AdwCleaner- removing but not removingTrymedia/Conduit

Discussion in 'Windows - Virus and spyware problems' started by bauld1, Jul 18, 2013.

  1. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi everyone,
    AdwCleaner has found and deleted trymedia and conduit several times now when scanning.
    are they viruses and why are they reappearing if AdwCleaner is deleting them.
    Also in the last couple of days a message An unauthorised change was made to windows
    Error 0xcoo4 d401 security processor reported a system file mismatch error
    Are these 2 different problems or are they related.Laptop is not running slow,but it does get very hot
    maybe a coincidence or just the age of the laptop(6yrs).
    Thanks in advance for any help or advice
    cheers bauld 1
     
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Poor bauld1. You seem to have weird problems. Let's see what we can do.

    Re-run AdwCleaner and don’t fix anything yet just post the log.

    Please download AdwCleaner from here and save it on your Desktop.

    • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
    • Now click on the Search tab.
    • Please post the the log-file for me to look over in your next post.

    2oG
     
  3. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi 2oG
    log for AdwCleaner# AdwCleaner v2.112 - Logfile created 07/18/2013 at 19:39:50
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows (TM) Vista Ultimate (64 bits)
    # User : intro - INTRO-PC
    # Boot Mode : Normal
    # Running from : C:\Users\colin\Desktop\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Users\colin\AppData\Local\Conduit

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v7.0.6000.16982

    [OK] Registry is clean.

    -\\ Opera v12.16.1860.0

    File : C:\Users\intro\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    File : C:\Users\colin\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    File : C:\Users\carol\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    File : C:\Users\ciara\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.
     
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Not much there….

    Next run this one:

    Please download Junkware Removal Tool to your desktop.
    Shut down your protection software now to avoid potential conflicts. Turn off any Anti-Virus or Malware scanner…
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    We’ll see what this turns up..
    2oG
     
  5. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi 2oG
    log for jrt
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.9 (03.06.2013:1)
    OS: Windows (TM) Vista Ultimate x64
    Ran by intro on 18/07/2013 at 20:07:06.23
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 18/07/2013 at 20:24:42.98
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  6. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi 2oG
    only log that came up,should there be more info?checked and no other txt info is on comp.
    When i run and delete AdwCleaner it says trymedia and conduit removed,but when i run it again a few days or whatever they both appear.just wasnt sure if they were viruses or not,the windows error 0xc004d401 seems to be causing logging on probs,thought they may be connected.
    Thanks again for your time,knowledge and help
    cheers
    bauld 1
     
  7. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Nothing shown up yet. What problems are you having other than it reoccurring??

    Did you get a BSOD blue screen with the Error 0xcoo4 d401?

    Run a Hijackthis and post a Log for me..

    2oG
     
  8. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi 2oG
    just comp is running fast and getting hot very quickly.The windows message started a couple of weeks ago but was about windows office,i ran jrt,adw,tfc and malware and it disappeared for a while but a couple of times i had to shut down comp to log on as the warning would not let me log on,but now message has changed to
    An unauthorised change was made to Windows you will no longer recieve notifications including those about your license or activation.Use link below to find out how to fix your system.Error 0XC4004 D401
    Security processor Reported a system file mismatch error.
    strange as it may seen i haven't clicked on the link,I did before and it took me to microsft site for upgrading office.
    going to run and post Hijack this now,again thanks for you help,knowledge and patience
     
    Last edited: Jul 18, 2013
  9. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi 2oG
    Sorry for delay had to keep shutting comp down to log on.downloaded Hijackthis from file hippo
    but cant copy and post log,tried everything i know and cant paste it,right clicked on icon,run as admin never came up,tried clicking on notepad,Start ,run etc didnt work either,any suggestions.
    I logged off my page ,thought that was prob,now on as admin same happening.
    Apologies for my stupidity but dont know what else to do,apart from run the scan and type out result(with my typing skills about 3 days lol)
    Cheers
    bauld1
     
  10. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    After digging into my notes from the (yuck) Vista days, I came upon this:

    This dastardly error seems to surface out of nowhere. You’ll be quietly going about your business, when all of a sudden, WHAM!, a dialog box appears displaying the following text:

    "Windows Vista Error 0XC004D401: The security processor reported a system file mismatch error."

    Or, you might see this error message:

    "An unauthorized change was made to your license.To keep your system stable, you must go online and validate that your software is genuine.”

    There are some antivirus programs and Digital Rights Management programs that are incompatible with Windows Vista. that causes error 0XC004D401:
    Here’s a list of software. Installing this software can introduce the aforementioned error.

    PC Tools Spyware Doctor
    Trend Micro OfficeScan
    Blumentals Software iNET Protector
    PC Tools Firewall Plus
    TuneUp Utilities
    Trend Micro PC-Cillin Internet Security

    Can you boot into Safe Mode?? I hope so and if you can look for and uninstall any of these known programs and while you are at it, uninstall any Antivirus/Malware scanners or Tuneup/cleanup programs you may have. You can always reinstall or replace them with something else.

    Why are you still using Vista? It nearly drove me crazy back in it's day.. lol

    If you can get into safe mode run a HJT log from there..

    Try and let me know.

    2oG
     
  11. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    bauld1, in what way is the computer getting hot as in the case or cpu itself?
     
  12. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi 2oG
    nothing that i know of has been installed recently,so dont know where or how it became corrupt,Avast,maleware,jrt,adwarecleanerand tfc are all i use.I also noticed when i clear browsing history facebook.com is always there,i never use it but the wifes never off it(seperate pages),maybe something has been corrupted with that.
    any way will try safe mode and see if i can get that log for you,many thanks again(i never make it easy for ya lol)
    cheers
     
  13. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    success in safe mode hijackthis log thanks


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 00:23:05, on 19/07/2013
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16982)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files (x86)\Online Games Manager\ogmservice.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

    --
    End of file - 8073 bytes
     
  14. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi ddp,
    Hope all is well,
    Both,the fan is blowing out really hot air,the bottom left of laptop and underneath laptop get very hot
    maybe its because its old its working hard,but the last time i had probs i remember it sounding as if it was working hard and getting hot,cleaned around the fan outside but nothing seems to be blocking the vent.I sit it on the table propped up and fan it with a newspaper or whatever to try and cool it down lol.
    take care and thanks again
     
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    All I can see is that your computer is as clean as a hound's tooth or an old maid's parlor.

    As DDP inquired, you may have a hardware problem with the overheating and need to check that out.
    You may have dirt and lint built up in the Heatsink Fins.

    Vista was notorious for this error and there is a ton of info on the internet about it.

    Check to see if a system file has been corrupted:
    open the run box and type in: "SFC /scannow" without the quotes and run it to see if it can correct a corrupted system file. I really don't remember how it's done on Vista but I think that is right..

    2oG
     
    Last edited: Jul 18, 2013
  16. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    bauld1, do you have access or can get access to an air compressor to give the laptop's vents a good blow job? had to do that to a customer's laptop & it resolved the issues he was getting from the overheating.
     
  17. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Yeah, but turn it down.. 200 psi is OVERKILL!
     
  18. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi ddp and 2oG
    thanks again for the help ill try the,blow job and scannow shortly and let u know how i get on ,hopefully this will find the corrupted file or fix it,sorry for being a pain,be good and take care
    thanks again for your help,knowledge and wisdom
    Cheers
    bauld1
     
  19. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,266
    Likes Received:
    63
    Trophy Points:
    78
    Avast has a bad habbit of quarrantining system files,would pay to check it hasn't got hold of some of them,then again there's always windows loader by daz
     
  20. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    haven't heard from you.... Any joy from the Blow job or scannow???
    Let us know..

    2oG
     

Share This Page