12:02 The program is running as an unrestricted full version. Online services are available. Licensee : Avira Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows Vista Home Premium Windows version : (Service Pack 2) [6.0.6002] Boot mode : Normally booted Username : SYSTEM Computer name : FEZBEE Version information: BUILD.DAT : 13.0.0.3884 54852 Bytes 7/18/2013 22:10:00 AVSCAN.EXE : 13.6.0.1722 634936 Bytes 7/18/2013 15:02:55 AVSCANRC.DLL : 13.6.0.1550 52280 Bytes 7/18/2013 15:03:34 LUKE.DLL : 13.6.0.1550 65080 Bytes 7/18/2013 15:03:18 AVSCPLR.DLL : 13.6.0.1712 92216 Bytes 7/18/2013 15:02:55 AVREG.DLL : 13.6.0.1550 247864 Bytes 7/18/2013 15:02:52 avlode.dll : 13.6.2.1704 449592 Bytes 7/18/2013 15:02:51 avlode.rdf : 13.0.1.22 26240 Bytes 7/26/2013 00:42:12 VBASE000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 18:39:01 VBASE001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 20:41:17 VBASE002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 15:03:28 VBASE003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 15:03:29 VBASE004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 00:41:55 VBASE005.VDF : 7.11.91.177 2048 Bytes 7/23/2013 00:41:56 VBASE006.VDF : 7.11.91.178 2048 Bytes 7/23/2013 00:41:56 VBASE007.VDF : 7.11.91.179 2048 Bytes 7/23/2013 00:41:56 VBASE008.VDF : 7.11.91.180 2048 Bytes 7/23/2013 00:41:56 VBASE009.VDF : 7.11.91.181 2048 Bytes 7/23/2013 00:41:56 VBASE010.VDF : 7.11.91.182 2048 Bytes 7/23/2013 00:41:57 VBASE011.VDF : 7.11.91.183 2048 Bytes 7/23/2013 00:41:57 VBASE012.VDF : 7.11.91.184 2048 Bytes 7/23/2013 00:41:57 VBASE013.VDF : 7.11.92.32 156160 Bytes 7/24/2013 00:41:58 VBASE014.VDF : 7.11.92.147 168960 Bytes 7/25/2013 00:41:59 VBASE015.VDF : 7.11.93.93 419328 Bytes 7/28/2013 14:16:37 VBASE016.VDF : 7.11.93.170 1403392 Bytes 7/29/2013 04:48:47 VBASE017.VDF : 7.11.94.31 222208 Bytes 7/31/2013 04:48:48 VBASE018.VDF : 7.11.94.32 2048 Bytes 7/31/2013 04:48:48 VBASE019.VDF : 7.11.94.33 2048 Bytes 7/31/2013 04:48:48 VBASE020.VDF : 7.11.94.34 2048 Bytes 7/31/2013 04:48:49 VBASE021.VDF : 7.11.94.35 2048 Bytes 7/31/2013 04:48:49 VBASE022.VDF : 7.11.94.36 2048 Bytes 7/31/2013 04:48:49 VBASE023.VDF : 7.11.94.37 2048 Bytes 7/31/2013 04:48:49 VBASE024.VDF : 7.11.94.38 2048 Bytes 7/31/2013 04:48:49 VBASE025.VDF : 7.11.94.39 2048 Bytes 7/31/2013 04:48:49 VBASE026.VDF : 7.11.94.40 2048 Bytes 7/31/2013 04:48:50 VBASE027.VDF : 7.11.94.41 2048 Bytes 7/31/2013 04:48:50 VBASE028.VDF : 7.11.94.42 2048 Bytes 7/31/2013 04:48:50 VBASE029.VDF : 7.11.94.43 2048 Bytes 7/31/2013 04:48:50 VBASE030.VDF : 7.11.94.44 2048 Bytes 7/31/2013 04:48:50 VBASE031.VDF : 7.11.94.96 95744 Bytes 8/1/2013 16:37:37 Engine version : 8.2.12.94 AEVDF.DLL : 8.1.3.4 102774 Bytes 7/18/2013 15:02:45 AESCRIPT.DLL : 8.1.4.136 504190 Bytes 7/26/2013 17:47:08 AESCN.DLL : 8.1.10.4 131446 Bytes 3/27/2013 05:15:12 AESBX.DLL : 8.2.5.12 606578 Bytes 11/29/2012 19:26:08 AERDL.DLL : 8.2.0.128 688504 Bytes 7/18/2013 15:02:45 AEPACK.DLL : 8.3.2.24 749945 Bytes 7/18/2013 15:02:45 AEOFFICE.DLL : 8.1.2.74 205181 Bytes 7/26/2013 17:47:07 AEHEUR.DLL : 8.1.4.504 6046074 Bytes 7/26/2013 17:47:07 AEHELP.DLL : 8.1.27.4 266617 Bytes 7/18/2013 15:02:37 AEGEN.DLL : 8.1.7.10 442743 Bytes 7/26/2013 17:47:00 AEEXP.DLL : 8.4.1.36 278903 Bytes 7/26/2013 17:47:09 AEEMU.DLL : 8.1.3.2 393587 Bytes 11/29/2012 19:26:05 AECORE.DLL : 8.1.31.6 201081 Bytes 7/18/2013 15:02:37 AEBB.DLL : 8.1.1.4 53619 Bytes 11/29/2012 19:26:05 AVWINLL.DLL : 13.6.0.1550 23608 Bytes 7/18/2013 15:02:59 AVPREF.DLL : 13.6.0.1550 48184 Bytes 7/18/2013 15:02:52 AVREP.DLL : 13.6.0.1550 175672 Bytes 7/18/2013 15:02:52 AVARKT.DLL : 13.6.0.1626 258104 Bytes 7/18/2013 15:02:47 AVEVTLOG.DLL : 13.6.0.1550 164920 Bytes 7/18/2013 15:02:50 SQLITE3.DLL : 3.7.0.1 394824 Bytes 7/18/2013 15:03:25 AVSMTP.DLL : 13.6.0.1550 59960 Bytes 7/18/2013 15:02:56 NETNT.DLL : 13.6.0.1550 13368 Bytes 7/18/2013 15:03:18 RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 7/18/2013 15:03:40 RCTEXT.DLL : 13.6.0.1624 65080 Bytes 7/18/2013 15:03:40 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Reporting...........................: default Primary action......................: Interactive Secondary action....................: Ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Limit recursion depth...............: 20 Smart extensions....................: on Macrovirus heuristic................: on File heuristic......................: extended Start of the scan: Thursday, August 01, 2013 12:02 Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting search for hidden objects. The scan of running processes will be started: Scan process 'svchost.exe' - '30' Module(s) have been scanned Scan process 'vssvc.exe' - '49' Module(s) have been scanned Scan process 'avscan.exe' - '106' Module(s) have been scanned Scan process 'avscan.exe' - '52' Module(s) have been scanned Scan process 'avcenter.exe' - '74' Module(s) have been scanned Scan process 'svchost.exe' - '21' Module(s) have been scanned Scan process 'iPodService.exe' - '30' Module(s) have been scanned Scan process 'GoogleCrashHandler.exe' - '23' Module(s) have been scanned Scan process 'Skype.exe' - '117' Module(s) have been scanned Scan process 'avgnt.exe' - '73' Module(s) have been scanned Scan process 'jusched.exe' - '22' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '67' Module(s) have been scanned Scan process 'hpwuschd2.exe' - '16' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '47' Module(s) have been scanned Scan process 'kbd.exe' - '70' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '13' Module(s) have been scanned Scan process 'ATSHotKey.exe' - '28' Module(s) have been scanned Scan process 'avshadow.exe' - '33' Module(s) have been scanned Scan process 'taskeng.exe' - '78' Module(s) have been scanned Scan process 'taskeng.exe' - '49' Module(s) have been scanned Scan process 'Explorer.EXE' - '158' Module(s) have been scanned Scan process 'mbamgui.exe' - '33' Module(s) have been scanned Scan process 'Dwm.exe' - '31' Module(s) have been scanned Scan process 'WUDFHost.exe' - '32' Module(s) have been scanned Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned Scan process 'xaudio.exe' - '14' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned Scan process 'svchost.exe' - '9' Module(s) have been scanned Scan process 'svchost.exe' - '61' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'mbamservice.exe' - '44' Module(s) have been scanned Scan process 'mbamscheduler.exe' - '32' Module(s) have been scanned Scan process 'LSSrvc.exe' - '20' Module(s) have been scanned Scan process 'dsNcService.exe' - '41' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '66' Module(s) have been scanned Scan process 'avguard.exe' - '67' Module(s) have been scanned Scan process 'armsvc.exe' - '24' Module(s) have been scanned Scan process 'svchost.exe' - '59' Module(s) have been scanned Scan process 'sched.exe' - '56' Module(s) have been scanned Scan process 'spoolsv.exe' - '87' Module(s) have been scanned Scan process 'brss01a.exe' - '13' Module(s) have been scanned Scan process 'brsvc01a.exe' - '13' Module(s) have been scanned Scan process 'svchost.exe' - '91' Module(s) have been scanned Scan process 'rundll32.exe' - '42' Module(s) have been scanned Scan process 'svchost.exe' - '87' Module(s) have been scanned Scan process 'SLsvc.exe' - '23' Module(s) have been scanned Scan process 'svchost.exe' - '37' Module(s) have been scanned Scan process 'svchost.exe' - '150' Module(s) have been scanned Scan process 'svchost.exe' - '94' Module(s) have been scanned Scan process 'svchost.exe' - '67' Module(s) have been scanned Scan process 'svchost.exe' - '33' Module(s) have been scanned Scan process 'nvvsvc.exe' - '24' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'winlogon.exe' - '30' Module(s) have been scanned Scan process 'lsm.exe' - '22' Module(s) have been scanned Scan process 'lsass.exe' - '59' Module(s) have been scanned Scan process 'services.exe' - '33' Module(s) have been scanned Scan process 'wininit.exe' - '26' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting to scan executable files (registry): The registry was scanned ( '2349' files ). Starting the file scan: Begin scan in 'C:\' <HP> C:\Program Files\HP Games\Tornado Jockey\Tornado.exe [DETECTION] Is the TR/Spy.2951336 Trojan Begin scan in 'D:\' <Recovery> [0] Archive type: RSRC --> D:\hp\apps\APP02253\src\install\games\tornadojockey-setup.exe [1] Archive type: NSIS --> [ProgramFilesDir]/HP Games/Tornado Jockey/Tornado.exe [DETECTION] Is the TR/Spy.2951336 Trojan [WARNING] Infected files in archives cannot be repaired D:\hp\apps\APP02253\src\install\games\tornadojockey-setup.exe [DETECTION] Is the TR/Spy.2951336 Trojan Beginning disinfection: D:\hp\apps\APP02253\src\install\games\tornadojockey-setup.exe [DETECTION] Is the TR/Spy.2951336 Trojan [NOTE] The file was moved to the quarantine directory under the name '57746513.qua'! C:\Program Files\HP Games\Tornado Jockey\Tornado.exe [DETECTION] Is the TR/Spy.2951336 Trojan [NOTE] The file was moved to the quarantine directory under the name '4fe34ab4.qua'! End of the scan: Thursday, August 01, 2013 13:42 Used time: 1:39:25 Hour(s) The scan has been done completely. 28729 Scanned directories 728212 Files were scanned 3 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 2 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 728209 Files not concerned 5910 Archives were scanned 1 Warnings 2 Notes 711401 Objects were scanned with rootkit scan 0 Hidden objects were found This was results from a Avira scan , I performed first , OK .
  11. Maybe , re-run AdwCleaner , Click on Delete button . Then repeat Junkware Removal Tool , process correctly the first time . And post each results again JRT.txt . Then finally what I did today , repeated ?
  12. Something is still not right : Google will not open correctly as before . A window opened automatic : WARNING : type , X "encircled in red" RunDLL , Error loading C:\Program Files\Conduit\CT3289847\plugins\TBVerifier.dll The Specified module could not be found . " OK " Box Located at bottom of the window .
  13. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.01.01 Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421john :: FEZBEE [administrator] Protection: Enabled 8/1/2013 10:30:25 AMMBAM-log-2013-08-01 (10-43-19).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 204181Time elapsed: 8 minute(s), 5 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 2C:\Users\john\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\john\AppData\Local\Temp\UpdUninstall.exe (PUP.Optional.InstallMonetize) -> No action taken. (end)
  14. ~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.9 (07.30.2013:1) OS: Windows Vista Home Premium x86 Ran by john on Wed 07/31/2013 at 23:15:17.05 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3248874F-4E60-4148-A44C-EE3F78BA0C8E} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C072DDD4-01E2-4713-86C0-EFB7CAAA3E13} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D2D561D7-63F4-4786-9534-3F920B17A824} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C072DDD4-01E2-4713-86C0-EFB7CAAA3E13} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D2D561D7-63F4-4786-9534-3F920B17A824} ~~~ Files Successfully deleted: [File] C:\Windows\tasks\LyricsSing Update.job Successfully deleted: [File] "C:\Windows\tasks\driverupdate startup.job" ~~~ Folders Successfully deleted: [Folder] "C:\Program Files\conduit" ~~~ FireFox Emptied folder: C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\jxpz8zof.default\minidumps [1 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\empccjjjdnnmgajlbddhbdejjjjhijeh ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 07/31/2013 at 23:17:58.36 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  15. I had a great deal of problems trying to completing the download of _Junkware_Removal_Tool_ . I believe I choose a different type of Junkware Removal Tool because it did not produce a ( JRT.txt ) , so I did not post this . Instead ran AdwCleaner a few times and hit Delete as well . Again will search for correct "JRT" after this post . Sorry , I got discouraged .
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.