Author Topic: [In Progress] Conduit Search Engine self installed after downloading Firefox  (Read 1367 times)

0 Members and 1 Guest are viewing this topic.

Offline frankenotter

  • Bronze Member
  • Posts: 44
Hello,

I was recently instructed to download Firefox from a person at my place of business so that I could use our company's bidding system. When I DL Firefox, it came with a ton of ancillary **** programs that installed themselves to my desktop. I promptly uninstalled them. When I came back to my PC after a few days, I launched IE and Conduit Search had installed itself as my default IE browser.

I tried to go to -> internet options.......to set my default page back to google and it wont take. When I shut the PC down and reboot, Conduit comes back along with a lot of third party popups on any website I pull up.

Any ideas on how to get rid of this?

Thanks!

 
« Last Edit: January 13, 2014, 12:01:50 pm by Hoov »



Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 7860
Re: Conduit Search Engine self installed after downloading Firefox
« Reply #1 on: January 13, 2014, 12:02:32 pm »
Please carefully read and follow all the instructions here:  [NEW Instructions!] What Do I Do First? then post the two DDS logs to this topic.  We need them to get started.  Once you post the logs, one of our MRS will help you with the problem.  And, yes, we can get rid of Conduit.
Don't Read?  Can't learn!

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
It is Hoov again. I have helped you before so I am going to skip the preliminaries, you know how I work. But I must ask you to stay with me thru the whole procedure.

Can you give me the link you downloaded FireFox from? Also post both logs that PCBruiser mentioned in his post.


Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline frankenotter

  • Bronze Member
  • Posts: 44
Hey Hoov, thanks again!

Here is the link that I used to DL Firefox. It was just the normal google search that lead to it.

 http://www.ez-download.com/lp/mozilla-firefox/MTgwMjUzNTg5XzUyZDQ0NWE2M2UxMjc/?kw=firefox&subid=EZFFUS&cust=firefox&type=firefox&gclid=CL256rP4-7sCFeYWMgodwnkAJw&utm_campaign=EZFFUS&fwd=1

Here are the DDS logs.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/9/2012 4:33:09 AM
System Uptime: 1/13/2014 1:35:20 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | P8Z77-V LK
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
B: is FIXED (NTFS) - 931 GiB total, 598.61 GiB free.
C: is FIXED (NTFS) - 119 GiB total, 19.573 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 568.654 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP147: 12/3/2013 5:47:49 PM - Windows Update
RP148: 12/8/2013 10:48:30 AM - Windows Update
RP149: 12/10/2013 12:06:42 PM - Windows Update
RP150: 12/11/2013 3:27:01 PM - Windows Update
RP151: 12/14/2013 11:12:13 AM - Windows Update
RP152: 12/17/2013 7:05:59 PM - Windows Update
RP153: 12/22/2013 9:51:02 AM - Windows Update
RP154: 12/30/2013 6:09:18 PM - Windows Update
RP155: 1/2/2014 7:42:14 PM - Windows Update
RP156: 1/7/2014 10:02:49 AM - Windows Update
RP157: 1/13/2014 11:02:22 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS6
Adobe Reader X (10.1.4)
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS nVidia Driver
Bonjour
Coupon Printer for Windows
DesktopWeatherAlerts
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GreatArcadeHits
iCloud
Intel(R) USB 3.0 eXtensible Host Controller Driver
iTunes
Logbook Pro
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 310.90
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PDF Settings CS6
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Search Protect
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Shopop
Software Updater version 1.8.3
StormAlerts
TL-WN721N/TL-WN722N Driver
TP-LINK Wireless Configuration Utility
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live ID Sign-in Assistant
.
==== Event Viewer Messages From Past Week ========
.
1/13/2014 1:37:41 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/13/2014 1:37:41 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
1/13/2014 1:36:51 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================








DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by boziel at 14:01:55 on 2014-01-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16336.13782 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\boziel\AppData\Local\Smartbar\Application\Shopop.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
B:\iTunesHelper.exe
C:\Users\boziel\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
C:\Users\boziel\AppData\Local\StormAlerts\StormAlerts.exe
C:\Users\boziel\AppData\Local\StormAlerts\StormAlertsApp.exe
C:\Users\boziel\AppData\Local\WeatherAlerts\WeatherAlerts.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\boziel\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/webhp?sourceid=navclient&ie=UTF-8
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Shopop WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: GreatArcadeHits Add-on: {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\boziel\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Shopop Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "B:\iTunesHelper.exe"
StartupFolder: C:\Users\boziel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DESKTO~1.LNK - C:\Users\boziel\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
StartupFolder: C:\Users\boziel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMA~2.LNK - C:\Users\boziel\AppData\Local\StormAlerts\StormAlerts.exe
StartupFolder: C:\Users\boziel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMA~1.LNK - C:\Users\boziel\AppData\Local\StormAlerts\StormAlertsApp.exe
StartupFolder: C:\Users\boziel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEATHE~1.LNK - C:\Users\boziel\AppData\Local\WeatherAlerts\WeatherAlerts.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTWA~1.LNK - C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TP-LIN~1.LNK - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{34B809AE-10A8-446C-8CB8-23C877F293F0} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{34B809AE-10A8-446C-8CB8-23C877F293F0}\056455E44433336343 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{34B809AE-10A8-446C-8CB8-23C877F293F0}\333363434575342525 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{34B809AE-10A8-446C-8CB8-23C877F293F0}\35D434752425134335D2E443F51405 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{34B809AE-10A8-446C-8CB8-23C877F293F0}\771647368696E67607F627E6 : DHCPNameServer = 192.168.2.1
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Shopop WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Shopop Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-10-10 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2013-12-16 2251552]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-2-21 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-2-21 396776]
R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-10-9 1930240]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-10-10 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-10-10 787736]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-10 677480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-12 1255736]
.
=============== Created Last 30 ================
.
2014-01-13 19:36:48   75888   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BA318D4-643E-4F42-AC71-94334272204C}\offreg.dll
2014-01-13 17:03:19   --------   d-----w-   C:\Users\boziel\AppData\Local\Weather_Warnings_LLC
2014-01-13 17:03:17   --------   d-----w-   C:\Users\boziel\AppData\Local\StormAlerts
2014-01-13 17:03:12   --------   d-----w-   C:\temp
2014-01-13 17:03:10   --------   d-----w-   C:\Program Files\Level Quality Watcher
2014-01-13 17:02:41   --------   d-----w-   C:\Program Files (x86)\Software Updater
2014-01-13 17:02:25   10315576   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BA318D4-643E-4F42-AC71-94334272204C}\mpengine.dll
2014-01-09 01:44:56   --------   d-----w-   C:\Users\boziel\AppData\Local\Mozilla
2014-01-09 01:38:05   --------   d-----w-   C:\Program Files (x86)\MyPC Backup
2014-01-09 01:37:56   --------   d-----w-   C:\Users\boziel\AppData\Local\Smartbar
2014-01-09 01:37:51   --------   d-----w-   C:\Users\boziel\AppData\Roaming\Systweak
2014-01-09 01:37:50   20312   ----a-w-   C:\Windows\System32\roboot64.exe
2014-01-09 01:37:46   --------   d-----w-   C:\Users\boziel\AppData\Local\Programs
2014-01-09 01:37:44   --------   d-----w-   C:\Users\boziel\AppData\Local\Local_Weather_LLC
2014-01-09 01:37:41   --------   d-----w-   C:\Users\boziel\AppData\Local\WeatherAlerts
2014-01-09 01:37:33   --------   d-----w-   C:\Users\boziel\AppData\Local\GreatArcadeHits
2014-01-09 01:37:24   --------   d-----w-   C:\Users\boziel\AppData\Local\SearchProtect
2014-01-09 01:37:24   --------   d-----w-   C:\Program Files (x86)\SearchProtect
2014-01-08 16:57:15   10315576   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-16 15:25:19   --------   d-----w-   C:\Program Files\iPod
2013-12-16 15:25:18   --------   d-----w-   C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-16 15:25:18   --------   d-----w-   C:\Program Files\iTunes
.
==================== Find3M  ====================
.
2013-12-10 23:36:23   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 23:36:23   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57   708608   ----a-w-   C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02   5769216   ----a-w-   C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16   553472   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12   4243968   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16   1995264   ----a-w-   C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06   1928192   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57   2334208   ----a-w-   C:\Windows\System32\wininet.dll
2013-11-26 06:33:33   1820160   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20   417792   ----a-w-   C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34   465920   ----a-w-   C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41   267936   ------w-   C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09   2048   ----a-w-   C:\Windows\System32\tzres.dll
2013-11-12 02:07:29   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01   335360   ----a-w-   C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52   301568   ----a-w-   C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31   3155968   ----a-w-   C:\Windows\System32\win32k.sys
2013-10-19 02:18:57   81408   ----a-w-   C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59   159232   ----a-w-   C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 14:02:03.71 ===============

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
I suspected that you had downloaded from a suspect website. As a rule, it is best to get software from the authors website. For instance you can get Firefox direct from Mozilla's website. http://www.mozilla.org/en-US/firefox/new/

There are some other websites that are reputable that host large amounts of software like http://www.majorgeeks.com/ , http://filehippo.com/ , and others. Some like cnet you have to be careful with, some of their software uses their installer to download and install the file you want. They also provide a link to the file itself, and that is usually the best way to do it.


Now as to the problems you are having, please run the scans below.

Please follow these steps:

1.- Download AdwCleaner by Xplode onto your Desktop.
  •   Please close all open programs and internet browsers.
  •   Double click on Adwcleaner.exe to run the tool.
  •   Click on the Scan button..
  •   Please be patient as this can take a while to complete.
  •   You will get a prompt asking to close all programs. Click OK.
  •   Click OK again to reboot your computer. A text file will open after the restart.
  •   Please post the content of that logfile in your reply.
  •   You can find the logfile at C:\AdwCleaner[Sn].txt.
2.- Download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.
3.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline frankenotter

  • Bronze Member
  • Posts: 44
AdwCleaner log

# AdwCleaner v3.017 - Report created 13/01/2014 at 16:29:41
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : boziel - BOZIEL-PC
# Running from : C:\Users\boziel\Desktop\Kill\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\boziel\AppData\Local\Searchprotect
Folder Deleted : C:\Users\boziel\AppData\Local\Smartbar
Folder Deleted : C:\Users\boziel\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\boziel\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\boziel\AppData\Roaming\Systweak
Folder Deleted : C:\Users\boziel\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\boziel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [6607 octets] - [13/01/2014 16:27:54]
AdwCleaner[S0].txt - [6103 octets] - [13/01/2014 16:29:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6163 octets] ##########

Offline frankenotter

  • Bronze Member
  • Posts: 44
JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by boziel on Mon 01/13/2014 at 16:33:14.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\boziel\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/13/2014 at 16:36:09.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline frankenotter

  • Bronze Member
  • Posts: 44
RKiller



RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : boziel [Admin rights]
Mode : Scan -- Date : 01/13/2014 16:42:59
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 4
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Scheduled tasks : 0

Startup Entries : 0

Web browsers : 0

Browser Addons : 0

Particular Files / Folders:

Driver : [NOT LOADED 0x0]

External Hives:

Infection : 

HOSTS File:
--> %SystemRoot%\System32\drivers\etc\hosts




MBR Check:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] bf2c1f661e5d91bd1e3d6277419b479f
[BSP] c70c0b788ac2c38efcc849b01e34b836 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD1002FAEX-00Y9A0 ATA Device +++++
--- User ---
[MBR] d7e02196dc3013e816c9b53c5fa254ce
[BSP] 0dae53ebf26c91c814f17efc16efafca : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] d196c6c79f7e26a3f4d8d4154ce7e7f8
[BSP] 2587d2bf16051dbcf9b03fa876eaba83 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_01132014_164259.txt >>





Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
You jumped the gun a bit. All I wanted you to do was the scan, not the cleaning and removing.

How is the computer running now? Do you still have the conduit problem in IE after rebooting?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline frankenotter

  • Bronze Member
  • Posts: 44
Sorry Hoov, I should have read the instructions more carefully.

Today it's not using conduit as my default search engine/homepage. However, I'm still getting popups in the lower right side of my screen with things like ads from Time Warner Cable. I also get a popup from time to time telling me to update my Firefox to its latest version. This Popup is usually accompanied by another telling me DL video plugin. I always close out of those popups using task manager as not to click on something malicious by mistake.

I did DL what I think is a clean copy of Firefox. (I actually had to DL it to bid from my schedule). I followed your link and this time the DL didn't come with all the extra programs.

One side note........when I launch IE, it takes me to my preferred homepage (google). But, when I open up a new tab in IE, it takes me to a blank page even though my internet options homepage is still set to google. Does that make sense?
 

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Makes perfect sense. About the Popups, do they only happen in IE, or does it happen with all the browsers, or with no browser?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline frankenotter

  • Bronze Member
  • Posts: 44
Sorry for the delay. I did a bit of browsing today using chrome, IE, and FF. The popups are happening with all three. Most oddly is the lower right screen popups that are full length video ads. Almost like a mini youtube but with advertising.

Oh yea.....the popups only occur when I'm using one of the browsers. If the pc is just left idle, nothing happens.

Offline frankenotter

  • Bronze Member
  • Posts: 44
I also get a different homepage (popup) when I open a new tab.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Please download Extension List Dumper and install it. It is a Firefox extension.

Restart Firefox and then go to the addons list. There should now be a button in the upper right corner labeled Dump List Click it. Make sure all the checkboxes are checked, and the first drop down menu reads All and the second drop down list says HTML .

Now click the save button, save it to your desktop. Zip the file up and attach it to your next post.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline frankenotter

  • Bronze Member
  • Posts: 44
Alright. It took me a while to figure out the plugin but here's what i got.

Application: Firefox 26.0 (20131205075310)
Operating System: WINNT (x86-msvc)

January 17, 2014

Total number of items: 2

- Extension List Dumper 1.15.2
   extensionlistdumper@sogame.cat
   http://www.sogame.cat/
   January 17, 2014 09:50:16
   January 17, 2014 09:34:31
   Firefox 1.5 - 7.*
   Flock 1.0 - 2.*
   Songbird 0.4 - 1.11.0a
   Sunbird 0.3 - 0.9
   Thunderbird 1.5 - 6.*
   Dumps a list of the installed extensions.
- GreatArcadeHits Add-on 1.0.0 (Disabled)
   {B21F5E31-B8E8-41CD-B74C-168A71A10E49}
   http://www.greatarcadehits.com
   January 8, 2014 19:37:34
   Firefox 3.0 - 99.*
   Play GreatArcadeHits Games!