Jump to content

Malwarebytes trying to block access to website


Recommended Posts

Hello

I am constantly getting a pop-up that "Malwarebytes Anti-Malware sucessfully blocked access to a potentially malicious website 162.210.192.21

Type: outgoing

Port #: a number is given but it never is the same

Process: is either sesclu.exe or iexplore.exe

 

I have done full system scans, have been following posts on similar problems.  Nothing seems to be working.  I am computer saave but can follow directions well. HELP

 

Here is the Log from Malwarebytes'

2013/12/21 22:12:17 -0500 TOSH7B02275H mmacdonald MESSAGE Executing scheduled update:  Daily
2013/12/21 22:12:20 -0500 TOSH7B02275H mmacdonald ERROR Scheduled update failed:  No address found failed with error code 0
2013/12/21 22:18:49 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49826, Process: iexplore.exe)
2013/12/21 22:18:49 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49827, Process: iexplore.exe)
2013/12/21 22:18:49 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49828, Process: iexplore.exe)
2013/12/21 22:18:49 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49829, Process: iexplore.exe)
2013/12/21 22:18:49 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49830, Process: iexplore.exe)
2013/12/21 22:22:08 -0500 TOSH7B02275H mmacdonald MESSAGE Starting database refresh
2013/12/21 22:22:08 -0500 TOSH7B02275H mmacdonald MESSAGE Stopping IP protection
2013/12/21 22:22:09 -0500 TOSH7B02275H mmacdonald MESSAGE IP Protection stopped successfully
2013/12/21 22:22:14 -0500 TOSH7B02275H mmacdonald MESSAGE Database refreshed successfully
2013/12/21 22:22:14 -0500 TOSH7B02275H mmacdonald MESSAGE Starting IP protection
2013/12/21 22:22:16 -0500 TOSH7B02275H mmacdonald MESSAGE IP Protection started successfully
2013/12/21 22:30:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49945, Process: sesclu.exe)
2013/12/21 22:30:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49946, Process: sesclu.exe)
2013/12/21 22:30:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49947, Process: sesclu.exe)
2013/12/21 22:30:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49948, Process: sesclu.exe)
2013/12/21 22:30:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49949, Process: sesclu.exe)
2013/12/21 22:33:51 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49966, Process: iexplore.exe)
2013/12/21 22:33:51 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49967, Process: iexplore.exe)
2013/12/21 22:33:51 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49968, Process: iexplore.exe)
2013/12/21 22:33:51 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49969, Process: iexplore.exe)
2013/12/21 22:33:51 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49970, Process: iexplore.exe)
2013/12/21 22:36:39 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49995, Process: sesclu.exe)
2013/12/21 22:36:39 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49996, Process: sesclu.exe)
2013/12/21 22:36:39 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49997, Process: sesclu.exe)
2013/12/21 22:36:39 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49998, Process: sesclu.exe)
2013/12/21 22:36:39 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49999, Process: sesclu.exe)
2013/12/21 22:39:52 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50028, Process: iexplore.exe)
2013/12/21 22:39:52 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50029, Process: iexplore.exe)
2013/12/21 22:39:52 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50030, Process: iexplore.exe)
2013/12/21 22:39:52 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50031, Process: iexplore.exe)
2013/12/21 22:39:52 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50032, Process: iexplore.exe)
2013/12/21 22:45:52 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50061, Process: iexplore.exe)
2013/12/21 22:45:52 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50062, Process: iexplore.exe)
2013/12/21 22:45:52 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50063, Process: iexplore.exe)
2013/12/21 22:45:52 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50064, Process: iexplore.exe)
2013/12/21 22:45:52 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50065, Process: iexplore.exe)
2013/12/21 22:51:53 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50088, Process: iexplore.exe)
2013/12/21 22:51:53 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50089, Process: iexplore.exe)
2013/12/21 22:51:53 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50090, Process: iexplore.exe)
2013/12/21 22:51:53 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50091, Process: iexplore.exe)
2013/12/21 22:51:53 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50092, Process: iexplore.exe)
2013/12/21 22:57:53 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50120, Process: iexplore.exe)
2013/12/21 22:57:53 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50121, Process: iexplore.exe)
2013/12/21 22:57:53 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50122, Process: iexplore.exe)
2013/12/21 22:57:53 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50123, Process: iexplore.exe)
2013/12/21 22:57:53 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50124, Process: iexplore.exe)
2013/12/21 23:03:54 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50142, Process: iexplore.exe)
2013/12/21 23:03:54 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50143, Process: iexplore.exe)
2013/12/21 23:03:54 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50144, Process: iexplore.exe)
2013/12/21 23:03:54 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50145, Process: iexplore.exe)
2013/12/21 23:03:54 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50146, Process: iexplore.exe)
2013/12/21 23:15:15 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50268, Process: iexplore.exe)
2013/12/21 23:15:15 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50269, Process: iexplore.exe)
2013/12/21 23:15:15 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50270, Process: iexplore.exe)
2013/12/21 23:15:15 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50271, Process: iexplore.exe)
2013/12/21 23:15:15 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50272, Process: iexplore.exe)
 

Here is the DDS contents

attach.zip

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.5.1
Run by mmacdonald at 22:32:23 on 2013-12-21
Microsoft Windows 7 Professional   6.1.7601.1.1252.2.1033.18.2721.864 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\LTSvc\LTSVC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\N-able Technologies\NRM\RSMWinService.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\IIS Express\iisexpress.exe
C:\windows\system32\conhost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\windows\System32\tlntsvr.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe
C:\Program Files\N-able Technologies\Windows Agent\bin\agent.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\LTsvc\LTSvcMon.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\Sync Utility\TosSyncScheduler.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files\Rogers\Rogers Connection Manager\WaHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\LTSVC\LTTray.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\mmacdonald\Downloads\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve

mURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - c:\program files\whitesmoke_us_new\prxtbWhit.dll
BHO: TFPUPWDBankBHO Class: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - c:\program files\toshiba\tfpu\TFPUPWDBankBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - c:\program files\whitesmoke_us_new\prxtbWhit.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: WhiteSmoke US New Toolbar: {462BE121-2B54-4218-BF00-B9BF8135B23F} - c:\program files\whitesmoke_us_new\prxtbWhit.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - c:\program files\whitesmoke_us_new\prxtbWhit.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [TFPUPWDBankService] c:\program files\toshiba\tfpu\TFPUPWDBank.exe /start
mRun: [TFPUService] c:\program files\toshiba\tfpu\TFPUTaskMonitor.exe /start
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [iTSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [TSleepSrv] c:\program files\toshiba\toshiba sleep utility\TSleepSrv.exe
mRun: [TSUScheduler] c:\program files\toshiba\sync utility\TosSyncScheduler.exe
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [iJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe
mRun: [TRUUpdater] "c:\program files\sierra wireless inc\webupdater\TRUUpdater.exe" /bkground
mRun: [WatcherHelper] "c:\program files\rogers\rogers connection manager\WaHelper.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\networ~1.lnk - c:\windows\ltsvc\LTTray.exe
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
mPolicies-System: RunStartupScriptSync = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\toshiba\bulletinboard\TosBBCom.dll
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A7587153-E9AA-4683-BD1C-851491BA4579} : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A7587153-E9AA-4683-BD1C-851491BA4579}\155716C69647970235579647563702C4F6E646F6E6 : DHCPNameServer = 208.67.222.222 208.67.220.220 8.8.4.4 4.2.2.2
TCP: Interfaces\{A7587153-E9AA-4683-BD1C-851491BA4579}\366696 : DHCPNameServer = 10.0.0.4
TCP: Interfaces\{A7587153-E9AA-4683-BD1C-851491BA4579}\461647166716C65647 : DHCPNameServer = 10.255.1.1
TCP: Interfaces\{A7587153-E9AA-4683-BD1C-851491BA4579}\461647166716C6564713 : DHCPNameServer = 10.255.1.1
TCP: Interfaces\{A7587153-E9AA-4683-BD1C-851491BA4579}\4656661657C647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A7587153-E9AA-4683-BD1C-851491BA4579}\96D284F64756C6023427F677E6560205C616A71602D4F6E63647F6E6 : DHCPNameServer = 172.16.48.2
TCP: Interfaces\{B2BE2E73-B039-4234-B466-C013345041BC} : DHCPNameServer = 10.0.0.4
TCP: Interfaces\{DB2ED4F2-3EA3-43D6-9DC1-43D986B103D5} : NameServer = 64.71.255.198 64.71.255.253e4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\search~1\search~1\datamngr.dll   c:\progra~1\wxdown~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-6-17 2043712]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-28 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 LTService;TUC RMM Service;c:\windows\ltsvc\ltsvc.exe -sltservice --> c:\windows\ltsvc\LTSVC.exe -sLTService [?]
R2 LTSvcMon;TUC RMM Service CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2013-3-26 100864]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-28 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-28 701512]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\sqlservr.exe [2010-5-5 42884448]
R2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2011-4-22 75776]
R2 RSMWebServer;RSMWebServer;c:\program files\n-able technologies\nrm\RSMWinService.exe [2012-1-11 64000]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2011-12-22 21320]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\sierra wireless inc\common\SwiCardDetect.exe [2011-5-20 238960]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-7-6 1775344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2011-4-7 210360]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-9-20 2656280]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-9-22 645048]
R2 Windows Agent Maintenance Service;Windows Agent Maintenance Service;c:\program files\n-able technologies\windows agent\bin\AgentMaint.exe [2011-12-9 28672]
R2 Windows Agent Service;Windows Agent Service;c:\program files\n-able technologies\windows agent\bin\agent.exe [2011-12-9 204800]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-6-17 677320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-11-30 108120]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-10-15 269824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-28 22856]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-12-24 41088]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2011-1-5 227600]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-1-4 7435264]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-2-10 63872]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-2-10 141952]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-9-20 24064]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-9-20 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-12-8 112032]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2011-4-5 685488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 Sage Simply Accounting Transaction Manager 2012 - CDN;Sage Simply Accounting Transaction Manager 2012 - CDN;c:\program files\winsim\transactionmanager2012 - cdn\Sage_SA.TransactionManager.exe [2012-12-11 46960]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2011-4-13 21504]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [2013-1-2 215552]
S3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [2013-1-2 83968]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2013-1-2 236032]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-20 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-5-5 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\SQLAGENT.EXE [2010-5-5 367456]
.
=============== Created Last 30 ================
.
2013-12-17 03:38:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-17 03:35:45 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-13 01:56:05 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-13 01:55:56 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-13 01:55:56 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-13 01:55:55 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-13 01:55:55 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-13 01:55:46 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-13 01:55:46 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-13 01:55:38 159232 ----a-w- c:\windows\system32\imagehlp.dll
.
==================== Find3M  ====================
.
2013-12-17 03:06:59 75776 ----a-w- c:\windows\system32\drivers\risdxc86.sys.bak
2013-12-13 02:14:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-13 02:14:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe
2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-23 18:34:17 256 ----a-w- c:\windows\system32\pool.bin
.
============= FINISH: 22:33:17.67 ===============
 

 

 

Link to post
Share on other sites

Welcome to the forum.

Please uninstall these from your add/remove programs:

Ask Toolbar
Ask Toolbar Updater
WhiteSmoke US New Toolbar


Then.............

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : mmacdonald [Admin rights]
Mode : Scan -- Date : 12/22/2013 09:43:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{DB2ED4F2-3EA3-43D6-9DC1-43D986B103D5} : NameServer (64.71.255.198 64.71.255.253e4 [CANADA (CA) - CANADA (CA)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{DB2ED4F2-3EA3-43D6-9DC1-43D986B103D5} : NameServer (64.71.255.198 64.71.255.253e4 [CANADA (CA) - CANADA (CA)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{DB2ED4F2-3EA3-43D6-9DC1-43D986B103D5} : NameServer (64.71.255.198 64.71.255.253e4 [CANADA (CA) - CANADA (CA)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SECU][PUM] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA THNSNC128GMLJ +++++
--- User ---
[MBR] 7d7522ad2b8db8d13f92633c883ad0e0
[bSP] 281ef967bfea0fd1b356232c7b1a9e3e : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 78390 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 163616768 | Size: 27472 Mo
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 219879424 | Size: 14741 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12222013_094311.txt >>

 

 

Link to post
Share on other sites

Lets run some scans.

First:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

No Cleanup was required after the second scan with the Anti-Rootkit.  It did not request reboot but I did anyways.  Windows Update is on (last updated yesterday at 5 p.m. and Firewall is on.  All was looking good but the pop-up is still coming on.  In fact it was coming up during the scanning.  Here is the log

 

2013/12/22 09:04:30 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51026, Process: iexplore.exe)
2013/12/22 09:04:30 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51027, Process: iexplore.exe)
2013/12/22 09:04:30 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51028, Process: iexplore.exe)
2013/12/22 09:04:30 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51029, Process: iexplore.exe)
2013/12/22 09:04:30 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51030, Process: iexplore.exe)
2013/12/22 09:10:31 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51225, Process: iexplore.exe)
2013/12/22 09:10:31 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51226, Process: iexplore.exe)
2013/12/22 09:10:31 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51227, Process: iexplore.exe)
2013/12/22 09:10:31 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51228, Process: iexplore.exe)
2013/12/22 09:10:31 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51229, Process: iexplore.exe)
2013/12/22 09:16:32 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51286, Process: iexplore.exe)
2013/12/22 09:16:32 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51287, Process: iexplore.exe)
2013/12/22 09:16:32 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51288, Process: iexplore.exe)
2013/12/22 09:16:32 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51289, Process: iexplore.exe)
2013/12/22 09:16:32 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51290, Process: iexplore.exe)
2013/12/22 09:22:32 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51305, Process: iexplore.exe)
2013/12/22 09:22:32 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51306, Process: iexplore.exe)
2013/12/22 09:22:32 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51307, Process: iexplore.exe)
2013/12/22 09:22:32 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51308, Process: iexplore.exe)
2013/12/22 09:22:32 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51309, Process: iexplore.exe)
2013/12/22 09:28:33 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51369, Process: iexplore.exe)
2013/12/22 09:28:33 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51370, Process: iexplore.exe)
2013/12/22 09:28:33 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51371, Process: iexplore.exe)
2013/12/22 09:28:33 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51372, Process: iexplore.exe)
2013/12/22 09:28:33 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51373, Process: iexplore.exe)
2013/12/22 09:43:06 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51474, Process: iexplore.exe)
2013/12/22 09:43:07 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51475, Process: iexplore.exe)
2013/12/22 09:43:07 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51476, Process: iexplore.exe)
2013/12/22 09:43:07 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51477, Process: iexplore.exe)
2013/12/22 09:43:07 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51478, Process: iexplore.exe)
2013/12/22 09:51:47 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51528, Process: iexplore.exe)
2013/12/22 09:51:48 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51531, Process: iexplore.exe)
2013/12/22 09:51:48 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51532, Process: iexplore.exe)
2013/12/22 09:51:48 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51533, Process: iexplore.exe)
2013/12/22 09:51:48 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51534, Process: iexplore.exe)
2013/12/22 10:21:36 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51797, Process: iexplore.exe)
2013/12/22 10:21:36 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51798, Process: iexplore.exe)
2013/12/22 10:21:36 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51799, Process: iexplore.exe)
2013/12/22 10:21:36 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51800, Process: iexplore.exe)
2013/12/22 10:21:36 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51801, Process: iexplore.exe)
2013/12/22 10:27:37 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51857, Process: iexplore.exe)
2013/12/22 10:27:37 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51858, Process: iexplore.exe)
2013/12/22 10:27:37 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51859, Process: iexplore.exe)
2013/12/22 10:27:37 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51860, Process: iexplore.exe)
2013/12/22 10:27:37 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51861, Process: iexplore.exe)
2013/12/22 10:33:37 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51876, Process: iexplore.exe)
2013/12/22 10:33:37 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51877, Process: iexplore.exe)
2013/12/22 10:33:37 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51878, Process: iexplore.exe)
2013/12/22 10:33:37 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51879, Process: iexplore.exe)
2013/12/22 10:33:37 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51880, Process: iexplore.exe)
2013/12/22 10:39:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51897, Process: iexplore.exe)
2013/12/22 10:39:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51898, Process: iexplore.exe)
2013/12/22 10:39:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51899, Process: iexplore.exe)
2013/12/22 10:39:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51900, Process: iexplore.exe)
2013/12/22 10:39:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51901, Process: iexplore.exe)
2013/12/22 10:45:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51919, Process: iexplore.exe)
2013/12/22 10:45:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51920, Process: iexplore.exe)
2013/12/22 10:45:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51921, Process: iexplore.exe)
2013/12/22 10:45:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51922, Process: iexplore.exe)
2013/12/22 10:45:38 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51923, Process: iexplore.exe)
2013/12/22 10:48:48 -0500 TOSH7B02275H (null) MESSAGE Starting protection
2013/12/22 10:48:48 -0500 TOSH7B02275H (null) MESSAGE Protection started successfully
2013/12/22 10:48:48 -0500 TOSH7B02275H (null) MESSAGE Starting IP protection
2013/12/22 10:48:51 -0500 TOSH7B02275H (null) MESSAGE IP Protection started successfully
2013/12/22 11:29:56 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49633, Process: iexplore.exe)
2013/12/22 11:29:56 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49634, Process: iexplore.exe)
2013/12/22 11:29:56 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49635, Process: iexplore.exe)
2013/12/22 11:29:56 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49636, Process: iexplore.exe)
2013/12/22 11:29:56 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49637, Process: iexplore.exe)
2013/12/22 11:35:52 -0500 TOSH7B02275H (null) MESSAGE Starting protection
2013/12/22 11:35:52 -0500 TOSH7B02275H (null) MESSAGE Protection started successfully
2013/12/22 11:35:52 -0500 TOSH7B02275H (null) MESSAGE Starting IP protection
2013/12/22 11:35:55 -0500 TOSH7B02275H (null) MESSAGE IP Protection started successfully
2013/12/22 11:44:01 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49404, Process: iexplore.exe)
2013/12/22 11:44:01 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49405, Process: iexplore.exe)
2013/12/22 11:44:01 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49406, Process: iexplore.exe)
2013/12/22 11:44:01 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49407, Process: iexplore.exe)
2013/12/22 11:44:01 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49408, Process: iexplore.exe)
2013/12/22 11:50:02 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49446, Process: iexplore.exe)
2013/12/22 11:50:02 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49447, Process: iexplore.exe)
2013/12/22 11:50:02 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49448, Process: iexplore.exe)
2013/12/22 11:50:02 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49449, Process: iexplore.exe)
2013/12/22 11:50:02 -0500 TOSH7B02275H mmacdonald IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 49450, Process: iexplore.exe)
 

Link to post
Share on other sites

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I am responding from another computer.  There was a lot of reading to do.  I have completed the ComboFix scan and I have a log to send but I am not sure if I should reinitate the Malwarebytes Anti-Maleware first.  The ComboFix seems to have reset the Symantec Protection and the Microsoft Windows Security setting and firewall but not the Malwarebytes.  When I click on the icon it is asking if I will allow the program to make changes to the computer?  I am reluctant to open explorer if it was malwarebytes that was blocking the webiste that this process has been about.  

Link to post
Share on other sites

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

There has not been any more pop-ups for a while now.  Computer is running very well. 

 

There were 2 AdwCleaner Logs, an R0 and S0. 

 

Here is the R0

 

# AdwCleaner v3.015 - Report created 22/12/2013 at 18:10:34
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : mmacdonald - TOSH7B02275H
# Running from : C:\Users\mmacdonald\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\windows\System32\Tasks\AmiUpdXp
Folder Found : C:\Users\mmacdonald\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\SearchCore for Browsers
Folder Found C:\Program Files\Windows iLivid Toolbar
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\cking.CF\AppData\Local\Ilivid Player
Folder Found C:\Users\cking.CF\AppData\Local\PackageAware
Folder Found C:\Users\cking.CF\AppData\LocalLow\Searchqutoolbar
Folder Found C:\Users\cking\AppData\LocalLow\Searchqutoolbar
Folder Found C:\Users\mmacdonald\AppData\Local\Conduit
Folder Found C:\Users\mmacdonald\AppData\Local\SwvUpdater
Folder Found C:\Users\mmacdonald\AppData\LocalLow\Conduit
Folder Found C:\Users\mmacdonald\AppData\LocalLow\PriceGong
Folder Found C:\Users\mmacdonald\AppData\LocalLow\searchquband
Folder Found C:\Users\mmacdonald\AppData\LocalLow\Searchqutoolbar
Folder Found C:\Users\shorton\AppData\LocalLow\AskToolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\SearchCore for Browsers
Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\AmiUpdXp
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5861404B-B35D-422B-8599-3E6A71F1B300}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchCore for Browsers
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_1d79ba3d
Key Found : HKLM\Software\SearchCore for Browsers

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

*************************

AdwCleaner[R0].txt - [5184 octets] - [22/12/2013 18:10:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5244 octets] ##########

 

And here is the S0, not sure they are the same

# AdwCleaner v3.015 - Report created 22/12/2013 at 18:14:08
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : mmacdonald - TOSH7B02275H
# Running from : C:\Users\mmacdonald\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SearchCore for Browsers
Folder Deleted : C:\Program Files\Windows iLivid Toolbar
Folder Deleted : C:\Users\cking.CF\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\cking.CF\AppData\Local\PackageAware
Folder Deleted : C:\Users\cking.CF\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\mmacdonald\AppData\Local\Conduit
Folder Deleted : C:\Users\mmacdonald\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\mmacdonald\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\mmacdonald\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\mmacdonald\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\mmacdonald\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\shorton\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\cking\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\mmacdonald\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
File Deleted : C:\END
File Deleted : C:\windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5861404B-B35D-422B-8599-3E6A71F1B300}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5861404B-B35D-422B-8599-3E6A71F1B300}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_1d79ba3d
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\SearchCore for Browsers
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchCore for Browsers
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchCore for Browsers
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

*************************

AdwCleaner[R0].txt - [5324 octets] - [22/12/2013 18:10:34]
AdwCleaner[s0].txt - [5443 octets] - [22/12/2013 18:14:08]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5503 octets] ##########

 

 

I have attached the MBAM report

MBAM-log-2013-12-22 (18-34-39).txt

Link to post
Share on other sites

Good......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.77 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Symantec Endpoint Protection  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 JavaFX 2.1.1   
 Java 6 Update 20 
 Java 7 Update 5 
 Java version out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

Please uninstall these from your add/remove programs:
JavaFX 2.1.1
Java™ 6 Update 20


Java™ 7 Update 5 <-----please update, should be Update 45

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

This is my first time posting anything to this forum. I hope I followed your instructions. The error I'm receiving is the Malwarebytes successfully blocked port 198.50.171.171 regarding Google Chrome. After running RogueKillerX64.exe, however, I right clicked the Malwaybytes icon in the systray and added 198.50.171.171 to the ignore list. I hope I did not make a mistake doing so.

 

This the log from the RogueKillerX64.exe scan before adding 198.50.171.171 to the ignore list.

 

Your help is greatly appreciated.

 

RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jack [Admin rights]
Mode : Scan -- Date : 12/22/2013 17:43:52
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 11 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{DE33A097-D7C0-4521-AD9E-B8B6C92AE589} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [uNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{EE5D044A-0FDA-4921-880A-DDED1DB7AA64} : NameServer (107.6.133.8,23.23.180.210 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{DE33A097-D7C0-4521-AD9E-B8B6C92AE589} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [uNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{EE5D044A-0FDA-4921-880A-DDED1DB7AA64} : NameServer (107.6.133.8,23.23.180.210 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{DE33A097-D7C0-4521-AD9E-B8B6C92AE589} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [uNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{EE5D044A-0FDA-4921-880A-DDED1DB7AA64} : NameServer (107.6.133.8,23.23.180.210 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000BPKT-00PK4T0 +++++
--- User ---
[MBR] a6d9df49592508ac14e534701c6a3cc6
[bSP] 381ce9ead48a47f7bf765ff0f62ee339 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 462897 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948422656 | Size: 13736 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976553984 | Size: 107 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] f9f19770e50dd66fc7dc07fdc52d5629
[bSP] 343e4d8e2098bd415dc6462ecc7fef3c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 462899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948426752 | Size: 13737 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
 
Finished : << RKreport[0]_S_12222013_174352.txt >>
 
 
 
 
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.