Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential Unwanted Program


  • Please log in to reply
3 replies to this topic

#1 Notorious

Notorious

  • Members
  • 345 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Amsterdam
  • Local time:05:36 PM

Posted 02 January 2014 - 05:05 PM

Hi folx.. First of, Happy New Year!!! :)

Next, I don't think I'm infected, but today I run HitmanPro (expired!) demo version on Windows 7 Ultimate and found a corrupted Deskjet  hpvcrt.dll  and PUP.

Time ago I had a bricked Seagate drive (bad firmware) which could explain corrupted DLL. I did manage to restore the drive, and I deleted whole Deskjet map coz I'm not using printer anyway. Then I went looking for  solution and found AdwCleaner.

I did a scan but I didn't dare to remove anything before asking somebody for advice.

 

Here is the PUP I'm trying to get rid of;

   HKLM\SOFTWARE\Wow6432Node\Conduit\ (Rocketfuel)
   HKU\S-1-5-21-4153342617-2912158709-4251243179-1000\Software\AppDataLow\Software\SmartBar\ (Conduit)

 

And here is the AdwCleaner log.

 

# AdwCleaner v3.016 - Report created 02/01/2014 at 22:01:18
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Predator - PREDATOR-PC
# Running from : C:\Users\Predator\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Predator\AppData\Roaming\Mozilla\Firefox\Profiles\q81pblqi.default\user.js
File Found : C:\Windows\System32\Tasks\Express FilesUpdate
Folder Found : C:\Users\Predator\AppData\Roaming\Mozilla\Firefox\Profiles\q81pblqi.default\Extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}
Folder Found : C:\Users\Predator\AppData\Roaming\Mozilla\Firefox\Profiles\q81pblqi.default\Extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}
Folder Found : C:\Users\Predator\AppData\Roaming\Mozilla\Firefox\Profiles\q81pblqi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Found C:\Program Files (x86)\ExpressFiles
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\savennshaire
Folder Found C:\ProgramData\StarApp
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\Predator\AppData\LocalLow\savennshaire
Folder Found C:\Users\Predator\AppData\Roaming\ExpressFiles
Folder Found C:\Users\Predator\AppData\Roaming\Mozilla\Firefox\Profiles\q81pblqi.default\CT2849859

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\ExpressFiles
Key Found : [x64] HKCU\Software\ExpressFiles
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\ExpressFiles
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_703c874a
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Predator\AppData\Roaming\Mozilla\Firefox\Profiles\q81pblqi.default\prefs.js ]

Line Found : user_pref("CT2849859.FF19Solved", "true");
Line Found : user_pref("CT2849859.UserID", "UN35890795652303631");
Line Found : user_pref("CT2849859.fullUserID", "UN35890795652303631.IN.20130827130502");
Line Found : user_pref("CT2849859.installDate", "27/08/2013 13:05:02");
Line Found : user_pref("CT2849859.installSessionId", "-1");
Line Found : user_pref("CT2849859.installSp", "FALSE");
Line Found : user_pref("CT2849859.installerVersion", "1.5.4.4");
Line Found : user_pref("CT2849859.searchRevert", "FALSE");
Line Found : user_pref("CT2849859.searchUserMode", "1");
Line Found : user_pref("CT2849859.versionFromInstaller", "10.16.70.5");
Line Found : user_pref("CT2849859.xpeMode", "0");
Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("extensions.51ff8caf81a98.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';s[...]
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("smartbar.machineId", "SD9YHCNDX/U0LHEBJTLNQHIY9LCLRGCMJPVUN0TX2PGY8BZJOGO2HCAKTDSFYDTZPFL6EHJCGSUNPDYJ+F9Y2A");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ File : C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4961 octets] - [02/01/2014 22:01:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5021 octets] ##########
 

 

My question is, can I just delete everything AdwCleaner found?

 

I'm running Malwarebites Pro and Microsoft Security Essentials on my computer and scanning every few days. Both programs didn't find anything suspitious.

 

Thanks for your time..

 


Posted Image

Down in the bayou, Bubba called an attorney and asked, "Is it true they're suin' the cigarette companies for causing people to get cancer?
"Sure is Bubba. But why you asking?"
"Cause what I want to know is, I was thinking, can I sue Budweiser for all them ugly women I've slept with?"

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:36 PM

Posted 02 January 2014 - 08:39 PM

Usually it's safe to remove everything.

Just in case AdwCleaner creates "Quarantine" folder so if something goes wrong you can always put removed file back.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Notorious

Notorious
  • Topic Starter

  • Members
  • 345 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Amsterdam
  • Local time:05:36 PM

Posted 03 January 2014 - 09:02 AM

Thanks for quick reply.. :)


Posted Image

Down in the bayou, Bubba called an attorney and asked, "Is it true they're suin' the cigarette companies for causing people to get cancer?
"Sure is Bubba. But why you asking?"
"Cause what I want to know is, I was thinking, can I sue Budweiser for all them ugly women I've slept with?"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:36 PM

Posted 03 January 2014 - 06:37 PM

You're very welcome p22002759.gif


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users