Jump to content

Recommended Posts

Hi,

My malwarbytes has blocked multiple outgoing communications and I was wondering if this is bad.  I have run a couple full scans previous to this problem where it has found PUP.Optional things that I have had the program remove and recent scans haven't shown up with any of these anymore, and now the only problem its seems I have is these outgoing communications. I am wondering what I should, and wondering if my computer is at risk. Please help. 

 

Thank you

Link to post
Share on other sites

Hello mspano and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Thanks for helping me here are the log files

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 7/28/2012 2:29:32 AM
System Uptime: 1/11/2014 11:33:56 PM (3 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | TKBSS
Processor: AMD A6-3400M APU with Radeon HD Graphics | CPU 1 | 1400/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 240.322 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP205: 1/2/2014 1:52:07 PM - Windows Update
RP206: 1/6/2014 12:29:06 PM - Windows Update
RP207: 1/10/2014 2:30:16 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X MUI
Amazon Links
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Atheros Bluetooth Filter Driver Package
Atheros Driver Installation Program
ATI Catalyst Install Manager
Bluetooth Stack for Windows by Toshiba
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Celtx (2.9.7)
CopyTrans Suite Remove Only
Corel WinDVD
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox
EPSON NX430 Series Printer Uninstall
eReg
GameFly
GMetrix SMS 4
Google Chrome
Google Drive
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
iTunes
Java 7 Update 21
Java Auto Updater
Java 6 Update 20
Junk Mail filter update
Label@Once 1.0
League of Legends
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.75.0.1300
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual J# .NET Redistributable Package 1.1
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
Napoleon: Total War
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Project64 1.6
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
SafeConnect
SecureW2 Enterprise Client 3.5.7
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Sid Meier's Civilization 4
Skype Launcher
Skype™ 5.10
Steam
Synaptics Pointing Device Driver
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
ToshibaRegistration
Total War: SHOGUN 2
TrueCrypt
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMV9/VC-1 Video Playback
.
==== Event Viewer Messages From Past Week ========
.
1/9/2014 9:26:58 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.1398.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/8/2014 1:17:48 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
1/8/2014 1:15:18 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
1/8/2014 1:12:06 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/8/2014 1:12:06 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/8/2014 1:12:06 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/8/2014 1:12:03 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/8/2014 1:12:03 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
1/12/2014 1:13:59 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the TPCH Service service to connect.
1/12/2014 1:13:59 AM, Error: Service Control Manager [7000]  - The TPCH Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/12/2014 1:13:59 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TPCHSrv with arguments "" in order to run the server: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}
.
==== End Of File ===========================
Link to post
Share on other sites

and the other one

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.21.2
Run by Matt at 2:57:36 on 2014-01-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5610.3342 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\system32\WLANExt.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\SecureW2\sw2_tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\windows\system32\taskeng.exe
C:\windows\SysWOW64\Rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [EPSON NX430 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\Matt\AppData\Local\Temp\E_SBAD7.tmp" /EF "HKCU"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [backgroundContainer] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [secureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{37DDEFB6-10F6-401B-A0E8-786B9738FA14} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{37DDEFB6-10F6-401B-A0E8-786B9738FA14}\2375942554837333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{37DDEFB6-10F6-401B-A0E8-786B9738FA14}\573746 : DHCPNameServer = 172.16.7.15 10.0.3.4
TCP: Interfaces\{37DDEFB6-10F6-401B-A0E8-786B9738FA14}\5737467657563747 : DHCPNameServer = 172.16.7.15 10.0.3.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-7-19 204288]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2011-7-19 162824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-8 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-8 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-7-19 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-7-19 126392]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2011-7-19 14112]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-7-19 115216]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-7-19 42096]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-8 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-7-19 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-7-19 413800]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-7-19 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-7-19 250984]
S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-4-5 828336]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-30 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-12 07:05:06 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0A0F8D6-4725-421F-AE8F-380742F7D8BB}\mpengine.dll
2014-01-11 05:31:37 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-08 19:16:57 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
2014-01-08 19:15:00 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-08 19:14:54 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-01-08 19:14:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 21:04:21 -------- d-----w- C:\Program Files (x86)\Conduit
2014-01-07 21:04:04 -------- d-----w- C:\ProgramData\Conduit
2014-01-07 21:01:19 -------- d-----w- C:\Users\Matt\AppData\Local\NativeMessaging
2014-01-07 21:01:08 -------- d-----w- C:\Users\Matt\AppData\Local\Conduit
2014-01-07 21:00:41 -------- d-----w- C:\Users\Matt\AppData\Local\CRE
2013-12-30 03:25:12 68616 ----a-w- C:\windows\SysWow64\XAPOFX1_1.dll
2013-12-30 03:25:12 509448 ----a-w- C:\windows\SysWow64\XAudio2_2.dll
2013-12-30 03:25:09 467984 ----a-w- C:\windows\SysWow64\d3dx10_39.dll
2013-12-30 03:25:09 1493528 ----a-w- C:\windows\SysWow64\D3DCompiler_39.dll
2013-12-30 03:25:05 3851784 ----a-w- C:\windows\SysWow64\D3DX9_39.dll
2013-12-25 00:15:01 -------- d-----w- C:\Users\Matt\AppData\Roaming\Greyfirst
2013-12-25 00:15:01 -------- d-----w- C:\Users\Matt\AppData\Local\Greyfirst
2013-12-25 00:05:26 -------- d-----w- C:\Program Files (x86)\Celtx
2013-12-17 00:02:03 -------- d-----w- C:\AMD
2013-12-16 23:51:20 -------- d-----w- C:\Users\Matt\AppData\Local\DriverTuner
.
==================== Find3M  ====================
.
2013-12-30 05:47:37 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
2013-12-06 11:06:10 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2013-12-06 11:06:10 194048 ----a-w- C:\windows\SysWow64\elshyph.dll
2013-11-28 07:15:07 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
.
============= FINISH:  2:57:53.48 ===============
Link to post
Share on other sites

Step 1

Please unisntall this application: Ask Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Yes I tried uninstalling ask toolbar but every time I try it says all chrome browser windows need to be closed to complete the uninstallation all though no chrome browser windows were open and there were not any other browser open at the time either and so I hit ok but the message just keeps popping up and so it won't let me uninstall it. So what do I do?

Link to post
Share on other sites

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Matt on Wed 01/15/2014 at 23:58:59.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3507A76A-05D3-4F2E-A3B2-9A05BC744194}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A0229BF-B54F-44A4-A44F-16F6D422DD85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Matt\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Matt\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\Users\Matt\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Matt\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Matt\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Matt\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Matt\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/16/2014 at  0:12:57.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

ADW

 

# AdwCleaner v3.017 - Report created 16/01/2014 at 00:26:12
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Matt - MATT-PC
# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Matt\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Matt\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Matt\AppData\Roaming\NCH Software
File Deleted : C:\windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\windows\System32\Tasks\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKLM\Software\NCH Software
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v32.0.1700.76
 
[ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2201 octets] - [16/01/2014 00:23:19]
AdwCleaner[s0].txt - [2112 octets] - [16/01/2014 00:26:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2172 octets] ##########
Link to post
Share on other sites

MBAM

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.08.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Matt :: MATT-PC [administrator]
 
Protection: Enabled
 
1/8/2014 11:18:50 AM
mbam-log-2014-01-08 (11-18-50).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391709
Time elapsed: 1 hour(s), 45 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 19
HKCR\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCR\Toolbar.CT3306061 (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCR\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCR\CLSID\{2d661e5b-7d7a-417c-b5b5-6479017bb314} (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{b8c3b958-ec6a-4d2f-bf2d-c7906acd3da0} (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
HKCR\Interface\{88f2ef1e-a38b-44dd-ae7c-57dfa28ba40f} (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\Interface\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1efa552d-e5a6-4610-a9d1-8cd285646842 (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\dhogjnnleghndloamdkljhnhdchpcijl (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{856AD396-519D-4C7A-BED6-6785F64924BC} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 7
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit) -> Data: Connect DLC 5 Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully.
HKCU\Software\Mozilla\Firefox\EXTENSIONS|{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Data: C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ -> Quarantined and deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions|{57c20073-e24b-4b2a-aa91-70d1ad526cbf} (PUP.Optional.PassShow.A) -> Data: C:\Program Files (x86)\PassShow\150.xpi -> Quarantined and deleted successfully.
HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Data: http://search.conduit.com?SearchSource=10&CUI=UN29560242182487152&UM=2&ctid=CT3306061 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 9
C:\Program Files (x86)\PassShow (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Delete on reboot.
 
Files Detected: 45
C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\150.dll (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsf41CC.tmp.tbConn.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsfBC0D.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsg558E.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsgB81.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsoC92D.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nspA926.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\tbConn.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\150.crx (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\01.db (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\150.dat (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\150.xpi (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\PsUP.exe (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\Sqlite3.dll (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\Uninstall.exe (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Uninstall GreatArcadeHits.lnk (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\application.ico (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\gahff.xpi (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\GAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\GAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\PopupBroker.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\premium.pem (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome.manifest (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\install.rdf (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\application.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\overlay.xul (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites

ok just did

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.08.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Matt :: MATT-PC [administrator]
 
Protection: Enabled
 
1/8/2014 11:18:50 AM
mbam-log-2014-01-08 (11-18-50).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391709
Time elapsed: 1 hour(s), 45 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 19
HKCR\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCR\Toolbar.CT3306061 (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCR\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCR\CLSID\{2d661e5b-7d7a-417c-b5b5-6479017bb314} (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{b8c3b958-ec6a-4d2f-bf2d-c7906acd3da0} (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
HKCR\Interface\{88f2ef1e-a38b-44dd-ae7c-57dfa28ba40f} (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\Interface\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1efa552d-e5a6-4610-a9d1-8cd285646842 (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\dhogjnnleghndloamdkljhnhdchpcijl (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{856AD396-519D-4C7A-BED6-6785F64924BC} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 7
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit) -> Data: Connect DLC 5 Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully.
HKCU\Software\Mozilla\Firefox\EXTENSIONS|{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Data: C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ -> Quarantined and deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions|{57c20073-e24b-4b2a-aa91-70d1ad526cbf} (PUP.Optional.PassShow.A) -> Data: C:\Program Files (x86)\PassShow\150.xpi -> Quarantined and deleted successfully.
HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Data: http://search.conduit.com?SearchSource=10&CUI=UN29560242182487152&UM=2&ctid=CT3306061 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 9
C:\Program Files (x86)\PassShow (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Delete on reboot.
 
Files Detected: 45
C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\150.dll (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsf41CC.tmp.tbConn.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsfBC0D.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsg558E.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsgB81.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsoC92D.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nspA926.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\tbConn.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\150.crx (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\01.db (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\150.dat (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\150.xpi (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\PsUP.exe (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\Sqlite3.dll (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PassShow\Uninstall.exe (PUP.Optional.PassShow.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Uninstall GreatArcadeHits.lnk (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\ct3306061\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\application.ico (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\gahff.xpi (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\GAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\GAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\PopupBroker.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\premium.pem (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome.manifest (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\install.rdf (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\application.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\overlay.xul (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.17.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Matt :: MATT-PC [administrator]

 

Protection: Enabled

 

1/17/2014 3:07:35 AM

mbam-log-2014-01-17 (03-07-35).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205733

Time elapsed: 8 minute(s), 53 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Step 1

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.