Jump to content

Infected - Internet grinding to a halt and all downloads corrupted


Recommended Posts

Downloaded Malwarebytes installer to another computer and copied over from a flash drive. Current database is 4/4/13 so it tried to download new database, but cannot. Copied DDS.com after downloading on another computer and ran it.

 

Help!

 

These are the text files:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16798  BrowserJavaVersion: 10.51.2
Run by David at 8:33:21 on 2014-02-25
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8056.5910 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
C:\windows\system32\dashost.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\dwm.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\TOSHIBA\Teco\TecoResident.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHAA.EXE
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.bing.com
uWindow Title = Internet Explorer provided by TOSHIBA
uSearch Bar = www.bing.com
mWindow Title = Internet Explorer provided by TOSHIBA
mWinlogon: Userinit = userinit.exe
BHO: IEOptimizer: {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SavingsBull\IEOptimizer.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Pokki] "C:\Users\David\AppData\Local\Pokki\Engine\pokki.exe"
uRun: [skyDrive] "C:\Users\David\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIHAA.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus NX330"
uRun: [Amazon Cloud Player] "C:\Users\David\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [searchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: line6.net
TCP: NameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{3C1348EC-E2F8-409A-A247-5ACE42C0D95E} : DHCPNameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{3C1348EC-E2F8-409A-A247-5ACE42C0D95E}\071607071644 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{3C1348EC-E2F8-409A-A247-5ACE42C0D95E}\D4F445F425F4C414D23434147303 : DHCPNameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{3C1348EC-E2F8-409A-A247-5ACE42C0D95E}\E4544574541425 : DHCPNameServer = 10.103.200.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3hwuz6wh.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\Drivers\aswRvrt.sys [2013-8-6 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\Drivers\aswVmm.sys [2013-8-6 207904]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-8-7 644968]
R0 THAccel;THAccel;C:\windows\System32\Drivers\THAccel.sys [2013-6-11 110976]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2013-6-11 499096]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-8-6 1038072]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-8-6 421704]
R1 netfilter64;netfilter64;C:\windows\System32\Drivers\netfilter64.sys [2013-12-17 46232]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-8-6 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-5 50344]
R2 dts_apo_service;DTS APO Service;C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [2013-3-25 16720]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-8-7 151648]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-6-11 130592]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-11 165488]
R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010010000000000000000000000 sourceguid=BBA5481A-926B-4561-BD79-249F618495E6 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010010000000000000000000000 sourceguid=BBA5481A-926B-4561-BD79-249F618495E6 [?]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2013-6-11 132056]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-8-6 1907896]
R2 SavingsbullFilterService64;SavingsbullFilterService64;C:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe [2014-2-12 210432]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2013-8-9 328544]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-11 366040]
R2 Updater By SweetPacks;Updater By SweetPacks;C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-8-7 188760]
R3 aswStm;aswStm;C:\windows\System32\Drivers\aswstm.sys [2013-12-28 80184]
R3 FwLnk;FwLnk Driver;C:\windows\System32\Drivers\FwLnk.sys [2013-6-11 9216]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-6-11 169752]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-2-27 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2013-4-9 119376]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-8-12 329944]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2013-6-11 1544704]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2013-4-9 32496]
R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-7-31 53864]
S3 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0403000.00E\ccSetx64.sys [2013-6-11 168608]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 L6UX2;Service - Line 6 UX2;C:\windows\System32\Drivers\L6UX264.sys [2013-6-26 772864]
S3 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2013-1-28 4230016]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-4-9 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S4 THAccelSvc;TOSHIBA HDD Accelerator Service;C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [2013-3-26 216976]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2014-02-25 05:57:53 -------- d-----w- C:\Users\David\AppData\Local\ElevatedDiagnostics
2014-02-23 01:35:51 -------- d-----w- C:\Users\David\AppData\Roaming\DVDVideoSoft
2014-02-23 01:35:51 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2014-02-23 01:35:51 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2014-02-23 00:55:06 -------- d-----w- C:\Users\David\AppData\Roaming\Systweak
2014-02-23 00:54:27 -------- d-----w- C:\Program Files\SavingsbullFilter
2014-02-23 00:53:42 -------- d-----w- C:\Program Files (x86)\SavingsBull
2014-02-23 00:53:35 -------- d-----w- C:\temp
2014-02-23 00:53:31 -------- d-----w- C:\Program Files\Level Quality Watcher
2014-02-23 00:47:42 -------- d-----w- C:\Users\David\.thumb
2014-02-23 00:45:23 -------- d-----w- C:\Program Files (x86)\DVDStyler
2014-02-23 00:17:36 -------- d-----w- C:\windows\en
2014-02-23 00:17:14 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-02-23 00:16:53 -------- d-----w- C:\windows\PCHEALTH
2014-02-23 00:15:59 2106216 ----a-w- C:\windows\SysWow64\D3DCompiler_43.dll
2014-02-23 00:15:58 276832 ----a-w- C:\windows\System32\d3dx11_43.dll
2014-02-23 00:15:58 248672 ----a-w- C:\windows\SysWow64\d3dx11_43.dll
2014-02-23 00:15:54 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2014-02-23 00:15:54 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2014-02-23 00:15:50 4398360 ----a-w- C:\windows\System32\d3dx9_32.dll
2014-02-23 00:15:50 3426072 ----a-w- C:\windows\SysWow64\d3dx9_32.dll
2014-02-23 00:13:59 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2413967f1cf302c04\DSETUP.dll
2014-02-23 00:13:59 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2413967f1cf302c04\DXSETUP.exe
2014-02-23 00:13:59 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2413967f1cf302c04\dsetup32.dll
2014-02-23 00:13:55 6072008 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\21370cf31cf302c03\onedrivesetup.exe
2014-02-23 00:13:50 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e56a73f1cf302c02\DSETUP.dll
2014-02-23 00:13:50 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e56a73f1cf302c02\DXSETUP.exe
2014-02-23 00:13:50 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e56a73f1cf302c02\dsetup32.dll
2014-02-23 00:13:45 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1c1f0bb31cf302c01\DSETUP.dll
2014-02-23 00:13:45 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1c1f0bb31cf302c01\DXSETUP.exe
2014-02-23 00:13:45 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1c1f0bb31cf302c01\dsetup32.dll
2014-02-23 00:13:39 -------- d-----w- C:\Users\David\AppData\Local\Windows Live
2014-02-23 00:13:13 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2014-02-13 03:35:03 1845248 ----a-w- C:\windows\System32\msxml3.dll
2014-02-13 03:34:59 775344 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-02-13 03:33:16 600064 ----a-w- C:\windows\System32\vbscript.dll
2014-02-13 03:33:16 523776 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-02-13 03:33:08 583680 ----a-w- C:\windows\System32\msdrm.dll
2014-02-13 03:33:07 451072 ----a-w- C:\windows\SysWow64\msdrm.dll
2014-02-13 03:33:02 3842560 ----a-w- C:\windows\System32\d2d1.dll
2014-02-13 03:33:02 3288576 ----a-w- C:\windows\SysWow64\d2d1.dll
2014-02-13 03:33:02 2238976 ----a-w- C:\windows\System32\d3d10warp.dll
2014-02-13 03:33:01 2032640 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-01-28 18:51:17 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2014-02-17 22:03:37 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 22:03:37 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 06:11:26 80184 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-02-05 06:11:26 1038072 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2014-02-05 06:11:25 78648 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-02-05 06:11:25 43152 ----a-w- C:\windows\avastSS.scr
2014-02-01 09:19:49 2241536 ----a-w- C:\windows\System32\wininet.dll
2014-02-01 09:19:36 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-02-01 09:19:36 53760 ----a-w- C:\windows\System32\UXInit.dll
2014-02-01 09:18:25 3960320 ----a-w- C:\windows\System32\jscript9.dll
2014-02-01 09:18:21 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-02-01 09:18:21 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-02-01 07:58:31 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-01 07:58:24 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2014-02-01 07:57:20 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-01 07:57:16 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-02-01 07:57:16 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-02-01 07:40:43 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-01 07:34:53 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-01 05:08:52 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2014-01-10 19:31:32 322240 ----a-w- C:\windows\WLXPGSS.SCR
2013-12-28 22:49:42 207904 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-12-17 22:04:08 46232 ----a-w- C:\windows\System32\drivers\netfilter64.sys
2013-12-07 06:37:24 688640 ----a-w- C:\windows\System32\WSShared.dll
2013-12-07 06:37:24 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-07 05:15:46 562688 ----a-w- C:\windows\SysWow64\WSShared.dll
2013-12-07 05:15:46 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-04 23:37:09 1419264 ----a-w- C:\windows\SysWow64\msxml3.dll
.
============= FINISH:  8:34:22.34 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 8/6/2013 10:28:53 PM
System Uptime: 2/21/2014 4:08:12 PM (88 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core i3-3120M CPU @ 2.50GHz | U3E1 | 2500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 687 GiB total, 555.11 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP31: 2/5/2014 12:10:15 AM - avast! antivirus system restore point
RP32: 2/12/2014 9:35:39 PM - Windows Update
RP33: 2/20/2014 9:37:17 AM - Scheduled Checkpoint
RP34: 2/22/2014 6:13:42 PM - Windows Live Essentials
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 12 Plugin
Adobe Reader XI  MUI
Adobe Reader XI (11.0.06)
Amazon Cloud Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.3
avast! Free Antivirus
Bejeweled 3
Bonjour
Chuzzle Deluxe
Citrix Online Launcher
D3DX10
DTS Sound
DVDStyler v2.6
Elementals - The Magic Key
Epson Connect
Epson Customer Participation
Epson Event Manager
EPSON NX330 Series Printer Uninstall
EPSON Scan
FileZilla Client 3.7.3
Free YouTube Download version 3.2.22.217
Genbox Family History 3.7.1
Google Chrome
Google Update Helper
GoToMeeting 5.7.0.1172
iCloud
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
iTunes
Jack of All Tribes
Java 7 Update 51
Java Auto Updater
King Oddball
LAME v3.99.3 (for Windows)
Line 6 Uninstaller
Luxor Evolved
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Microsoft Application Error Reporting
Microsoft Office Home and Student 2013 - en-us
Microsoft OneDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Movie Maker
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser (KB2758694)
Norton Online Backup
Norton Online Backup ARA
Norton PC Checkup
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Origin
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Pokki
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
QuickTime
Realtek High Definition Audio Driver
Realtek USB Card Reader
Realtek WLAN Driver
REAPER (x64)
SavingsBull
SavingsbullFilter
Spotify
Synaptics Pointing Device Driver
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Audio Enhancement
Toshiba Book Place
TOSHIBA Desktop Assist
TOSHIBA eco Utility
TOSHIBA Function Key
TOSHIBA HDD Accelerator
TOSHIBA Password Utility
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
Toshiba Start
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
TOSHIBA VIDEO PLAYER
TOSHIBARegistration
Update Installer for WildTangent Games App
Updater By SweetPacks 2.0.0.608
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Wonderland Solitaire
.
==== Event Viewer Messages From Past Week ========
.
2/24/2014 6:15:38 PM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
2/22/2014 6:56:25 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error:  An instance of the service is already running.
2/22/2014 6:54:25 PM, Error: Service Control Manager [7031]  - The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/21/2014 4:08:16 PM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello davidholford! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

Pokki

SavingsBull

SavingsbullFilter

Updater By SweetPacks 2.0.0.608

Step 2

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Link to post
Share on other sites

That seems to have done it! I had to figure out how to get rid of SavingsBull and SavingsbullFilter because they were in my "Uninstall or change a program" list but once I did that I was able to download the latest definitions and remove the other bad stuff. Here's the report:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.26.01

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16798

David :: COLUMBA [administrator]

 

Protection: Enabled

 

2/25/2014 8:12:39 PM

mbam-log-2014-02-25 (20-12-39).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219978

Time elapsed: 5 minute(s), 48 second(s)

 

Memory Processes Detected: 1

C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Savingsbull) -> 6752 -> Delete on reboot.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 13

HKLM\SYSTEM\CurrentControlSet\Services\Level Quality Watcher (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.

HKCR\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

HKCU\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

HKCU\Software\AppDataLow\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\SavingsbullFilter (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 2

HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {6142C589-FF94-11E2-BE79-008CFA605FF0} -> Quarantined and deleted successfully.

HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {6142C589-FF94-11E2-BE79-008CFA605FF0} -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 1

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPacks) -> Bad: (http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={6142C589-FF94-11E2-BE79-008CFA605FF0}) Good: (http://www.google.com) -> Quarantined and repaired successfully.

 

Folders Detected: 28

C:\Program Files (x86)\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> Delete on reboot.

 

Files Detected: 131

C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Savingsbull) -> Delete on reboot.

C:\Users\David\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\bin\SPHook64.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\1375902475_47063937_943_4.tmp (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\checktbexist.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\nsa9F63.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\nsj1D9.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\nss3BC3.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\nsw475E.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\Shortcut_sweetpacks_dlcom_862013.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\WSSetup.exe (PUP.Optional.Perion.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\is-24HVO.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\nsr50D.tmp\4\sweetpacks_dlcom_862013.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\nsy291E.tmp\3\mixidj_4232013.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\Downloads\Philosopher_downloader_by_Fonts101.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.

C:\Users\David\Downloads\Setup (1).exe (PUP.Optional.DomalQ) -> Quarantined and deleted successfully.

C:\Users\David\Downloads\Setup (2).exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.

C:\Users\David\Downloads\Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.

C:\Users\David\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

C:\Users\David\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.

C:\Users\David\Downloads\ZipExtractorSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.

C:\Users\David\Local Settings\Temporary Internet Files\Content.IE5\0D2G4MYW\MixiDJ_V37[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\Local Settings\Temporary Internet Files\Content.IE5\0D2G4MYW\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\Local Settings\Temporary Internet Files\Content.IE5\G3X80CVK\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\Local Settings\Temporary Internet Files\Content.IE5\G3X80CVK\MixiDJ_V37_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\Local Settings\Temporary Internet Files\Content.IE5\G3X80CVK\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\Local Settings\Temporary Internet Files\Content.IE5\GJ6SLJ62\mgsqlite3[1].7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

C:\Users\David\Local Settings\Temporary Internet Files\Content.IE5\VELJKJRL\stublogic[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\bin\SPHook64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\CT3298573.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\CT3298573.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\ct3298573\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

 

(end)

Link to post
Share on other sites

Full scan produced this:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.26.01
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
David :: COLUMBA [administrator]
 
Protection: Enabled
 
2/27/2014 2:40:40 AM
mbam-log-2014-02-27 (02-40-40).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 497801
Time elapsed: 1 hour(s), 19 minute(s), 9 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 6
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\David\Documents\Old Laptop files\Dave\Downloads\winamp5581_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\David\Documents\Old Laptop files\Dave\Downloads\winamp5601_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\David\Documents\Old Laptop files\Dave\Downloads\winamp561_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\David\Documents\Old Laptop files\Dave\Downloads\winamp563_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
 
Looks like I'm all clean. Thank you again for your help.
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.