Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan


  • Please log in to reply
16 replies to this topic

#1 shanromac12

shanromac12

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 05 July 2014 - 07:30 PM

Hello all , i did a scan with malware bytes free and it came up with 10 threats , all are trojan.agent and 3 spyware programs lucky leap , search protect ,yantoo , my searchdial , . my question is will malware get rid of these by its self or do i need to do more to  get rid of them ,. thanks in advance . Cheers 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 10 July 2014 - 08:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 16 July 2014 - 08:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 16 July 2014 - 12:38 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 20 July 2014 - 07:22 AM

This topic has been re-opened at the request of the person who originally posted.

#6 shanromac12

shanromac12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 20 July 2014 - 01:20 PM

Ok i need assistance to get the scan log for malware bytes i did the scan yesterday but cant find the log and the adwcleaner , well i scanned with it i cleaned files and all kidns of pop ups came up saying memory cannot be read to 000032 ect with all kinds of different codes , then all kinds of error messages came up then it said chrome has crashed then i mean 100s of pop ups saying memory could not be read again , then computer shut off . 



#7 shanromac12

shanromac12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 20 July 2014 - 03:04 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/20/2014
Scan Time: 4:25:48 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.20.05
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Colin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325101
Time Elapsed: 33 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.MySearchDial.A, C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtC0A0B0EtAyEzyzyzzzztN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1604766047&ir=",), ,[b80ddcc5f58660d6de9c6e6ceb193bc5]
PUP.Optional.Conduit.A, C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtC0A0B0EtAyEzyzyzzzztN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1604766047&ir=", "http://search.conduit.com/?ctid=CT3298581&SearchSource=48&CUI=UN10684777286934126&UM=2", "http://search.conduit.com/?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP357F436D-7C4E-429B-9543-8448C9BCFCC1&SSPV=" ],), ,[c104e9b8d6a551e57426a337fc0849b7]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
# AdwCleaner v3.216 - Report created 20/07/2014 at 15:08:51
# Updated 17/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Colin - USERNAME-545DF1
# Running from : C:\Documents and Settings\Colin\My Documents\Downloads\adwcleaner_3.216.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater18.1.7
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AlawarWrapper
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\PC Cleaner
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Documents and Settings\Colin\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Colin\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Colin\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Colin\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\Colin\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\6wwirl52.default\CT3298581
Folder Deleted : C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\6wwirl52.default\Extensions\{d2cf9842-af95-48cd-b873-bfbb48cd7f5e}
File Deleted : C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\6wwirl52.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67C71B35-A416-4A54-BD1D-15965A4FE41C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF227C2C-9D69-4f51-9B20-4B0A70E65EB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\6wwirl52.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ctvnews.ca/search-results/search-ctv-news-7.137?q={searchTerms}
Deleted [Search Provider] : hxxp://atlantic.ctvnews.ca/search-results/ctv-atlantic-search-7.104?q={searchTerms}
Deleted [Search Provider] : hxxp://www.capebretonpost.com/?searchQueryString={searchTerms}&clearFacets=1&controllerName=search&search_sortedBy=publicationDate+DESC&search_submit=Recherche
Deleted [Startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtC0A0B0EtAyEzyzyzzzztN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1604766047&ir=
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3298581&SearchSource=48&CUI=UN10684777286934126&UM=2
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP357F436D-7C4E-429B-9543-8448C9BCFCC1&SSPV=
Deleted [Homepage] : hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtC0A0B0EtAyEzyzyzzzztN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1604766047&ir=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : dlfienamagdnkekbbbocojppncdambda
Deleted [Extension] : eiimolhnbbbdagljikeckdkldgemmmlj
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : jljheddigenhleadfofeccneimcmlefp
Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc
 
*************************
 
AdwCleaner[R0].txt - [15871 octets] - [14/01/2014 16:49:59]
AdwCleaner[R1].txt - [10983 octets] - [19/07/2014 20:40:22]
AdwCleaner[R2].txt - [11044 octets] - [20/07/2014 15:07:27]
AdwCleaner[S0].txt - [11746 octets] - [20/07/2014 15:08:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11807 octets] ##########
 
can result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by Colin (administrator) on USERNAME-545DF1 on 20-07-2014 15:21:05
Running from C:\Documents and Settings\Colin\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
(Logitech Inc.) C:\WINDOWS\LOGI_MWX.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Eastman Kodak Company) C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Pelmorex Media Inc.) C:\Documents and Settings\Colin\Local Settings\Application Data\The Weather Network\weathereye.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\bin32\nSvcAppFlt.exe
() C:\Program Files\bin32\nSvcIp.exe
(Google Inc.) C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\Run: [Google Update] => C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-02-17] (Google Inc.)
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\Run: [WeatherEye] => C:\Documents and Settings\Colin\Local Settings\Application Data\The Weather Network\WeatherEye.exe [310920 2012-08-30] (Pelmorex Media Inc.)
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\Run: [Facebook Update] => C:\Documents and Settings\Colin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2014-03-06] (Facebook Inc.)
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\Run: [uTorrent] => C:\Documents and Settings\Colin\Application Data\uTorrent\uTorrent.exe [1286992 2014-06-02] (BitTorrent Inc.)
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\Run: [Chatango] => C:\Program Files\Chatango\Chatango.exe 
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5626136 2014-06-05] (SUPERAntiSpyware)
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\MountPoints2: {2a7dbd8a-d2ff-11df-8aa7-0022151abe34} - F:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\MountPoints2: {6c042154-1b3c-11e0-8b21-0022151abe34} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\MountPoints2: {abdd2db5-2189-11e0-8b28-0022151abe34} - F:\start.exe
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\MountPoints2: {bead24c5-10fb-11e0-8b10-0022151abe34} - F:\InstallTomTomHOME.exe
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\MountPoints2: {e5461289-1ab4-11e1-8c57-0022151abe34} - F:\PC_ImageViewer4.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x14678DF4AF4FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKLM - AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=718
SearchScopes: HKCU - {A071CFC2-6C93-40F3-B699-A124BBC3D6A5} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: AOLSearchHook Class -> {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} -> C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: AIM Toolbar Loader -> {b0cda128-b425-4eef-a174-61a11ac5dbf8} -> C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - AIM Toolbar - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\6wwirl52.default
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @fileplanet.com/fpdlm - C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Colin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Colin\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Microsoft Choice Guard - C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\6wwirl52.default\Extensions\ChoiceGuard@Microsoft [2012-06-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\6wwirl52.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-06]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-20]
 
Chrome: 
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtC0A0B0EtAyEzyzyzzzztN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1604766047&ir=
CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtC0A0B0EtAyEzyzyzzzztN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1604766047&ir=", "hxxp://search.conduit.com/?ctid=CT3298581&SearchSource=48&CUI=UN10684777286934126&UM=2", "hxxp://search.conduit.com/?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP357F436D-7C4E-429B-9543-8448C9BCFCC1&SSPV="
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Documents and Settings\Colin\Application Data\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Colin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (IGN Download Manager Plug-in) - C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [jhbicckmeogemnamjhgbfbhelblnkjlp] - C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\jhbicckmeogemnamjhgbfbhelblnkjlp.crx [2013-08-14]
CHR HKCU\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-14]
CHR HKCU\...\Chrome\Extension: [jhbicckmeogemnamjhgbfbhelblnkjlp] - C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\jhbicckmeogemnamjhgbfbhelblnkjlp.crx [2013-08-14]
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [598016 2008-01-29] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-11] (Oracle Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [163840 2008-01-29] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [348752 2009-01-07] (PC Tools)
S3 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1097096 2010-02-05] (PC Tools)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 VideoAcceleratorService; C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe [298152 2014-02-18] (SPEEDbit)
S3 WmcCds; c:\program files\windows media connect\mswmccds.exe [483328 2004-08-11] (Microsoft Corporation) [File not signed]
S3 WmcCdsLs; C:\Program Files\Windows Media Connect\mswmcls.exe [28160 2004-08-10] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-05-30] (AVG Technologies)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2009-07-27] () [File not signed]
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2014-03-04] ()
R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
S3 LHidUsb; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [37887 2003-12-17] (Logitech, Inc.)
R3 LVUSBSta; C:\WINDOWS\System32\DRIVERS\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-20] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (NVIDIA Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [38560 2008-05-05] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (NVIDIA Corporation)
S3 PID_PEPI; C:\WINDOWS\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-11-21] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-04-12] (Duplex Secure Ltd.)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
S4 IntelIde; No ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-19 20:47 - 2014-07-20 15:21 - 00000000 ____D () C:\FRST
2014-07-19 20:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-18 20:32 - 2014-07-18 20:42 - 00000000 ____D () C:\Documents and Settings\Colin\Desktop\July Pics On Camera
2014-07-18 19:42 - 2014-07-18 19:42 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-18 19:41 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-18 19:41 - 2014-07-11 02:36 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-07-18 19:38 - 2014-07-18 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-07-18 19:38 - 2014-07-11 03:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-18 19:38 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-18 19:38 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-13 16:43 - 2014-07-13 17:19 - 00000000 ____D () C:\Documents and Settings\Colin\Desktop\Moncton Car Show
2014-07-05 21:25 - 2014-07-05 21:25 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-30 23:50 - 2014-06-30 23:56 - 00000000 ____D () C:\Documents and Settings\Colin\Desktop\moms pic
2014-06-30 23:23 - 2014-07-13 17:28 - 00000000 ____D () C:\Documents and Settings\Colin\Desktop\PEI RIDE
 
==================== One Month Modified Files and Folders =======
 
2014-07-20 15:21 - 2014-07-19 20:47 - 00000000 ____D () C:\FRST
2014-07-20 15:21 - 2009-04-05 21:00 - 00000000 ____D () C:\Documents and Settings\Colin\Local Settings\Temp
2014-07-20 15:19 - 2009-04-05 17:36 - 00632924 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-20 15:16 - 2012-04-07 18:22 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-20 15:16 - 2009-04-06 19:23 - 00000000 ____D () C:\Documents and Settings\Colin\Application Data\uTorrent
2014-07-20 15:16 - 2009-04-05 20:50 - 01767831 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-20 15:15 - 2014-05-18 15:20 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 15:15 - 2014-03-04 21:12 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1580436667-1801674531-1003.job
2014-07-20 15:15 - 2013-12-20 20:16 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1580436667-1801674531-1003.job
2014-07-20 15:15 - 2001-08-23 09:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-20 15:14 - 2014-03-04 18:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-20 15:14 - 2014-03-04 18:59 - 00000000 _____ () C:\WINDOWS\wiaservc.log
2014-07-20 15:14 - 2014-01-14 14:29 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-07-20 15:14 - 2009-04-05 21:05 - 00194011 _____ () C:\WINDOWS\system32\nvapps.xml
2014-07-20 15:13 - 2014-03-30 10:45 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-20 15:13 - 2011-05-20 07:30 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1580436667-1801674531-1003.job
2014-07-20 15:13 - 2009-12-08 20:32 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 15:13 - 2009-04-05 20:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-20 15:10 - 2014-03-04 18:58 - 00032440 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-20 15:10 - 2014-01-14 16:49 - 00000000 ____D () C:\AdwCleaner
2014-07-20 15:10 - 2014-01-14 14:29 - 00196608 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-07-20 15:10 - 2010-11-01 21:21 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{89E34325-F8B1-42B9-8E75-95EA0959AFB6}.job
2014-07-20 15:01 - 2009-12-08 20:32 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 14:14 - 2014-03-06 03:09 - 00000998 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1580436667-1801674531-1003UA.job
2014-07-20 14:11 - 2013-04-05 01:18 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1580436667-1801674531-1003UA.job
2014-07-20 13:30 - 2014-02-19 20:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-07-20 10:35 - 2009-05-12 21:47 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2014-07-20 02:14 - 2014-03-06 03:09 - 00000976 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1580436667-1801674531-1003Core.job
2014-07-19 22:11 - 2013-04-05 01:18 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1580436667-1801674531-1003Core.job
2014-07-19 20:32 - 2013-02-14 04:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2014-07-19 17:18 - 2009-04-05 17:34 - 00000251 __RSH () C:\boot.ini
2014-07-19 17:18 - 2001-08-23 09:00 - 00000527 _____ () C:\WINDOWS\win.ini
2014-07-19 17:18 - 2001-08-23 09:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-07-19 16:38 - 2014-05-18 14:53 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-19 16:38 - 2014-05-18 14:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-19 16:38 - 2014-05-18 14:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-18 21:17 - 2013-09-06 02:01 - 00002284 _____ () C:\Documents and Settings\Colin\Desktop\Google Chrome.lnk
2014-07-18 20:42 - 2014-07-18 20:32 - 00000000 ____D () C:\Documents and Settings\Colin\Desktop\July Pics On Camera
2014-07-18 19:42 - 2014-07-18 19:42 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-18 19:38 - 2014-07-18 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-07-18 19:38 - 2009-04-06 19:30 - 00000000 ____D () C:\Program Files\Java
2014-07-18 18:58 - 2011-05-20 07:30 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1580436667-1801674531-1003.job
2014-07-17 09:39 - 2009-05-06 21:42 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-07-16 00:30 - 2014-01-14 14:29 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-07-13 17:28 - 2014-06-30 23:23 - 00000000 ____D () C:\Documents and Settings\Colin\Desktop\PEI RIDE
2014-07-13 17:19 - 2014-07-13 16:43 - 00000000 ____D () C:\Documents and Settings\Colin\Desktop\Moncton Car Show
2014-07-11 03:02 - 2014-07-18 19:38 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-11 02:56 - 2014-07-18 19:41 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-11 02:56 - 2014-07-18 19:38 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-11 02:55 - 2014-07-18 19:38 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-11 02:36 - 2014-07-18 19:41 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-07-10 02:23 - 2010-05-25 02:57 - 00000000 ____D () C:\Documents and Settings\Colin\Application Data\Skype
2014-07-09 11:08 - 2013-07-20 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 11:02 - 2009-04-06 07:48 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 11:01 - 2009-04-09 22:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-07-09 02:16 - 2014-05-13 21:17 - 05659136 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-07-09 02:16 - 2012-04-07 18:22 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-09 02:16 - 2011-05-20 07:28 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 17:07 - 2014-03-30 10:45 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-05 21:28 - 2009-07-31 17:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-05 21:25 - 2014-07-05 21:25 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-07-05 21:25 - 2009-07-31 17:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-07-04 21:33 - 2014-03-31 08:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-07-04 21:33 - 2014-03-04 18:41 - 00067633 _____ () C:\WINDOWS\setupapi.log
2014-07-04 21:14 - 2012-05-05 10:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-01 00:30 - 2014-01-14 14:29 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-30 23:57 - 2009-04-06 20:11 - 00248832 _____ () C:\Documents and Settings\Colin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-30 23:56 - 2014-06-30 23:50 - 00000000 ____D () C:\Documents and Settings\Colin\Desktop\moms pic
 
Files to move or delete:
====================
C:\Documents and Settings\Colin\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Colin\jagex_runescape_preferences.dat
C:\Documents and Settings\Colin\jagex_runescape_preferences2.dat
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Colin\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\Colin\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Colin\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\Colin\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Colin\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Colin\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\Colin\Local Settings\Temp\utt4A4.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
Note the first scan results i couldnt find but this one came up it seems its not picking up the trojan i had the other day but this computer is slow very slow since 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 21 July 2014 - 07:17 AM

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\Run: [uTorrent] => C:\Documents and Settings\Colin\Application Data\uTorrent\uTorrent.exe [1286992 2014-06-02] (BitTorrent Inc.)
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=718
    SearchScopes: HKCU - {FA6CDDB6-A604-40CF-8F5C-FF591A244D6E} URL = http://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=fdba6dbf23884dc596802876c786e997&tu=11JL0008j2B000s&sku=&tstsId=&ver=&&r=531
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
    CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtC0A0B0EtAyEzyzyzzzztN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1604766047&ir=
    CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtC0A0B0EtAyEzyzyzzzztN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1604766047&ir=", "hxxp://search.conduit.com/?ctid=CT3298581&SearchSource=48&CUI=UN10684777286934126&UM=2", "hxxp://search.conduit.com/?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP357F436D-7C4E-429B-9543-8448C9BCFCC1&SSPV="
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
    CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
    CHR Plugin: (Google Update) - C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\WINDOWS\system32\npDeployJava1.dll No File
    CHR HKLM\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-14]
    CHR HKLM\...\Chrome\Extension: [jhbicckmeogemnamjhgbfbhelblnkjlp] - C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\jhbicckmeogemnamjhgbfbhelblnkjlp.crx [2013-08-14]
    CHR HKCU\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-14]
    CHR HKCU\...\Chrome\Extension: [jhbicckmeogemnamjhgbfbhelblnkjlp] - C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\jhbicckmeogemnamjhgbfbhelblnkjlp.crx [2013-08-14]
    C:\Documents and Settings\Colin\Local Settings\Application Data\CRE
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/
    ===

    How is the computer running now?



#9 shanromac12

shanromac12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 21 July 2014 - 07:04 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:20-07-2014
Ran by Colin at 2014-07-21 20:51:19 Run:1
Running from C:\Documents and Settings\Colin\Desktop\New Folder (3)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\...\Run: [uTorrent] => C:\Documents and Settings\Colin\Application Data\uTorrent\uTorrent.exe [1286992 2014-06-02] (BitTorrent Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=718
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtC0A0B0EtAyEzyzyzzzztN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1604766047&ir=
CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtC0A0B0EtAyEzyzyzzzztN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1604766047&ir=", "hxxp://search.conduit.com/?ctid=CT3298581&SearchSource=48&CUI=UN10684777286934126&UM=2", "hxxp://search.conduit.com/?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP357F436D-7C4E-429B-9543-8448C9BCFCC1&SSPV="
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR HKLM\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [jhbicckmeogemnamjhgbfbhelblnkjlp] - C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\jhbicckmeogemnamjhgbfbhelblnkjlp.crx [2013-08-14]
CHR HKCU\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-14]
CHR HKCU\...\Chrome\Extension: [jhbicckmeogemnamjhgbfbhelblnkjlp] - C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\jhbicckmeogemnamjhgbfbhelblnkjlp.crx [2013-08-14]
C:\Documents and Settings\Colin\Local Settings\Application Data\CRE
 
End
*****************
 
'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon' => Key deleted successfully.
HKU\S-1-5-21-1844237615-1580436667-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\ToolbarSearchProviderProgress => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FA6CDDB6-A604-40CF-8F5C-FF591A244D6E}' => Key deleted successfully.
'HKCR\CLSID\{FA6CDDB6-A604-40CF-8F5C-FF591A244D6E}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
'HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
'HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
'HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}'=> Key not found.
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtC0A0B0EtAyEzyzyzzzztN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1604766047&ir= ==> The Chrome "Settings" can be used to fix the entry.
CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtC0A0B0EtAyEzyzyzzzztN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1604766047&ir=", "hxxp://search.conduit.com/?ctid=CT3298581&SearchSource=48&CUI=UN10684777286934126&UM=2", "hxxp://search.conduit.com/?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP357F436D-7C4E-429B-9543-8448C9BCFCC1&SSPV=" ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll not found.
C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll not found.
C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll not found.
C:\WINDOWS\system32\npDeployJava1.dll not found.
'HKLM\SOFTWARE\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf' => Key deleted successfully.
"C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx" => File/Directory not found.
'HKLM\SOFTWARE\Google\Chrome\Extensions\jhbicckmeogemnamjhgbfbhelblnkjlp' => Key deleted successfully.
"C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\jhbicckmeogemnamjhgbfbhelblnkjlp.crx" => File/Directory not found.
'HKCU\SOFTWARE\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf' => Key deleted successfully.
"C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx" => File/Directory not found.
'HKCU\SOFTWARE\Google\Chrome\Extensions\jhbicckmeogemnamjhgbfbhelblnkjlp' => Key deleted successfully.
"C:\Documents and Settings\Colin\Local Settings\Application Data\CRE\jhbicckmeogemnamjhgbfbhelblnkjlp.crx" => File/Directory not found.
"C:\Documents and Settings\Colin\Local Settings\Application Data\CRE" => File/Directory not found.
 
==== End of Fixlog ====
 

Results of screen317's Security Check version 0.99.86  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
AVG Internet Security 2014   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spyware Doctor 6.0   
 Spybot - Search & Destroy 
 SUPERAntiSpyware     
 CCleaner     
 Java 7 Update 65  
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (30.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 6% 
````````````````````End of Log`````````````````````` 
 
 
Start up is very very slow , the internet is slow when i type it delays , and the led light on the power button is blinking off and on . 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 22 July 2014 - 07:11 AM

Download ATF Cleaner by Atribune from here hereand save it to your Desktop.
Follow the instructions for the browser you use.

Read the instructions about the cookies. Delete what you do not need.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache


The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

* The purpose of Prefetch folder is to increase the speed at which you can access the programs that you use on your PC. Unfortunately, Windows doesn't differentiate between a program you use every day and one you use every blue moon, which means that it may be prefetching a lot of stuff that you rarely use, adding to your startup time.
You may find that the first time you boot up after cleaning out this folder, your PC takes longer to get into gear - the second, and subsequent, boots should be quicker.

Keep me posted.

#11 shanromac12

shanromac12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 22 July 2014 - 09:55 AM

Still delaying while i surf the internet when i type , also the led light on the power button still is blinking . And the videos are freezing like when i go on youtube it loads up but freezes 


Edited by shanromac12, 22 July 2014 - 10:08 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 22 July 2014 - 09:59 AM

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#13 shanromac12

shanromac12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 22 July 2014 - 11:23 AM

C:\AdwCleaner\Quarantine\C\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\6wwirl52.default\Extensions\{d2cf9842-af95-48cd-b873-bfbb48cd7f5e}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir Win32/Toolbar.Conduit potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\ExpressBurn\expressburn.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\ExpressBurn\expressburnsetup_v4.66.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Prism\prism.exe.vir a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Prism\prismsetup_v1.61.exe.vir a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Prism\uninst.exe.vir a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm
 
 
Computer still slow , thanks for taking the time to  help me btw . cheers 


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 22 July 2014 - 12:48 PM

Well it free of malware.

Nothing much we can do with the XP operating system.

#15 shanromac12

shanromac12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 22 July 2014 - 01:57 PM

Well it free of malware.

Nothing much we can do with the XP operating system.

What is the bagle worm ? this is the first time it came up on a scan






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users