Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

* ALERT: ZEROACCESS rootkit symptoms found!


  • This topic is locked This topic is locked
6 replies to this topic

#1 jenn3

jenn3

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 08 December 2014 - 11:31 PM

Hi,

I received a suspicious email and by accident clicked the attachment-i came to this forum to find out if there was a way teo tell if i got a virus from that.  computer is not acting up-i also did system restore and then  posted in "am i infected forum" and was told to run rkill and post my log in which i did.  They also told me to run malware and i previously had it on my computer and it has expired-it let me run it but i could not copy to clipboard my results.  AII topic referenced is here: http://www.bleepingcomputer.com/forums/t/559116/did-i-download-a-virus/ ~ OB

i then was told i possibly had a serious malware infection and was told to follow instructions and post to here my log instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

 

here is my log, i am hoping someone will be able to help and thanks in advance. 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Chari at 23:15:56 on 2014-12-08
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.678 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AVG-Secure-Search-Update_0913a] c:\documents and settings\chari\application data\avg 0913a campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 257423e6206047d3930fd1519832654a-102747cca724559a91ce8a3fb911a1ee46b79849 --CMPID 0913a
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0357.1\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8DE18CDA-541D-4DBF-8189-6BC55B4C82D8} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.9\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 27416]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 195296]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-6-17 191256]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 189720]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 197400]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-15 42784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 142648]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-11-7 3247120]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-11-7 289328]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.9\ToolbarUpdater.exe [2014-8-11 1820184]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-12-8 114904]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-10-20 808448]
S3 WinPhlash;WinPhlash;\??\e:\phlashnt.sys --> e:\PHLASHNT.SYS [?]
.
=============== Created Last 30 ================
.
2014-12-09 03:14:55 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-09 03:14:35 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-09 03:14:35 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-09 03:14:27 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-09 01:25:54 -------- d-----w- c:\windows\system32\wbem\repository\FS
2014-12-09 01:25:54 -------- d-----w- c:\windows\system32\wbem\Repository
2014-12-01 14:15:34 -------- d-----w- c:\documents and settings\chari\local settings\application data\Avg
2014-11-10 12:24:41 -------- d-----w- C:\spoolerlogs
.
==================== Find3M  ====================
.
2014-11-25 19:22:34 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-25 19:22:34 701104 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-24 15:20:12 189720 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-10-20 20:14:14 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 23:18:07.77 ===============

Edited by Orange Blossom, 09 December 2014 - 11:45 PM.


BC AdBot (Login to Remove)

 


#2 jenn3

jenn3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 09 December 2014 - 07:58 AM

I think i was supposed to attach this file as well-hoping someone can help!

 

Attached File  attach.txt   27.56KB   0 downloads


Edited by jenn3, 09 December 2014 - 04:10 PM.


#3 jenn3

jenn3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 09 December 2014 - 05:01 PM

i was able scan with malware bytes and this it came up with 1 infected file..here is the log

i was able to delete or quarantine it

alwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/9/2014
Scan Time: 4:39:10 PM
Logfile: malware log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.09.08
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Chari
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353698
Time Elapsed: 18 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-1715567821-789336058-1801674531-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com/?ctid=CT3304781&octid=CT3304781&SearchSource=61&CUI=UN52164459697381656&UM=2&UP=SP7A0B5B35-D09B-4858-9991-E9237DEFC603, Good: (www.google.com), Bad: (http://search.conduit.com/?ctid=CT3304781&octid=CT3304781&SearchSource=61&CUI=UN52164459697381656&UM=2&UP=SP7A0B5B35-D09B-4858-9991-E9237DEFC603),Replaced,[08c4f26e1b61053130e981dd976e04fc]
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 jenn3

jenn3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 09 December 2014 - 10:19 PM

i was told to post here from am i infected forum-i posted here but no one answered and reread response from other forum that i was only supposed to post one time because someone will see replies and not help me, therefore, i hope its not a problem that i am reposting my problem hoping someone will help. 

I first was told to run rkill- here is my log

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/09/2014 10:05:28 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * ALERT: ZEROACCESS Reparse Point/Junction found!
 
     * C:\Program Files\Microsoft Security Client\Backup => c:\windows\system32\config\ [Dir]
     * C:\Program Files\Microsoft Security Client\DbgHelp.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\Drivers => c:\windows\system32\config\ [Dir]
     * C:\Program Files\Microsoft Security Client\en-us => c:\windows\system32\config\ [Dir]
     * C:\Program Files\Microsoft Security Client\EppManifest.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\LegitLib.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\MpClient.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\MpCommu.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\mpevmsg.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\MpOAv.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\MsMpEng.exe => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\msseces.exe => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\MsseWat.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\Setup.exe => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\SetupRes.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\shellext.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\SqmApi.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\SymSrv.dll => c:\windows\system32\config [File]
     * C:\Program Files\Microsoft Security Client\SymSrv.yes => c:\windows\system32\config [File]
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 12/09/2014 10:06:42 PM
Execution time: 0 hours(s), 1 minute(s), and 14 seconds(s)
 
then i was told to run malware bytes here is my log
 
arebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/9/2014
Scan Time: 4:39:10 PM
Logfile: malware log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.09.08
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Chari
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353698
Time Elapsed: 18 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-1715567821-789336058-1801674531-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com/?ctid=CT3304781&octid=CT3304781&SearchSource=61&CUI=UN52164459697381656&UM=2&UP=SP7A0B5B35-D09B-4858-9991-E9237DEFC603, Good: (www.google.com), Bad: (http://search.conduit.com/?ctid=CT3304781&octid=CT3304781&SearchSource=61&CUI=UN52164459697381656&UM=2&UP=SP7A0B5B35-D09B-4858-9991-E9237DEFC603),Replaced,[08c4f26e1b61053130e981dd976e04fc]
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
then i quarantined and ran it again and here was my last log
 Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/9/2014
Scan Time: 9:24:33 PM
Logfile: log3.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.10.01
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Chari
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353726
Time Elapsed: 18 min, 13 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
hoping someone can help and sorry to post twice

Edited by Orange Blossom, 09 December 2014 - 11:44 PM.
Merged topics. ~ OB


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:19 PM

Posted 12 December 2014 - 05:10 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:19 PM

Posted 14 December 2014 - 04:16 AM

Hi,

 

Are you still around?

 

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:19 PM

Posted 21 December 2014 - 10:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users