Jump to content

Conduit and Hotbar infection & maybe other infections - Please help


Recommended Posts

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.01.09

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

john :: FEZBEE [administrator]

 

Protection: Enabled

 

8/1/2013 3:21:13 PM

mbam-log-2013-08-01 (15-21-13).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204101

Time elapsed: 6 minute(s), 2 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Users\john\AppData\Local\Temp\dlLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

 

(end)

This is the second scan results of Malwarebytes Pro scan , I have done 5 scans today I believe and posted after each .  I hope this gives you a cleared picture of things which are wrong with my system .  So as to fix and remove all the unwanted ADWARE , CONDUIT , PUP , etc.

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.01.09

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

john :: FEZBEE [administrator]

 

Protection: Enabled

 

8/1/2013 4:35:26 PM

mbam-log-2013-08-01 (16-35-26).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204088

Time elapsed: 7 minute(s), 52 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 17:34:19

# Updated 19/07/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : john - FEZBEE

# Boot Mode : Normal

# Running from : C:\Users\john\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16496

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [17986 octets] - [27/07/2013 12:08:55]

AdwCleaner[R2].txt - [18045 octets] - [28/07/2013 19:20:56]

AdwCleaner[R3].txt - [6155 octets] - [31/07/2013 21:49:32]

AdwCleaner[R4].txt - [6215 octets] - [31/07/2013 21:53:02]

AdwCleaner[R5].txt - [1771 octets] - [31/07/2013 22:47:13]

AdwCleaner[R6].txt - [1735 octets] - [01/08/2013 13:52:25]

AdwCleaner[R7].txt - [1173 octets] - [01/08/2013 17:34:19]

AdwCleaner[s1].txt - [18468 octets] - [28/07/2013 19:21:55]

AdwCleaner[s2].txt - [6162 octets] - [31/07/2013 21:53:21]

AdwCleaner[s3].txt - [1752 octets] - [01/08/2013 13:56:51]

 

########## EOF - C:\AdwCleaner[R7].txt - [1414 octets] ##########
Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 17:36:13

# Updated 19/07/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : john - FEZBEE

# Boot Mode : Normal

# Running from : C:\Users\john\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16496

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\jxpz8zof.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [17986 octets] - [27/07/2013 12:08:55]

AdwCleaner[R2].txt - [18045 octets] - [28/07/2013 19:20:56]

AdwCleaner[R3].txt - [6155 octets] - [31/07/2013 21:49:32]

AdwCleaner[R4].txt - [6215 octets] - [31/07/2013 21:53:02]

AdwCleaner[R5].txt - [1771 octets] - [31/07/2013 22:47:13]

AdwCleaner[R6].txt - [1735 octets] - [01/08/2013 13:52:25]

AdwCleaner[R7].txt - [0 octets] - [01/08/2013 17:34:19]

AdwCleaner[s1].txt - [18468 octets] - [28/07/2013 19:21:55]

AdwCleaner[s2].txt - [6162 octets] - [31/07/2013 21:53:21]

AdwCleaner[s3].txt - [1752 octets] - [01/08/2013 13:56:51]

AdwCleaner[s4].txt - [1411 octets] - [01/08/2013 17:36:13]

 

########## EOF - C:\AdwCleaner[s4].txt - [1471 octets] ##########
Link to post
Share on other sites

Junkware Removal Tool (JRT) by Thisisu

Version: 5.2.9 (07.30.2013:1)

OS: Windows Vista Home Premium x86

Ran by john on Thu 08/01/2013 at 14:38:24.39

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\tasks\LyricsSing Update.job

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 08/01/2013 at 14:40:36.71

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : john [Admin rights]

Mode : Remove -- Date : 08/02/2013 02:55:14

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Scheduled tasks : 2 ¤¤¤

[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{D7459153-F1DD-46D7-B86C-7108C8779D5E}.exe - --uninstall=1 [x] -> DELETED

[V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{D7459153-F1DD-46D7-B86C-7108C8779D5E}.exe - --uninstall=1 [x] -> DELETED

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] SSDT[75] : NtCreateSection @ 0x8266AFA5 -> HOOKED (Unknown @ 0x89D4FB06)

[Address] SSDT[276] : NtRequestWaitReplyPort @ 0x8267D142 -> HOOKED (Unknown @ 0x89D4FB10)

[Address] SSDT[289] : NtSetContextThread @ 0x826CC2AB -> HOOKED (Unknown @ 0x89D4FB0B)

[Address] SSDT[314] : NtSetSecurityObject @ 0x825F9023 -> HOOKED (Unknown @ 0x89D4FB15)

[Address] SSDT[332] : NtSystemDebugControl @ 0x82631EF1 -> HOOKED (Unknown @ 0x89D4FB1A)

[Address] SSDT[334] : NtTerminateProcess @ 0x8262A173 -> HOOKED (Unknown @ 0x89D4FAA7)

[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89D4FB2E)

[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x89D4FB33)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

::1             localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

[...]

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST332082 0AS SCSI Disk Device +++++

--- User ---

[MBR] c27ca0af705db693047314d47ea7e883

[bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 298834 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 612012240 | Size: 6408 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[0]_D_08022013_025514.txt >>

RKreport[0]_S_07252013_190246.txt;RKreport[0]_S_08022013_024924.txt

 

 

Could not sleep , ran a scan using RogueKiller : here are the results , after I deleted the threats found .

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.