Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Related to `Barowwsoe2Save `elimination

  1. #11
    Junior Member
    Join Date
    Jan 2015
    Posts
    10

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
    Ran by cp2012 at 2015-02-03 11:04:47 Run:3
    Running from C:\Users\cp2012\Desktop
    Loaded Profiles: cp2012 (Available profiles: cp2012)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    SearchScopes: HKLM -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    C:\Users\cp2012\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn4jkmb.dll
    C:\Users\cp2012\AppData\Local\Temp\Quarantine.exe
    C:\Users\cp2012\AppData\Local\Temp\sqlite3.dll
    EmptyTemp:
    Hosts:
    CMD: ipconfig /flushdns
    End
    *****************

    Processes closed successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44AB3196-E782-4E57-B65F-8EFAAAF62DDC}" => Key deleted successfully.
    HKCR\CLSID\{44AB3196-E782-4E57-B65F-8EFAAAF62DDC} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{44AB3196-E782-4E57-B65F-8EFAAAF62DDC}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{44AB3196-E782-4E57-B65F-8EFAAAF62DDC} => Key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "C:\Users\cp2012\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn4jkmb.dll" => File/Directory not found.
    C:\Users\cp2012\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\cp2012\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => Removed 390.3 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 11:05:18 ====
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\Roaming\OpenCandy\A8A80C67367A43F880893A78B532793B\OtshotInstaller7.exe.vir a variant of Win32/KeyDownload.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\Roaming\OpenCandy\AEC368A6F271425384ECCFB7FC9C2CED\OtshotInstaller7.exe.vir a variant of Win32/KeyDownload.A potentially unwanted application
    C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js Win32/Conduit.SearchProtect.A potentially unwanted application
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD2EC.tmp a variant of Win32/Toolbar.Widgi.B potentially unwanted application
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD2EC.tmp a variant of Win32/Toolbar.Widgi.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\Swirlz\hk64tbSwi0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\Swirlz\hk64tbSwir.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\Swirlz\hktbSwi0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\Swirlz\hktbSwir.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\Swirlz\ldrtbSwi0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\Swirlz\ldrtbSwir.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\Swirlz\tbSwi0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\Swirlz\tbSwi1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\Swirlz\tbSwir.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\Swirlz\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3308528\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3309759\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12auxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12barsvc.exe.vir Win32/Toolbar.MyWebSearch.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bprtct.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dyn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12feedmg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12highin.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12hkstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12htmlmu.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12httpct.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12idle.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12ieovr.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12impipe.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12medint.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12mlbtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12msg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12Plugin.dll.vir a variant of Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12radio.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regfft.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12reghk.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regiet.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12script.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12sknlcr.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrchMn.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12tpinst.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\12uabtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\CREXT.DLL.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\CrExtP12.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\Hpg64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\NP12Stub.dll.vir Win32/Toolbar.MyWebSearch.T potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8EXTEX.DLL.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8EXTPEX.DLL.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8HTML.DLL.vir a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8TICKER.DLL.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir Win32/SpeedingUpMyPC.O application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir a variant of Win32/SProtector.L potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll.vir a variant of Win32/SProtector.D potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll.vir a variant of Win64/SProtector.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir a variant of Win32/AdWare.SpeedingUpMyPC.D application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProReminder.exe.vir Win32/Adware.SpeedingUpMyPC.V application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir Win32/Conduit.SearchProtect.Q potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir a variant of Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\4zEIPlug.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\4zEZSETP.dll.vir Win32/Toolbar.MyWebSearch.Q potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISb.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaidocmldibgopdbjiopphnjhaehnbn\10.26.9.505_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaidocmldibgopdbjiopphnjhaehnbn\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkhlakkdjfjbohpngmfpijfgmlpnamd\10.26.9.505_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkhlakkdjfjbohpngmfpijfgmlpnamd\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmcedemcahkmaidbipmniofjcocajlgk\10.26.9.505_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmcedemcahkmaidbipmniofjcocajlgk\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\hk64tbKey0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\hk64tbKey2.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\hk64tbKeyB.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\hktbKey0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\hktbKey2.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\hktbKeyB.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\ldrtbKey0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\ldrtbKey2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\ldrtbKeyB.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\tbKey0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\tbKey1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\tbKey2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\tbKeyB.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\cp2012\AppData\LocalLow\KeyBar_1.19\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
    =========================================

    Computer seems to be working okay, except when move from one tab to another new tab in Firefox it slows down, or some other time it comes up with flashplayer issues and slows down. Thank you so much.

  2. #12
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi spyCype,

    FRST Fix Script

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

    Code:
    Start
    CloseProcesses:
    C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js Win32/Conduit.SearchProtect.A
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD2EC.tmp
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD2EC.tmp
    EmptyTemp:
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    The tool will make a log (Fixlog.txt) please post it to your reply.

    =========================

    TFC

    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
      • Vista, Windows 7 & 8 Right click and select "Run as Administrator"
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    =========================

    Reboot & Test

    In your next post please provide the following:
    • Fixlog.txt
    • TFC log if available
    • Can you explain the Flash Player issue in greater detail?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #13
    Junior Member
    Join Date
    Jan 2015
    Posts
    10

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015
    Ran by cp2012 at 2015-02-04 13:52:10 Run:4
    Running from C:\Users\cp2012\Desktop
    Loaded Profiles: cp2012 (Available profiles: cp2012)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js Win32/Conduit.SearchProtect.A
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD2EC.tmp
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD2EC.tmp
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    "C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js Win32/Conduit.SearchProtect.A" => File/Directory not found.
    "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD2EC.tmp" => File/Directory not found.
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD2EC.tmp => Moved successfully.
    EmptyTemp: => Removed 370.2 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 13:52:13 ====
    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: All Users

    User: cp2012
    ->Temp folder emptied: 106808 bytes
    ->Temporary Internet Files folder emptied: 14903 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 5637176 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 56958 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4250 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 0 bytes
    Process complete!

    Total Files Cleaned = 6.00 mb
    ======
    The TFC did not generate a file, however, I copied and pasted whatever it showed, before I rebooted.
    Regarding the shockwave/flashplayer, sometimes when I try to login to yahoo, it stops and the cursor keep whirling and would come up with a dialogue box to ask to continue or stop the flashplayer which is currently busy. Thank you so much.

  4. #14
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi spyCype,

    Regarding the shockwave/flashplayer, sometimes when I try to login to yahoo, it stops and the cursor keep whirling and would come up with a dialogue box to ask to continue or stop the flashplayer which is currently busy.
    1. Does it happen on other sites as well, or just Yahoo?
    2. Does it happen while using any particular browser?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  5. #15
    Junior Member
    Join Date
    Jan 2015
    Posts
    10

    Default

    I noticed this with the yahoo 3 times recently. I have been using Firefox. we mostly use firefox. But I do not know is this something we need to address right away as I do not experience this all the time. Thank you so much.

  6. #16
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi spyCype,

    It could be something isolated to Yahoo. You will need to "test" and see if it happens on other sites while using Firefox. Or possibly try another browser (Internet Explorer, Chrome etc)

    This is the version you currently have installed:Adobe Flash Player 16.0.0.296

    Here is some additional information about Adobe Flash Player:
    https://helpx.adobe.com/security/pro...apsa15-01.html
    https://helpx.adobe.com/security/pro...apsb15-03.html
    https://helpx.adobe.com/security/pro...apsa15-02.html

    At this point it could be just a coincidence that you are having these issues, or it could be something more malicious.

    Test and report back your findings.

    Your logs are looking good! Other than the Flash Player issue how is your computer running?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  7. #17
    Junior Member
    Join Date
    Jan 2015
    Posts
    10

    Default

    I have updated the flashplayer to 16.0.0.305. Other than that the computer runs good.

    Please see the Spybot log files attached from to consecutive scans. Thank you for all your help.

    Do you think Spybot can manage this computer as a virus screening program or should I concurrently use AVG as well.

    Now, do I need to clean up all the programs that I downloaded for the computer checking such as faberware, JRT, adware etc. and its associated files on the desktop. Please advise.



    ===========
    Search results from Spybot - Search & Destroy

    07/02/2015 3:15:10 PM
    Scan took 00:20:29.
    26 items found.

    DownLite: [SBI $503497B9] User settings (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-4211978626-972589915-279576106-1000\Software\DownLite

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\cp2012\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H388G4VT\affbeat.com\pap20.sol
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\cp2012\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H388G4VT\members.bet365.com\FCE.sol
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\cp2012\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H388G4VT\p.jwpcdn.com\com.longtailvideo.jwplayer.sol
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\cp2012\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H388G4VT\s.ytimg.com\soundData.sol
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\cp2012\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H388G4VT\static.vidto.me\com.jeroenwijering.sol
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\cp2012\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H388G4VT\www.bet365.com\b365lipcs.sol
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\cp2012\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H388G4VT\www.bet365.com\b365push.sol
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\cp2012\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H388G4VT\www.bet365.com\betslip365.sol
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\cp2012\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H388G4VT\http://www.bet365.com\htrGgjy810Gbjg...wjkjwjshjx.sol
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\cp2012\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H388G4VT\http://www.bet365.com\htrGgjy810Ghjs...wutihttpnj.sol
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
    C:\Users\cp2012\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H388G4VT\http://www.filmon.com\#com.junkbyte\...e\UserData.sol
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
    C:\Users\cp2012\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H388G4VT\http://www.nowvideo.sx\player\cloudp...novaPlayer.sol
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    OtShot: [SBI $6680244F] Settings (Registry Key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\ZalmanInstaller_otshot

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

    MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

    Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Cookie: [SBI $49804B54] Browser: Cookie (5) (Browser: Cookie, nothing done)


    Cache: [SBI $49804B54] Browser: Cache (24) (Browser: Cache, nothing done)


    History: [SBI $49804B54] Browser: History (13) (Browser: History, nothing done)


    Cookie: [SBI $49804B54] Browser: Cookie (1109) (Browser: Cookie, nothing done)



    --- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

    2013-09-20 blindman.exe (2.2.18.151)
    2013-09-20 explorer.exe (2.2.18.177)
    2013-09-20 SDBootCD.exe (2.2.18.109)
    2013-09-20 SDCleaner.exe (2.2.18.110)
    2013-09-20 SDDelFile.exe (2.2.18.94)
    2013-06-18 SDDisableProxy.exe
    2013-09-20 SDFiles.exe (2.2.18.135)
    2013-09-20 SDFileScanHelper.exe (2.2.16.1)
    2013-10-15 SDFSSvc.exe (2.2.25.211)
    2013-10-10 SDHookHelper.exe (2.3.30.2)
    2013-10-10 SDHookInst32.exe (2.3.30.2)
    2013-10-10 SDHookInst64.exe (2.3.30.2)
    2013-09-20 SDImmunize.exe (2.2.18.130)
    2014-12-17 SDInformV2i-20141217.exe (1.0.0.0)
    2013-05-16 SDLogReport.exe (2.1.18.107)
    2013-10-14 SDOnAccess.exe (2.2.25.4)
    2013-09-20 SDPESetup.exe (2.2.18.3)
    2013-09-20 SDPEStart.exe (2.2.18.86)
    2013-09-20 SDPhoneScan.exe (2.2.18.28)
    2013-09-20 SDPRE.exe (2.2.18.22)
    2013-09-20 SDPrepPos.exe (2.2.18.10)
    2013-09-20 SDQuarantine.exe (2.2.18.103)
    2013-09-20 SDRootAlyzer.exe (2.2.18.116)
    2013-09-20 SDSBIEdit.exe (2.2.18.39)
    2013-09-20 SDScan.exe (2.2.18.177)
    2013-09-20 SDScript.exe (2.2.18.53)
    2013-10-15 SDSettings.exe (2.2.25.138)
    2013-09-20 SDShell.exe (2.2.18.2)
    2013-09-20 SDShred.exe (2.2.18.107)
    2013-09-20 SDSysRepair.exe (2.2.18.101)
    2013-09-20 SDTools.exe (2.2.18.150)
    2013-07-25 SDTray.exe (2.1.21.129)
    2013-09-20 SDUpdate.exe (2.2.18.91)
    2013-09-20 SDUpdSvc.exe (2.2.18.76)
    2013-09-20 SDWelcome.exe (2.2.21.129)
    2013-09-13 SDWSCSvc.exe (2.2.22.2)
    2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
    2014-03-06 spybotsd2-installer.exe (2.2.25.0)
    2014-07-28 spybotsd2-translation-es.exe (2.4.40.0)
    2014-07-31 spybotsd2-translation-esx.exe
    2013-06-19 spybotsd2-translation-frx.exe
    2014-08-25 spybotsd2-translation-hux2.exe
    2014-09-09 spybotsd2-translation-nlx.exe
    2014-10-01 spybotsd2-translation-nlx2.exe
    2014-11-05 spybotsd2-translation-ukx.exe
    2014-03-06 unins000.exe (51.1052.0.0)
    1999-12-02 xcacls.exe
    2012-08-23 borlndmm.dll (10.0.2288.42451)
    2012-09-05 DelZip190.dll (1.9.0.107)
    2012-09-10 libeay32.dll (1.0.0.4)
    2012-09-10 libssl32.dll (1.0.0.4)
    2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
    2013-05-16 SDAV.dll
    2013-05-16 SDECon32.dll (2.1.18.113)
    2013-05-16 SDECon64.dll (2.1.18.113)
    2013-04-05 SDEvents.dll (2.1.16.2)
    2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
    2013-10-10 SDHook32.dll (2.3.30.2)
    2013-10-10 SDHook64.dll (2.3.30.2)
    2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
    2013-05-16 SDLicense.dll (2.1.18.0)
    2013-05-16 SDLists.dll (2.1.18.4)
    2013-05-16 SDResources.dll (2.1.18.7)
    2013-05-16 SDScanLibrary.dll (2.1.18.131)
    2013-05-16 SDTasks.dll (2.1.18.15)
    2013-05-16 SDWinLogon.dll (2.1.18.0)
    2012-08-23 sqlite3.dll
    2012-09-10 ssleay32.dll (1.0.0.4)
    2013-05-16 Tools.dll (2.1.18.36)
    2014-03-05 Includes\Adware-000.sbi (*)
    2014-01-08 Includes\Adware-001.sbi (*)
    2015-02-04 Includes\Adware-C.sbi (*)
    2014-01-13 Includes\Adware.sbi (*)
    2014-01-13 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2014-11-14 Includes\Dialer-000.sbi (*)
    2014-11-14 Includes\Dialer-001.sbi (*)
    2014-01-08 Includes\Dialer-C.sbi (*)
    2014-01-13 Includes\Dialer.sbi (*)
    2014-01-13 Includes\DialerC.sbi (*)
    2014-01-09 Includes\Fraud-000.sbi (*)
    2014-01-09 Includes\Fraud-001.sbi (*)
    2014-03-31 Includes\Fraud-002.sbi (*)
    2014-01-09 Includes\Fraud-003.sbi (*)
    2012-11-14 Includes\HeavyDuty.sbi (*)
    2014-11-14 Includes\Hijackers-000.sbi (*)
    2014-11-14 Includes\Hijackers-001.sbi (*)
    2014-01-08 Includes\Hijackers-C.sbi (*)
    2014-01-13 Includes\Hijackers.sbi (*)
    2014-01-13 Includes\HijackersC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)
    2014-11-14 Includes\Keyloggers-000.sbi (*)
    2014-09-24 Includes\Keyloggers-C.sbi (*)
    2014-01-13 Includes\Keyloggers.sbi (*)
    2014-01-13 Includes\KeyloggersC.sbi (*)
    2014-11-14 Includes\Malware-000.sbi (*)
    2014-11-14 Includes\Malware-001.sbi (*)
    2014-11-14 Includes\Malware-002.sbi (*)
    2014-11-14 Includes\Malware-003.sbi (*)
    2014-11-14 Includes\Malware-004.sbi (*)
    2014-11-14 Includes\Malware-005.sbi (*)
    2014-02-26 Includes\Malware-006.sbi (*)
    2014-01-09 Includes\Malware-007.sbi (*)
    2015-02-04 Includes\Malware-C.sbi (*)
    2014-01-13 Includes\Malware.sbi (*)
    2013-12-23 Includes\MalwareC.sbi (*)
    2014-11-14 Includes\PUPS-000.sbi (*)
    2014-01-15 Includes\PUPS-001.sbi (*)
    2014-01-15 Includes\PUPS-002.sbi (*)
    2015-02-04 Includes\PUPS-C.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2014-01-07 Includes\PUPSC.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2014-01-08 Includes\Security-C.sbi (*)
    2014-01-21 Includes\Security.sbi (*)
    2014-01-21 Includes\SecurityC.sbi (*)
    2014-11-14 Includes\Spyware-000.sbi (*)
    2014-12-10 Includes\Spyware-001.sbi (*)
    2015-01-14 Includes\Spyware-C.sbi (*)
    2014-01-21 Includes\Spyware.sbi (*)
    2014-01-21 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2014-01-15 Includes\Trojans-000.sbi (*)
    2014-01-15 Includes\Trojans-001.sbi (*)
    2014-11-14 Includes\Trojans-002.sbi (*)
    2014-01-15 Includes\Trojans-003.sbi (*)
    2014-01-15 Includes\Trojans-004.sbi (*)
    2014-03-19 Includes\Trojans-005.sbi (*)
    2014-07-09 Includes\Trojans-006.sbi (*)
    2014-01-15 Includes\Trojans-007.sbi (*)
    2014-07-09 Includes\Trojans-008.sbi (*)
    2014-07-09 Includes\Trojans-009.sbi (*)
    2015-01-21 Includes\Trojans-C.sbi (*)
    2014-01-15 Includes\Trojans-OG-000.sbi (*)
    2014-01-15 Includes\Trojans-TD-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-001.sbi (*)
    2014-01-15 Includes\Trojans-VM-002.sbi (*)
    2014-01-15 Includes\Trojans-VM-003.sbi (*)
    2014-01-15 Includes\Trojans-VM-004.sbi (*)
    2014-01-15 Includes\Trojans-VM-005.sbi (*)
    2014-01-15 Includes\Trojans-VM-006.sbi (*)
    2014-01-15 Includes\Trojans-VM-007.sbi (*)
    2014-01-15 Includes\Trojans-VM-008.sbi (*)
    2014-01-15 Includes\Trojans-VM-009.sbi (*)
    2014-01-15 Includes\Trojans-VM-010.sbi (*)
    2014-01-15 Includes\Trojans-VM-011.sbi (*)
    2014-01-15 Includes\Trojans-VM-012.sbi (*)
    2014-01-15 Includes\Trojans-VM-013.sbi (*)
    2014-01-15 Includes\Trojans-VM-014.sbi (*)
    2014-01-15 Includes\Trojans-VM-015.sbi (*)
    2014-01-15 Includes\Trojans-VM-016.sbi (*)
    2014-01-15 Includes\Trojans-VM-017.sbi (*)
    2014-01-15 Includes\Trojans-VM-018.sbi (*)
    2014-01-15 Includes\Trojans-VM-019.sbi (*)
    2014-01-15 Includes\Trojans-VM-020.sbi (*)
    2014-01-15 Includes\Trojans-VM-021.sbi (*)
    2014-01-15 Includes\Trojans-VM-022.sbi (*)
    2014-01-15 Includes\Trojans-VM-023.sbi (*)
    2014-01-15 Includes\Trojans-VM-024.sbi (*)
    2014-01-15 Includes\Trojans-ZB-000.sbi (*)
    2014-01-15 Includes\Trojans-ZL-000.sbi (*)
    2014-01-09 Includes\Trojans.sbi (*)
    2014-01-16 Includes\TrojansC-01.sbi (*)
    2014-01-16 Includes\TrojansC-02.sbi (*)
    2014-01-16 Includes\TrojansC-03.sbi (*)
    2014-01-16 Includes\TrojansC-04.sbi (*)
    2014-01-16 Includes\TrojansC-05.sbi (*)
    2014-01-09 Includes\TrojansC.sbi (*)


    ===================
    Search results from Spybot - Search & Destroy

    07/02/2015 3:34:26 PM
    Scan took 00:16:29.
    10 items found.

    OtShot: [SBI $6680244F] Settings (Registry Key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\ZalmanInstaller_otshot

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

    MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)


    History: [SBI $49804B54] Browser: History (1) (Browser: History, nothing done)


    Cookie: [SBI $49804B54] Browser: Cookie (26) (Browser: Cookie, nothing done)



    --- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

    2013-09-20 blindman.exe (2.2.18.151)
    2013-09-20 explorer.exe (2.2.18.177)
    2013-09-20 SDBootCD.exe (2.2.18.109)
    2013-09-20 SDCleaner.exe (2.2.18.110)
    2013-09-20 SDDelFile.exe (2.2.18.94)
    2013-06-18 SDDisableProxy.exe
    2013-09-20 SDFiles.exe (2.2.18.135)
    2013-09-20 SDFileScanHelper.exe (2.2.16.1)
    2013-10-15 SDFSSvc.exe (2.2.25.211)
    2013-10-10 SDHookHelper.exe (2.3.30.2)
    2013-10-10 SDHookInst32.exe (2.3.30.2)
    2013-10-10 SDHookInst64.exe (2.3.30.2)
    2013-09-20 SDImmunize.exe (2.2.18.130)
    2014-12-17 SDInformV2i-20141217.exe (1.0.0.0)
    2013-05-16 SDLogReport.exe (2.1.18.107)
    2013-10-14 SDOnAccess.exe
    2013-09-20 SDPESetup.exe (2.2.18.3)
    2013-09-20 SDPEStart.exe (2.2.18.86)
    2013-09-20 SDPhoneScan.exe (2.2.18.28)
    2013-09-20 SDPRE.exe (2.2.18.22)
    2013-09-20 SDPrepPos.exe (2.2.18.10)
    2013-09-20 SDQuarantine.exe (2.2.18.103)
    2013-09-20 SDRootAlyzer.exe (2.2.18.116)
    2013-09-20 SDSBIEdit.exe
    2013-09-20 SDScan.exe (2.2.18.177)
    2013-09-20 SDScript.exe (2.2.18.53)
    2013-10-15 SDSettings.exe
    2013-09-20 SDShell.exe (2.2.18.2)
    2013-09-20 SDShred.exe (2.2.18.107)
    2013-09-20 SDSysRepair.exe (2.2.18.101)
    2013-09-20 SDTools.exe
    2013-07-25 SDTray.exe
    2013-09-20 SDUpdate.exe (2.2.18.91)
    2013-09-20 SDUpdSvc.exe (2.2.18.76)
    2013-09-20 SDWelcome.exe
    2013-09-13 SDWSCSvc.exe (2.2.22.2)
    2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
    2014-03-06 spybotsd2-installer.exe (2.2.25.0)
    2014-07-28 spybotsd2-translation-es.exe (2.4.40.0)
    2014-07-31 spybotsd2-translation-esx.exe
    2013-06-19 spybotsd2-translation-frx.exe
    2014-08-25 spybotsd2-translation-hux2.exe
    2014-09-09 spybotsd2-translation-nlx.exe
    2014-10-01 spybotsd2-translation-nlx2.exe
    2014-11-05 spybotsd2-translation-ukx.exe
    2014-03-06 unins000.exe (51.1052.0.0)
    1999-12-02 xcacls.exe
    2012-08-23 borlndmm.dll (10.0.2288.42451)
    2012-09-05 DelZip190.dll (1.9.0.107)
    2012-09-10 libeay32.dll (1.0.0.4)
    2012-09-10 libssl32.dll (1.0.0.4)
    2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
    2013-05-16 SDAV.dll
    2013-05-16 SDECon32.dll (2.1.18.113)
    2013-05-16 SDECon64.dll (2.1.18.113)
    2013-04-05 SDEvents.dll (2.1.16.2)
    2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
    2013-10-10 SDHook32.dll (2.3.30.2)
    2013-10-10 SDHook64.dll (2.3.30.2)
    2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
    2013-05-16 SDLicense.dll (2.1.18.0)
    2013-05-16 SDLists.dll (2.1.18.4)
    2013-05-16 SDResources.dll (2.1.18.7)
    2013-05-16 SDScanLibrary.dll (2.1.18.131)
    2013-05-16 SDTasks.dll (2.1.18.15)
    2013-05-16 SDWinLogon.dll (2.1.18.0)
    2012-08-23 sqlite3.dll
    2012-09-10 ssleay32.dll (1.0.0.4)
    2013-05-16 Tools.dll (2.1.18.36)
    2014-03-05 Includes\Adware-000.sbi (*)
    2014-01-08 Includes\Adware-001.sbi (*)
    2015-02-04 Includes\Adware-C.sbi (*)
    2014-01-13 Includes\Adware.sbi (*)
    2014-01-13 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2014-11-14 Includes\Dialer-000.sbi (*)
    2014-11-14 Includes\Dialer-001.sbi (*)
    2014-01-08 Includes\Dialer-C.sbi (*)
    2014-01-13 Includes\Dialer.sbi (*)
    2014-01-13 Includes\DialerC.sbi (*)
    2014-01-09 Includes\Fraud-000.sbi (*)
    2014-01-09 Includes\Fraud-001.sbi (*)
    2014-03-31 Includes\Fraud-002.sbi (*)
    2014-01-09 Includes\Fraud-003.sbi (*)
    2012-11-14 Includes\HeavyDuty.sbi (*)
    2014-11-14 Includes\Hijackers-000.sbi (*)
    2014-11-14 Includes\Hijackers-001.sbi (*)
    2014-01-08 Includes\Hijackers-C.sbi (*)
    2014-01-13 Includes\Hijackers.sbi (*)
    2014-01-13 Includes\HijackersC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)
    2014-11-14 Includes\Keyloggers-000.sbi (*)
    2014-09-24 Includes\Keyloggers-C.sbi (*)
    2014-01-13 Includes\Keyloggers.sbi (*)
    2014-01-13 Includes\KeyloggersC.sbi (*)
    2014-11-14 Includes\Malware-000.sbi (*)
    2014-11-14 Includes\Malware-001.sbi (*)
    2014-11-14 Includes\Malware-002.sbi (*)
    2014-11-14 Includes\Malware-003.sbi (*)
    2014-11-14 Includes\Malware-004.sbi (*)
    2014-11-14 Includes\Malware-005.sbi (*)
    2014-02-26 Includes\Malware-006.sbi (*)
    2014-01-09 Includes\Malware-007.sbi (*)
    2015-02-04 Includes\Malware-C.sbi (*)
    2014-01-13 Includes\Malware.sbi (*)
    2013-12-23 Includes\MalwareC.sbi (*)
    2014-11-14 Includes\PUPS-000.sbi (*)
    2014-01-15 Includes\PUPS-001.sbi (*)
    2014-01-15 Includes\PUPS-002.sbi (*)
    2015-02-04 Includes\PUPS-C.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2014-01-07 Includes\PUPSC.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2014-01-08 Includes\Security-C.sbi (*)
    2014-01-21 Includes\Security.sbi (*)
    2014-01-21 Includes\SecurityC.sbi (*)
    2014-11-14 Includes\Spyware-000.sbi (*)
    2014-12-10 Includes\Spyware-001.sbi (*)
    2015-01-14 Includes\Spyware-C.sbi (*)
    2014-01-21 Includes\Spyware.sbi (*)
    2014-01-21 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2014-01-15 Includes\Trojans-000.sbi (*)
    2014-01-15 Includes\Trojans-001.sbi (*)
    2014-11-14 Includes\Trojans-002.sbi (*)
    2014-01-15 Includes\Trojans-003.sbi (*)
    2014-01-15 Includes\Trojans-004.sbi (*)
    2014-03-19 Includes\Trojans-005.sbi (*)
    2014-07-09 Includes\Trojans-006.sbi (*)
    2014-01-15 Includes\Trojans-007.sbi (*)
    2014-07-09 Includes\Trojans-008.sbi (*)
    2014-07-09 Includes\Trojans-009.sbi (*)
    2015-01-21 Includes\Trojans-C.sbi (*)
    2014-01-15 Includes\Trojans-OG-000.sbi (*)
    2014-01-15 Includes\Trojans-TD-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-001.sbi (*)
    2014-01-15 Includes\Trojans-VM-002.sbi (*)
    2014-01-15 Includes\Trojans-VM-003.sbi (*)
    2014-01-15 Includes\Trojans-VM-004.sbi (*)
    2014-01-15 Includes\Trojans-VM-005.sbi (*)
    2014-01-15 Includes\Trojans-VM-006.sbi (*)
    2014-01-15 Includes\Trojans-VM-007.sbi (*)
    2014-01-15 Includes\Trojans-VM-008.sbi (*)
    2014-01-15 Includes\Trojans-VM-009.sbi (*)
    2014-01-15 Includes\Trojans-VM-010.sbi (*)
    2014-01-15 Includes\Trojans-VM-011.sbi (*)
    2014-01-15 Includes\Trojans-VM-012.sbi (*)
    2014-01-15 Includes\Trojans-VM-013.sbi (*)
    2014-01-15 Includes\Trojans-VM-014.sbi (*)
    2014-01-15 Includes\Trojans-VM-015.sbi (*)
    2014-01-15 Includes\Trojans-VM-016.sbi (*)
    2014-01-15 Includes\Trojans-VM-017.sbi (*)
    2014-01-15 Includes\Trojans-VM-018.sbi (*)
    2014-01-15 Includes\Trojans-VM-019.sbi (*)
    2014-01-15 Includes\Trojans-VM-020.sbi (*)
    2014-01-15 Includes\Trojans-VM-021.sbi (*)
    2014-01-15 Includes\Trojans-VM-022.sbi (*)
    2014-01-15 Includes\Trojans-VM-023.sbi (*)
    2014-01-15 Includes\Trojans-VM-024.sbi (*)
    2014-01-15 Includes\Trojans-ZB-000.sbi (*)
    2014-01-15 Includes\Trojans-ZL-000.sbi (*)
    2014-01-09 Includes\Trojans.sbi (*)
    2014-01-16 Includes\TrojansC-01.sbi (*)
    2014-01-16 Includes\TrojansC-02.sbi (*)
    2014-01-16 Includes\TrojansC-03.sbi (*)
    2014-01-16 Includes\TrojansC-04.sbi (*)
    2014-01-16 Includes\TrojansC-05.sbi (*)
    2014-01-09 Includes\TrojansC.sbi (*)

    =============================

  8. #18
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi spyCype,

    You are quite welcome.

    Please see the Spybot log files attached from to consecutive scans.
    What is your question about the Spybot logs?

    Do you think Spybot can manage this computer as a virus screening program or should I concurrently use AVG as well.
    Is your copy of Spybot a paid version or free?

    Now, do I need to clean up all the programs that I downloaded for the computer checking such as faberware, JRT, adware etc. and its associated files on the desktop. Please advise.
    We will clean up all the tools and logs in short order. Please do not remove anything just yet.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  9. #19
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi spyCype,

    Just checking in to see if you still need help?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  10. #20
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.

    If you still require help, please start a new topic and include fresh FRST and aswMBR logs, along with a link to your previous thread.

    Please do not add any logs that might have been requested previously, you would be starting fresh.

    Applies only to the original poster, anyone else with similar problems please start your own topic.
    Last edited by tashi; 2015-02-16 at 21:38. Reason: Thank you OCD. :-)
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •