-
March 31st, 2013, 08:39 AM
#1
[RESOLVED] Conduit - Visual Bee Search
The Chrome, Internet Explorer and Firefox browers on my WinXP computer have suddenly show up with the Conduit Toolbar and Visual Bee Search page instead of my usual default 'Google' search.
I have looked into this problem and had followed several suggestions on how to remove them, including the following:-
- removing the Conduit components using the Add/Remove Programs
- removing the Conduit apps from Chrome
- removing the Trusted Toolbar component using the Add/Remove Program
I do not think this hated Conduit stuff had been totally eradicated using the above methods; and sadly the System Restore function does not work** (cannot restore to a previous state no matter which restore point I choose). [** this problem had not been resolved, and I am not thinking of doing anything about it because I am thinking of moving to Win 7, although I like Win XP].
Firefox - I do not use it often. My most-often used browser is IE (Version 8.0.6001.18702).
The priority right now for me is to get rid of this hated Conduit and Visual Bee thing.
Please help. I appreciate your help.
Newbie
-
March 31st, 2013, 11:39 AM
#2
Please, complete all steps listed here: http://discussions.virtualdr.com/sho...d.php?t=167915
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
-
April 1st, 2013, 07:14 PM
#3
Hi Broni
Thank you very much.
Here is the MalwareBytes scan log.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.01.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ADMIN :: TEST-0EDA6CF69E [administrator]
4/1/2013 4:53:22 PM
MBAM-log-2013-04-01 (17-47-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239588
Time elapsed: 52 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 19
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75} (PUP.Funshion) -> No action taken.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.BundleInstaller.VG) -> No action taken.
HKCR\SogouExplorerHTML (Adware.Sogou) -> No action taken.
HKCR\thunder (Trojan.Agent) -> No action taken.
HKCU\Software\SogouExplorer (Adware.Sogou) -> No action taken.
HKLM\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> No action taken.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: eÏ€µQáÃI·?p±?ÊŽ† -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 20
C:\Program Files\Coopen (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009 (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675 (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Photo (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Photo\local Photo (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Share (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Share\coopen share (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Share\coopen share\image_100 (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Wallpaper (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Wallpaper\coopen wallpaper (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Wallpaper\local wallpaper (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\res (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\res\BMP (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Templete (Trojan.Agent) -> No action taken.
Files Detected: 186
C:\Program Files\Baidu\{17C2069B-BBFB-D78F-E94E-D089291F2150}\ASBarBroker.exe (PUP.Funshion) -> No action taken.
C:\Documents and Settings\ADMIN\Application Data\SogouExplorer\sogou_explorer_silent_3.2.0.4716_2170.exe (Adware.Sogou) -> No action taken.
C:\Documents and Settings\ADMIN\My Documents\Downloads\setup.exe (PUP.BundleInstaller.VG) -> No action taken.
C:\Documents and Settings\ADMIN\Local Settings\Temp\12740125.Uninstall\Uninstall.exe (Adware.Agent) -> No action taken.
C:\Documents and Settings\ADMIN\Local Settings\Temp\coopen_setup_100155.exe (Adware.Coopen) -> No action taken.
C:\Documents and Settings\ADMIN\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
C:\Program Files\Coopen\CoopenModeB.cop (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\CoopenClient.cop (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\CoopenDeskIcon.cop (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\CoopenDownloader.cop (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\CoopenModeA.cop (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\CoopenModeC.cop (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\CoopenModeD.cop (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\CoopenPlayer.cop (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\CoopenUI.cop (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\CoopenUpdate.cop (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\licence.txt (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\temp.html (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf\ChannelListReal.txt (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf\ChannelListReal.txt.bak (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf\Debug (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf\DownImageList (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf\Log.txt (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf\MainParams (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf\ModeAChannelList.txt (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf\ModeAChannelList.txt.bak (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf\ModeAChannelListReal.txt (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf\ModeAChannelSetup.txt (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf\ModeASelectChannel.txt (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\conf\ServerList.txt (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\CoopenWallpaper.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746959926.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926646.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926646.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926726.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926726.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926796.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926796.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926886.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926886.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926976.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926976.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746927056.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746927056.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746959766.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746959766.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746959846.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746959846.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746959926.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\212.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\226.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\2472.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\252.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\255.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\258.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\259.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\p-100009-326.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\p-100009-330.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\p-100009-331.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\p-100009-332.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\p-100009-333.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\p-100009-334.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746960016.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746960016.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746960106.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746960106.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746960206.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746960206.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961096.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961096.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961386.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961386.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961596.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961596.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961676.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961676.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961766.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961766.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746963546.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746963556.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12523977442.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12523977612.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12523977622.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12523977952.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765092.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765122.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765152.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765182.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765202.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765272.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765302.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562092.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562122.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562152.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562202.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562232.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562412.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562442.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562462.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562522.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562552.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\20090925172908.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\20090925174025.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633880229608750000ad.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633880237512812500ad.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633880250656875000ad.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633891499670468750ad.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633894300871406250ad.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633894965225781250ad.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765352.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765382.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765412.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765432.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765462.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765492.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765522.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765542.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765612.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765632.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765662.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765692.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765722.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765752.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\125308966416.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12531742162.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12531789482.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12536031572.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12536031602.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12536031652.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12536909952.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12536909972.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538559422.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538559452.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538559472.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538559502.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538559522.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538559582.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538561942.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538561972.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562002.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562012.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562032.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765322.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562062.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633894972007656250ad.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\8573320090924225316.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\8580720090921110242.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\8586220090921110524.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\8651920090924230156.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\8702220090926224733.xml (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\DefaultCoopenWallpaper.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Photo\local Photo\B_0.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Photo\local Photo\B_1.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Share\coopen share\image_100\B_0.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Share\coopen share\image_100\B_1.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Wallpaper\coopen wallpaper\DefaultCoopenWallpaper.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\image\Wallpaper\local wallpaper\DefaultCoopenWallpaper.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\res\BMP\cancel.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\res\BMP\close.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\res\BMP\Myphoto.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\res\BMP\MyShare.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\res\BMP\MyWallpaper.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\res\BMP\play.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Button_Play.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Background.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Button_Close.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Button_IconHide.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Button_IconShow.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Button_ModeMenu.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Button_ModeSel.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Button_next.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Button_Pause.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Button_Prev.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Button_ScreenSaver.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Button_Setting.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Button_Weblogo.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Notify_BG.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Notify_Close.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Progress_download.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Progress_download1.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Resource\SkinNormal\Separator.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Templete\CoopenPhoto.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Templete\DefaultCoopenWallpaper.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Templete\ModeB.tpl (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Templete\ModeB_logo.jpg (Trojan.Agent) -> No action taken.
C:\Program Files\Coopen\Templete\ModeC.tpl (Trojan.Agent) -> No action taken.
(end)
Newbie
-
April 1st, 2013, 07:17 PM
#4
Your MBAM logs says "No action taken".
Re-run MBAM, fix all issues and post new log.
-
April 2nd, 2013, 08:49 AM
#5
Conduit - Visual Bee Search
Hi Broni,
I have used the "Remove Selected" after scanning. Here is the log.
=======
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.01.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ADMIN :: TEST-0EDA6CF69E [administrator]
4/2/2013 7:50:01 AM
mbam-log-2013-04-02 (07-50-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239934
Time elapsed: 47 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 19
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75} (PUP.Funshion) -> No action taken.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.BundleInstaller.VG) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\SogouExplorerHTML (Adware.Sogou) -> Delete on reboot.
HKCR\thunder (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\Software\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: eÏ€µQáÃI·?p±?ÊŽ* -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 20
C:\Program Files\Coopen (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Photo (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Photo\local Photo (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Share (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Share\coopen share (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Share\coopen share\image_100 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Wallpaper (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Wallpaper\coopen wallpaper (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Wallpaper\local wallpaper (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\res\BMP (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Templete (Trojan.Agent) -> Quarantined and deleted successfully.
Files Detected: 186
C:\Program Files\Baidu\{17C2069B-BBFB-D78F-E94E-D089291F2150}\ASBarBroker.exe (PUP.Funshion) -> No action taken.
C:\Documents and Settings\ADMIN\My Documents\Downloads\setup.exe (PUP.BundleInstaller.VG) -> No action taken.
C:\Documents and Settings\ADMIN\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
C:\Documents and Settings\ADMIN\Application Data\SogouExplorer\sogou_explorer_silent_3.2.0.4716_2170.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\12740125.Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\coopen_setup_100155.exe (Adware.Coopen) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\CoopenModeB.cop (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\CoopenClient.cop (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\CoopenDeskIcon.cop (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\CoopenDownloader.cop (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\CoopenModeA.cop (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\CoopenModeC.cop (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\CoopenModeD.cop (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\CoopenPlayer.cop (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\CoopenUI.cop (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\CoopenUpdate.cop (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\licence.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\temp.html (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf\ChannelListReal.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf\ChannelListReal.txt.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf\Debug (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf\DownImageList (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf\Log.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf\MainParams (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf\ModeAChannelList.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf\ModeAChannelList.txt.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf\ModeAChannelListReal.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf\ModeAChannelSetup.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf\ModeASelectChannel.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\conf\ServerList.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\CoopenWallpaper.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746959926.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926646.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926646.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926726.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926726.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926796.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926796.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926886.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926886.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926976.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746926976.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746927056.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746927056.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746959766.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746959766.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746959846.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746959846.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746959926.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\212.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\226.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\2472.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\252.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\255.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\258.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\259.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\p-100009-326.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\p-100009-330.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\p-100009-331.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\p-100009-332.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\p-100009-333.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\p-100009-334.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746960016.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746960016.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746960106.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746960106.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746960206.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746960206.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961096.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961096.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961386.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961386.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961596.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961596.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961676.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961676.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961766.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746961766.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746963546.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_100009\12746963556.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12523977442.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12523977612.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12523977622.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12523977952.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765092.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765122.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765152.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765182.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765202.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765272.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765302.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562092.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562122.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562152.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562202.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562232.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562412.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562442.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562462.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562522.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562552.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\20090925172908.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\20090925174025.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633880229608750000ad.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633880237512812500ad.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633880250656875000ad.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633891499670468750ad.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633894300871406250ad.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633894965225781250ad.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765352.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765382.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765412.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765432.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765462.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765492.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765522.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765542.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765612.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765632.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765662.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765692.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765722.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765752.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\125308966416.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12531742162.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12531789482.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12536031572.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12536031602.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12536031652.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12536909952.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12536909972.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538559422.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538559452.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538559472.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538559502.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538559522.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538559582.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538561942.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538561972.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562002.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562012.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562032.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12524765322.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\12538562062.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\633894972007656250ad.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\8573320090924225316.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\8580720090921110242.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\8586220090921110524.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\8651920090924230156.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\8702220090926224733.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Illustrated\coopen illustrated\image_109675\DefaultCoopenWallpaper.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Photo\local Photo\B_0.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Photo\local Photo\B_1.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Share\coopen share\image_100\B_0.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Share\coopen share\image_100\B_1.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Wallpaper\coopen wallpaper\DefaultCoopenWallpaper.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\image\Wallpaper\local wallpaper\DefaultCoopenWallpaper.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\res\BMP\cancel.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\res\BMP\close.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\res\BMP\Myphoto.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\res\BMP\MyShare.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\res\BMP\MyWallpaper.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\res\BMP\play.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Button_Play.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Background.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Button_Close.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Button_IconHide.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Button_IconShow.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Button_ModeMenu.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Button_ModeSel.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Button_next.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Button_Pause.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Button_Prev.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Button_ScreenSaver.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Button_Setting.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Button_Weblogo.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Notify_BG.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Notify_Close.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Progress_download.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Progress_download1.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Resource\SkinNormal\Separator.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Templete\CoopenPhoto.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Templete\DefaultCoopenWallpaper.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Templete\ModeB.tpl (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Templete\ModeB_logo.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Coopen\Templete\ModeC.tpl (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
======
Newbie
-
April 2nd, 2013, 04:26 PM
#6
You need to select ALL items and fix them.
Please redo.
-
April 2nd, 2013, 06:36 PM
#7
Conduit - Visual Bee Search
Hi Broni,
All highlighted items in the Scan had been removed.
Here is the log.
= = = =
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.01.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ADMIN :: TEST-0EDA6CF69E [administrator]
4/2/2013 5:46:32 PM
mbam-log-2013-04-02 (17-46-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239459
Time elapsed: 37 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 9
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and
deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted
successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.BundleInstaller.VG) -> Quarantined and deleted
successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Program Files\Baidu\{17C2069B-BBFB-D78F-E94E-D089291F2150}\ASBarBroker.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\My Documents\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.
(end)
= = = =
Newbie
-
April 2nd, 2013, 06:37 PM
#8
OK.
Go ahead with other scans.
-
April 3rd, 2013, 09:42 AM
#9
Hi Broni,
aswMBR.exe Scan done.
Here is the Scan Log. I also have a MBR.dat file saved on my desktop, which is not sent to you.
====
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-03 08:07:39
-----------------------------
08:07:39.843 OS Version: Windows 5.1.2600 Service Pack 3
08:07:39.843 Number of processors: 2 586 0x401
08:07:39.843 ComputerName: TEST-0EDA6CF69E UserName: ADMIN
08:07:41.109 Initialize success
08:10:16.015 AVAST engine defs: 13040300
08:10:22.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
08:10:22.640 Disk 0 Vendor: SAMSUNG_SP0812C SU100-32 Size: 76319MB BusType: 3
08:10:22.640 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1a
08:10:22.656 Disk 1 Vendor: ST2000DM001-9YN164 CC4C Size: 1907729MB BusType: 3
08:10:22.656 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-22
08:10:22.656 Disk 2 Vendor: WDC_WD5000AAKS-00A7B0 01.03B01 Size: 476940MB BusType: 3
08:10:22.750 Disk 0 MBR read successfully
08:10:22.750 Disk 0 MBR scan
08:10:22.796 Disk 0 Windows XP default MBR code
08:10:22.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
08:10:22.828 Disk 0 scanning sectors +156296385
08:10:22.890 Disk 0 scanning C:\WINDOWS\system32\drivers
08:10:38.453 Service scanning
08:11:04.593 Modules scanning
08:11:11.593 Disk 0 trace - called modules:
08:11:11.609 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
08:11:11.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad7aab8]
08:11:11.609 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000074[0x8add89e8]
08:11:11.609 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8adfad98]
08:11:12.546 AVAST engine scan C:\WINDOWS
08:11:29.593 AVAST engine scan C:\WINDOWS\system32
08:15:50.750 AVAST engine scan C:\WINDOWS\system32\drivers
08:16:15.093 AVAST engine scan C:\Documents and Settings\ADMIN
09:13:45.437 AVAST engine scan C:\Documents and Settings\All Users
09:24:15.593 Scan finished successfully
09:35:29.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ADMIN\Desktop\MBR.dat"
09:35:29.218 The log file has been saved successfully to "C:\Documents and Settings\ADMIN\Desktop\aswMBR.txt"
09:37:10.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ADMIN\Desktop\MBR.dat"
09:37:10.937 The log file has been saved successfully to "C:\Documents and Settings\ADMIN\Desktop\aswMBR 2013-04-03 9.35 AM finished.txt"
====
Newbie
-
April 3rd, 2013, 06:41 PM
#10
-
April 4th, 2013, 12:29 AM
#11
Hi Broni,
Here is the DDS.txt and Attach.txt
= DDS.txt =
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by ADMIN at 0:19:55 on 2013-04-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3191.2342 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe
C:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwjd.exe
C:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwmsd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = www.hao123.com/?tn=29065018_49_hao_pg
mDefault_Page_URL = www.hao123.com/?tn=29065018_49_hao_pg
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\7.0\ytdToolbarIE.dll
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files\dealply\DealPlyIE.dll
BHO: QvodExtend: {A8502600-B272-4F68-A67B-A0305D46D297} - c:\program files\qvodplayer\QvodExtend.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: YouTube to MP3 Converter: {E71596B0-A83B-453D-82C1-4BE99947C65F} - c:\documents and settings\admin\local settings\application data\sevas-s\youtube to mp3 converter\browserextensions\ie\YouTubeDownloaderExtension.dll
BHO: GretechBHO Class: {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - c:\program files\gretech\gompicker\GomPickerBHO1.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\7.0\ytdToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\7.0\ytdToolbarIE.dll
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Sevas-SSoftwareDefender] c:\documents and settings\admin\local settings\application data\sevas-s\defender\defender.exe
mRun: [Sevas-SSoftwareUpdater] c:\documents and settings\admin\local settings\application data\sevas-s\updater\updater.exe
mRun: [ QQPCTray] "c:\program files\tencent\qqpcmgr\7.3.8099.213\QQPCTray.exe" /regrun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
dRun: [PPS Accelerator] c:\program files\ppstream\PPSKernel.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpmoni~1.lnk - c:\program files\hewlett-packard\hp mouse suite\hpMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpwjde~1.lnk - c:\documents and settings\all users\application data\hp mouse suite config\hpwjd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpwmsd~1.lnk - c:\documents and settings\all users\application data\hp mouse suite config\hpwmsd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\admin\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\admin\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: HighSpeedDownloadIE - hxxp://st1.dbank.com/netdisk/plugin/1031/DBankPlugin.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 204.197.191.194 38.117.85.2
TCP: Interfaces\{ECE18B44-B075-4E67-9D65-BBC70BFDC123} : DHCPNameServer = 204.197.191.194 38.117.85.2
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} -
mASetup: Nitro PDF Professional - cscript //B "c:\program files\nitro pdf\professional\RemoveOldAddins.vbs"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\1scr8ssh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2998365&CUI=UN18541191321461118&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Trustworthy Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2998365&CUI=UN18541191321461118&UM=2&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&SearchSource=2&CUI=UN11138640747109460&q=
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\1scr8ssh.default\extensions\{7aeae561-714b-45f6-ace3-4a8aed6e227b}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\1scr8ssh.default\extensions\{7aeae561-714b-45f6-ace3-4a8aed6e227b}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\1scr8ssh.default\extensions\{ad32743c-16ef-46ec-977b-dce0c3c85b20}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\1scr8ssh.default\extensions\{ad32743c-16ef-46ec-977b-dce0c3c85b20}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
FF - plugin: c:\program files\common files\tencent\txsso\1.2.1.42\bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\qvodplayer\npQvodInsert.dll
FF - plugin: c:\program files\qvodplayer\npShareModule.dll
FF - plugin: c:\program files\tencent\qqmusic\npQzoneMusic.dll
FF - plugin: c:\windows\downloaded program files\61669843\npxbdsetup.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-02-05 10:14; extension21804@extension21804.com; c:\documents and settings\admin\application data\mozilla\firefox\profiles\1scr8ssh.default\extensions\extension21804@extension21804.com
FF - ExtSQL: 2013-03-31 07:49; {ad32743c-16ef-46ec-977b-dce0c3c85b20}; c:\documents and settings\admin\application data\mozilla\firefox\profiles\1scr8ssh.default\extensions\{ad32743c-16ef-46ec-977b-dce0c3c85b20}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 35552]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-12-23 65848]
R0 TsFltMgr;TsFltMgr;c:\windows\system32\drivers\TsFltMgr.sys [2012-11-16 73024]
R0 TSysCare;TSysCare;c:\windows\system32\drivers\TSysCare.sys [2012-11-8 24824]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 33112]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-30 272216]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-12-23 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-12-23 166840]
R1 TSDefenseBt;TSDefenseBt;c:\windows\system32\drivers\TSDefenseBt.sys [2012-11-16 60448]
R1 TSKSP;TSKSP;c:\program files\tencent\qqpcmgr\7.3.8099.213\TSKsp.sys [2012-11-16 166112]
R1 TSSysKit;TSSysKit;c:\program files\tencent\qqpcmgr\7.3.8099.213\TSSysKit.sys [2012-11-16 92832]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-2-23 805752]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 OkiPar;OkiPar;c:\windows\system32\drivers\OkiPar.sys [2011-12-23 43656]
R2 QQPCRTP;QQPCMgr RTP Service;c:\program files\tencent\qqpcmgr\7.3.8099.213\qqpcrtp.exe -r --> c:\program files\tencent\qqpcmgr\7.3.8099.213\QQPCRtp.exe -r [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-12-23 976728]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-19 968880]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\drivers\HP8207_8307.sys [2011-12-16 13952]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]
R3 TcHardWare;TcHardWare;c:\program files\tencent\qqpcmgr\7.3.8099.213\QQPCHW.sys [2012-11-16 28280]
R3 TFsFlt;TFsFlt;c:\windows\system32\drivers\TFsFlt.sys [2012-11-16 117920]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\elbyvcd.sys --> c:\windows\system32\drivers\ElbyVCD.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-7-15 167264]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-3 30192]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2011-1-19 627072]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-03-13 15:55:46 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 15:55:46 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-07 09:49:32 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-07 09:49:32 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-19 10:10:51 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-10-01 19:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 0:21:20.64 ===============
= attach.txt =
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/11/2008 4:34:14 PM
System Uptime: 4/3/2013 11:53:15 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 0968h
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | XU1 PROCESSOR | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 37.518 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1863 GiB total, 1050.248 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 463.209 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&1117367&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&1117367&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1117367&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1117367&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP76: 2/8/2013 6:10:24 PM - System Checkpoint
RP77: 2/9/2013 6:28:43 PM - System Checkpoint
RP78: 2/10/2013 7:26:33 PM - System Checkpoint
RP79: 2/12/2013 6:21:01 AM - System Checkpoint
RP80: 2/13/2013 5:20:45 AM - Software Distribution Service 3.0
RP81: 2/13/2013 8:54:05 PM - Software Distribution Service 3.0
RP82: 2/14/2013 7:56:54 AM - Software Distribution Service 3.0
RP83: 2/15/2013 8:27:51 AM - System Checkpoint
RP84: 2/16/2013 8:45:36 AM - System Checkpoint
RP85: 2/17/2013 9:11:26 AM - System Checkpoint
RP86: 2/18/2013 9:54:43 AM - System Checkpoint
RP87: 2/19/2013 11:03:38 AM - System Checkpoint
RP88: 2/20/2013 12:09:52 PM - System Checkpoint
RP89: 2/21/2013 1:28:38 PM - System Checkpoint
RP90: 2/22/2013 3:06:54 PM - System Checkpoint
RP91: 2/23/2013 3:44:15 PM - System Checkpoint
RP92: 2/24/2013 5:36:50 AM - Removed Java(TM) 6 Update 33
RP93: 2/24/2013 5:37:46 AM - Installed Java 7 Update 15
RP94: 2/25/2013 5:56:33 AM - System Checkpoint
RP95: 2/26/2013 6:16:09 AM - System Checkpoint
RP96: 2/27/2013 6:23:27 AM - System Checkpoint
RP97: 2/28/2013 6:37:59 AM - System Checkpoint
RP98: 3/1/2013 8:40:43 AM - Installed TaxFreeway 2012.
RP99: 3/2/2013 9:52:33 AM - System Checkpoint
RP100: 3/2/2013 8:45:20 PM - Software Distribution Service 3.0
RP101: 3/3/2013 8:49:08 PM - Software Distribution Service 3.0
RP102: 3/5/2013 6:02:46 AM - System Checkpoint
RP103: 3/6/2013 6:21:57 AM - System Checkpoint
RP104: 3/7/2013 4:48:44 AM - Removed Java 7 Update 15
RP105: 3/7/2013 4:49:25 AM - Installed Java 7 Update 17
RP106: 3/8/2013 5:32:56 AM - System Checkpoint
RP107: 3/8/2013 8:04:34 AM - Installed StudioTax 2012
RP108: 3/9/2013 9:06:08 AM - System Checkpoint
RP109: 3/10/2013 11:15:20 AM - System Checkpoint
RP110: 3/11/2013 12:26:47 PM - System Checkpoint
RP111: 3/12/2013 2:17:40 PM - System Checkpoint
RP112: 3/12/2013 5:54:27 PM - Printer Driver doPDF 7 Printer Driver Installed
RP113: 3/13/2013 7:28:15 PM - System Checkpoint
RP114: 3/13/2013 8:14:04 PM - Software Distribution Service 3.0
RP115: 3/14/2013 8:37:37 PM - System Checkpoint
RP116: 3/16/2013 5:57:49 AM - System Checkpoint
RP117: 3/17/2013 7:18:09 AM - System Checkpoint
RP118: 3/18/2013 9:41:51 AM - System Checkpoint
RP119: 3/19/2013 1:14:31 PM - System Checkpoint
RP120: 3/20/2013 10:05:15 AM - Installed QuickTime
RP121: 3/21/2013 10:24:23 AM - System Checkpoint
RP122: 3/21/2013 8:25:19 PM - Software Distribution Service 3.0
RP123: 3/23/2013 8:24:25 AM - System Checkpoint
RP124: 3/24/2013 9:35:05 AM - System Checkpoint
RP125: 3/25/2013 10:33:00 AM - System Checkpoint
RP126: 3/25/2013 7:11:42 PM - Installed AVG 2013
RP127: 3/25/2013 7:11:56 PM - Removed AVG 2013
RP128: 3/26/2013 9:42:08 AM - Installed AVG 2013
RP129: 3/27/2013 11:30:12 AM - System Checkpoint
RP130: 3/28/2013 12:50:54 PM - System Checkpoint
RP131: 3/29/2013 1:37:58 PM - System Checkpoint
RP132: 3/30/2013 1:59:29 PM - System Checkpoint
RP133: 4/1/2013 6:19:44 AM - System Checkpoint
RP134: 4/2/2013 6:23:43 AM - System Checkpoint
RP135: 4/3/2013 10:02:41 AM - System Checkpoint
.
==== Installed Programs ======================
.
?????
??????? 6.5???
????2?1???
µTorrent
7-zip v9.20
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2013
AVG Security Toolbar
AviSubtitler v2.02
B410 420 430 UserGuide
Belarc Advisor 7.2
Broadcom NetXtreme Ethernet Controller
Canon Camera Access Library
Canon CanoScan Toolbox 4.5
Canon DIGITAL CAMERA Solution Disk Software Guide
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot A1200 Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CD+G Disc Player Plug-In for Winamp
CDRWIN
CloneCD
Compatibility Pack for the 2007 Office system
Convert PDF To Image
CoreAAC
CPUID CPU-Z 1.61.3
DealPly
Dia (remove only)
doPDF 7.3 printer
DVD Solution
EvilLyrics
FLAC 1.2.1b (remove only)
FLV to MP3 Converter
Free CD Ripper 3.1
Free FLV to MP4 Converter
Free MP4 Video Converter version 5.0.20.1031
Free Sound Recorder 2010 v9.2.1
Free Studio version 5.3.3
Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.1
FreeRIP3 3.70
GoldWave v5.14
GOM PICKER
GOM Player
GOM Video Converter
Google Chrome
Google Desktop
Google Earth Plug-in
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Mouse Suite
iLivid
Intel(R) Graphics Media Accelerator Driver
InterActual Player
IrfanView (remove only)
IsoBuster 2.4
iTunes
Japanese Fonts Support For Adobe Reader 9
Java 7 Update 17
Java Auto Updater
K-Lite Codec Pack 2.72 Full
Karaoke Builder Studio 3.x
Karaoke for DirectX (remove only)
LAME v3.98.3 for Audacity
Linksys Wireless Manager
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Monkey's Audio
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MP3+G Toolz
MPEG2 Codec(libmpeg2/mad)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Multimedia Launcher
Nero 7 Premium
Nitro PDF Professional
OKI B410 Printer Menu Setup Tool
PCFriendly
Picasa 2
Power CD+G Burner 2
Power CD+G to Video Karaoke Converter 2
PowerDVD
PowerProducer
PPSGame V1.0.1.466
PPStream V2.7.0.1512 Final
QQ??8.5
QuickTime
QuickWordtoPDF
Rapport
Samsung_MonSetup
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Siglos Karaoke Professional
Skype Click to Call
Skype™ 6.1
SnagIt 7
SoundMAX
StudioTax 2012
TaxFreeway 2012
Unity Web Player
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
WD Diagnostics
WD Drive Manager (x86)
WebFldrs XP
Winamp (remove only)
Windows Driver Package - Hewlett-Packard (HidUsb) HIDClass (01/26/2010 1.12.7600.16385)
Windows Driver Package - Hewlett - Packard (HidUsb) HIDClass (01/26/2010 1.12.7600.16385)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
YouTube to MP3 Converter
YTD Toolbar v7.0
YTD Video Downloader 3.9.6
.
==== Event Viewer Messages From Past Week ========
.
4/3/2013 8:47:54 AM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
4/3/2013 8:05:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/3/2013 7:29:55 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
4/3/2013 10:27:06 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCFileOpen.exe. Reference error message: The operation completed successfully. .
4/2/2013 8:42:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt PCIIde
3/31/2013 5:17:06 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error message: The referenced assembly is not installed on your system. .
3/31/2013 5:17:06 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe. Reference error message: The operation completed successfully. .
3/31/2013 5:17:06 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
3/31/2013 5:16:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
3/31/2013 5:16:55 AM, error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error 3758213659 (0xE001CA1B).
3/31/2013 5:16:55 AM, error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error 3758198278 (0xE0018E06).
3/31/2013 5:16:07 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\plugins\QMSafeboxPlugin.dll. Reference error message: The operation completed successfully. .
3/31/2013 5:16:07 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\plugins\QMHipsEngine.dll. Reference error message: The operation completed successfully. .
3/31/2013 5:16:07 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\plugins\QMHips.dll. Reference error message: The operation completed successfully. .
.
==== End Of File ===========================
Newbie
-
April 4th, 2013, 04:01 PM
#12
Download RogueKiller on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
- Unzip downloaded file.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
-
April 5th, 2013, 08:22 AM
#13
Hi Broni,
I have run RogueKiller (one time), and Malwarebytes Anti Rootkit - MBAR (several times because I could not find the two text files that you want me to post back). Every time I run MBAR, it says "Scan Finished: No malware found!" and "Cleanup: Congratulations, no cleanup is required!". I could find the RKreport text file (posted below), but I could not find MBAR's log and MBAR's system log anywhere. I unzipped MBAR in a special folder, and I have been looking for these two files throughout my computer, please advise me what to do.
= = = RKreport text file = = =
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : ADMIN [Admin rights]
Mode : Scan -- Date : 04/04/2013 20:07:22
| ARK || FAK || MBR |
¤¤¤ Bad processes : 3 ¤¤¤
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll [x] -> UNLOADED
[SUSP PATH] hpwjd.exe -- C:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwjd.exe [7] -> KILLED [TermProc]
[SUSP PATH] hpwmsd.exe -- C:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwmsd.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Sevas-SSoftwareDefender (C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\Defender\defender.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : Sevas-SSoftwareUpdater (C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\Updater\updater.exe) [7] -> FOUND
[TASK][SUSP PATH] At2.job : C:\Documents and Settings\NetworkService\Application Data\DealPly\UpdateProc\UpdateTask.exe /Check [7] -> FOUND
[TASK][SUSP PATH] At1.job : C:\Documents and Settings\ADMIN\Application Data\DealPly\UpdateProc\UpdateTask.exe /Check [7] -> FOUND
[STARTUP][SUSP PATH] hpwjd.exe.lnk @All Users : C:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwjd.exe [7] -> FOUND
[STARTUP][SUSP PATH] hpwmsd.exe.lnk @All Users : C:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwmsd.exe [7] -> FOUND
[STARTUP][SUSP PATH] hpwjd.exe.lnk @Common : C:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwjd.exe [7] -> FOUND
[STARTUP][SUSP PATH] hpwmsd.exe.lnk @Common : C:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwmsd.exe [7] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80578ABE -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9092BB0)
SSDT[50] : NtCreateSection @ 0x8056DB66 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9096A2A)
SSDT[53] : NtCreateThread @ 0x805860C0 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9094B48)
SSDT[66] : NtDeviceIoControlFile @ 0x80588ABD -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA909A28C)
SSDT[68] : NtDuplicateObject @ 0x8057DDAF -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9088A52)
SSDT[73] : NtEnumerateValueKey @ 0x8059003A -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA908F17C)
SSDT[97] : NtLoadDriver @ 0x805B06F6 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA909A492)
SSDT[125] : NtOpenSection @ 0x8057B96A -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9096CE9)
SSDT[180] : NtQueueApcThread @ 0x8059A8E8 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9097ED7)
SSDT[200] : NtRequestWaitReplyPort @ 0x8057D89E -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9093FA7)
SSDT[237] : NtSetSecurityObject @ 0x8059EC29 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA909AC54)
SSDT[240] : NtSetSystemInformation @ 0x805B2328 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA909B28F)
SSDT[255] : NtSystemDebugControl @ 0x80651B27 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA909A8A7)
SSDT[274] : NtWriteFile @ 0x8058342D -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9089372)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SP0812C +++++
--- User ---
[MBR] 47b7733e2ebb66704334197371dfeb60
[BSP] 4d1738d29bd56e11f363b58923c9ebc7 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: ST2000DM001-9YN164 +++++
--- User ---
[MBR] 1d9d93e3957e9ad32111a8887c533393
[BSP] fc1c3f54a420a9c310c529f5a8f7f443 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: +++++
--- User ---
[MBR] a0804512606de9ebcd08edf18f8bee5e
[BSP] 0d5cd987dd27d007ebfb056aad1bc943 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_04042013_02d2007.txt >>
RKreport[1]_S_04042013_02d2007.txt
= = =
Newbie
-
April 5th, 2013, 11:38 AM
#14
You're fine with MBAR but RK should produce another file (after cleaning).
-
April 5th, 2013, 01:17 PM
#15
Hi Broni,
I got this RKreport after cleaning.
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : ADMIN [Admin rights]
Mode : Remove -- Date : 04/04/2013 20:08:19
| ARK || FAK || MBR |
¤¤¤ Bad processes : 3 ¤¤¤
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll [x] -> UNLOADED
[SUSP PATH] hpwjd.exe -- C:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwjd.exe [7] -> KILLED [TermProc]
[SUSP PATH] hpwmsd.exe -- C:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwmsd.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Sevas-SSoftwareDefender (C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\Defender\defender.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : Sevas-SSoftwareUpdater (C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\Updater\updater.exe) [7] -> DELETED
[TASK][SUSP PATH] At2.job : C:\Documents and Settings\NetworkService\Application Data\DealPly\UpdateProc\UpdateTask.exe /Check [7] -> DELETED
[TASK][SUSP PATH] At1.job : C:\Documents and Settings\ADMIN\Application Data\DealPly\UpdateProc\UpdateTask.exe /Check [7] -> DELETED
[STARTUP][SUSP PATH] hpwjd.exe.lnk @All Users : C:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwjd.exe [7] -> DELETED
[STARTUP][SUSP PATH] hpwmsd.exe.lnk @All Users : C:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwmsd.exe [7] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80578ABE -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9092BB0)
SSDT[50] : NtCreateSection @ 0x8056DB66 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9096A2A)
SSDT[53] : NtCreateThread @ 0x805860C0 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9094B48)
SSDT[66] : NtDeviceIoControlFile @ 0x80588ABD -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA909A28C)
SSDT[68] : NtDuplicateObject @ 0x8057DDAF -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9088A52)
SSDT[73] : NtEnumerateValueKey @ 0x8059003A -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA908F17C)
SSDT[97] : NtLoadDriver @ 0x805B06F6 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA909A492)
SSDT[125] : NtOpenSection @ 0x8057B96A -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9096CE9)
SSDT[180] : NtQueueApcThread @ 0x8059A8E8 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9097ED7)
SSDT[200] : NtRequestWaitReplyPort @ 0x8057D89E -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9093FA7)
SSDT[237] : NtSetSecurityObject @ 0x8059EC29 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA909AC54)
SSDT[240] : NtSetSystemInformation @ 0x805B2328 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA909B28F)
SSDT[255] : NtSystemDebugControl @ 0x80651B27 -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA909A8A7)
SSDT[274] : NtWriteFile @ 0x8058342D -> HOOKED (\??\C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\TSKsp.sys @ 0xA9089372)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SP0812C +++++
--- User ---
[MBR] 47b7733e2ebb66704334197371dfeb60
[BSP] 4d1738d29bd56e11f363b58923c9ebc7 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: ST2000DM001-9YN164 +++++
--- User ---
[MBR] 1d9d93e3957e9ad32111a8887c533393
[BSP] fc1c3f54a420a9c310c529f5a8f7f443 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: +++++
--- User ---
[MBR] a0804512606de9ebcd08edf18f8bee5e
[BSP] 0d5cd987dd27d007ebfb056aad1bc943 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_04042013_02d2008.txt >>
RKreport[1]_S_04042013_02d2007.txt ; RKreport[2]_D_04042013_02d2008.txt
= = =
But now I opened Chrome (Web-browser), Conduit - Visual Bee search is still in 2nd tab. First tab uses Google (as intended).
This is showing in the URL line of the 2nd tab>>
http://search.conduit.com/?ctid=CT29...402319515&UM=2
= = =
Newbie
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|