Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ividi


  • This topic is locked This topic is locked

#31
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

haha

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-06-2014
Ran by User at 2014-06-27 01:25:45 Run:2
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
() C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Mobogenie
() C:\Program Files\Mobogenie\MgAssist.exe
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe [766656 2014-01-09] ()
HKU\S-1-5-21-854245398-839522115-682003330-1003\...\Run: [NextLive] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\User\Application Data\newnext.me\nengine.dll",EntryPoint -m l
C:\Documents and Settings\User\Application Data\newnext.me
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ividi Helper Object - {8B8B2E80-1444-451D-AC8E-EB9A847F3887} - C:\Program Files\Unitech LLC\ividi\1.8.23.0\bh\ividi.dll No File
C:\Program Files\Unitech LLC
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {5347542D-5637-006A-76A7-7A786E7484D7} - No File
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3325576&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA3A46FBE-5CAB-45CB-A827-6049332F86A7&SSPV=
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default\searchplugins\trovi-search.xml
R2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [63168 2014-01-09] ()
S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [X]
C:\PROGRA~1\SearchProtect
C:\Program Files\SearchProtect
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:1CE11B51
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:AD022376
End
*****************

C:\Program Files\Mobogenie\DaemonProcess.exe => No running process found

"C:\Program Files\Mobogenie" directory move:

Could not move "C:\Program Files\Mobogenie" directory. => Scheduled to move on reboot.

C:\Program Files\Mobogenie\MgAssist.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
HKU\S-1-5-21-854245398-839522115-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => value deleted successfully.
C:\Documents and Settings\User\Application Data\newnext.me => Moved successfully.
"C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}' => Key deleted successfully.
'HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}' => Key deleted successfully.
'HKCR\CLSID\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}' => Key deleted successfully.
"C:\Program Files\Unitech LLC" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
'HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5347542D-5637-006A-76A7-7A786E7484D7} => value deleted successfully.
'HKCR\CLSID\{5347542D-5637-006A-76A7-7A786E7484D7}'=> Key not found.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default\searchplugins\conduit-search.xml => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default\searchplugins\ividi.xml => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default\searchplugins\trovi-search.xml => Moved successfully.
MgAssistService => Service stopped successfully.
MgAssistService => Service deleted successfully.
CltMngSvc => Service deleted successfully.
C:\PROGRA~1\SearchProtect => Moved successfully.
"C:\Program Files\SearchProtect" => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\Temp => ":1CE11B51" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":AD022376" ADS removed successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-27 01:27:52)<=

C:\Program Files\Mobogenie => Moved successfully.

==== End of Fixlog ====


  • 0

Advertisements


#32
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Going to bed now - Thailand GMT+6

 

Keep me updated & I'll catch up with you tomorrow 

 

Cheers once again


  • 0

#33
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Very good, please proceed with steps 2, 3, 4, and post the logs at your convenience. :thumbsup:
  • 0

#34
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

As you say 'thumbsup'.  Will do what I can tonight, but I finish late, start early tomorrow, and it's the wife's birthday party tonight - although I'll just be showing my face.

 

Probably booted my computer up 15 times last night.  Hopefully it's friendlier today.

 

Catch you later


  • 0

#35
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

# AdwCleaner v3.213 - Report created 27/06/2014 at 23:14:25
# Updated 23/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - PC2013050811HCV
# Running from : C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\8LKI3B1V\AdwCleaner[1].exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\genienext
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\User\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\User\My Documents\Mobogenie
Folder Deleted : C:\Documents and Settings\User\My Documents\PC Speed Maximizer
File Deleted : C:\Documents and Settings\User\daemonprocess.txt

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{685F23D9-FCFD-475C-B56A-362645945C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Unitech LLC
Key Deleted : HKLM\Software\Unitech LLC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v18.0 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default\prefs.js ]

Line Deleted : user_pref("[email protected]", true);
Line Deleted : user_pref("extensions.ividi.appId", "{685F23D9-FCFD-475C-B56A-362645945C5A}");
Line Deleted : user_pref("extensions.ividi.autoRvrt", "false");
Line Deleted : user_pref("extensions.ividi.cntry", "TH");
Line Deleted : user_pref("extensions.ividi.dfltSrch", true);
Line Deleted : user_pref("extensions.ividi.dnsErr", true);
Line Deleted : user_pref("extensions.ividi.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3[...]
Line Deleted : user_pref("extensions.ividi.hdrMd5", "91D88CC802BCCB3B8034AB406F2D52CE");
Line Deleted : user_pref("extensions.ividi.hmpg", true);
Line Deleted : user_pref("extensions.ividi.hmpgUrl", "hxxp://search.ividi.org/?src=tbhp&id=7ce5ec5000000000000000265ea3821d&affilt=3");
Line Deleted : user_pref("extensions.ividi.hpOld0", "");
Line Deleted : user_pref("extensions.ividi.id", "7ce5ec5000000000000000265ea3821d");
Line Deleted : user_pref("extensions.ividi.instlDay", "16008");
Line Deleted : user_pref("extensions.ividi.kw_url", "hxxp://search.ividi.org/?src=tbsp&id=7ce5ec5000000000000000265ea3821d&affilt=3&q=");
Line Deleted : user_pref("extensions.ividi.lastB", "hxxp://search.ividi.org/?src=tbhp&id=7ce5ec5000000000000000265ea3821d&affilt=3");
Line Deleted : user_pref("extensions.ividi.lastVrsnTs", "1.8.23.013:03:05");
Line Deleted : user_pref("extensions.ividi.newTab", true);
Line Deleted : user_pref("extensions.ividi.newTabUrl", "hxxp://search.ividi.org/?q={searchTerms}&src=tbnt&id=7ce5ec5000000000000000265ea3821d&affilt=3");
Line Deleted : user_pref("extensions.ividi.rvrt", "false");
Line Deleted : user_pref("extensions.ividi.sg", "none");
Line Deleted : user_pref("extensions.ividi.srchPrvdr", "Search ");
Line Deleted : user_pref("extensions.ividi.tlbrSrchUrl", "hxxp://search.ividi.org/?src=tbsp&id=7ce5ec5000000000000000265ea3821d&affilt=3&q=");
Line Deleted : user_pref("extensions.ividi.vrsn", "1.8.23.0");
Line Deleted : user_pref("extensions.ividi.vrsni", "1.8.23.0");

-\\ Google Chrome v35.0.1916.153

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=7ce5ec5000000000000000265ea3821d&affilt=3
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3325576&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA3A46FBE-5CAB-45CB-A827-6049332F86A7&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325576&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA3A46FBE-5CAB-45CB-A827-6049332F86A7&SSPV=
Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3325576&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA3A46FBE-5CAB-45CB-A827-6049332F86A7&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [18036 octets] - [10/09/2013 18:50:35]
AdwCleaner[R1].txt - [3199 octets] - [05/02/2014 17:08:21]
AdwCleaner[R2].txt - [5808 octets] - [27/06/2014 23:13:27]
AdwCleaner[S0].txt - [18450 octets] - [10/09/2013 18:51:25]
AdwCleaner[S1].txt - [3204 octets] - [05/02/2014 17:10:04]
AdwCleaner[S2].txt - [5831 octets] - [27/06/2014 23:14:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5891 octets] ##########


  • 0

#36
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by User on Fri 06/27/2014 at 23:31:40.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/27/2014 at 23:38:14.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#37
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by User (administrator) on PC2013050811HCV on 27-06-2014 23:41:45
Running from C:\Documents and Settings\User\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AbeGunnerZ Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(PandoraTV) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [2347008 2011-11-10] (AbeGunnerZ Lab)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-854245398-839522115-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://th.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = th
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E9B67B2A976CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.th/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 203.144.207.29 203.144.207.49

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120501-0005 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Feedback - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default\Extensions\[email protected] [2013-01-23]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-17]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-04]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn [2014-06-27]

========================== Services (Whitelisted) =================

R2 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-03-14] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-03-14] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-03-14] (CyberLink)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2013-01-23] (Oracle Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [184840 2012-07-08] (Nitro PDF Software)
R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1202560 2009-08-11] (Agere Systems) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1405000.01C\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-12] (Symantec Corporation)
U3 EraserUtilDrv11313; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [109872 2014-06-12] (Symantec Corporation)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2012-07-12] (Microsoft Corporation)
R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [2019232 2012-02-23] (Intel Corporation) [File not signed]
R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140625.002\IDSxpx86.sys [383120 2014-03-26] (Symantec Corporation)
S1 Inport; C:\WINDOWS\System32\drivers\inport.sys [13056 2001-08-17] (Microsoft Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2012-07-12] (Marvell Semiconductor Inc.)
R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140625.032\NAVENG.SYS [93272 2014-03-25] (Symantec Corporation)
R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140625.032\NAVEX15.SYS [1612376 2014-03-25] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [120432 2011-10-27] (Cyberlink Corp.)
R3 RTL819xp; C:\WINDOWS\System32\DRIVERS\rtl819xp.sys [532456 2010-12-22] (Realtek Semiconductor Corporation                           )
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [113104 2012-08-24] (Power Software Ltd)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1405000.01C\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1405000.01C\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1405000.01C\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1405000.01C\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-07-13] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1405000.01C\Ironx86.SYS [175264 2012-07-28] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NIS\1405000.01C\SYMTDI.SYS [396760 2013-04-25] (Symantec Corporation)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [299424 2012-03-27] (Marvell)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [87536 2012-03-19] (CyberLink Corp.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S0 SMBALI; system32\DRIVERS\SMBALI.sys [X]
S0 SMBHC; system32\DRIVERS\SMBHC.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
S3 usbohci; system32\DRIVERS\usbohci.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-27 23:41 - 2014-06-27 23:42 - 00018026 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-06-27 23:38 - 2014-06-27 23:38 - 00000661 _____ () C:\Documents and Settings\User\Desktop\JRT.txt
2014-06-27 23:31 - 2014-06-27 23:31 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-27 23:30 - 2014-06-27 23:30 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-06-26 22:37 - 2014-06-27 23:42 - 00000000 ____D () C:\FRST
2014-06-26 21:25 - 2014-06-26 21:25 - 00000000 ____D () C:\Documents and Settings\User\My Documents\New Folder (2)
2014-06-26 20:43 - 2014-06-26 20:43 - 01073152 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-06-26 20:22 - 2014-06-26 20:22 - 00002025 _____ () C:\Documents and Settings\User\fixlist.txt
2014-06-25 08:26 - 2014-06-25 08:26 - 00001844 _____ () C:\Documents and Settings\User\Desktop\ckfiles.txt
2014-06-25 08:21 - 2014-06-25 08:21 - 00468480 _____ () C:\Documents and Settings\User\Desktop\CKScanner.exe
2014-06-22 21:15 - 2014-06-26 22:35 - 00000000 ____D () C:\Documents and Settings\User\Desktop\FRST

==================== One Month Modified Files and Folders =======

2014-06-27 23:42 - 2014-06-27 23:41 - 00018026 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-06-27 23:42 - 2014-06-26 22:37 - 00000000 ____D () C:\FRST
2014-06-27 23:42 - 2013-01-23 22:43 - 00000000 ____D () C:\TEMP
2014-06-27 23:38 - 2014-06-27 23:38 - 00000661 _____ () C:\Documents and Settings\User\Desktop\JRT.txt
2014-06-27 23:31 - 2014-06-27 23:31 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-27 23:30 - 2014-06-27 23:30 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-06-27 23:18 - 2013-05-08 12:09 - 01196991 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-27 23:17 - 2013-01-23 22:57 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Skype
2014-06-27 23:16 - 2014-05-22 09:49 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-27 23:16 - 2014-03-27 23:35 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-06-27 23:16 - 2014-01-22 15:09 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-854245398-839522115-682003330-1003.job
2014-06-27 23:16 - 2013-09-11 03:13 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-27 23:16 - 2013-01-23 22:41 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-27 23:15 - 2013-05-08 11:46 - 00032590 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-27 23:15 - 2013-01-23 22:41 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-06-27 23:14 - 2013-09-10 18:50 - 00000000 ____D () C:\AdwCleaner
2014-06-26 23:29 - 2014-02-04 19:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-26 23:29 - 2014-02-04 19:22 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-26 22:48 - 2013-09-11 03:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-26 22:35 - 2014-06-22 21:15 - 00000000 ____D () C:\Documents and Settings\User\Desktop\FRST
2014-06-26 21:45 - 2013-01-23 23:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-26 21:25 - 2014-06-26 21:25 - 00000000 ____D () C:\Documents and Settings\User\My Documents\New Folder (2)
2014-06-26 20:43 - 2014-06-26 20:43 - 01073152 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-06-26 20:38 - 2013-01-23 23:44 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-06-26 20:22 - 2014-06-26 20:22 - 00002025 _____ () C:\Documents and Settings\User\fixlist.txt
2014-06-26 20:08 - 2013-05-09 23:29 - 00000000 ____D () C:\Documents and Settings\User\Application Data\BitTorrent
2014-06-25 08:26 - 2014-06-25 08:26 - 00001844 _____ () C:\Documents and Settings\User\Desktop\ckfiles.txt
2014-06-25 08:21 - 2014-06-25 08:21 - 00468480 _____ () C:\Documents and Settings\User\Desktop\CKScanner.exe
2014-06-24 16:21 - 2013-07-13 21:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-06-23 13:19 - 2013-01-23 23:29 - 00002465 _____ () C:\Documents and Settings\All Users\Desktop\Microsoft Word 2010.lnk
2014-06-22 22:51 - 2014-03-21 22:51 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-06-19 22:45 - 2008-04-14 20:00 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-18 13:20 - 2013-01-23 23:42 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-06-17 00:50 - 2013-01-23 23:02 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-06-15 21:43 - 2013-05-09 23:25 - 00001536 _____ () C:\Documents and Settings\User\Desktop\YouTube - Broadcast Yourself..url
2014-06-12 23:42 - 2013-01-23 23:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-06-12 23:41 - 2013-07-15 00:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-12 23:38 - 2012-07-12 20:35 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe
2014-06-03 15:35 - 2014-02-12 21:28 - 00000375 _____ () C:\WINDOWS\setupact.log
2014-06-01 00:31 - 2014-05-22 09:49 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


  • 0

#38
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

My computer has been friendly & I kind of want to hug it.  Junkware log looks a bit thin.  I also thought you might have got a screencap of just the 1st page of addition.txt, but you seem to have got all I've got.  NOW FOR GOD'S SAKE HAVE A REST.  Let me know whatever whenever.  As it isn't crashing I'm going to sleep with, to celebrate my new speakers, 'Little Lou, Ugly Jack, Prophet John' by Belle & Sebastian (feat. Norah Jones)  Exquisite.  You could do worse than doing the same.  Hopefully, we're over the hill, but 'Sod's Law'

 

I really need a computer as I'm trying to hawk a song of my own (from Thailand).  We fix this, G2G get a cut.  Promise

 

Until next time

 

Mick


  • 0

#39
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

My computer has been friendly & I kind of want to hug it.  Junkware log looks a bit thin.  I also thought you might have got a screencap of just the 1st page of addition.txt, but you seem to have got all I've got.  NOW FOR GOD'S SAKE HAVE A REST.  Let me know whatever whenever.  As it isn't crashing I'm going to sleep with, to celebrate my new speakers, 'Little Lou, Ugly Jack, Prophet John' by Belle & Sebastian (feat. Norah Jones)  Exquisite.  You could do worse than doing the same.  Hopefully, we're over the hill, but 'Sod's Law'
 
I really need a computer as I'm trying to hawk a song of my own (from Thailand).  We fix this, G2G get a cut.  Promise
 
Until next time
 
Mick


Junkware being thin is a good thing, that means FRST and AdwCleaner got a lot of the junk. I'm glad to hear it's acting right, but let's continue, as we believe in being very thorough here. :)


Let's run a sweep for remnants and check for any out of date programs on your machine. :)



Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#40
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Got as far  as 'view' on mbam but the button seems to be disabled.  Will try again.  eset could be a stretch as my com hasn't lasted 'several hours' for several mths.  Probably have to wait until Tues as off all day.  ividi still shutting down my machine.  Should I have another go on aswmbr & let the trojan in?


  • 0

Advertisements


#41
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/6/2557
Scan Time: 22:01:28
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.28.03
Rootkit Database: v2014.06.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268190
Time Elapsed: 18 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, , [7a59a3daeb9071c57cb97fcff80a4db3],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-854245398-839522115-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, , [7a59a3daeb9071c57cb97fcff80a4db3],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}, , [2da60c71bfbc4beb22e67ad4fb0741bf],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}, , [d4ffe39a770444f216f3ed61a75b54ac],
PUP.Optional.iVIDI.A, HKLM\SOFTWARE\CLASSES\esrv.ividiESrvc, , [e7ec3e3f5e1d082ebf56ffcf778b21df],
PUP.Optional.iVIDI.A, HKLM\SOFTWARE\CLASSES\esrv.ividiESrvc.1, , [b71ce49991eaf541fe17f9d50ef47d83],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\CLASSES\ividi.ividiappCore, , [ddf64f2e92e9bc7a91b4c50c5ea429d7],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\CLASSES\ividi.ividiappCore.1, , [14bf136aaecd56e0172ec30e03ff9f61],
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CLTMNGSVC, , [15be1a637ffce5516e55d531d82c8977],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, , [844f90edb6c5b77fb73a874c2bd7d22e],

Registry Values: 0
(No malicious items detected)

Registry Data: 2
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[0fc4423bd6a55bdbc4626223f014e61a]
PUM.Disabled.SecurityCenter, HKU\S-1-5-21-854245398-839522115-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[19baeb92d3a8d264e33fef9618ec08f8]

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit.A, C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences, Good: (), Bad: (  "search_url": "http://search.condui...archTerms}=",), ,[b3202b522655072f51458f2a907412ee]

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#42
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Did it in a roundabout way.  Never got to listen to any music last night as the pc went on a serial crash.  Going to count my blessings & try eset tomorrow.  I will probably be asleep when & if it happens


  • 0

#43
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)
 

Got as far as 'view' on mbam but the button seems to be disabled.


When you get to the screen, check the box for the most recent log, and then double click where it says Scan Log. This will cause the log to pop up on your screen, and then you can hit the Export button and then save it to a text file.
 

ividi still shutting down my machine.


Still shutting your machine down? Are you experiencing any browser redirects to ividi? I didn't see any signs of ividi left after we ran AdwCleaner, nor any signs of it in the last FRST log.
 

Should I have another go on aswmbr & let the trojan in?


Make sure you shut down any virus protection before running aswMBR.

Try running aswMBR again, make sure you shut down any virus protection before running aswMBR. But I'm not sure what you mean by "let the trojan in." The directory that aswMBR showed as having that infected file in has been removed.



Things I need to see in your next post

MBAM Log

aswMBR Log

  • 0

#44
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, you'll need to run MBAM again, and this time delete the items it finds. Please follow the procedure again for getting the log, and post it at your convenience.
  • 0

#45
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Can't find box for most recent scan on mbam. which page? ividi showing up on last mbam log.  aswmbr run twice & both times a trojan got flagged after about 20 mins.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP