Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help needed please, what is killing my laptop?


  • This topic is locked This topic is locked
13 replies to this topic

#1 3759allen

3759allen

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 16 August 2014 - 06:52 PM

hi all.

 

 

firstly i must warn you all that i'm not that great with computers, i only use my laptop for basic internet and word document use.

 

back to the topic. i think i have some sort of virus, it's now running very very slow and lots of pop ups keep coming up. when i brought my laptop they said there was a program running that scans and protects the lap top, i can't remember what they said it was now or weather it's still in date.

 

 

so what can i do to try and sort my laptop out? will scanning the laptop help? if so what scan is best to use? i did try searching for scans but there's so many out there, a lot i'm guessing are a useless waste of money.

 

any help would be much appreciated. thanks



BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:22 PM

Posted 16 August 2014 - 07:28 PM

Hello and Welcome -

 

2 things to remember :

First we do NOT use programs that cost money ..

Second, if it costs money it is either a scam, or there is a Free Version out there ...........

 

Download all programs to Desktop and Copy and Paste all requested logs.

At the end of each post please tell us if things have improved or gone bad (you are my eyes).

 

If you have these first few programs installed, delete them and install fresh versions -

 

 

FIRST -

 This is a "basic clean-up" and we will go further depending on your answers.

Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.

 

Important: Do not reboot your computer until you complete the next step.

 

 NOW :
 Please download AdwCleaner by Xplode and save to your Desktop.
 * Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
 * Click on the Scan button only once to ensure a true reading
 * AdwCleaner will begin...be patient as the scan may take some time to complete.
 * After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Check the removals and see if you are OK with the list.

* Now
 * Click on the Clean button only once to ensure a correct reading
 * Press OK when asked to close all programs and follow the onscreen prompts.
 * Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
 * After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 * Copy and Paste the contents of that logfile in your next reply.

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

ALSO :

Next -
Please download Junkware Removal Tool to your desktop.
* Temporarily Disable your Antivirus now to avoid potential conflicts.
* Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

 

 

Next these will tell us if you have updated programs installed ....

 

Download Screen317 Security Check and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please Copy/Paste the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do

 

Also :

Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:

  • List content of Hosts
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

 Click Go and Copy / Paste the result. (result.txt)

 

 

Once you have posted the logs back here, you can Right Click/Delete or Drag and Drop the tools in the Recycle bin to reduce clutter.

 

Do not forget a report on your progress -

 

Thanks -



#3 3759allen

3759allen
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 17 August 2014 - 06:10 AM

Rkill 2.6.8 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 08/17/2014 10:01:52 AM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

 

Checking for Windows services to stop:

 

* No malware services found to stop.

 

Checking for processes to terminate:

 

* C:\Documents and Settings\All Users\Application Data\IePluginServices\PluginService.exe (PID: 1360) [AU-HEUR]

* C:\Documents and Settings\All Users\Application Data\Online\sv.exe (PID: 1720) [AU-HEUR]

* C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe (PID: 2928) [UP-HEUR]

* C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vmhost.exe (PID: 3176) [AU-HEUR]

 

4 proccesses terminated!

 

Checking Registry for malware related settings:

 

* No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

* No issues found.

 

Checking Windows Service Integrity:

 

* No issues found.

 

Searching for Missing Digital Signatures:

 

* No issues found.

 

Checking HOSTS File:

 

* HOSTS file entries found:

 

127.0.0.1 localhost

 

Program finished at: 08/17/2014 10:04:22 AM

Execution time: 0 hours(s), 2 minute(s), and 30 seconds(s)

 

 

 

# AdwCleaner v3.306 - Report created 17/08/2014 at 10:21:53

# Updated 15/08/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Owner - DEFAULT-B6C197E

# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : IePluginServices

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\2308189059

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive

Folder Deleted : C:\Documents and Settings\All Users\Application Data\dealpeak

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Fast And Safe

Folder Deleted : C:\Documents and Settings\All Users\Application Data\IePluginServices

Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic

Folder Deleted : C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect

Folder Deleted : C:\Documents and Settings\All Users\Application Data\cosstminn

Folder Deleted : C:\Documents and Settings\All Users\Application Data\PricEDoiwNloader

Folder Deleted : C:\Program Files\BonanzaDeals

Folder Deleted : C:\Program Files\BonanzaDealsLive

Folder Deleted : C:\Program Files\FLVM Player

Folder Deleted : C:\Program Files\globalUpdate

Folder Deleted : C:\Program Files\Mobogenie

Folder Deleted : C:\Program Files\Mysearchdial

Folder Deleted : C:\Program Files\Nosibay

Folder Deleted : C:\Program Files\SupTab

Folder Deleted : C:\Program Files\System Speedup

Folder Deleted : C:\Program Files\cosstminn

Folder Deleted : C:\Program Files\PricEDoiwNloader

Folder Deleted : C:\Program Files\ver2click-n-mark

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch

Folder Deleted : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Chromatic Browser

Folder Deleted : C:\Documents and Settings\ASPNET\Local Settings\Application Data\torch

Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser

Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\torch

Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser

Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\torch

Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\BonanzaDealsLive

Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Chromatic Browser

Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\globalUpdate

Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Mobogenie

Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\torch

Folder Deleted : C:\Documents and Settings\Owner\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\Owner\Application Data\DriverCure

Folder Deleted : C:\Documents and Settings\Owner\Application Data\file scout

Folder Deleted : C:\Documents and Settings\Owner\Application Data\Nosibay

Folder Deleted : C:\Documents and Settings\Owner\Application Data\ParetoLogic

Folder Deleted : C:\Documents and Settings\Owner\Application Data\System Speedup

Folder Deleted : C:\Documents and Settings\Owner\Application Data\Systweak

Folder Deleted : C:\Documents and Settings\Owner\Start Menu\Programs\FLVM Player

Folder Deleted : C:\Documents and Settings\Owner\My Documents\Mobogenie

Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser

Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\torch

[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma

[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff

File Deleted : C:\WINDOWS\system32\roboot.exe

File Deleted : C:\Documents and Settings\Owner\daemonprocess.txt

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\mysearchdial-speeddial.crx

File Deleted : C:\Documents and Settings\Owner\Application Data\Bubble Dock.boostrap.log

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage

File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Key Deleted : HKCU\Software\d68a88e73aef49

Key Deleted : HKLM\SOFTWARE\d68a88e73aef49

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{a34a6eb2}

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061762.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061762.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061762.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061762.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0063163.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0063163.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0063163.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0063163.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172262}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175562}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176662}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174462}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442C-B14C-3D1081953C94}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442C-B14C-3D1081953C94}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Key Deleted : HKCU\Software\BABSOLUTION

Key Deleted : HKCU\Software\BonanzaDealsLive

Key Deleted : HKCU\Software\Crossrider

Key Deleted : HKCU\Software\DataMngr

[#] Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\filescout

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Nosibay

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\RegisteredApplicationsEx

Key Deleted : HKCU\Software\SearchProtectINT

Key Deleted : HKCU\Software\SupHpUISoft

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\ViewPassword

Key Deleted : HKCU\Software\Vittalia

Key Deleted : HKCU\Software\WEDLMNGR

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Key Deleted : HKLM\SOFTWARE\BonanzaDealsLive

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\GlobalUpdate

Key Deleted : HKLM\SOFTWARE\ParetoLogic

Key Deleted : HKLM\SOFTWARE\Speedchecker Limited

Key Deleted : HKLM\SOFTWARE\SupDp

Key Deleted : HKLM\SOFTWARE\SupTab

Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect

Key Deleted : HKLM\SOFTWARE\supWPM

Key Deleted : HKLM\SOFTWARE\systweak

Key Deleted : HKLM\SOFTWARE\Vittalia

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D471A31-4FA7-95BA-1880-D441113ED736}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PCSU-SL_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsMangerProtect

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

 

-\\ Google Chrome v36.0.1985.125

 

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F0DA0018DEB2A738&affID=122121&tt=110713_9126&tsp=4940

Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCzz0D0E0BtB0AyBtAzz0CyCtAzztN0D0Tzu0CyBtDtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=347891896&ir=

Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCzz0D0E0BtB0AyBtAzz0CyCtAzztN0D0Tzu0CyBtDtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=347891896&ir=

Deleted [Search Provider] : hxxp://www.istart123.com/web/?type=ds&ts=1408211307&from=ymb&uid=TOSHIBAXMK8057GSC_21B8T3E3TXX21B8T3E3T&q={searchTerms}

Deleted [Startup_urls] : hxxp://www.istart123.com/?type=hp&ts=1408211307&from=ymb&uid=TOSHIBAXMK8057GSC_21B8T3E3TXX21B8T3E3T

Deleted [Homepage] : hxxp://www.istart123.com/?type=hp&ts=1408211307&from=ymb&uid=TOSHIBAXMK8057GSC_21B8T3E3TXX21B8T3E3T

Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff

 

*************************

 

AdwCleaner[R0].txt - [16394 octets] - [17/08/2014 10:15:38]

AdwCleaner[S0].txt - [16132 octets] - [17/08/2014 10:21:53]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16193 octets] ##########

 

 

 

 

Total physical RAM: 2038.05 MB

Available physical RAM: 105.13 MB

Total Pagefile: 3409.16 MB

Available Pagefile: 1407.17 MB

Total Virtual: 2047.88 MB

Available Virtual: 1979.73 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:59.11 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\DEFAULT-B6C197E

 

Administrator ASPNET Guest

HelpAssistant Owner SUPPORT_388945a0

 

 

**** End of log ****

 

 

 

Results of screen317's Security Check version 0.99.87

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

`````````Anti-malware/Other Utilities Check:`````````

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 35.0.1916.153

Google Chrome 36.0.1985.125

````````Process Check: objlist.exe by Laurent````````

All Users Application Data Online sv.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````  

 

 

 

 

MiniToolBox by Farbar Version: 21-07-2014

Ran by Owner (administrator) on 17-08-2014 at 11:16:14

Running from "C:\Documents and Settings\Owner\My Documents\Downloads"

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

***************************************************************************

========================= Hosts content: =================================

 

 

127.0.0.1 localhost

 

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (08/17/2014 10:39:14 AM) (Source: Application Error) (User: )

Description: Faulting application cyzutbuw.exe, version 8.0.0.2, faulting module cyzutbuw.exe, version 8.0.0.2, fault address 0x000013b4.

Processing media-specific event for [cyzutbuw.exe!ws!]

 

Error: (08/16/2014 09:27:10 PM) (Source: Application Error) (User: )

Description: Faulting application chrome.exe, version 36.0.1985.125, faulting module chrome.dll, version 36.0.1985.125, fault address 0x0108f1cb.

Processing media-specific event for [chrome.exe!ws!]

 

Error: (08/16/2014 07:21:30 PM) (Source: Application Error) (User: )

Description: Faulting application 5[1].exe, version 8.0.0.2, faulting module 5[1].exe, version 8.0.0.2, fault address 0x000013b4.

Processing media-specific event for [5[1].exe!ws!]

 

Error: (08/16/2014 07:13:53 PM) (Source: Application Error) (User: )

Description: Faulting application cyzutbuw.exe, version 8.0.0.2, faulting module cyzutbuw.exe, version 8.0.0.2, fault address 0x000013b4.

Processing media-specific event for [cyzutbuw.exe!ws!]

 

Error: (08/16/2014 07:03:23 PM) (Source: Application Error) (User: )

Description: Faulting application 05597821-7593-46b1-9a04-0143a1f890a8-6.exe, version 1.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [05597821-7593-46b1-9a04-0143a1f890a8-6.exe!ws!]

 

Error: (08/16/2014 06:56:42 PM) (Source: Application Error) (User: )

Description: Faulting application msiexec.exe, version 9.87.85.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [msiexec.exe!ws!]

 

Error: (08/16/2014 06:52:35 PM) (Source: Application Error) (User: )

Description: Faulting application 05597821-7593-46b1-9a04-0143a1f890a8-6.exe, version 1.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [05597821-7593-46b1-9a04-0143a1f890a8-6.exe!ws!]

 

Error: (08/16/2014 06:52:35 PM) (Source: Application Error) (User: )

Description: Faulting application e5a8b767-2814-4507-bfb2-39128c44025f-6.exe, version 1.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [e5a8b767-2814-4507-bfb2-39128c44025f-6.exe!ws!]

 

Error: (08/16/2014 06:49:57 PM) (Source: WindowsMangerProtect) (User: )

Description: WindowsMangerProtect

 

Error: (08/16/2014 06:49:47 PM) (Source: Application Error) (User: )

Description: Faulting application post1.exe, version 1.1.0.0, faulting module post1.exe, version 1.1.0.0, fault address 0x0001b8c1.

Processing media-specific event for [post1.exe!ws!]

 

 

System errors:

=============

Error: (08/17/2014 10:38:58 AM) (Source: Service Control Manager) (User: )

Description: The Update Fralimbo service failed to start due to the following error:

%%3

 

Error: (08/17/2014 10:38:58 AM) (Source: Service Control Manager) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%3

 

Error: (08/17/2014 10:38:58 AM) (Source: Service Control Manager) (User: )

Description: The DataSvr2 service failed to start due to the following error:

%%2

 

Error: (08/17/2014 10:38:58 AM) (Source: Service Control Manager) (User: )

Description: Timeout (30000 milliseconds) waiting for the Fast And Safe service to connect.

 

Error: (08/17/2014 10:24:40 AM) (Source: Service Control Manager) (User: )

Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/17/2014 10:21:52 AM) (Source: Service Control Manager) (User: )

Description: The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).

 

Error: (08/17/2014 10:21:51 AM) (Source: Service Control Manager) (User: )

Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/17/2014 10:21:51 AM) (Source: Service Control Manager) (User: )

Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

 

Error: (08/17/2014 10:21:51 AM) (Source: Service Control Manager) (User: )

Description: The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly. It has done this 1 time(s).

 

Error: (08/17/2014 10:21:51 AM) (Source: Service Control Manager) (User: )

Description: The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (08/17/2014 10:39:14 AM) (Source: Application Error)(User: )

Description: cyzutbuw.exe8.0.0.2cyzutbuw.exe8.0.0.2000013b4

 

Error: (08/16/2014 09:27:10 PM) (Source: Application Error)(User: )

Description: chrome.exe36.0.1985.125chrome.dll36.0.1985.1250108f1cb

 

Error: (08/16/2014 07:21:30 PM) (Source: Application Error)(User: )

Description: 5[1].exe8.0.0.25[1].exe8.0.0.2000013b4

 

Error: (08/16/2014 07:13:53 PM) (Source: Application Error)(User: )

Description: cyzutbuw.exe8.0.0.2cyzutbuw.exe8.0.0.2000013b4

 

Error: (08/16/2014 07:03:23 PM) (Source: Application Error)(User: )

Description: 05597821-7593-46b1-9a04-0143a1f890a8-6.exe1.0.0.1unknown0.0.0.000000000

 

Error: (08/16/2014 06:56:42 PM) (Source: Application Error)(User: )

Description: msiexec.exe9.87.85.0unknown0.0.0.000000000

 

Error: (08/16/2014 06:52:35 PM) (Source: Application Error)(User: )

Description: 05597821-7593-46b1-9a04-0143a1f890a8-6.exe1.0.0.1unknown0.0.0.000000000

 

Error: (08/16/2014 06:52:35 PM) (Source: Application Error)(User: )

Description: e5a8b767-2814-4507-bfb2-39128c44025f-6.exe1.0.0.1unknown0.0.0.000000000

 

Error: (08/16/2014 06:49:57 PM) (Source: WindowsMangerProtect)(User: )

Description: WindowsMangerProtect

 

Error: (08/16/2014 06:49:47 PM) (Source: Application Error)(User: )

Description: post1.exe1.1.0.0post1.exe1.1.0.00001b8c1

 

 

 

=========================== Installed Programs ============================

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Reader 9.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)

Broadcom TPM Driver Installer (Version: 8.04.04 - Broadcom Corporation) Hidden

Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: - )

cosstminn (HKLM\...\{CE681A67-9477-CBE6-EB9D-FE534875F98D}) (Version: 4.2.0.1600 - cosstminn)

EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

FLV Player (remove only) (HKLM\...\FLVM Player) (Version: - )

Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )

Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 10.50.0000 - Intel Corporation)

mCore (Version: 7.10.0000 - Intel Corporation) Hidden

mDriver (Version: 7.10.0000 - Intel) Hidden

mDrWiFi (Version: 7.10.0000 - Intel Corporation) Hidden

mHelp (Version: 7.10.0000 - Intel) Hidden

Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden

mIWA (Version: 7.10.0000 - Intel Corporation) Hidden

mLogView (Version: 7.10.0000 - Intel Corporation) Hidden

mMHouse (Version: 7.10.0000 - Intel Corporation) Hidden

mPfMgr (Version: 7.10.0000 - Intel Corporation) Hidden

mPfWiz (Version: 7.10.0000 - Intel Corporation) Hidden

mProSafe (Version: 9.00.0000 - Intel) Hidden

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

mWlsSafe (Version: 7.10.0000 - Intel) Hidden

mXML (Version: 7.10.0000 - Intel Corporation) Hidden

mZConfig (Version: 7.10.0000 - Intel Corporation) Hidden

NTRU Hybrid TSS v2.0.25 (Version: 2.0.25 - NTRU Cryptosystems) Hidden

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )

OpenOffice.org 3.2 (HKLM\...\{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}) (Version: 3.2.9483 - OpenOffice.org)

Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden

Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)

Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

 

========================= Memory info: ===================================

 

Percentage of memory in use: 94%

Total physical RAM: 2038.05 MB

Available physical RAM: 105.13 MB

Total Pagefile: 3409.16 MB

Available Pagefile: 1407.17 MB

Total Virtual: 2047.88 MB

Available Virtual: 1979.73 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:59.11 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\DEFAULT-B6C197E

 

Administrator ASPNET Guest

HelpAssistant Owner SUPPORT_388945a0

 

 

**** End of log ****



#4 3759allen

3759allen
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 17 August 2014 - 06:21 AM

hi and thanks for the reply. 

 

i think i've done all that and i hope i've copied and pasted everything i should have. 

 

i hope this means more to you than it does to me.

 

the main problem seems to be that something called called java tries to keep downloading. any ideas why it keeps doing this?

 

thanks very much for your help, very much appreciated.



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:22 PM

Posted 17 August 2014 - 06:52 AM

Thank you for those logs. They show that the system is now more sick rather than infected ........

 

AdwCleaner removed a heck of a lot of problems that have been downloaded and caused the main first problem.

 

Have you ever installed any Antivirus or Antimalware programs on your computer ???

 

Percentage of memory in use: 94% << This is Severe and the computer will not continue to function much longer.

Total physical RAM: 2038.05 MB

Available physical RAM: 105.13 MB

 

To put it in very simple terms, this basically means that you had a bit over 2,038 pockets to fill, and you now only have 105 pockets left.

 

Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! << You will not be able to defragment a hard drive in this state. It is over-filled and too cluttered.

 

We can try and claim a bit more back (I hope) with an Antimalware scan first.

Download .MalwareBytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation.
  • Click Scan at the top of the screen and hit Detection and Protection.
  • Choose Custom Scan and click Scan Now.
  • Check the box next to Scan for rootkits.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
  • If no threats were found, click View detailed log.
  • Click Export and save the log as a .txt file on your Desktop or another location.
  • If the scan detected any threats, click Apply Actions.
  • To complete any actions taken you may be prompted to restart your computer...click on Yes.
  • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan and click View.
  • Click Export and save the log as a .txt file on your Desktop or another location.

Providing the MalwareBytes' Anti-Malware log file..............
Attach the log file you just saved to your next reply for further review.

 

Install and keep Microsoft Security Essentials then run a quick scan with it

Adobe reader 11.0.08 Update

The Java update harassing you may be a Fake program - Just X close it.
 


Edited by noknojon, 17 August 2014 - 07:27 AM.


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:22 PM

Posted 17 August 2014 - 08:10 AM

I have just found that File name: cyzutbuw.exe is a major Trojan infection and is listed in your logs -

 

Please continue and report back with any other logs that you can get ..........

 

EDIT -

Application errors:

==================

Error: (08/17/2014 10:39:14 AM) (Source: Application Error) (User: )

Description: Faulting application cyzutbuw.exe, version 8.0.0.2, faulting module cyzutbuw.exe, version 8.0.0.2, fault address 0x000013b4.

Processing media-specific event for [cyzutbuw.exe!ws!]


Edited by noknojon, 17 August 2014 - 08:17 AM.


#7 3759allen

3759allen
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 17 August 2014 - 08:20 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 17/08/2014
Scan Time: 13:42:59
Logfile: malware detections.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.17.01
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 308643
Time Elapsed: 9 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 4
PUP.Optional.SquareNet, C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vmhost.exe, 2472, , [0a3da81fec8fc670deb53f6cb34e7c84]
PUP.Optional.SquareNetwork.A, C:\Documents and Settings\All Users\Application Data\Online\sv.exe, 1816, , [e166289f5b2004322ee4ac474eb4cc34]
Trojan.Agent.EVGen, C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe, 548, , [c384ba0de59696a085017e602bd741bf]
Trojan.Agent.EVGen, C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe, 5660, , [c384ba0de59696a085017e602bd741bf]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 10
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE681A67-9477-CBE6-EB9D-FE534875F98D}, , [5dea8f389fdcd66080e73b30d62ca45c], 
PUP.Optional.SquareNetwork.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435}, , [e166289f5b2004322ee4ac474eb4cc34], 
PUP.Optional.SquareNetwork.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetworkHostSrv, , [e166289f5b2004322ee4ac474eb4cc34], 
PUP.Optional.CinemaPlus, HKLM\SOFTWARE\Cinema-Plus-1.2-nv, , [2423646385f6c96d1e5aac3471910bf5], 
PUP.Optional.IStart123.A, HKLM\SOFTWARE\istart123Software, , [52f544832457270f16e3fce2d32f24dc], 
PUP.Optional.CostMin, HKLM\SOFTWARE\CLASSES\cosstminn.cosstminn, , [4dfa5e69accfc1753a27c2233fc345bb], 
PUP.Optional.CostMin, HKLM\SOFTWARE\CLASSES\cosstminn.cosstminn.2.0, , [a7a002c5304b122470f1dd08e31f0af6], 
PUP.Optional.FastAndSafe.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\a34a6eb2, , [aa9d73547308171f7f803dae30d28080], 
PUP.Optional.Fralimbo.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Fralimbo, , [c97e2e99e99216209cbd60dd35cfb749], 
PUP.Optional.ClickNMark.A, HKU\S-1-5-21-1708537768-299502267-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\click-n-mark, , [2d1a35921368fe380983c040a65de61a], 
 
Registry Values: 5
Trojan.Agent.EV, HKU\S-1-5-21-1708537768-299502267-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\CONTROL PANEL\DESKTOP|SCRNSAVE.EXE, "C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe", , [9aad11b6a7d4280e91f4fde1ef139c64]
Hijack.Autorun, HKU\S-1-5-21-1708537768-299502267-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AutoRun, "C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe", , [bb8c4a7dc7b4f2442b3f729b27dcbb45]
Trojan.Agent.Gen, HKU\S-1-5-21-1708537768-299502267-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSConfig, "C:\Documents and Settings\Owner\yuvqpxqs.exe", , [3e09d6f192e94fe7e3d5d94eff05d22e]
Trojan.Agent.EVGen, HKU\S-1-5-21-1708537768-299502267-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lpq, "C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe", , [c384ba0de59696a085017e602bd741bf]
Trojan.Agent.EVGen, HKU\S-1-5-21-1708537768-299502267-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|lpq, "C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe", , [c384ba0de59696a085017e602bd741bf]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff, , [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\log, , [bc8bb80f007b88ae7fe9d00519e99c64], 
 
Files: 49
PUP.Optional.SquareNet, C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vmhost.exe, , [0a3da81fec8fc670deb53f6cb34e7c84], 
PUP.Optional.BetterDeals.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, , [ab9c47805b20bf775209ce22857d629e], 
PUP.Optional.BetterDeals.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, , [3512933475062214392206ea28da9a66], 
PUP.Optional.SquareNetwork.A, C:\Documents and Settings\All Users\Application Data\Online\sv.exe, , [e166289f5b2004322ee4ac474eb4cc34], 
PUP.Optional.Superfish.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [89bef7d093e851e5e0b5de179c6638c8], 
PUP.Optional.Superfish.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [5fe88542e2991c1a3263f40153af0ff1], 
PUP.Optional.HighLiteApp.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.highliteapp00.highliteapp.com_0.localstorage, , [5becc8ff403b90a6f4c432c4b052d62a], 
PUP.Optional.HighLiteApp.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.highliteapp00.highliteapp.com_0.localstorage-journal, , [58ef65629fdc5dd9397fef07ae549967], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage-journal, , [380f992e0675b68055a16fd032d29e62], 
PUP.Optional.PricePeep.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage, , [8bbc12b5215a1a1c902771d00103619f], 
PUP.Optional.PricePeep.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage-journal, , [1d2a5176314a4fe77f385de45fa560a0], 
Trojan.Agent.Gen, C:\Documents and Settings\Owner\yuvqpxqs.exe, , [3e09d6f192e94fe7e3d5d94eff05d22e], 
Trojan.Agent.EVGen, C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe, , [c384ba0de59696a085017e602bd741bf], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000005.ldb, , [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000008.ldb, , [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000011.ldb, , [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000018.log, , [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\CURRENT, , [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOCK, , [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG, , [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG.old, , [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\MANIFEST-000016, , [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\254.json, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\MessageBox.xml, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\uninstallDlg2.xml, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\UninstallManager.exe, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\bg.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\bg1.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\bk_shadow.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\button.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\button1.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\checkbox.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\checkbox_select.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\checked.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\close.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\loading_bg.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\loading_light.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\min.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\scrollbar.bmp, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\Thumbs.db, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\unchecked.png, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\code1.jpg, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\code2.jpg, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\code3.jpg, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\code4.jpg, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\code5.jpg, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\code6.jpg, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\Thumbs.db, , [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\log\UninstallManager_2014-08-16[19-43-15-484].log, , [bc8bb80f007b88ae7fe9d00519e99c64], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:22 PM

Posted 17 August 2014 - 08:25 AM

That is a great result for removal of infections -

 

Please tell us how the system is now operating.



#9 3759allen

3759allen
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 17 August 2014 - 08:30 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 17/08/2014
Scan Time: 13:42:59
Logfile: latest malware scan.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.17.01
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 308643
Time Elapsed: 9 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 4
PUP.Optional.SquareNet, C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vmhost.exe, 2472, Delete-on-Reboot, [0a3da81fec8fc670deb53f6cb34e7c84]
PUP.Optional.SquareNetwork.A, C:\Documents and Settings\All Users\Application Data\Online\sv.exe, 1816, Delete-on-Reboot, [e166289f5b2004322ee4ac474eb4cc34]
Trojan.Agent.EVGen, C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe, 548, Delete-on-Reboot, [c384ba0de59696a085017e602bd741bf]
Trojan.Agent.EVGen, C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe, 5660, Delete-on-Reboot, [c384ba0de59696a085017e602bd741bf]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 10
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE681A67-9477-CBE6-EB9D-FE534875F98D}, Quarantined, [5dea8f389fdcd66080e73b30d62ca45c], 
PUP.Optional.SquareNetwork.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435}, Quarantined, [e166289f5b2004322ee4ac474eb4cc34], 
PUP.Optional.SquareNetwork.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetworkHostSrv, Quarantined, [e166289f5b2004322ee4ac474eb4cc34], 
PUP.Optional.CinemaPlus, HKLM\SOFTWARE\Cinema-Plus-1.2-nv, Quarantined, [2423646385f6c96d1e5aac3471910bf5], 
PUP.Optional.IStart123.A, HKLM\SOFTWARE\istart123Software, Quarantined, [52f544832457270f16e3fce2d32f24dc], 
PUP.Optional.CostMin, HKLM\SOFTWARE\CLASSES\cosstminn.cosstminn, Quarantined, [4dfa5e69accfc1753a27c2233fc345bb], 
PUP.Optional.CostMin, HKLM\SOFTWARE\CLASSES\cosstminn.cosstminn.2.0, Quarantined, [a7a002c5304b122470f1dd08e31f0af6], 
PUP.Optional.FastAndSafe.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\a34a6eb2, Quarantined, [aa9d73547308171f7f803dae30d28080], 
PUP.Optional.Fralimbo.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Fralimbo, Quarantined, [c97e2e99e99216209cbd60dd35cfb749], 
PUP.Optional.ClickNMark.A, HKU\S-1-5-21-1708537768-299502267-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\click-n-mark, Quarantined, [2d1a35921368fe380983c040a65de61a], 
 
Registry Values: 5
Trojan.Agent.EV, HKU\S-1-5-21-1708537768-299502267-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\CONTROL PANEL\DESKTOP|SCRNSAVE.EXE, "C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe", Quarantined, [9aad11b6a7d4280e91f4fde1ef139c64]
Hijack.Autorun, HKU\S-1-5-21-1708537768-299502267-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AutoRun, "C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe", Quarantined, [bb8c4a7dc7b4f2442b3f729b27dcbb45]
Trojan.Agent.Gen, HKU\S-1-5-21-1708537768-299502267-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSConfig, "C:\Documents and Settings\Owner\yuvqpxqs.exe", Quarantined, [3e09d6f192e94fe7e3d5d94eff05d22e]
Trojan.Agent.EVGen, HKU\S-1-5-21-1708537768-299502267-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lpq, "C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe", Quarantined, [c384ba0de59696a085017e602bd741bf]
Trojan.Agent.EVGen, HKU\S-1-5-21-1708537768-299502267-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|lpq, "C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe", Quarantined, [c384ba0de59696a085017e602bd741bf]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\log, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
 
Files: 49
PUP.Optional.SquareNet, C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vmhost.exe, Delete-on-Reboot, [0a3da81fec8fc670deb53f6cb34e7c84], 
PUP.Optional.BetterDeals.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, Delete-on-Reboot, [ab9c47805b20bf775209ce22857d629e], 
PUP.Optional.BetterDeals.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, Delete-on-Reboot, [3512933475062214392206ea28da9a66], 
PUP.Optional.SquareNetwork.A, C:\Documents and Settings\All Users\Application Data\Online\sv.exe, Delete-on-Reboot, [e166289f5b2004322ee4ac474eb4cc34], 
PUP.Optional.Superfish.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [89bef7d093e851e5e0b5de179c6638c8], 
PUP.Optional.Superfish.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Delete-on-Reboot, [5fe88542e2991c1a3263f40153af0ff1], 
PUP.Optional.HighLiteApp.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.highliteapp00.highliteapp.com_0.localstorage, Quarantined, [5becc8ff403b90a6f4c432c4b052d62a], 
PUP.Optional.HighLiteApp.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.highliteapp00.highliteapp.com_0.localstorage-journal, Quarantined, [58ef65629fdc5dd9397fef07ae549967], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage-journal, Quarantined, [380f992e0675b68055a16fd032d29e62], 
PUP.Optional.PricePeep.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage, Quarantined, [8bbc12b5215a1a1c902771d00103619f], 
PUP.Optional.PricePeep.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage-journal, Quarantined, [1d2a5176314a4fe77f385de45fa560a0], 
Trojan.Agent.Gen, C:\Documents and Settings\Owner\yuvqpxqs.exe, Quarantined, [3e09d6f192e94fe7e3d5d94eff05d22e], 
Trojan.Agent.EVGen, C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\lpq.exe, Delete-on-Reboot, [c384ba0de59696a085017e602bd741bf], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000005.ldb, Quarantined, [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000008.ldb, Quarantined, [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000011.ldb, Quarantined, [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000018.log, Quarantined, [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\CURRENT, Quarantined, [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOCK, Quarantined, [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG, Quarantined, [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG.old, Quarantined, [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.MySpeedDial.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\MANIFEST-000016, Quarantined, [68dffccb33488aac9e980bba54aede22], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\254.json, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\MessageBox.xml, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\uninstallDlg2.xml, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\UninstallManager.exe, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\bg.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\bg1.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\bk_shadow.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\button.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\button1.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\checkbox.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\checkbox_select.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\checked.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\close.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\loading_bg.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\loading_light.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\min.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\scrollbar.bmp, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\Thumbs.db, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\unchecked.png, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\code1.jpg, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\code2.jpg, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\code3.jpg, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\code4.jpg, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\code5.jpg, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\code6.jpg, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\images\code\Thumbs.db, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
PUP.Optional.IStart.A, C:\Documents and Settings\Owner\Application Data\istart123\log\UninstallManager_2014-08-16[19-43-15-484].log, Quarantined, [bc8bb80f007b88ae7fe9d00519e99c64], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:22 PM

Posted 17 August 2014 - 08:32 AM

Sorry but you just reposted your last log ??

 

Please tell us if anything has altered -



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:22 PM

Posted 17 August 2014 - 08:53 AM

Late at night here.

 

Someone will check back later -

 

Thanks -



#12 3759allen

3759allen
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 17 August 2014 - 04:03 PM

sorry for the late reply, had things to do.

 

this java download thing is a real issue.

 

there's a box that pops up saying "the page at 69.162.111.227 says: it is recommended that you update java to the latest version to view this page. please update to continue."

 

this box has the x in the corner or an ok ikon. if you press the x to close the web page that you are is taken over by a page claiming to be java download site. at the top of the browser the address doesn't say java, it says "69.162.111.227/uk/index.php"

 

because of this it makes it very hard to use the internet and reply to this topic, you get about 5 seconds max before the web page gets taken over.

 

 

would this be the Trojan that you mentioned?

 

I've had to use my girlfriends laptop to write this reply.

 

is there anything I can do to get rid of this?

 

other than that the computer seems quite slow but is operating (I guess this is due to this java trying to work all the time).

 

I'd just like to thank you for helping me and talking me through the stages in easy to follow steps. being such a computer idiot I would have struggled with anything more complicated. lol. your help is very much appreciated.



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:22 PM

Posted 17 August 2014 - 06:27 PM

this java download thing is a real issue.

Be assured that you are not the only one hit by this problem in the past week, or even few days.

 

I did not understand how wide spread it was up to 10 minutes ago.

 

Every Malware Forum is being hit for answers to this question, and we seem to be the latest (I have not checked our Malware Removal area yet)

 

If there was a simple block or removal, I think I would have found it by now.

Even "Chess-playing forums" are being hit, and all are only taking basic measures (Antivirus and Malwarebytes) -

 

I even checked Malwarebytes Anti-Malware forum, and they now hae several cases of this Fake Java from IP 69.162.111.227

 

I do not have any option but to say that you are Badly Infected, and Please post to Malware removal as per instructions below >>

 

 

Please follow the instructions in ==>This Prep Guide<== starting at Step 6.

Once ( if ) the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

 

Just include the requested logs from above. Please be sure to include a description of your computer issues and what you have done to try to resolve them.

NOTE : If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why along with a description of your computer issues.
Please do not ever run ComboFix or other tools, unless a Malware Response Team Member instructs you to do so.

 

If you can post a link to the New Topic back here, I will lock this topic so no unwanted information is posted here.

The Malware Removal Team are the only people that should reply to your problem.

 

Sorry and thank You -



#14 hamluis

hamluis

    Moderator


  • Moderator
  • 54,857 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:22 PM

Posted 18 August 2014 - 06:21 PM

Reference:  http://www.bleepingcomputer.com/forums/t/544810/java-trojan-fake-java-problem/ .

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.
 

Your new topic is currently being worked in the MRL forum.

 

To avoid confusion, I am closing this topic.

Louis


Edited by hamluis, 18 August 2014 - 06:22 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users