Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91700 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

possible conduit [Solved]


  • This topic is locked This topic is locked
9 replies to this topic

#1 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 15 January 2014 - 06:14 AM

I was unable to post from the infected computer, tried 6 times unsuccessfully, I had to copy the reports to dropbox and post from another machine.  I also tried to post from this machine and keep getting a message saying the post is to long even with just one report, so I am attaching both reports.

 

 

Chrome at random times will open a blank page with the address bar pointing to a conduit page.  The screen saver will act random.  Today the computer did a hard shut down and rebooted saying that I needed to enter safe mode.  Something in Chrome keep trying to connect but K( keeps blocking it.

Attached Files


Ask, and you shall receive.

    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,015 posts
  • Interests:Boo!....
  • MVP

Posted 18 January 2014 - 07:04 AM

Hi and welcome

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

Emergency Backup Procedure - Tech Support Forum



NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


adwcleaner_download.png
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
~~~~~~~~~~~~~~~

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Vista / 7 / 8 users:
You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 18 January 2014 - 03:30 PM

Thanks for helping Juliet, something is still going on. Adwcleaner found a bunch of conduit folders, files and registry entries.  When it finished cleaning it rebooted but never opened a file.  I have the programs located on the desktop and nothing was saved there.
 
Then I ran JRT, it somehow logged me into the administrator account, and JRT did generate a report, but I am still unable to copy and paste anything from the infected machine.  My internet options are set so that I should be able to copy and paste. 

I'm not even able to post from internet explorer with just a simple response.  I was also not able to log in to dropbox, IE just would not respond. I had to email myself with the report.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by sleven on Sat 01/18/2014 at 15:04:15.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\windows\Tasks\wise care 365.job"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/18/2014 at 15:19:34.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Ask, and you shall receive.

#4 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 18 January 2014 - 03:39 PM

Also this error keeps popping up.

 

 

error.png


Ask, and you shall receive.

#5 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,015 posts
  • Interests:Boo!....
  • MVP

Posted 18 January 2014 - 03:58 PM

Also this error keeps popping up.
 
 
attachicon.giferror.png


C:\AdwCleaner[S1].txt the log file would be located there.
The error is from us removing part of the infection and it's not happy at the moment. One of the tools run so far has hit it's target point.
That should soon go away.


Let's try a couple of things. Don't get discouraged if we can't get it in one sweep, most malware takes a bit of time to eradicate.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

~~~~~~~~~~~~~~~~~~~~~``
Please download Farbar Recovery Scan Tool and save it to your Desktop.

(use correct version for your system.....Which system am I using?)


Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#6 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 18 January 2014 - 07:41 PM

Here are the scans. One file was very large and I couldn't post it so I attached it.

 

 

# AdwCleaner v3.017 - Report created 18/01/2014 at 09:51:32
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : sleven - MIRANDA-PC
# Running from : C:\Users\Miranda\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : \END
File Found : C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\windows\System32\Tasks\BackgroundContainer Startup Task
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\Miranda\AppData\Local\Conduit
Folder Found C:\Users\Miranda\AppData\Local\NativeMessaging
Folder Found C:\Users\Miranda\AppData\Local\Temp\boost_interprocess
Folder Found C:\Users\Miranda\AppData\LocalLow\Conduit
Folder Found C:\Users\Miranda\AppData\Roaming\Searchprotect
Folder Found C:\Users\sleven\AppData\LocalLow\Conduit
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Found : HKLM\Software\Conduit
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
*************************
 
AdwCleaner[R0].txt - [1924 octets] - [18/01/2014 09:51:32]
 
########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [1984 octets] ##########

 

# AdwCleaner v3.017 - Report created 18/01/2014 at 14:57:00
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : sleven - MIRANDA-PC
# Running from : C:\Users\Miranda\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Miranda\AppData\Local\Conduit
Folder Deleted : C:\Users\Miranda\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Miranda\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Miranda\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Miranda\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\sleven\AppData\LocalLow\Conduit
File Deleted : \END
File Deleted : C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\BackgroundContainer Startup Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
*************************
 
AdwCleaner[R0].txt - [2066 octets] - [18/01/2014 09:51:32]
AdwCleaner[S0].txt - [1934 octets] - [18/01/2014 14:57:00]
 
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1994 octets] ##########

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2014 03
Ran by sleven at 2014-01-18 18:01:09
Running from C:\Users\Miranda\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.1 (x32 Version: 9.1.0 - Adobe Systems Incorporated)
ArtRage Studio (x32 Version: 3.5.4 - Ambient Design)
ATI Catalyst Install Manager (Version: 3.0.732.0 - ATI Technologies, Inc.)
Autodesk SketchBook Express 6.2 (x32 Version: 6.2.0000 - Autodesk)
avast! Internet Security (x32 Version: 9.0.2011 - Avast Software)
Blue Coat K9 Web Protection (Version: 4.4.268 - Blue Coat Systems, Inc.)
Canon MG5300 series MP Drivers (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2238.38827 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
ccc-utility64 (Version: 2009.0729.2238.38827 - ATI) Hidden
CCleaner (Version: 4.09 - Piriform)
Color Efex Pro 3.0 Wacom Edition 6 (x32 Version: 3.1.1.1 - Nik Software, Inc.)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Core Temp version 0.99.8 (Version: 0.99.8 - Arthur Liberman)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 14 (x32 Version: 6.0.140 - Sun Microsystems, Inc.)
Jing (x32 Version: 2.8.13007.1 - TechSmith Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Label@Once 1.0 (x32 Version: 1.0 - Corel)
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
LSI V92 MOH Application (Version:  - LSI Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (x32 Version: 2.00.0006 - Realtek)
Skype Launcher (x32 Version: 2.01 - TOSHIBA Corporation)
SlimCleaner Plus (Version: 1.0.17538 - SlimWare Utilities, Inc.)
Synaptics Pointing Device Driver (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (x32 Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (x32 Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (Version: 1.5.05.64 - TOSHIBA Corporation) Hidden
TOSHIBA Bulletin Board (x32 Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (x32 Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (x32 Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.1.9.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.1.9.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (x32 Version: 1.1.9.64 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version:  - )
TOSHIBA Face Recognition (Version: 3.1.0.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0 - TOSHIBA Corporation) Hidden
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01 - TOSHIBA Corporation) Hidden
TOSHIBA Internal Modem Region Select Utility (x32 Version: 2.3.0.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (x32 Version: 1.0.65 - TOSHIBA CORPORATION)
Toshiba Online Backup (x32 Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (x32 Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.5.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.1.33 - TOSHIBA)
TOSHIBA Software Modem (Version: 2.2.97 - LSI Corporation)
TOSHIBA Speech System Applications (x32 Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32 Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32 Version:  - )
TOSHIBA Supervisor Password (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (Version: 1.2.26.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.2.26.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (x32 Version: 1.1.1.9 - TOSHIBA Corporation)
ToshibaRegistration (x32 Version: 1.0.3 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.50.26C - TOSHIBA) Hidden
Wacom Tablet (Version: 6.3.7-6 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Wise Care 365 2.93 (x32 Version: 2.93 - WiseCleaner.com, Inc.)
 
==================== Restore Points  =========================
 
15-01-2014 03:21:28 avast! antivirus system restore point
15-01-2014 03:26:12 Device Driver Package Install: Avast Network Service
15-01-2014 03:36:46 Removed Amazon Links
15-01-2014 04:05:03 Windows Update
15-01-2014 04:25:12 Installed Java 7 Update 21
15-01-2014 04:27:25 Installed Java 7 Update 51
15-01-2014 04:31:33 Removed NetZero Launcher
15-01-2014 04:37:09 Created by Wise Care 365
16-01-2014 08:00:14 Windows Update
18-01-2014 21:16:02 Installed Jing
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {532D6E15-8D4B-4EB7-8894-35DA696607C5} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Miranda) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2013-12-31] (SlimWare Utilities, Inc.)
Task: {782C6263-9CC3-4F35-A4FD-D5FDD7D705FD} - \BackgroundContainer Startup Task No Task File
Task: {80566C14-A8C7-44B3-BF7D-C8D1897C347E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-25] (AVAST Software)
Task: {93E2BAC0-BF00-43C4-9563-84815F8E3B91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {9F909341-BE7B-4B2F-AD4A-C6C4BCDD1D92} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - sleven) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2013-12-31] (SlimWare Utilities, Inc.)
Task: {B7AD0495-5382-41FB-884A-F33DAA2971D5} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {F83E8238-28E5-43F8-90F8-A8EA900D1A39} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-12-09] (WiseCleaner.COM)
Task: {FB8168F0-2B10-46B6-AB06-2CBDA1CD2081} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Miranda).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - sleven).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-05-04 13:45 - 2009-05-04 13:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-12-25 13:05 - 2013-12-25 13:05 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-12-25 16:53 - 2013-12-04 11:35 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2009-08-03 21:18 - 2009-08-03 21:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-01-18 11:05 - 2014-01-18 04:01 - 02155008 _____ () C:\Program Files\AVAST Software\Avast\defs\14011800\algo.dll
2013-12-25 15:58 - 2013-12-25 15:58 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (01/18/2014 04:09:59 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/18/2014 04:07:52 PM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (01/18/2014 04:07:52 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (01/18/2014 04:07:04 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info ===========================  
 
Percentage of memory in use: 51%
Total physical RAM: 3838.36 MB
Available physical RAM: 1858.68 MB
Total Pagefile: 7674.9 MB
Available Pagefile: 5382.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (TI105757W0A) (Fixed) (Total:287.7 GB) (Free:236.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 3F8E10BB)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   271.55KB   89 downloads

Ask, and you shall receive.

#7 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,015 posts
  • Interests:Boo!....
  • MVP

Posted 18 January 2014 - 08:24 PM

My gosh!, that was a long log.

We do not recommend the use of registry cleaners. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.
If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you.
Our colleague miekiemoes has an excellent writeup here
http://miekiemoes.bl...weaking_13.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Let's do this

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
HKLM\...\Run: [] - [x]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9266C8EC-32DE-4054-93E4-F8BC29EF0326} URL =
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
C:\Users\sleven\AppData\Local\Temp\Quarantine.exe
end



Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Run the above script, then post back with the log it creates.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Launch Malwarebytes' Anti-Malware

Update Malwarebytes' Anti-Malware
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please post the MBAM log.

Need an update on the issues now, this will help me in what to do next.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#8 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 19 January 2014 - 07:26 AM

Thank you Juliet for all the help. 

 

Malwarebytes ran and found nothing and then I was unable to save the report at all.  I tried saving it to the desktop twice and twice to a folder and notepad just would not save the report.  Now I have also lost control of the keyboard in IE. 

 

After talking with my wife we have decided to re-install Windows 7 and be done with it.  You can consider this issue closed. Once again thank you so much for trying to help.

 

We believe CNET to be the place we got the infection. Can you tell from the reports where else might have been responsible?


Ask, and you shall receive.

#9 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,015 posts
  • Interests:Boo!....
  • MVP

Posted 19 January 2014 - 08:01 AM

Thank you Juliet for all the help. 
 
Malwarebytes ran and found nothing and then I was unable to save the report at all.  I tried saving it to the desktop twice and twice to a folder and notepad just would not save the report.  Now I have also lost control of the keyboard in IE. 
 
After talking with my wife we have decided to re-install Windows 7 and be done with it.  You can consider this issue closed. Once again thank you so much for trying to help.
 
We believe CNET to be the place we got the infection. Can you tell from the reports where else might have been responsible?

 
Telling me it found nothing is surprising of sorts.  CNET isn't a bad site per say but, it can host items for download that can be harmful to your computer. And of course I want to say not knowingly. Once some infections are on a computer then they call out or, update to collect more infectious files and then they cause all sorts of issues.
When downloading most people click on standard install,  but if you try to do a custom install and read through all the (this and thats) most of the time there are buttons to not install other various items that can jump on board with it. This is not an always scenerio but something to look for in the future..
Malware writers don't care and todays infections are extremely difficult.

All I can tell is that Google Chrome was in use when the infection came in. I say that because the logs located malicious extensions from Chrome. It could be when the infection came it temporarily disabled your antivirus to allow more.

If you should have any problems with your re-install we have other forums here with expert assistance.

Let me supply a few preventive tips.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~``


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus
  • AdblockPlus, Surf the web without annoying ads!
  • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
  • Protects your online privacy
  • Two-click installation, It's free!
  • click the icon that corresponds to your browser and download.
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
  • Green should be good to go
  • Yellow for caution
  • Red to stop
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



  • WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article (http://www.forbes.co...o-disable-java/
    and this article (http://www.nbcnews.c...alate-1B7938755

    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo...ur-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))

    Please read the following safe computing articles..

    Secure My Computer: A Layered Approach


    Free Antivirus-AntiSpyware-Firewall Software
    Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#10 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,015 posts
  • Interests:Boo!....
  • MVP

Posted 24 January 2014 - 05:24 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users