Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit Search Infection?


  • Please log in to reply
7 replies to this topic

#1 Doozergirl

Doozergirl

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 17 February 2014 - 06:53 AM

Hi,

 

Hopefully I've come to the right place, I'm looking for some help please.

 

Logged on to my laptop this morning and various pop ups were appearing.  I'm on windows 8 operating system.

 

I noticed that my homepage and search box settings have been changed to conduit?

 

I did have Mcfee on the computer as 'BT Net Protect' but cancelled my BT account recently and the protection went with it.  It hasn't been uninstalled. 

 

I've attempted to uninstall odd looking programs.  After that, firefox (and IE) was refusing to connect to the internet.  I googled from my iphone at that point for a solution and had to untick some kind of proxy server setting.  Internet connection is now working but from reading forums, I suspect I have a larger issue.

 

I think the problem on the firefox screeen contained this

C:\Users\Nicola\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll

 

This morning I've installed Avast and Malwarebytes, both currently scanning.

 

Would someone be able to advise me please?  Admittedly I have no idea what I 'm looking for or doing.

 



BC AdBot (Login to Remove)

 


#2 bassfisher6522

bassfisher6522

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 17 February 2014 - 08:25 AM

Your infected with the malware/spyware Conduit. Find it in the add/remove programs list and right click it and select uninstall. Then run malwarebytes, superantispyware and spybot s&d 1.6.2 in safe mode, running full scans, not quick scans.



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:58 AM

Posted 17 February 2014 - 10:45 AM

I would use this also. Please post your scan logs for review.


ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
[list]
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Doozergirl

Doozergirl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 17 February 2014 - 03:49 PM

Thanks guys.  I have everything scanning now!  Do you want logs from all of them? 



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:58 AM

Posted 17 February 2014 - 04:00 PM

Logs are good!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Doozergirl

Doozergirl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 17 February 2014 - 04:06 PM

Ok, well the ADwCleaner did it's stuff first and closed everything else, lol!

 

Here's the log from that.  I'll find the log from malwarebytes from this morning too, if I can.

 

# Operating System : Windows 8  (64 bits)
# Username : Nicola - THENEWDOOZER
# Running from : C:\Users\Nicola\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Nosibay
Folder Deleted : C:\windows\SysWOW64\Searchprotect
Folder Deleted : C:\Users\Nicola\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Nicola\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Nicola\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Nicola\AppData\Roaming\Nosibay
File Deleted : C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\sadrkfa9.default\invalidprefs.js
File Deleted : C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\sadrkfa9.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\sadrkfa9.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
File Deleted : C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\EPUpdater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKCU\Software\58488d1bd6aef49
Key Deleted : HKLM\SOFTWARE\58488d1bd6aef49
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\sadrkfa9.default\prefs.js ]

Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=4C42890E-DA17-4A90-9956-67F1231789E4&n=77fce515&p2=^Y6^xdm034^YY^gb&si=swissconverter");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013062421");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm034^YY^gb");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "swissconverter");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "4C42890E-DA17-4A90-9956-67F1231789E4");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1372105349015");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5147 octets] - [17/02/2014 20:53:58]
AdwCleaner[S0].txt - [4914 octets] - [17/02/2014 20:59:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4974 octets] ##########
 



#7 Doozergirl

Doozergirl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 17 February 2014 - 04:10 PM

This was a quick scan from earlier.  I didn't manage to check every box to delete everything but am running a full scan now. 

 

Thanks for your help :flowers:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.17.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Nicola :: THENEWDOOZER [administrator]

Protection: Enabled

17/02/2014 11:19:17
mbam-log-2014-02-17 (11-19-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245798
Time elapsed: 17 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 44
HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> No action taken.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
HKCU\Software\Nosibay\Bubble Dock Tag (PUP.Optional.BubbleDock.A) -> No action taken.
HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> No action taken.
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SEARCHPROTECTINT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\d (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.

Registry Values Detected: 8
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> No action taken.
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Data:  -> No action taken.
HKCU\Software\Delta\delta|lastB (PUP.Optional.Delta.A) -> Data: http://www.delta-search.com/?affID=121845&tt=gc_&babsrc=HP_ss&mntrId=32F820689DFEBABB -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BrowserSafeguard (PUP.Optional.BrowserSafeGuard.A) -> Data: "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe" -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Quarantined and deleted successfully.
HKCU\Software\SearchProtectINT|Install (PUP.Optional.SearchProtect.A) -> Data: 1 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: browsersafeguard-rockettab-revenyou -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPC97E2583-8B09-4426-9DDB-F53D5C18FFDA&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 11
C:\Program Files (x86)\Delta\delta\1.8.21.5\bh (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 97
C:\Users\Nicola\AppData\Local\Temp\ICReinstall_Setup.exe (PUP.Optional.InstallCore.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Temp\Install_BubbleDock_IT.exe (PUP.Optional.BubbleDock.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Temp\nsfE29B.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Temp\nsqABB4.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Temp\nswF307.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Temp\SearchProtectINT.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Temp\1B93D861-BAB0-7891-AB71-5532555A7DD0\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Temp\bus148F\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Temp\bus2491\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Temp\bus4268\BUSolution.dll (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Temp\bus8F9B\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Temp\busD3C2\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Temp\is1275519350\DeltaTB.exe (PUP.Optional.Delta.A) -> No action taken.
C:\Windows\Temp\nsc3E2.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Nicola\Downloads\Skype.exe (PUP.Optional.Outbrowse) -> No action taken.
C:\Users\Nicola\Local Settings\Temporary Internet Files\Content.IE5\7Q4KXYEY\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Nicola\Local Settings\Temporary Internet Files\Content.IE5\XSW7Z4RE\pack[1].7z (PUP.Optional.PerformerSoft.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\ewebstorewrapper.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe.tmp (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\Resources\libplc4.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\Resources\softokn3.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaApp.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaEng.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.21.5\uninstall.exe (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Nicola\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> No action taken.
C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Delta\delta\1.8.21.5\deltasrv.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\DM1392497189.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\4DE5.tmp (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\Install_BubbleDock_ES.exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\Install_BubbleDock_FR.exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\Install_BubbleDock_GB.exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\nsbD971.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\nscE75D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\nsdEB08.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\nsj8768.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\nskC868.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\nsoED68.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\nsr8D55.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\nssCFDB.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\nswD9A1.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\nsx8295.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\1722014103346\Uninstall Bubble Dock.exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\1B93D861-BAB0-7891-AB71-5532555A7DD0\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\1B93D861-BAB0-7891-AB71-5532555A7DD0\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\1B93D861-BAB0-7891-AB71-5532555A7DD0\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\bus1045\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\bus16B1\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\bus217A\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\bus2429\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\bus329D\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\bus3906\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\bus4173\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\bus4DEF\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\bus7ECF\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\bus7F5\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\bus988B\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\busA332\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\busB5DD\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\busD885\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\busE7E3\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\busECC\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\is1275519350\Setup-D502DD2B71B5.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\nsn392C\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Windows\Temp\nsh3B3.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsr68E6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsrCD8C.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\Downloads\uplayermediaplayer-setup.exe (PUP.Optional.FullSpectrumAdmin) -> Quarantined and deleted successfully.
C:\Users\Nicola\Local Settings\Temporary Internet Files\Content.IE5\2V21A3UT\60190.Bubble_Dock.BBD023.no[1].exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\Local Settings\Temporary Internet Files\Content.IE5\2V21A3UT\Setup[1].exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\Local Settings\Temporary Internet Files\Content.IE5\GYQU08XW\SetupGreatArcadeHits[1].exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\Local Settings\Temporary Internet Files\Content.IE5\X3NJW590\60190.Bubble%20Dock%20AddonsUI[1].exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\Local Settings\Temporary Internet Files\Content.IE5\XSW7Z4RE\BubbleDockInstaller[1].exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\Local Settings\Temporary Internet Files\Content.IE5\XSW7Z4RE\WebCakesetup[1].exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\Local Settings\Temporary Internet Files\Content.IE5\ZZ1SHMN2\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Roaming\Bubble Dock.boostrap.log (PUP.Optional.Bubbledock.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\makecert.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\TrustedRoot.cer (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\certutil.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\libnspr4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\libplds4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\nss3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\smime3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Delta\delta\1.8.21.5\GUninstaller.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

(end)


Edited by Doozergirl, 17 February 2014 - 04:11 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:58 AM

Posted 17 February 2014 - 04:26 PM

Remove all it finds ,none of that is any good.

Edited by boopme, 17 February 2014 - 04:27 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users