Jump to content

Conduit Toolbar has installed several PUPs and I need help.


Recommended Posts

This is my first post, so bare with me.

 

 

I just bought a new PC last week (for gaming) and I click what I thought was a link to download google chrome. I knew I had messed up when it asked me if I wanted to install several toolbars, at which case I shut everything down, but it was too late. Conduit had been installed. So I ran the following list of programs:

 

1. Rkill

2. ADWCleaner

3. Malware Bytes

4. Junk Removal Tool

5. HitmanPro(64 bit)

 

After I thought I had successfully deleted conduit, I ran my weekly check last night and these were my results:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 8 x64
Ran by Traven on Sat 08/31/2013 at 23:56:24.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289663
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/31/2013 at 23:58:46.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
After I ran that, I restarted my PC to find MalWareBytes had quarantined several programs. Log list is here:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.23.07
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16384
iTzx :: TRAVENSPC [administrator]
 
Protection: Enabled
 
8/23/2013 4:19:09 PM
mbam-log-2013-08-23 (16-19-09).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285267
Time elapsed: 7 minute(s), 16 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 7
C:\Users\iTzx\AppData\Local\Temp\airCFF1.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Users\iTzx\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\iTzx\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\iTzx\AppData\Local\Temp\ct3289663\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\iTzx\AppData\Local\Temp\ct3289663\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\iTzx\AppData\Local\Temp\ct3289663\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\iTzx\AppData\Local\Temp\ct3289663\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)
 
I need help making sure my PC is COMPLETELY clean. I ran Windows Defender twice and it came up with nothing, I ran through my list of programs I mentioned at the start twice, and again it came back clean. Help? 
 
Link to post
Share on other sites

This is my first post, so bare with me.

 

Here is my DDS.text

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Traven at 21:33:57 on 2013-09-01
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8122.6596 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{123E1D51-98F7-4350-A8CE-2FC9A4122CA4} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-8-16 149032]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-23 166432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-23 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-23 701512]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-23 365600]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-4-23 98744]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\Drivers\hitmanpro37.sys [2013-8-31 32512]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\Drivers\ikbevent.sys [2012-8-16 20968]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\Drivers\imsevent.sys [2012-8-16 19944]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\Drivers\ISCTD64.sys [2013-1-19 46568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-8-23 25928]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-8-23 690832]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\Drivers\WPRO_41_2001.sys [2013-8-23 34752]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\Drivers\amdkmafd.sys [2012-9-22 21160]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2013-09-02 02:39:55 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA620FD9-BD29-47EF-A47B-733C04971338}\mpengine.dll
2013-09-01 07:08:30 941720 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3BC58AA-F2E4-4184-9CB6-414C741201AC}\gapaengine.dll
2013-09-01 07:08:15 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-01 06:55:06 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-09-01 06:06:43 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2013-08-31 22:31:10 -------- d-----w- C:\Users\iTzx\AppData\Local\Sidebar7
2013-08-31 05:33:40 -------- d-----w- C:\Users\iTzx\AppData\Local\Adobe
2013-08-31 03:22:34 -------- d-----w- C:\BOSS
2013-08-29 04:52:35 -------- d-----w- C:\Users\iTzx\AppData\Local\Ubisoft Game Launcher
2013-08-27 18:50:18 -------- d-----w- C:\Windows\SysWow64\AGEIA
2013-08-27 18:50:10 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-08-26 22:53:08 301568 ----a-w- C:\Windows\System32\newdev.dll
2013-08-26 22:53:07 76288 ----a-w- C:\Windows\System32\newdev.exe
2013-08-26 22:53:07 75264 ----a-w- C:\Windows\System32\ndadmin.exe
2013-08-26 22:53:07 74240 ----a-w- C:\Windows\SysWow64\newdev.exe
2013-08-26 22:53:07 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe
2013-08-26 22:53:07 275968 ----a-w- C:\Windows\SysWow64\newdev.dll
2013-08-26 22:53:06 68608 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-08-26 22:53:01 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
2013-08-26 22:53:01 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
2013-08-26 22:53:01 1184256 ----a-w- C:\Windows\System32\Display.dll
2013-08-26 22:53:01 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
2013-08-26 22:51:43 3236864 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2013-08-26 22:50:59 46592 ----a-w- C:\Windows\SysWow64\vds_ps.dll
2013-08-26 22:49:59 533224 ----a-w- C:\Windows\System32\drivers\bxvbda.sys
2013-08-26 22:48:59 76288 ----a-w- C:\Windows\System32\RpcEpMap.dll
2013-08-26 22:32:41 -------- d-----w- C:\Users\iTzx\AppData\Local\ArmA 2
2013-08-26 22:26:44 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-26 22:26:44 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-25 20:52:15 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2013-08-25 20:52:15 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2013-08-25 20:52:15 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-08-25 20:51:31 -------- d-----w- C:\ProgramData\Battle.net
2013-08-25 19:13:12 -------- d-----w- C:\Users\iTzx\AppData\Local\SCE
2013-08-25 18:57:17 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-25 18:57:15 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-25 07:03:25 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll
2013-08-25 05:20:47 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-25 05:02:06 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-08-25 05:02:01 -------- d-----w- C:\Users\iTzx\AppData\Local\PunkBuster
2013-08-25 05:01:55 -------- d-----w- C:\Windows\System32\MRT
2013-08-25 05:01:00 -------- d-----w- C:\Users\iTzx\AppData\Local\ESN
2013-08-25 05:00:56 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2013-08-25 04:49:27 -------- d-----w- C:\ProgramData\EA Core
2013-08-25 04:49:26 -------- d-----w- C:\ProgramData\EA Logs
2013-08-25 02:55:14 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2013-08-25 02:55:12 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-08-25 02:52:40 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-08-25 02:51:19 3552768 ----a-w- C:\Windows\System32\tquery.dll
2013-08-25 02:50:59 94208 ----a-w- C:\Windows\SysWow64\mssitlb.dll
2013-08-25 02:48:51 1255936 ----a-w- C:\Windows\System32\certutil.exe
2013-08-25 02:48:50 141312 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-25 02:48:50 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-25 02:48:50 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-08-25 02:48:39 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-25 02:48:38 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-08-25 02:45:36 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-08-25 02:45:36 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-08-25 02:44:12 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll
2013-08-25 02:44:12 149264 ----a-w- C:\Program Files\Windows Defender\SymSrv.dll
2013-08-25 02:44:00 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-25 02:44:00 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-25 02:41:46 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-08-25 02:41:46 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-08-25 02:41:46 4036096 ----a-w- C:\Windows\System32\win32k.sys
2013-08-25 02:41:26 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
2013-08-25 02:41:26 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
2013-08-25 02:39:53 9216 ----a-w- C:\Windows\System32\dpnhupnp.dll
2013-08-25 02:38:47 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-08-25 02:38:47 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-08-25 02:38:46 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-08-25 02:38:42 861184 ----a-w- C:\Windows\System32\drivers\http.sys
2013-08-24 22:34:38 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-08-24 22:34:09 -------- d-----w- C:\Users\iTzx\AppData\Roaming\Origin
2013-08-24 22:34:08 -------- d-----w- C:\Users\iTzx\AppData\Local\Origin
2013-08-24 22:32:07 -------- d-----w- C:\ProgramData\Origin
2013-08-24 22:32:06 -------- d-----w- C:\ProgramData\Electronic Arts
2013-08-24 22:32:05 -------- d-----w- C:\Program Files (x86)\Origin
2013-08-24 22:30:50 -------- d-----w- C:\Users\iTzx\AppData\Local\The Witcher 2
2013-08-24 20:47:04 -------- d-----w- C:\Users\iTzx\AppData\Local\Black_Tree_Gaming
2013-08-24 18:43:22 -------- d-----w- C:\Users\iTzx\AppData\Local\Skyrim
2013-08-24 18:31:32 -------- d-----w- C:\Users\iTzx\AppData\Local\PokerStars.NET
2013-08-24 18:31:20 -------- d-----w- C:\Program Files (x86)\PokerStars.NET
2013-08-24 09:37:23 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2013-08-24 09:37:23 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2013-08-24 09:37:23 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2013-08-24 09:37:23 124040 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-08-24 09:37:23 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2013-08-24 09:37:23 102528 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-08-24 09:33:31 -------- d-----w- C:\Program Files\Nexus Mod Manager
2013-08-24 08:27:27 -------- d-----w- C:\Users\iTzx\AppData\Roaming\Toribash
2013-08-24 08:27:10 -------- d-----w- C:\Games
2013-08-24 08:25:23 -------- d-----w- C:\Fraps
2013-08-24 07:07:59 73544 ----a-w- C:\Windows\System32\XAPOFX1_3.dll
2013-08-24 07:05:52 -------- d-----w- C:\Users\iTzx\AppData\Local\CrashDumps
2013-08-24 06:34:05 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-08-24 06:34:05 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-24 06:34:04 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-24 04:06:33 -------- d-----w- C:\Users\iTzx\AppData\Local\ElevatedDiagnostics
2013-08-24 04:03:18 -------- d-----w- C:\Users\iTzx\AppData\Roaming\Awesomium
2013-08-24 03:58:39 -------- d-----w- C:\Users\iTzx\AppData\Local\ATI
2013-08-24 00:39:36 -------- d-----w- C:\ProgramData\AMD
2013-08-24 00:39:35 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-08-24 00:39:35 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-08-24 00:38:54 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-08-24 00:38:47 -------- d-----w- C:\Program Files\ATI Technologies
2013-08-24 00:38:45 -------- d-----w- C:\Program Files\ATI
2013-08-24 00:38:09 -------- d-----w- C:\AMD
2013-08-24 00:14:37 -------- d-----w- C:\winki
2013-08-24 00:14:16 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-08-24 00:12:44 8192 ----a-r- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-08-24 00:12:08 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-08-24 00:12:08 -------- d-----w- C:\Program Files\Realtek
2013-08-24 00:10:55 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-08-24 00:10:39 -------- d-----w- C:\Intel
2013-08-24 00:08:36 -------- d-----w- C:\MSI
2013-08-23 23:37:09 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-08-23 23:37:07 -------- d-----w- C:\Program Files (x86)\Steam
2013-08-23 23:28:34 -------- d-----w- C:\ProgramData\HitmanPro
2013-08-23 23:16:33 -------- d-----w- C:\Windows\ERUNT
2013-08-23 23:14:30 -------- d-----w- C:\AdwCleaner
2013-08-23 23:07:39 -------- d-----w- C:\Program Files\CCleaner
2013-08-23 23:03:12 -------- d-----w- C:\Users\iTzx\AppData\Roaming\Malwarebytes
2013-08-23 23:02:49 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-23 23:02:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-23 23:02:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-23 22:55:34 -------- d-----w- C:\Users\iTzx\AppData\Local\Programs
2013-08-23 22:54:57 -------- d-----w- C:\Users\iTzx\AppData\Local\Google
2013-08-23 22:54:48 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-08-23 22:54:15 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-08-23 22:50:19 -------- d-----r- C:\Users\iTzx\Searches
2013-08-23 22:50:19 -------- d-----r- C:\Users\iTzx\Contacts
2013-08-23 14:45:05 -------- d-----w- C:\Windows\Panther
2013-08-23 13:45:48 0 ----a-w- C:\Windows\ativpsrm.bin
.
==================== Find3M  ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:13:28 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-07-26 05:13:28 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:13:15 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 00:54:34 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll
2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
.
============= FINISH: 21:34:08.64 ===============
 
Here is the Attach.exe:
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 8/23/2013 3:49:35 PM
System Uptime: 8/31/2013 11:54:45 PM (22 hours ago)
.
Motherboard: MSI |  | B75MA-P45 (MS-7798)
Processor: Intel® Pentium® CPU G860 @ 3.00GHz | SOCKET 0 | 3000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 665.854 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 8/23/2013 4:36:52 PM - Installed Steam
RP2: 8/24/2013 7:35:35 PM - Installed DirectX
RP3: 8/26/2013 3:31:05 PM - Installed DirectX
RP4: 8/27/2013 9:14:21 PM - Installed DirectX
RP5: 8/31/2013 3:30:29 PM - Installed 8GadgetPack
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Wireless Display v3.0
Arma 2
Arma 2: British Armed Forces
Arma 2: DayZ Mod
Arma 2: Operation Arrowhead
Arma 2: Private Military Company
Battlefield 3™
Battlelog Web Plugins
BattlEye Uninstall
BOSS
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chivalry: Medieval Warfare
Command and Conquer: Red Alert 3 - Uprising
Crysis 2 Maximum Edition
Dishonored
ESN Sonar
Fraps
Google Chrome
Google Update Helper
Intel® Control Center
Intel® Management Engine Components
Intel® Smart Connect Technology 3.0 x64
Intel® Trusted Connect Service Client
Java 7 Update 25
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mirror's Edge
Nexus Mod Manager
NVIDIA PhysX v8.10.17
Orcs Must Die! 2
Origin
PlanetSide 2
PokerStars.net
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Saints Row IV
Sid Meier's Civilization V
Sleeping Dogs™
Steam
The Elder Scrolls V: Skyrim
The Sims™ 3
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Witcher 2: Assassins of Kings Enhanced Edition
Tom Clancy's Splinter Cell Blacklist
Uplay
Winki
WinRAR 5.00 beta 8 (64-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
8/31/2013 11:55:08 PM, Error: Service Control Manager [7024]  - The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:  The operation completed successfully.
8/29/2013 6:34:22 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
8/29/2013 6:34:22 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/25/2013 12:22:51 PM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
.
==== End Of File ===========================
 
Explanation:

 

I just bought a new PC last week (for gaming) and I click what I thought was a link to download google chrome. I knew I had messed up when it asked me if I wanted to install several toolbars, at which case I shut everything down, but it was too late. Conduit had been installed. I ran a scan that came up clean, but after scanning I restarted and it detected a few program that I listed in the JRT.exe. One that couldn't be removed was Toolbarhelper.exe and a program that was blocked that I noticed was stub.exe. What are these? Here's the list of programs that I used prior to that: 

 

1. Rkill

2. ADWCleaner

3. Malware Bytes

4. Junk Removal Tool

5. HitmanPro(64 bit)

 

After I thought I had successfully deleted conduit, I ran my weekly check last night and these were my results:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 8 x64
Ran by Traven on Sat 08/31/2013 at 23:56:24.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289663
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/31/2013 at 23:58:46.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
After I ran that, I restarted my PC to find MalWareBytes had quarantined several programs. Log list is here:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.23.07
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16384
iTzx :: TRAVENSPC [administrator]
 
Protection: Enabled
 
8/23/2013 4:19:09 PM
mbam-log-2013-08-23 (16-19-09).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285267
Time elapsed: 7 minute(s), 16 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 7
C:\Users\iTzx\AppData\Local\Temp\airCFF1.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Users\iTzx\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\iTzx\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\iTzx\AppData\Local\Temp\ct3289663\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\iTzx\AppData\Local\Temp\ct3289663\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\iTzx\AppData\Local\Temp\ct3289663\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\iTzx\AppData\Local\Temp\ct3289663\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)
 
I need help making sure my PC is COMPLETELY clean. I ran Windows Defender twice and it came up with nothing, I ran through my list of programs I mentioned at the start twice, and again it came back clean. Help? 

 

Link to post
Share on other sites

  • Root Admin

I'm sorry but it can sometimes take days before someone is available to assist you.  You have not followed the requested steps and have pretty much taken off an done your own self-medicating which then often prompts helpers to not want to assist you.   This is not a chat program it is a forum that tries to assist users as quickly as they can.

 

Please be patient and stop self medicating the computer and as soon as someone is available they will assist you.

 

http://forums.malwarebytes.org/index.php?showtopic=9573

 

Thank you

Link to post
Share on other sites

Okay thanks. I actually found my problem in another post, and followed the links to solve it. No traces so far, so thanks for having this forum that allowed me to fix my issue. If I come across another issue I'll be sure to post here and follow the steps. Sorry about that.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.