Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit.A removal


  • Please log in to reply
22 replies to this topic

#1 bitesized1612

bitesized1612

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:12:02 PM

Posted 08 August 2013 - 01:28 AM

I ran Malware-bytes about 3 days ago to kill something called cltmng.exe/Conduit.A. It took down something called SearchProtect.A and Somoto as well and when I scanned again (also with MSE) I came up clean. I got reinfected with Conduit.A tonight by accident and after I scanned with MBAM to kill it, I checked to see if all the start up entries were gone yet. 2 entries from the first infection are still there, yuck. I ran SuperAntiSpyware and all it deleted was 1 adware cookie. I'm running ESET online scanner right now but I might need some more experienced help to make sure it's gone? Thank you.


Edited by bitesized1612, 08 August 2013 - 01:31 AM.


Windows 7 Professional SP1 (64-bit) // HP EliteBook 8460p = 2.50GHz + 8GB RAM 

 

AVAST! - Google Chrome & Mozilla Firefox - LibreOffice - Rainmeter

 

Currently Testing: Linux Mint 17.3 XFCE on a Dell Inspiron 531 (2.1Ghz +3GB RAM)

Status: steady with some minor issues


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:02 AM

Posted 08 August 2013 - 01:40 AM

Hello bitesized -

Please run these few programs after your ESET scan is completed

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE : Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Post those logs with anything that ESETscanner finds -

 

Thank You -

EDIT - Please click on Follow this topic at the Top Right side of your post


Edited by noknojon, 08 August 2013 - 01:42 AM.


#3 bitesized1612

bitesized1612
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:12:02 PM

Posted 08 August 2013 - 09:50 AM

ESET found no infections.

 

 Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Out of date Malwarebytes Anti-Malware installed!
 CCleaner     
 Java 7 Update 25  
 Adobe Flash Player     11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (22.0)
 Mozilla Thunderbird (17.0.8)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````
 

# AdwCleaner v2.306 - Logfile created 08/08/2013 at 10:33:08
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : SysAdmin - PERCYW-PC
# Boot Mode : Normal
# Running from : C:\Users\sysadmin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\cjlanc\AppData\Roaming\SearchProtect
File Deleted : C:\END
Folder Deleted : C:\Program Files\MixiDJ_V37
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Users\cjlanc\AppData\Roaming\iWin
Folder Deleted : C:\Users\sysadmin\AppData\Local\Conduit
Folder Deleted : C:\Users\sysadmin\AppData\LocalLow\MixiDJ_V37
Folder Deleted : C:\Users\sysadmin\AppData\Roaming\iWin
Folder Deleted : C:\Users\sysadmin\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V37
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V37 Toolbar
Key Deleted : HKLM\Software\MixiDJ_V37
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\sysadmin\AppData\Roaming\Mozilla\Firefox\Profiles\577y9mo7.default\prefs.js

Deleted : user_pref("CT3298573.FF19Solved", "true");
Deleted : user_pref("CT3298573.UserID", "UN38953952032331326");
Deleted : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3298573.fullUserID", "UN38953952032331326.IN.20130804162629");
Deleted : user_pref("CT3298573.installDate", "04/08/2013 16:26:28");
Deleted : user_pref("CT3298573.installSessionId", "{4E6ABD2C-BEBC-4E56-9E09-57326EE7F2D4}");
Deleted : user_pref("CT3298573.installSp", "TRUE");
Deleted : user_pref("CT3298573.installerVersion", "1.5.4.5");
Deleted : user_pref("CT3298573.keyword", "true");
Deleted : user_pref("CT3298573.originalHomepage", "about:home");
Deleted : user_pref("CT3298573.originalSearchAddressUrl", "");
Deleted : user_pref("CT3298573.originalSearchEngine", "");
Deleted : user_pref("CT3298573.originalSearchEngineName", "");
Deleted : user_pref("CT3298573.searchRevert", "false");
Deleted : user_pref("CT3298573.searchUserMode", "2");
Deleted : user_pref("CT3298573.smartbar.homepage", "true");
Deleted : user_pref("CT3298573.versionFromInstaller", "10.16.9.6");
Deleted : user_pref("CT3298573.xpeMode", "0");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298573&octid=CT329857[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("browser.search.defaultenginename", "MixiDJ V37 Customized Web Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V37 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN389539520[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298573");
Deleted : user_pref("smartbar.machineId", "XYWNBQYAMSGP9TWIZ2VFOSS9NXUQUZ+XELKVJSVMR/D+W/CG81UCJWTOYJ5BJTKZSOQ[...]

File : C:\Users\cjlanc\AppData\Roaming\Mozilla\Firefox\Profiles\x0kn9nm8.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4919 octets] - [08/08/2013 10:31:24]
AdwCleaner[S1].txt - [4969 octets] - [08/08/2013 10:33:08]

########## EOF - C:\AdwCleaner[S1].txt - [5029 octets] ##########
 

 

I still see the 2 start up entries that there 4 days ago now but logs are coming up clean.

 

Thank you for your help. :)



Windows 7 Professional SP1 (64-bit) // HP EliteBook 8460p = 2.50GHz + 8GB RAM 

 

AVAST! - Google Chrome & Mozilla Firefox - LibreOffice - Rainmeter

 

Currently Testing: Linux Mint 17.3 XFCE on a Dell Inspiron 531 (2.1Ghz +3GB RAM)

Status: steady with some minor issues


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:02 AM

Posted 08 August 2013 - 05:58 PM

Malwarebytes Anti-Malware version 1.70.0.1100  Out of date Malwarebytes Anti-Malware installed!
Please open your version of Malwarebytes Anti-Malware and click the Update tab.
Then click Check for updates (your listed version is very old)

Then click the Scan tab and select > Quick scan > Scan -
Post the results back here

 

Also - You have SUPERAntiSpyware Free (aka SAS) listed

* Please Update the program first

* When completed, a log will open in Notepad.

* Run a Quick Scan only and you can remove all found items
* Post the log back here.

Be sure to reboot the computer after you post the log.

 

 

Thanks -


Edited by noknojon, 08 August 2013 - 06:03 PM.


#5 bitesized1612

bitesized1612
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:12:02 PM

Posted 08 August 2013 - 08:40 PM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.08.08.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
SysAdmin :: PERCYW-PC [administrator]

8/8/2013 9:10:38 PM
mbam-log-2013-08-08 (21-10-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251563
Time elapsed: 11 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

--------

 SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/08/2013 at 09:31 PM

Application Version : 5.6.1020

Core Rules Database Version : 10678
Trace Rules Database Version: 8490

Scan type       : Quick Scan
Total Scan Time : 00:06:09

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 652
Memory threats detected   : 0
Registry items scanned    : 32158
Registry threats detected : 0
File items scanned        : 8729
File threats detected     : 0
 

Still concerned that something still lurking around. Maybe MBAM, SAS and MSE aren't picking up everything?


Edited by bitesized1612, 08 August 2013 - 08:41 PM.


Windows 7 Professional SP1 (64-bit) // HP EliteBook 8460p = 2.50GHz + 8GB RAM 

 

AVAST! - Google Chrome & Mozilla Firefox - LibreOffice - Rainmeter

 

Currently Testing: Linux Mint 17.3 XFCE on a Dell Inspiron 531 (2.1Ghz +3GB RAM)

Status: steady with some minor issues


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:02 PM

Posted 08 August 2013 - 08:47 PM

Your MBAM still did not update to version 1.75
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:02 AM

Posted 08 August 2013 - 10:22 PM

Malwarebytes Anti-Malware version 1.70.0.1100  Out of date Malwarebytes Anti-Malware installed!
Please open your version of Malwarebytes Anti-Malware and click the Update tab.
Then click Check for updates (your listed version is very old)

 

From my post above -



#8 bitesized1612

bitesized1612
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:12:02 PM

Posted 09 August 2013 - 10:17 AM

Latest is 1.75, right? I had to look for the option in settings to download a new version of the program along with the database and check it. It never warned me that the program itself was out of date even though I had that option checked marked?  :huh:  I use only the free version.

 

It turned on the Pro version free trial which I had to turn off because it hung up my system as soon as it finished installing and I can't afford to buy a license any time soon. I'll do another scan and see if it picks anything else.

 

EDIT: Wow, it keeps hanging up everytime I use it and Shockwave flash plug-in in my browser crashes too. This is why I don't think my system's clean enough yet.


Edited by bitesized1612, 09 August 2013 - 03:06 PM.


Windows 7 Professional SP1 (64-bit) // HP EliteBook 8460p = 2.50GHz + 8GB RAM 

 

AVAST! - Google Chrome & Mozilla Firefox - LibreOffice - Rainmeter

 

Currently Testing: Linux Mint 17.3 XFCE on a Dell Inspiron 531 (2.1Ghz +3GB RAM)

Status: steady with some minor issues


#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:02 AM

Posted 09 August 2013 - 05:16 PM

With the Free version, you will not get warnings or Auto Updates (that is the paid version only)

You need to Manually Update every week to get the latest versions.

 

This is the same with SUPERAntiSpyware Free (aka SAS) -

You need to check for Updates Manually prior to doing any scans -

 

Do this and then post back both new logs -

 

Thanks -



#10 bitesized1612

bitesized1612
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:12:02 PM

Posted 09 August 2013 - 07:38 PM

Malwarebytes hangs up in the middle of scanning and has to be shutdown with the Task Manager. Sometimes it won't even start. What do I do now?

 

Edit: Okay now I have to type this from a different computer. I tried scanning with SAS and now everything is hung up. What on earth is going on?

 

Edit # 2: Restarted in Safe Mode with Networking and attempting to scan. If that doesn't work then I'm at a loss. Everything keeps crashing even I do something normal on it. I can maybe delete some old files but that won't alleviate the core issue here.


Edited by bitesized1612, 09 August 2013 - 07:48 PM.


Windows 7 Professional SP1 (64-bit) // HP EliteBook 8460p = 2.50GHz + 8GB RAM 

 

AVAST! - Google Chrome & Mozilla Firefox - LibreOffice - Rainmeter

 

Currently Testing: Linux Mint 17.3 XFCE on a Dell Inspiron 531 (2.1Ghz +3GB RAM)

Status: steady with some minor issues


#11 bitesized1612

bitesized1612
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:12:02 PM

Posted 09 August 2013 - 09:56 PM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.09.04

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16635
SysAdmin :: PERCYW-PC [administrator]

Protection: Disabled

8/9/2013 8:57:00 PM
mbam-log-2013-08-09 (20-57-00).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 388351
Time elapsed: 51 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/09/2013 at 10:38 PM

Application Version : 5.6.1020

Core Rules Database Version : 10679
Trace Rules Database Version: 8491

Scan type       : Complete Scan
Total Scan Time : 00:40:32

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 419
Memory threats detected   : 0
Registry items scanned    : 36947
Registry threats detected : 0
File items scanned        : 61021
File threats detected     : 0
 

----

 

My external HDD called (E:/) seemed to cause the issue with scanning the last two times but earlier C:/ was doing it too. Here's the separate scans for that:

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.09.04

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16635
SysAdmin :: PERCYW-PC [administrator]

Protection: Disabled

8/9/2013 8:49:25 PM
mbam-log-2013-08-09 (20-49-25).txt

Scan type: Full scan (E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255615
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/09/2013 at 10:50 PM

Application Version : 5.6.1020

Core Rules Database Version : 10679
Trace Rules Database Version: 8491

Scan type       : Complete Scan
Total Scan Time : 00:07:03

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 427
Memory threats detected   : 0
Registry items scanned    : 36947
Registry threats detected : 0
File items scanned        : 7264
File threats detected     : 0
 

----

 

Still crashing and hanging up in normal mode. I'm going to do some maintenance if that helps (delete Temporary Internet files, empty Recycle Bin and so on).


Edited by bitesized1612, 09 August 2013 - 09:57 PM.


Windows 7 Professional SP1 (64-bit) // HP EliteBook 8460p = 2.50GHz + 8GB RAM 

 

AVAST! - Google Chrome & Mozilla Firefox - LibreOffice - Rainmeter

 

Currently Testing: Linux Mint 17.3 XFCE on a Dell Inspiron 531 (2.1Ghz +3GB RAM)

Status: steady with some minor issues


#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:02 AM

Posted 09 August 2013 - 10:07 PM

Please use MBAM CLEAN to fully remove the program. We can then Reinstall it.
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking) < We need to have these working in Normal Mode

 

We can try and see if there are any problems blocking these programs -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

Once that is finished run this program for us to have a look >

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

Finish with Please download Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK to reboot your computer and finish the cleanup.

Note: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

 

 

Thanks -



#13 bitesized1612

bitesized1612
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:12:02 PM

Posted 12 August 2013 - 04:01 PM

Sorry, I had to take care of some things before I could get back to this. Logs should be up tomorrow.

 

Thank you for you help. I really do appreciate it. :)



Windows 7 Professional SP1 (64-bit) // HP EliteBook 8460p = 2.50GHz + 8GB RAM 

 

AVAST! - Google Chrome & Mozilla Firefox - LibreOffice - Rainmeter

 

Currently Testing: Linux Mint 17.3 XFCE on a Dell Inspiron 531 (2.1Ghz +3GB RAM)

Status: steady with some minor issues


#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:02 AM

Posted 12 August 2013 - 06:27 PM

Take your time and only do this to fit in with your other duties -

 

Thank You -



#15 bitesized1612

bitesized1612
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:12:02 PM

Posted 18 August 2013 - 01:39 AM

Okay, I'm finally back. MBAM still hangs up, but if I don't make it scan two drives at once it works fine. Most recent logs:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.15.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
SysAdmin :: PERCYW-PC [administrator]

8/16/2013 3:52:51 PM
mbam-log-2013-08-16 (15-52-51).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380111
Time elapsed: 1 hour(s), 20 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.15.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
SysAdmin :: PERCYW-PC [administrator]

8/16/2013 5:16:58 PM
mbam-log-2013-08-16 (17-16-58).txt

Scan type: Full scan (E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257410
Time elapsed: 15 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

Here are the RKill and MiniToolBox Logs:

 

Rkill 2.6.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/15/2013 12:20:10 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 08/15/2013 12:20:58 AM
Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s)
 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by SysAdmin (administrator) on 15-08-2013 at 00:22:32
Running from "C:\Users\sysadmin\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/09/2013 08:35:10 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e8

Start Time: 01ce95606335ac29

Termination Time: 60000

Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 8af366dc-0154-11e3-a8e2-001e683df430

Error: (08/09/2013 08:27:18 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f1c

Start Time: 01ce955e9b38da0c

Termination Time: 156

Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 9747c68d-0153-11e3-a8e2-001e683df430

Error: (08/09/2013 04:08:37 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1054

Start Time: 01ce9512dce857a9

Termination Time: 50

Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 89422f8b-012e-11e3-84ff-001e683df430

Error: (08/07/2013 09:48:27 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 86c

Start Time: 01ce916c8f42a717

Termination Time: 60000

Application Path: C:\Windows\Explorer.EXE

Report Id: 6a39c1d4-ffcc-11e2-b4c7-0018f82891a8

Error: (08/04/2013 06:18:51 PM) (Source: Application Hang) (User: )
Description: The program LiLi USB Creator.exe version 2.8.88.51 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b80

Start Time: 01ce915fea57d19c

Termination Time: 60000

Application Path: C:\Program Files\LinuxLive USB Creator\LiLi USB Creator.exe

Report Id: 7f09a187-fd53-11e2-b655-001e683df430

Error: (08/04/2013 05:47:33 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 22.0.0.4917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16c0

Start Time: 01ce915b7f7232eb

Termination Time: 87

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 6a76aec7-fd4f-11e2-b655-001e683df430

Error: (08/04/2013 05:47:28 PM) (Source: Application Hang) (User: )
Description: The program spotify.exe version 0.9.1.57 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 930

Start Time: 01ce9158bb41cd12

Termination Time: 60000

Application Path: C:\Users\cjlanc\AppData\Roaming\Spotify\spotify.exe

Report Id: 35c64cee-fd4f-11e2-b655-001e683df430

Error: (08/04/2013 05:46:43 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16635 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e58

Start Time: 01ce915bc35f5489

Termination Time: 9

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (08/04/2013 05:41:48 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 22.0.0.4917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6b8

Start Time: 01ce9158bc2d754d

Termination Time: 70

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 9a2b53f2-fd4e-11e2-b655-001e683df430

Error: (08/04/2013 04:28:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: ieLogic.exe, version: 6.15.0.27, time stamp: 0x4bc06cd3
Faulting module name: ldrtbMixi.dll, version: 6.15.0.27, time stamp: 0x51e64fad
Exception code: 0xc0000417
Fault offset: 0x00023544
Faulting process id: 0x1180
Faulting application start time: 0xieLogic.exe0
Faulting application path: ieLogic.exe1
Faulting module path: ieLogic.exe2
Report Id: ieLogic.exe3


System errors:
=============
Error: (08/14/2013 11:45:02 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/14/2013 11:41:23 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume E:.

Error: (08/14/2013 11:41:23 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Storage.

Error: (08/14/2013 11:41:16 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume E:.

Error: (08/14/2013 01:54:01 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/13/2013 11:10:02 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (08/13/2013 09:40:41 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (08/13/2013 01:42:29 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (08/13/2013 01:01:56 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (08/13/2013 00:20:12 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.


Microsoft Office Sessions:
=========================
Error: (08/09/2013 08:35:10 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.11e801ce95606335ac2960000C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe8af366dc-0154-11e3-a8e2-001e683df430

Error: (08/09/2013 08:27:18 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1f1c01ce955e9b38da0c156C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe9747c68d-0153-11e3-a8e2-001e683df430

Error: (08/09/2013 04:08:37 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1105401ce9512dce857a950C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe89422f8b-012e-11e3-84ff-001e683df430

Error: (08/07/2013 09:48:27 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756786c01ce916c8f42a71760000C:\Windows\Explorer.EXE6a39c1d4-ffcc-11e2-b4c7-0018f82891a8

Error: (08/04/2013 06:18:51 PM) (Source: Application Hang)(User: )
Description: LiLi USB Creator.exe2.8.88.51b8001ce915fea57d19c60000C:\Program Files\LinuxLive USB Creator\LiLi USB Creator.exe7f09a187-fd53-11e2-b655-001e683df430

Error: (08/04/2013 05:47:33 PM) (Source: Application Hang)(User: )
Description: firefox.exe22.0.0.491716c001ce915b7f7232eb87C:\Program Files\Mozilla Firefox\firefox.exe6a76aec7-fd4f-11e2-b655-001e683df430

Error: (08/04/2013 05:47:28 PM) (Source: Application Hang)(User: )
Description: spotify.exe0.9.1.5793001ce9158bb41cd1260000C:\Users\cjlanc\AppData\Roaming\Spotify\spotify.exe35c64cee-fd4f-11e2-b655-001e683df430

Error: (08/04/2013 05:46:43 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.166351e5801ce915bc35f54899C:\Program Files\Internet Explorer\iexplore.exe

Error: (08/04/2013 05:41:48 PM) (Source: Application Hang)(User: )
Description: firefox.exe22.0.0.49176b801ce9158bc2d754d70C:\Program Files\Mozilla Firefox\firefox.exe9a2b53f2-fd4e-11e2-b655-001e683df430

Error: (08/04/2013 04:28:36 PM) (Source: Application Error)(User: )
Description: ieLogic.exe6.15.0.274bc06cd3ldrtbMixi.dll6.15.0.2751e64fadc000041700023544118001ce91512dd3883fC:\Users\sysadmin\AppData\Local\Temp\ct3298573\ieLogic.exeC:\Users\sysadmin\AppData\LocalLow\MixiDJ_V37\ldrtbMixi.dll705b9dc3-fd44-11e2-aaba-001e683df430


=========================== Installed Programs ============================

µTorrent (Version: 3.2.2.28595)
7-Zip 9.20
Adobe AIR (Version: 3.5.0.600)
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Audiosurf
Bejeweled 3
Big Fish Games: Game Manager (Version: 3.0.1.60)
Bing Desktop (Version: 1.0.45.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.03)
Convert MP4 to MP3
Dark Tales: Edgar Allan Poe's The Gold Bug
Dark Tales: Edgar Allan Poe's The Masque of the Red Death
Dark Tales: Edgar Allan Poe's The Masque of the Red Death Collector's Edition
Defraggler (Version: 2.14)
FoxyProxy Internet Explorer Add-on (Version: 1.0.8)
Free M4a to MP3 Converter 8.0
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
iTunes (Version: 11.0.2.26)
Jarte 5.0 (Version: 5.0)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Jewel Quest Solitaire
LibreOffice 4.0 Help Pack (English) (Version: 4.0.4.2)
LibreOffice 4.0.4.2 (Version: 4.0.4.2)
LinuxLive USB Creator (Version: 2.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
MozBackup 1.5.1
Mozilla Firefox 23.0 (x86 en-US) (Version: 23.0)
Mozilla Maintenance Service (Version: 23.0)
Mozilla Thunderbird 17.0.8 (x86 en-US) (Version: 17.0.8)
Nancy Drew: Alibi in Ashes
Nancy Drew: Message in a Haunted Mansion
Nancy Drew: Warnings at Waverly Academy
Oracle VM VirtualBox 4.2.16 (Version: 4.2.16)
Portal
QuickTime (Version: 7.74.80.86)
Ranch Rush
RedNotebook 1.6.6
Revo Uninstaller 1.95 (Version: 1.95)
RocketDock 1.3.5
Speccy (Version: 1.22)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.6.1020)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VLC media player 2.0.6 (Version: 2.0.6)
Write or Die Desktop Edition (Version: 1.13)

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 2038.43 MB
Available physical RAM: 1391.47 MB
Total Pagefile: 4076.86 MB
Available Pagefile: 3327.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.89 MB

========================= Partitions: =====================================

1 Drive c: (PercyW) (Fixed) (Total:111.69 GB) (Free:57.38 GB) NTFS
3 Drive e: (Storage) (Fixed) (Total:465.76 GB) (Free:270.75 GB) NTFS
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive g: (CRUZER) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
6 Drive h: (PUBLICZONE) (Removable) (Total:0.05 GB) (Free:0.05 GB) FAT

========================= Users: ========================================

User accounts for \\PERCYW-PC

Administrator            cjlanc                   Guest                    
SysAdmin                 

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 

TFC Cleaner did not make me reboot. I probably need to uninstall/update some programs and do some maintenance (defrag, etc) to cope with other performance issues. I feel a bit paranoid because I got a rootkit when I had Vista on this laptop but SearchProtectAll/cltmng.exe is still lingering around in my msconfig startup entries and apparently running in the background, hanging up windows and slowing things down.

 

 



Windows 7 Professional SP1 (64-bit) // HP EliteBook 8460p = 2.50GHz + 8GB RAM 

 

AVAST! - Google Chrome & Mozilla Firefox - LibreOffice - Rainmeter

 

Currently Testing: Linux Mint 17.3 XFCE on a Dell Inspiron 531 (2.1Ghz +3GB RAM)

Status: steady with some minor issues





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users