Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Protect by Conduit


  • Please log in to reply
12 replies to this topic

#1 Jarod1

Jarod1

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 21 February 2014 - 06:31 PM

I have a malware/spyware I believe that has infected my browser because it sets the homepage to what its own liking. I got it by downloading a patch update a friend directed me to so we could play a old game together by the name of Ages of Empires II: Conquerors. I must have accidently accepted one of the windows and when it finished I got this issue. I had WinPatrol running so when it asked me for permission, it made me suspicous and so I searched what was this Search Protect by Conduit because all I wanted was a patch for this game. After I found out what it was, I rejected it but it does as I stated in the first sentance regardless.

I'm using Windows XP.

I used revo uninstaller to remove the Search Protect program and the game expansion. I ran Malware Bytes, Spyware, AdwCleaner and Junkware Removal Tool. I then reset my firefox browser and it's not listed in the search engines anymore. How can I be sure that I removed this infection from my computer?


This is the message WinPatrol alerted me with:

AppInit_DLLs

Search Protect by Conduit
Conduit
Version 2.10.30.15
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll


Edited by Jarod1, 21 February 2014 - 06:42 PM.


BC AdBot (Login to Remove)

 


m

#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:25 AM

Posted 22 February 2014 - 12:09 AM

Same computer?

http://www.bleepingcomputer.com/forums/t/521831/lopcloudsvr302com-pop-up-virus/


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 22 February 2014 - 03:08 AM

 

Same computer?
http://www.bleepingcomputer.com/forums/t/521831/lopcloudsvr302com-pop-up-virus/

 

Yes but I reinstalled my operating system.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:25 AM

Posted 22 February 2014 - 04:22 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets. Do NOT use spoilers.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 23 February 2014 - 02:19 PM

Getting started now.

#6 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 23 February 2014 - 03:14 PM

Results of screen317's Security Check version 0.99.79
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee SecurityCenter
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader XI
Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
BillP Studios WinPatrol winpatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



Farbar Service Scanner Version: 16-02-2014
Ran by Jay (administrator) on 23-02-2014 at 13:26:43
Running from "C:\Documents and Settings\Jay\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****



MiniToolBox by Farbar Version: 23-01-2014
Ran by Jay (administrator) on 23-02-2014 at 13:29:42
Running from "C:\Documents and Settings\Jay\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : jay-777

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-34-F7-0E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 10.0.0.1

Lease Obtained. . . . . . . . . . : Sunday, February 23, 2014 1:08:23 PM

Lease Expires . . . . . . . . . . : Monday, February 24, 2014 1:08:23 PM

Server: UnKnown
Address: 10.0.0.1

Name: google.com
Addresses: 74.125.196.113, 74.125.196.102, 74.125.196.139, 74.125.196.100
74.125.196.101, 74.125.196.138



Pinging google.com [74.125.196.113] with 32 bytes of data:



Reply from 74.125.196.113: bytes=32 time=25ms TTL=38

Reply from 74.125.196.113: bytes=32 time=25ms TTL=38



Ping statistics for 74.125.196.113:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 25ms, Average = 25ms

Server: UnKnown
Address: 10.0.0.1

Name: yahoo.com
Addresses: 206.190.36.45, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=151ms TTL=42

Reply from 206.190.36.45: bytes=32 time=151ms TTL=42



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 151ms, Maximum = 151ms, Average = 151ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 34 f7 0e ...... Intel® PRO/100 VE Network Connection - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.3 20
10.0.0.0 255.255.255.0 10.0.0.3 10.0.0.3 20
10.0.0.3 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.3 10.0.0.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.3 10.0.0.3 20
255.255.255.255 255.255.255.255 10.0.0.3 10.0.0.3 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/18/2014 09:44:17 PM) (Source: Application Hang) (User: )
Description: Hanging application League of Legends.exe, version 4.2.0.2723, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/18/2014 07:26:48 PM) (Source: Application Error) (User: )
Description: Faulting application league of legends.exe, version 4.2.0.2723, faulting module league of legends.exe, version 4.2.0.2723, fault address 0x0029c80f.
Processing media-specific event for [league of legends.exe!ws!]

Error: (02/15/2014 04:29:39 PM) (Source: Application Error) (User: )
Description: Faulting application league of legends.exe, version 4.2.0.2723, faulting module league of legends.exe, version 4.2.0.2723, fault address 0x00431de0.
Processing media-specific event for [league of legends.exe!ws!]

Error: (02/10/2014 01:56:05 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 27.0.0.5140, faulting module mozalloc.dll, version 27.0.0.5140, fault address 0x0000119c.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (02/09/2014 04:48:12 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/09/2014 03:26:09 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/08/2014 03:33:36 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.4.304.00x8004ff0acommon client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (02/07/2014 11:52:46 PM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 gfexperience.exe, P2 10.11.15.0, P3 52a67778, P4 presentationframework, P5 4.0.0.0, P6 4ba1f8db, P7 c0d, P8 2f, P9 clr20r30, P10 clr20r31.

Error: (02/06/2014 11:05:21 PM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/06/2014 10:28:33 PM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (02/22/2014 11:12:36 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/22/2014 10:23:26 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/21/2014 10:06:52 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/21/2014 09:18:33 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/21/2014 08:09:11 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/21/2014 07:33:13 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/21/2014 06:52:53 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/21/2014 06:42:38 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/21/2014 06:40:44 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/21/2014 06:32:16 PM) (Source: 0) (User: )
Description: \Device\CdRom1


Microsoft Office Sessions:
=========================
Error: (02/18/2014 09:44:17 PM) (Source: Application Hang)(User: )
Description: League of Legends.exe4.2.0.2723hungapp0.0.0.000000000

Error: (02/18/2014 07:26:48 PM) (Source: Application Error)(User: )
Description: league of legends.exe4.2.0.2723league of legends.exe4.2.0.27230029c80f

Error: (02/15/2014 04:29:39 PM) (Source: Application Error)(User: )
Description: league of legends.exe4.2.0.2723league of legends.exe4.2.0.272300431de0

Error: (02/10/2014 01:56:05 PM) (Source: Application Error)(User: )
Description: plugin-container.exe27.0.0.5140mozalloc.dll27.0.0.51400000119c

Error: (02/09/2014 04:48:12 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/09/2014 03:26:09 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/08/2014 03:33:36 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.4.304.00x8004ff0acommon client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (02/07/2014 11:52:46 PM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3gfexperience.exe10.11.15.052a67778presentationframework4.0.0.04ba1f8dbc0d2fsystem.notsupportedexceptionNIL

Error: (02/06/2014 11:05:21 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE6.0.2900.2180hungapp0.0.0.000000000

Error: (02/06/2014 10:28:33 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE6.0.2900.2180hungapp0.0.0.000000000


=========================== Installed Programs ============================

2600 (Version: 43.0.217.000)
2600_Help (Version: 43.0.217.000)
2600Trb (Version: 43.0.217.000)
Adobe Flash Player 12 Plugin (Version: 12.0.0.70)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
AiO_Scan (Version: 43.0.217.000)
AiOSoftware (Version: 43.0.217.000)
BroadJump Client Foundation
BufferChm (Version: 43.1.5.000)
CCleaner (Version: 4.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Copy (Version: 43.1.5.000)
CreativeProjects (Version: 43.1.5.000)
CreativeProjectsTemplates (Version: 43.1.5.000)
CueTour (Version: 43.1.5.000)
Darkstone
Dell Driver Reset Tool (Version: 1.02.0000)
Destinations (Version: 43.1.5.000)
Director (Version: 43.1.5.000)
DocProc (Version: 4.0.0.0)
DocumentViewer (Version: 43.0.217.000)
eReg (Version: 1.20.138.34)
Fax (Version: 43.0.217.000)
Gameforge Live 1.10.1 "Legend" (Version: 1.10.1)
GameRanger
Google Update Helper (Version: 1.3.22.5)
HP Diagnostic Assistant (Version: 1.0.0.0)
HP Image Zone 4.2 (Version: 4.2)
HP PSC & OfficeJet 4.2
HP Software Update (Version: 2.0.39.20040212)
HPSystemDiagnostics (Version: 1.5.0.0)
InstantShare (Version: 4.0.0.40)
Intel® 537EP V9x DF PCI Modem
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
Intel® PRO Network Adapters and Drivers
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
League of Legends (Version: 3.0.0)
Logitech SetPoint 6.61 (Version: 6.61.15)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee SecurityCenter (Version: 11.0.678)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Small Business Edition 2003 (Version: 11.0.5614.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Modem Helper (Version: 2.28)
Modem On Hold (Version: 1.12)
Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1)
Mozilla Maintenance Service (Version: 27.0.1)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NETGEAR Genie (Version: 2.3.1.16)
NVIDIA Control Panel 332.21 (Version: 332.21)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1)
NVIDIA Graphics Driver 332.21 (Version: 332.21)
NVIDIA HD Audio Driver 1.3.30.1 (Version: 1.3.30.1)
NVIDIA Install Application (Version: 2.1002.142.992)
NVIDIA Network Service (Version: 1.0)
NVIDIA nView 140.75 (Version: 140.75)
NVIDIA PhysX (Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA Update 10.11.15 (Version: 10.11.15)
NVIDIA Update Core (Version: 10.11.15)
Overland (Version: 2.1.5)
Pando Media Booster (Version: 2.6.0.7)
PhotoGallery (Version: 43.1.5.000)
PowerDVD 5.3
PrintScreen (Version: 43.1.5.000)
ProductContext (Version: 43.0.217.000)
QFolder (Version: 1.00.0000)
QuickProjects (Version: 43.1.5.000)
Readme (Version: 43.0.217.000)
Revo Uninstaller 1.95 (Version: 1.95)
Scan (Version: 4.1.0.0)
SkinsHP1 (Version: 43.1.5.000)
SoundMAX (Version: 5.12.01.5246)
SUPERAntiSpyware (Version: 5.7.1018)
TrayApp (Version: 43.1.5.000)
Unload (Version: 4.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 2.1.3 (Version: 2.1.3)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 43.1.5.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 30.0.2014.0)
WinRAR 4.01 (32-bit) (Version: 4.01.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 3070.08 MB
Available physical RAM: 2613.12 MB
Total Pagefile: 4955.75 MB
Available Pagefile: 4182.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.41 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:232.82 GB) (Free:181.84 GB) NTFS
4 Drive e: (AGE2_X1) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\JAY-777

Administrator ASPNET Guest
HelpAssistant Jay SUPPORT_388945a0
Visitor


**** End of log ****




Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.23.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jay :: JAY-777 [administrator]

2/23/2014 1:32:38 PM
mbam-log-2014-02-23 (13-32-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235241
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP8440E173-2D60-4598-9C78-30C477D66A7E&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.23.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
:: JAY-777 [administrator]

2/23/2014 1:48:23 PM
mbar-log-2014-02-23 (13-48-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 235617
Time elapsed: 17 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)




---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 3219210240, free: 2609700864

Downloaded database version: v2014.02.23.07
Downloaded database version: v2014.02.20.01
=======================================
Initializing...
------------ Kernel report ------------
02/23/2014 13:48:09
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
mfehidk.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\IntelC53.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\IntelC51.sys
\SystemRoot\system32\DRIVERS\IntelC52.sys
\SystemRoot\system32\DRIVERS\mohfilt.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\senfilt.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\mfendisk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\mfetdi2k.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\LEqdUsb.Sys
\SystemRoot\System32\Drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\LBeepKE.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\npf.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\mfebopk.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff8af510f0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000082\
Lower Device Object: 0xffffffff8a386430
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8b0c4ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-17\
Lower Device Object: 0xffffffff8b0bdd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8b0c4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b111900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b0c4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b0bdd98, DeviceName: \Device\Ide\IdeDeviceP1T0L0-17\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F50FF50F

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 488263482
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488261250-488281250)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8af510f0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a580238, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8af510f0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a386430, DeviceName: \Device\00000082\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished




Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/23/2014 02:10:13 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\HPZipm12.exe (PID: 4076) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/23/2014 02:11:10 PM
Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)











#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:25 AM

Posted 23 February 2014 - 06:03 PM

p22002970.gif I don't see any AV program running.

Uninstall McAfee SecurityCenter which is NOT an AV program.

Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program.  How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Update, run full scan, report on any findings.
 

Next...

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 24 February 2014 - 06:44 PM

# AdwCleaner v3.019 - Report created 24/02/2014 at 15:59:01
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jay - JAY-777
# Running from : C:\Documents and Settings\Jay\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\9qt35suj.default-1393025895734\prefs.js ]


[ File : C:\Documents and Settings\Visitor\Application Data\Mozilla\Firefox\Profiles\nbklzpwp.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1657 octets] - [21/02/2014 16:44:22]
AdwCleaner[R1].txt - [1270 octets] - [24/02/2014 15:56:08]
AdwCleaner[S0].txt - [1592 octets] - [21/02/2014 16:46:51]
AdwCleaner[S1].txt - [1053 octets] - [24/02/2014 15:59:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1113 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Jay on Mon 02/24/2014 at 16:07:13.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/24/2014 at 16:14:28.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







Avast and ESET Online Scanner found no threats.

Edited by Jarod1, 24 February 2014 - 06:45 PM.


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:25 AM

Posted 24 February 2014 - 07:00 PM

How is computer doing?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 24 February 2014 - 07:26 PM

Its running normally. I haven't gotten my homepage redirected and the search engine seems to be gone. No pop ups or alerts either.

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:25 AM

Posted 24 February 2014 - 07:30 PM

Your computer is clean p3879546.jpg

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download 51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly ((you need to redownload these tools since they were removed by DelFix))

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 24 February 2014 - 07:37 PM

Cool thanks alot Broni, that's a epic Mr Clean Icon too :laugh:

# DelFix v10.6 - Logfile created 24/02/2014 at 18:40:08
# Updated 11/11/2013 by Xplode
# Username : Jay - JAY-777
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\Jay\Desktop\adwcleaner.exe
Deleted : C:\Documents and Settings\Jay\Desktop\AdwCleaner[S1].txt
Deleted : C:\Documents and Settings\Jay\Desktop\JRT.exe
Deleted : C:\Documents and Settings\Jay\Desktop\JRT.txt
Deleted : C:\Documents and Settings\Jay\Desktop\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1 [System Checkpoint | 02/07/2014 00:56:01]
Deleted : RP #2 [Installed Dell System Software | 02/07/2014 01:16:11]
Deleted : RP #3 [Installed Desktop System Software | 02/07/2014 01:16:16]
Deleted : RP #4 [Installed SoundMAX | 02/07/2014 01:33:25]
Deleted : RP #5 [Installed SoundMAX | 02/07/2014 01:33:33]
Deleted : RP #6 [Installed Dell Driver Reset Tool | 02/07/2014 02:07:43]
Deleted : RP #7 [Installed Logitech Software | 02/07/2014 02:20:37]
Deleted : RP #8 [Installed Musicmatch - Logitech MMJB Install Wrapper | 02/07/2014 02:24:06]
Deleted : RP #9 [Installed Logitech Desktop Messenger | 02/07/2014 02:25:18]
Deleted : RP #10 [Installed Modem Helper | 02/07/2014 02:39:28]
Deleted : RP #11 [Installed Modem On Hold | 02/07/2014 02:44:06]
Deleted : RP #12 [Installed Windows Internet Explorer 8. | 02/07/2014 07:51:26]
Deleted : RP #13 [Software Distribution Service 3.0 | 02/07/2014 09:48:13]
Deleted : RP #14 [Software Distribution Service 3.0 | 02/07/2014 10:04:22]
Deleted : RP #15 [Software Distribution Service 3.0 | 02/07/2014 10:22:33]
Deleted : RP #16 [Software Distribution Service 3.0 | 02/07/2014 11:11:16]
Deleted : RP #17 [Installed Java 7 Update 51 | 02/07/2014 20:36:45]
Deleted : RP #18 [Installed Windows Media Player 11 | 02/07/2014 23:17:54]
Deleted : RP #19 [Software Distribution Service 3.0 | 02/07/2014 23:19:08]
Deleted : RP #20 [Software Distribution Service 3.0 | 02/08/2014 00:45:28]
Deleted : RP #21 [Installed %1 %2. | 02/08/2014 01:09:09]
Deleted : RP #22 [Before Corrupted Registry Edit | 02/08/2014 01:50:12]
Deleted : RP #23 [Installed Microsoft Office Small Business Edition 2003 | 02/08/2014 02:16:21]
Deleted : RP #24 [Printer Driver HP Photosmart 2600 series fax Installed | 02/08/2014 02:44:05]
Deleted : RP #25 [Printer Driver HP remote printers Installed | 02/08/2014 02:45:26]
Deleted : RP #26 [Removed Logitech Desktop Messenger | 02/08/2014 02:53:07]
Deleted : RP #27 [Installed Windows XP Wdf01009. | 02/08/2014 04:19:13]
Deleted : RP #28 [Update to an unsigned driver | 02/08/2014 05:40:41]
Deleted : RP #29 [Installed Compatibility Pack for the 2007 Office system | 02/08/2014 05:57:40]
Deleted : RP #30 [Installed Microsoft Visual C++ 2005 Redistributable | 02/08/2014 06:03:49]
Deleted : RP #31 [Installed League of Legends | 02/08/2014 06:04:07]
Deleted : RP #32 [Installed DirectX | 02/08/2014 06:04:20]
Deleted : RP #33 [Software Distribution Service 3.0 | 02/08/2014 21:53:10]
Deleted : RP #34 [Software Distribution Service 3.0 | 02/08/2014 23:35:31]
Deleted : RP #35 [Software Distribution Service 3.0 | 02/09/2014 21:59:44]
Deleted : RP #36 [System Checkpoint | 02/11/2014 00:52:18]
Deleted : RP #37 [Software Distribution Service 3.0 | 02/12/2014 02:18:32]
Deleted : RP #38 [System Checkpoint | 02/13/2014 04:38:16]
Deleted : RP #39 [System Checkpoint | 02/14/2014 22:26:33]
Deleted : RP #40 [System Checkpoint | 02/16/2014 05:34:33]
Deleted : RP #41 [System Checkpoint | 02/18/2014 01:53:53]
Deleted : RP #42 [System Checkpoint | 02/19/2014 08:24:30]
Deleted : RP #43 [System Checkpoint | 02/20/2014 20:06:46]
Deleted : RP #44 [Revo Uninstaller's restore point - Search Protect | 02/21/2014 21:34:36]
Deleted : RP #45 [Revo Uninstaller's restore point - Microsoft Age of Empires II: The Conquerors Expansion | 02/21/2014 23:08:00]
Deleted : RP #46 [Update to an unsigned driver | 02/23/2014 20:45:42]
Deleted : RP #47 [avast! antivirus system restore point | 02/24/2014 20:46:23]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Edited by Jarod1, 24 February 2014 - 07:41 PM.


#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:25 AM

Posted 24 February 2014 - 07:41 PM

p22003888.gif


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users