3 replies to this topic

[jeff matthews]

Hey this machine is infected with something called "Search Protection Conduit". I ran malewarebytes scanned and cleaned, I ran superantispyware, i ran ESET online scanner and saved the log, lastly i ran a DDS log. The DDS log is the most current scan i ran so your not confused by what tools i use to removal certain viruses or maleware.

 

Anyways this machine is heavily infected with maleware, browsers are redirecting, not loading, certain programs are crashing and video's not playing among other things.

 

Here are the logs:

 

DDS log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Ashley at 0:01:46 on 2014-04-24
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8126.6430 [GMT -7:00]
.
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ie
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [PowerDVD13Agent] "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/nirvana/controls/pcmatic.cab
TCP: NameServer = 192.168.0.1 205.171.2.65
TCP: Interfaces\{C6888F6D-509E-465A-8E0B-1796B1F4FE4E} : DHCPNameServer = 192.168.0.1 205.171.2.65
SSODL: WebCheck - <orphaned>
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-RunOnce: [GrpConv] grpconv -o
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-8-22 19264]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-8-22 32400]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2012-5-17 26136]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-8-22 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-8-22 789824]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-22 726160]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/11/15 04:02:37];C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-9-13 130320]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-11 239616]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-6-1 920736]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-1 951936]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-8-22 149120]
S2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [2013-8-22 324608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-11-15 77576]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-11-15 327432]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-22 166720]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-1-9 1025408]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-22 365376]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-6-18 54160]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-8-22 95760]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2014-4-23 22704]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2014-1-14 41032]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-8-22 160768]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-22 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-23 1255736]
.
=============== Created Last 30 ================
.
2014-04-24 04:39:17    --------    d-----w-    C:\Program Files (x86)\ESET
2014-04-24 03:48:34    22704    ----a-w-    C:\Windows\System32\drivers\EsgScanner.sys
2014-04-24 03:48:32    110080    ----a-r-    C:\Users\Ashley\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-04-24 03:48:32    110080    ----a-r-    C:\Users\Ashley\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-04-24 03:48:32    110080    ----a-r-    C:\Users\Ashley\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-04-24 03:48:31    --------    d-----w-    C:\sh4ldr
2014-04-24 03:48:31    --------    d-----w-    C:\Program Files\Enigma Software Group
2014-04-24 03:48:19    --------    d-----w-    C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-24 03:48:15    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-04-24 03:19:32    --------    d-----w-    C:\Windows\pss
2014-04-22 21:16:44    10651704    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7184846C-37DE-4030-8EF4-1EBD1569EC8E}\mpengine.dll
2014-04-22 03:22:14    --------    d-----w-    C:\Users\Ashley\AppData\Local\SearchProtect
2014-04-22 03:20:36    --------    d-----w-    C:\Users\Ashley\AppData\Local\WebPlayer
2014-04-10 01:39:32    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-04-10 01:39:32    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-04-10 01:01:02    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-04-10 01:01:02    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-04-10 01:01:02    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-04-10 01:01:02    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-04-10 01:01:02    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-04-10 00:55:46    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-04-10 00:55:46    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-04-10 00:55:46    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-04-10 00:55:46    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-04-10 00:55:46    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-04-10 00:55:46    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-04-10 00:55:46    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-04-10 00:55:46    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-04-10 00:55:46    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-04-10 00:54:43    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2014-03-31 16:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-23 22:21:45    99384    ----a-w-    C:\Users\Ashley\AppData\Roaming\inst.exe
2014-03-23 22:21:45    82816    ----a-w-    C:\Windows\System32\drivers\pcouffin.sys
2014-03-23 22:21:45    82816    ----a-w-    C:\Users\Ashley\AppData\Roaming\pcouffin.sys
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:10:20    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-26 00:02:21    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-08-23 19:43:10    4188160    ----a-w-    C:\Program Files (x86)\GUT8508.tmp
.
============= FINISH:  0:02:42.34 ===============
 

 

Malewarebytes Log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.24.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16659
Ashley :: ASHLEY-PC [administrator]

4/23/2014 8:02:56 PM
MBAM-log-2014-04-23 (20-09-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 348250
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
HKCU\Software\AppDataLow\Software\Search Protection (PUP.Optional.MyEmoticons.A) -> No action taken.
HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> No action taken.
HKCU\SOFTWARE\SOMOTO\SDP (PUP.Optional.Somoto.A) -> No action taken.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtection (PUP.Optional.Spigot.A) -> Data: "C:\Users\Ashley\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart -> No action taken.
HKCU\Software\Somoto\SDP|affid (PUP.Optional.Somoto.A) -> Data: dvdshrinkpxql -> No action taken.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> No action taken.

Folders Detected: 20
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Ashley\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> No action taken.
C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> No action taken.

Files Detected: 97
C:\Users\Ashley\AppData\Roaming\Search Protection\SearchProtection.exe (PUP.Optional.Spigot.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Ashley\AppData\Local\Temp\DVDShrink-Tokyo-logo.png&SoftwareDescription= (PUP.Optional.Conduit) -> No action taken.
C:\Users\Ashley\AppData\Local\Temp\FLVPlayerSetup.exe (PUP.Optional.Somoto.A) -> No action taken.
C:\Users\Ashley\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe (PUP.Optional.Somoto) -> No action taken.
C:\Users\Ashley\AppData\Local\Temp\nsa3ED1.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Ashley\AppData\Local\Temp\nsfA6D9.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Ashley\AppData\Local\Temp\nsk38A8.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Ashley\AppData\Local\Temp\nskAA05.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Ashley\AppData\Local\Temp\SearchProtectionSetup.exe (PUP.Optional.Spigot.A) -> No action taken.
C:\Users\Ashley\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> No action taken.
C:\Users\Ashley\AppData\Local\Temp\nsz44A8\SpSetup.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Ashley\Downloads\DVDshrink32setup_downloader-7Y3c1jRb.exe (PUP.Optional.Somoto) -> No action taken.
C:\Users\Ashley\Downloads\SoftonicDownloader_for_dvdfab-gold.exe (PUP.Optional.Softonic.A) -> No action taken.
C:\Users\Ashley\Downloads\SoftonicDownloader_for_ripit4me.exe (PUP.Optional.Softonic.A) -> No action taken.
C:\Users\Ashley\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto) -> No action taken.
C:\Users\Ashley\Local Settings\Temporary Internet Files\Content.IE5\IP39B47Q\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate[1].exe (PUP.Optional.Somoto) -> No action taken.
C:\Users\Ashley\Local Settings\Temporary Internet Files\Content.IE5\L4XXWUYQ\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Ashley\Local Settings\Temporary Internet Files\Content.IE5\VXKXMCEU\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.jpg (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Ashley\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> No action taken.
C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> No action taken.
C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> No action taken.

(end)
 

 

 

Kaspersky Online Scanner:

 

C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\uninstall.exe    Win32/Toolbar.Montiera.B potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll    probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll    a variant of Win32/Toolbar.Montiera.F potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll    a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\extensions\ffxtlbr@zonealarm.com\uninstall.exe    Win32/Toolbar.Montiera.B potentially unwanted application
C:\Users\Ashley\Downloads\zaSetupWeb_110_768_000.exe    Win32/Toolbar.Conduit potentially unwanted application
 

 

 

 

 

Attached Files

•  attach.txt   9.05KB   217 downloads

[OCD]

Hi jeff matthews,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.
• Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• When asked if you want to download Avast's virus definitions please select Yes.
• Click Scan
• Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
• You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

• checkup.txt
• aswMBR.txt
• attach MBR.zip
• FRST.txt
• Addition.txt

[OCD]

Just checking in to see if you still need help?

[OCD]

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic