Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit malware


  • Please log in to reply
21 replies to this topic

#1 mixpix

mixpix

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Cruz, California (USA)
  • Local time:03:58 PM

Posted 15 March 2014 - 09:36 PM

I was attempting to update flashplayer, on the advice of Secunia & FileHippo updater; so I thought.
I kept getting this prompt to update flashplayer, with a set of numbers.
Eventually, I Googled the issue & there is a site that addressed it directly. So I followed the procedure & ran the scan by Microsoft Essentials. It was also said that I had to address each individual browser also.

I use Mozilla & sometimes IE. I use the latter less frequently. It seems that I have the malware off of my computer proper, at this time, but I am concerned there is a remnant left on I E, so I am enquiring what I need to do, in making sure it can't climb back on to the machine. I didn't know if I could remove IE or what I could do so I can know, I will not have an issue?

I do have a screen shot, if it helps; hopefully I can post it?

Windows 10 Pro 64 bit version 1709
Processor: Intel® Core™2 Duo i5-4210U CPU  T5750 @ 1.70gHz 2.40 GHz
Ram: 8.00 GB
system type: 64bit x-64-based processor
http://speccy.piriform.com/results/VNZNmcrsHQpEHgN51iurDWj


BC AdBot (Login to Remove)

 


#2 mixpix

mixpix
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Cruz, California (USA)
  • Local time:03:58 PM

Posted 15 March 2014 - 09:54 PM

http://i236.photobucket.com/albums/ff44/mixpix33/trojandownloader3-15_zps1548115e.png


Edited by mixpix, 15 March 2014 - 10:14 PM.

Windows 10 Pro 64 bit version 1709
Processor: Intel® Core™2 Duo i5-4210U CPU  T5750 @ 1.70gHz 2.40 GHz
Ram: 8.00 GB
system type: 64bit x-64-based processor
http://speccy.piriform.com/results/VNZNmcrsHQpEHgN51iurDWj


#3 MakeItBetter

MakeItBetter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 PM

Posted 15 March 2014 - 11:13 PM

If I visited a site and it told me to download flash, I wouldn't click on the link...I'd go to the Adobe site directly (and then make sure to click off any of the "ridealong" software they want to add)...

 

Did you click to download directly at the website?

 

Since you're clearly infected according to MSE, you might want to follow the instructions for posting for help over on the malware forum itself...

 

Cheers!

 

Jann



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 AM

Posted 16 March 2014 - 04:15 AM

Hello -
Only install (or update) from Here. The real Adobe site.
Untick the offer for Google Chrome and any other unwanted offers.

First, you need to go to Start - Control Panel > Programs and Features and Uninstall ALL other versions of Flash Player you can find.

 

Now - Download all programs to desktop and Copy and Paste all Logs / results.

 

Next -

For any Conduit installs, please follow this -

(For my information)

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.
 

 

Now -

Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

Please post the small log back here

 

 

Now: - Please download AdwCleaner by Xplode and save to your Desktop.
NOTE : * Please close or save all work, as the computer will be Rebooted
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 

* Check the listing, and if you are not sure of any removal, post the R0txt log here

* NOW - Next: Click on the Clean button (only once) to remove the selected items. 
* You will receive a message telling you that all programs will be close so that the infections can be removed. 
* Click on OK, and then OK again to confirm the reboot.
* When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 
* Please copy and paste this log in your next post.

* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Next -

Shut down your protection software now to avoid potential conflicts.
* How To Temporarily Disable Your Anti-virus
* Please download Junkware Removal Tool to your desktop.
* Run the tool by double-clicking it.
* If you are using Windows Vista, 7, or 8, right click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

 

 

Next -

Download Malwarebytes' Anti-Malware Free (aka MBAM)

- Do not accept the Free Pro Trial Version at this time -
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer if required after you post the log.
To remove all "found items" you can follow the steps in this Malwarebytes illustrated blog post:
http://blog.malwarebytes.org/news/2013/09/selecting-all-pups/



#5 mixpix

mixpix
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Cruz, California (USA)
  • Local time:03:58 PM

Posted 16 March 2014 - 07:54 PM

I think it is in my I E 11. I have unchecked the box, for IE 11, in Windows features. Should I leave it on, while running these processes?

 

Thanks Aussie, ahead of time, for your trouble.


Windows 10 Pro 64 bit version 1709
Processor: Intel® Core™2 Duo i5-4210U CPU  T5750 @ 1.70gHz 2.40 GHz
Ram: 8.00 GB
system type: 64bit x-64-based processor
http://speccy.piriform.com/results/VNZNmcrsHQpEHgN51iurDWj


#6 mixpix

mixpix
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Cruz, California (USA)
  • Local time:03:58 PM

Posted 16 March 2014 - 08:02 PM

As per request, the text of Checkup text:

 

 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.9016)   
 Adobe Flash Player     12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (28.0)
 Mozilla Thunderbird (28.0.)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

RKILL text:

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/16/2014 05:58:55 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\jeff mick\Downloads\SecurityCheck.exe (PID: 4788) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/16/2014 05:59:19 PM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)

 

I sent this seperate, as of now, due to the next step rebooting the laptop.


Windows 10 Pro 64 bit version 1709
Processor: Intel® Core™2 Duo i5-4210U CPU  T5750 @ 1.70gHz 2.40 GHz
Ram: 8.00 GB
system type: 64bit x-64-based processor
http://speccy.piriform.com/results/VNZNmcrsHQpEHgN51iurDWj


#7 mixpix

mixpix
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Cruz, California (USA)
  • Local time:03:58 PM

Posted 16 March 2014 - 08:20 PM

Aussie

I try to uninstall Adobe Flash Players & readers; there are 3 different ones. Player, plugin, reader. All Adobe, & I would assume they need to work in concert. It is telling me that I need to shut down Mozilla, but I need Mozolla to run these downloads & processes.

 

Internet Explorer 11, is not working. I presume, it is due to the aforementioned virus? I did do the search--> windows features. When the box comes up, I uncheck the Internet Explorer 11 box. It then says it has to reboot. I have not rebooted yet, as I am trying to get these other functions processed, as I am at the Adware Cleaner portion of this process that you've got laid out for me; wich maybe moot, as I didn't get those FlashPlayers off yet.

 

I will probably have to get them off, after this machine reboots, But what should I do? Will the browser function, without flashplayer?

 

Thanks.


Windows 10 Pro 64 bit version 1709
Processor: Intel® Core™2 Duo i5-4210U CPU  T5750 @ 1.70gHz 2.40 GHz
Ram: 8.00 GB
system type: 64bit x-64-based processor
http://speccy.piriform.com/results/VNZNmcrsHQpEHgN51iurDWj


#8 mixpix

mixpix
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Cruz, California (USA)
  • Local time:03:58 PM

Posted 16 March 2014 - 08:26 PM

Aussie, the Adware cleaner run:

 

# AdwCleaner v3.022 - Report created 16/03/2014 at 18:23:06
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : jeff mick - JEFF-HOME-LAPTO
# Running from : C:\Users\jeff mick\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\jeff mick\AppData\Roaming\Mozilla\Firefox\Profiles\0isdk5ea.default\prefs.js ]


[ File : C:\Users\jeff mick\AppData\Roaming\Mozilla\Firefox\Profiles\9jnix96o.default-1394952857009\prefs.js ]

 

 

 

*************************

AdwCleaner[R0].txt - [5025 octets] - [15/03/2014 23:29:57]
AdwCleaner[R1].txt - [1023 octets] - [15/03/2014 23:58:11]
AdwCleaner[R2].txt - [890 octets] - [16/03/2014 18:23:06]
AdwCleaner[S0].txt - [5098 octets] - [15/03/2014 23:31:16]
AdwCleaner[S1].txt - [1085 octets] - [15/03/2014 23:59:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1069 octets] ##########

 

 

 

I put the report, just in case.


Edited by mixpix, 16 March 2014 - 08:29 PM.

Windows 10 Pro 64 bit version 1709
Processor: Intel® Core™2 Duo i5-4210U CPU  T5750 @ 1.70gHz 2.40 GHz
Ram: 8.00 GB
system type: 64bit x-64-based processor
http://speccy.piriform.com/results/VNZNmcrsHQpEHgN51iurDWj


#9 mixpix

mixpix
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Cruz, California (USA)
  • Local time:03:58 PM

Posted 16 March 2014 - 08:39 PM

Aussie,

 

This is after the cleaning from Adware:

 

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\jeff mick\AppData\Roaming\Mozilla\Firefox\Profiles\0isdk5ea.default\prefs.js ]


[ File : C:\Users\jeff mick\AppData\Roaming\Mozilla\Firefox\Profiles\9jnix96o.default-1394952857009\prefs.js ]


*************************

AdwCleaner[R0].txt - [5025 octets] - [15/03/2014 23:29:57]
AdwCleaner[R1].txt - [1023 octets] - [15/03/2014 23:58:11]
AdwCleaner[R2].txt - [1149 octets] - [16/03/2014 18:23:06]
AdwCleaner[S0].txt - [5098 octets] - [15/03/2014 23:31:16]
AdwCleaner[S1].txt - [1085 octets] - [15/03/2014 23:59:27]
AdwCleaner[S2].txt - [1071 octets] - [16/03/2014 18:32:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1131 octets] ##########

 

The previous was what was in the report. I didn't uncheck any boxes! Hoping I am not going too pay for that, down the road.


Windows 10 Pro 64 bit version 1709
Processor: Intel® Core™2 Duo i5-4210U CPU  T5750 @ 1.70gHz 2.40 GHz
Ram: 8.00 GB
system type: 64bit x-64-based processor
http://speccy.piriform.com/results/VNZNmcrsHQpEHgN51iurDWj


#10 mixpix

mixpix
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Cruz, California (USA)
  • Local time:03:58 PM

Posted 16 March 2014 - 08:51 PM

Darn it, as I was going to go for the step of "junkware removing tool" that malware came back!

 

I guess I have to gett rid of the flash players, as suggested. I tried to use Task Manager to shut it down. I clicked it in 'Application' & then clicked the 'Processes' tab. It read as if it was 'Apple IE' or something to that effect.

 

Anyway, the only browser that works, is this one from Mozilla. I have the IE 11 turned off, via 'Windows Features'. I don't have a cluse, where to go with this?

If I go through, and start from the beginning, starting with the removal of the Flash Players, will it be alright?

 

Thanks Aussie, again for your trouble. I will down load the instructions you had here. I did save all of those programs that you had me save to the desktop. So, if I don't hear back from you, I will work off of that sheet of paper that I will copy.


Windows 10 Pro 64 bit version 1709
Processor: Intel® Core™2 Duo i5-4210U CPU  T5750 @ 1.70gHz 2.40 GHz
Ram: 8.00 GB
system type: 64bit x-64-based processor
http://speccy.piriform.com/results/VNZNmcrsHQpEHgN51iurDWj


#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 AM

Posted 16 March 2014 - 09:41 PM

Hi -

I normally only ever use 1 browser (I.E.) and find no need for Firefox as it causes more problems.

 

 

Open AdwCleaner and this time hit Uninstall, agree to any OK, and it will remove the program.

This has already had several runs, so it is no longer useful. It needs to be reinstalled to be used again.

AdwCleaner[S0].txt - [5098 octets] - [15/03/2014 23:31:16]
AdwCleaner[S1].txt - [1085 octets] - [15/03/2014 23:59:27]
AdwCleaner[S2].txt - [1071 octets] - [16/03/2014 18:32:16]

These numbers above show that Clean has been used 3 times in 2 days.

I always post "Click on the Clean button (only once)", or the original logs are lost.

 

Below is from RKill log and means nothing, as you just asked a question "inside" your computer

 * C:\Users\jeff mick\Downloads\SecurityCheck.exe (PID: 4788) [UP-HEUR]
1 proccess terminated!

 

Just keep following my first post, and I can add more after that.



#12 mixpix

mixpix
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Cruz, California (USA)
  • Local time:03:58 PM

Posted 17 March 2014 - 12:10 AM

Aussie Addict,

 

I went through, verbatum of your instruction, except for a couple of instaces. Those that I couldn't comply as of yet are:
1) Not getting rid of Mozilla, due to a problem I was having with Internet Explorer 11. Actually, I was thinking that is where the virus originated from?

2) As for the last portion, of running MalwareBites. In order to post the texts, in the following, I had to re-ignite Microsoft Essentials Security. I had shut it, as per instructed for that scan, from MalwareBites. And, I didn't post those logs until NOW. I will have them in sequencial order:

 

 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.9016)   
 Adobe Flash Player     12.0.0.77  
 Mozilla Firefox (28.0)
 Mozilla Thunderbird (28.0.)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

RKILL:

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/16/2014 07:47:54 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.
 

 

ADWCleaner (before):

 

# AdwCleaner v3.022 - Report created 16/03/2014 at 19:50:02
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : jeff mick - JEFF-HOME-LAPTO
# Running from : C:\Users\jeff mick\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\jeff mick\AppData\Roaming\Mozilla\Firefox\Profiles\0isdk5ea.default\prefs.js ]


[ File : C:\Users\jeff mick\AppData\Roaming\Mozilla\Firefox\Profiles\9jnix96o.default-1394952857009\prefs.js ]


*************************

AdwCleaner[R0].txt - [5025 octets] - [15/03/2014 23:29:57]
AdwCleaner[R1].txt - [1023 octets] - [15/03/2014 23:58:11]
AdwCleaner[R2].txt - [1149 octets] - [16/03/2014 18:23:06]
AdwCleaner[R3].txt - [942 octets] - [16/03/2014 19:50:02]
AdwCleaner[S0].txt - [5098 octets] - [15/03/2014 23:31:16]
AdwCleaner[S1].txt - [1085 octets] - [15/03/2014 23:59:27]
AdwCleaner[S2].txt - [1211 octets] - [16/03/2014 18:32:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1181 octets] ##########

 

ADWCleaner (after)

# AdwCleaner v3.022 - Report created 16/03/2014 at 19:53:13
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : jeff mick - JEFF-HOME-LAPTO
# Running from : C:\Users\jeff mick\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\jeff mick\AppData\Roaming\Mozilla\Firefox\Profiles\0isdk5ea.default\prefs.js ]


[ File : C:\Users\jeff mick\AppData\Roaming\Mozilla\Firefox\Profiles\9jnix96o.default-1394952857009\prefs.js ]


*************************

AdwCleaner[R0].txt - [5025 octets] - [15/03/2014 23:29:57]
AdwCleaner[R1].txt - [1023 octets] - [15/03/2014 23:58:11]
AdwCleaner[R2].txt - [1149 octets] - [16/03/2014 18:23:06]
AdwCleaner[R3].txt - [1261 octets] - [16/03/2014 19:50:02]
AdwCleaner[S0].txt - [5098 octets] - [15/03/2014 23:31:16]
AdwCleaner[S1].txt - [1085 octets] - [15/03/2014 23:59:27]
AdwCleaner[S2].txt - [1211 octets] - [16/03/2014 18:32:16]
AdwCleaner[S3].txt - [1183 octets] - [16/03/2014 19:53:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1243 octets] ##########

 

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x86
Ran by jeff mick on Sun 03/16/2014 at 20:04:00.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\jeff mick\AppData\Roaming\mozilla\firefox\profiles\9jnix96o.default-1394952857009\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/16/2014 at 20:06:20.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

MBAM:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.17.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16521
jeff mick :: JEFF-HOME-LAPTO [administrator]

Protection: Enabled

3/16/2014 8:16:21 PM
mbam-log-2014-03-16 (20-16-21).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353971
Time elapsed: 1 hour(s), 8 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 22
C:\Users\jeff mick\AppData\Local\bmtsqhis.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\nhkbwehg.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\ppevogpu.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\rskobima.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\soakpcbe.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\wcbshuig.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\gowguqpd.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\lqwwdiij.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\Temp\nsiA622.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\Temp\nst5E79.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\Temp\nst630C.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\Temp\nstA618.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\Temp\nsyA0BA.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\Temp\sp_downloader.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\AppData\Local\Temp\nssD3E5\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\Downloads\adobe flash player setup(1).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\Downloads\adobe flash player setup(2).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\Downloads\adobe flash player setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\Downloads\Updater_Setup.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\Downloads\Updater_Setup(1).exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\Downloads\Updater_Setup(2).exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\jeff mick\Downloads\Updater_Setup(3).exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.

(end)

 

 

hopefully, I did these procedures correctly? These "PUP"s are a extremely difficult malware to get rid of. Especially, this particular. I have to add, that I didn't go to any site, that wasn't recommended by BleepingComputer; not to my knowlege anyway? I had downloaded Secunia & FileHippo, for the feature that alerts for program updates; since, I have removed FileHippo. And, just now on the thought, took off Secunia. The problems seem to have happened, since the intallation of those programs?

 

When I went to Adobe, for updates, I did uncheck the 'McAfee Secure Browser'

 

Please let me know, of what I need to do & what recommendations or topics i should follow, to keep this Windows 7 32 bit in viable health. Maybe some of the procedures & configurations, as you shared, with regarding dumping this browser & getting IE back? I am just wary of it, but I will do it, if I can....

I am glad to have paople, as you Aussie, from BleepingComputer, to help me out. I am not the most knowlegegable, when it comes to these issues. I am afraid to go back & check the box to bring back I E, as I think it has something to do with the malware, reappearing?

 

Thanks again, for your help. Please excuse me, if I ramble a bit.

 

 


Windows 10 Pro 64 bit version 1709
Processor: Intel® Core™2 Duo i5-4210U CPU  T5750 @ 1.70gHz 2.40 GHz
Ram: 8.00 GB
system type: 64bit x-64-based processor
http://speccy.piriform.com/results/VNZNmcrsHQpEHgN51iurDWj


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 AM

Posted 17 March 2014 - 01:04 AM

Hi -

I.E. 11 looks like it is still installed, but just moved to one side ............

 

2 last programs if we can -

There are a lot of problems cleaned from MBAM results that we want to fully clean out.

 

 

Run ESET OnlineScanner

Please use Internet Explorer as the scanner uses ActiveX

If you will / can not use Internet Explorer, please see items 3 - 1 & 3 - 2

1 .Hold down Control (Ctrl) key, and click on This link to open ESET OnlineScan in a new window.
2 .Click the eset online button.

3 .For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
3 - 1 .Click on  esetsmartinstaller_enu to download the ESET Smart Installer. Save it to your desktop.
3 - 2 .Double click on esetsmartinstaller_enu on your desktop.

4 .Check "YES, I accept the Terms of Use."
5 .Click the Start button.
6 .Accept any security warnings from your browser.
7 .Under scan settings, check "Scan Archives" and "Remove found threats"
8 .Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 .ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take quite some time. This is very normal as it is a very deep scan.
10 .When the scan completes, click List Threats
11 .Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12 .Click the Back button.
13 .Click the Finish button.
* NOTE: Sometimes if ESET finds no infections it will not create a log.

 

 

Next -

This provides information, and can cure a few minor problems, and it can show us the way to go.

Please download MiniToolBox to desktop and run it.
Checkmark following boxes:
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List Winsock Entries
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the result. (result.txt)



#14 mixpix

mixpix
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Cruz, California (USA)
  • Local time:03:58 PM

Posted 17 March 2014 - 07:02 AM

noknojon,

 

I didn't use IE, as I listed before, because I unlisted it, from 'windows features'.

 

Here are the two reports:

 

ESTSscan:

 

 

4:46 AM 3/17/2014Process    CPU    Private Bytes    Working Set    PID    Description    Company Name
System Idle Process    44.59    0 K    24 K    0        
System    2.73    72 K    13,964 K    4        
 Interrupts    4.97    0 K    0 K    n/a    Hardware Interrupts and DPCs    
 smss.exe        264 K    820 K    268    Windows Session Manager    Microsoft Corporation
csrss.exe    0.02    1,364 K    3,756 K    392    Client Server Runtime Process    Microsoft Corporation
 conhost.exe        556 K    2,384 K    2464    Console Window Host    Microsoft Corporation
wininit.exe        944 K    3,420 K    460    Windows Start-Up Application    Microsoft Corporation
 services.exe    0.19    4,192 K    7,344 K    516    Services and Controller app    Microsoft Corporation
  svchost.exe        2,872 K    7,392 K    684    Host Process for Windows Services    Microsoft Corporation
   APSDaemon.exe        3,284 K    11,248 K    620    Apple Push    Apple Inc.
   dllhost.exe        1,440 K    4,704 K    5684    COM Surrogate    Microsoft Corporation
   WmiPrvSE.exe        2,348 K    5,816 K    4300    WMI Provider Host    Microsoft Corporation
   WmiPrvSE.exe        1,988 K    4,668 K    4376    WMI Provider Host    Microsoft Corporation
  nvvsvc.exe        1,696 K    5,464 K    748    NVIDIA Driver Helper Service, Version 327.23    NVIDIA Corporation
   nvxdsync.exe        5,224 K    14,832 K    1504    NVIDIA User Experience Driver Component    NVIDIA Corporation
    nvtray.exe        3,144 K    9,276 K    1420    NVIDIA Settings    NVIDIA Corporation
   nvvsvc.exe    < 0.01    3,288 K    9,856 K    1512    NVIDIA Driver Helper Service, Version 327.23    NVIDIA Corporation
  nvSCPAPISvr.exe        2,192 K    4,996 K    772    Stereo Vision Control Panel API Server    NVIDIA Corporation
  svchost.exe        3,100 K    6,148 K    820    Host Process for Windows Services    Microsoft Corporation
  MsMpEng.exe    0.50    54,872 K    38,764 K    876    Antimalware Service Executable    Microsoft Corporation
  svchost.exe        15,800 K    16,340 K    996    Host Process for Windows Services    Microsoft Corporation
   audiodg.exe    0.10    15,644 K    14,436 K    3188    Windows Audio Device Graph Isolation     Microsoft Corporation
  svchost.exe        7,732 K    17,048 K    1040    Host Process for Windows Services    Microsoft Corporation
   dwm.exe    2.43    27,428 K    26,216 K    2472    Desktop Window Manager    Microsoft Corporation
  svchost.exe    0.01    7,784 K    16,060 K    1076    Host Process for Windows Services    Microsoft Corporation
  svchost.exe    0.26    22,608 K    38,236 K    1112    Host Process for Windows Services    Microsoft Corporation
   taskeng.exe        1,084 K    3,664 K    5460    Task Scheduler Engine    Microsoft Corporation
  svchost.exe        2,112 K    5,252 K    1200    Host Process for Windows Services    Microsoft Corporation
  svchost.exe    0.01    15,132 K    18,024 K    1344    Host Process for Windows Services    Microsoft Corporation
  spoolsv.exe    0.01    7,072 K    14,788 K    1648    Spooler SubSystem App    Microsoft Corporation
  svchost.exe        11,008 K    11,776 K    1676    Host Process for Windows Services    Microsoft Corporation
  armsvc.exe        820 K    2,936 K    1808    Adobe Acrobat Update Service    Adobe Systems Incorporated
  AppleMobileDeviceService.exe    0.13    4,004 K    10,924 K    1828    YSLoader.exe    Apple Inc.
  mDNSResponder.exe        1,556 K    4,580 K    1888    Bonjour Service    Apple Inc.
  svchost.exe    0.47    5,360 K    10,204 K    1940    Host Process for Windows Services    Microsoft Corporation
  Garmin.Cartography.MapUpdate.CoreService.exe    0.11    20,152 K    30,152 K    296    Garmin Core Update Service    Garmin Ltd or its subsidiaries
  nvstreamsvc.exe        2,284 K    7,124 K    1108    NVIDIA Streamer Service    NVIDIA Corporation
   nvstreamsvc.exe        3,500 K    8,012 K    3236    NVIDIA Streamer Service    NVIDIA Corporation
  daemonu.exe    0.02    3,700 K    9,016 K    1324    NVIDIA Settings Update Manager    NVIDIA Corporation
  psia.exe    1.52    10,332 K    17,040 K    312    Secunia PSI Agent    Secunia
  svchost.exe    < 0.01    47,816 K    49,296 K    2172    Host Process for Windows Services    Microsoft Corporation
  ToolbarUpdater.exe        2,352 K    5,912 K    2204    ToolbarU Application (Official)    AVG Secure Search
   loggingserver.exe        840 K    3,120 K    2452    loggings Application    
  WLIDSVC.EXE    < 0.01    2,944 K    8,224 K    2260    Microsoft® Windows Live ID Service    Microsoft Corporation
   WLIDSVCM.EXE        624 K    2,304 K    2536    Microsoft® Windows Live ID Service Monitor    Microsoft Corporation
  SearchIndexer.exe    0.98    50,732 K    41,208 K    2572    Microsoft Windows Search Indexer    Microsoft Corporation
   SearchProtocolHost.exe    0.08    2,008 K    5,176 K    5976    Microsoft Windows Search Protocol Host    Microsoft Corporation
   SearchFilterHost.exe        1,056 K    3,528 K    4736    Microsoft Windows Search Filter Host    Microsoft Corporation
  NisSrv.exe        5,428 K    2,796 K    3244    Microsoft Network Realtime Inspection Service    Microsoft Corporation
  wmpnetwk.exe        11,212 K    8,268 K    3956    Windows Media Player Network Sharing Service    Microsoft Corporation
  taskhost.exe    0.02    6,128 K    9,544 K    3520    Host Process for Windows Tasks    Microsoft Corporation
  iPodService.exe    0.05    1,692 K    5,032 K    660    iPodService Module (32-bit)    Apple Inc.
  svchost.exe        9,756 K    11,840 K    4512    Host Process for Windows Services    Microsoft Corporation
 lsass.exe    0.42    4,264 K    10,044 K    560    Local Security Authority Process    Microsoft Corporation
 lsm.exe        1,440 K    3,260 K    576    Local Session Manager Service    Microsoft Corporation
csrss.exe    0.32    1,608 K    10,456 K    468    Client Server Runtime Process    Microsoft Corporation
 conhost.exe        876 K    3,864 K    1144    Console Window Host    Microsoft Corporation
winlogon.exe        2,452 K    5,860 K    548    Windows Logon Application    Microsoft Corporation
explorer.exe    0.25    34,592 K    47,324 K    1064    Windows Explorer    Microsoft Corporation
 msseces.exe        4,968 K    12,572 K    2784    Microsoft Security Client User Interface    Microsoft Corporation
 SetPoint.exe    2.65    34,744 K    26,916 K    840    Logitech SetPoint Event Manager (UNICODE)    Logitech, Inc.
  KHALMNPR.exe    0.02    4,836 K    9,412 K    2996    Logitech KHAL Main Process    Logitech, Inc.
 NvTmru.exe        3,084 K    6,816 K    828    NVIDIA NvTmru Application    NVIDIA Corporation
 vprot.exe    1.41    9,764 K    17,868 K    2676    VProtect Application (Non Official)    
 iTunesHelper.exe    < 0.01    3,120 K    10,164 K    3684    iTunesHelper    Apple Inc.
 ApplePhotoStreams.exe        9,828 K    24,000 K    1528    Apple Photostreams Uploader Executable    Apple Inc.
 iCloudServices.exe        2,948 K    11,260 K    1440    iCloud    Apple Inc.
 sidebar.exe    0.01    42,520 K    63,832 K    976    Windows Desktop Gadgets    Microsoft Corporation
 ExpressTray.exe    0.10    51,408 K    39,700 K    2244    Express Tray    Garmin Ltd or its subsidiaries
 AppleIEDAV.exe    0.01    6,152 K    12,052 K    672    Apple IE DAV    Apple Inc.
 psi_tray.exe    0.02    876 K    3,492 K    1852    Secunia PSI Tray    Secunia
 firefox.exe    4.00    430,540 K    474,704 K    5596    Firefox    Mozilla Corporation
  plugin-container.exe    7.65    16,456 K    28,248 K    4588    Plugin Container for Firefox    Mozilla Corporation
   FlashPlayerPlugin_12_0_0_70.exe    3.22    4,124 K    9,124 K    4668    Adobe Flash Player 12.0 r0    Adobe Systems, Inc.
    FlashPlayerPlugin_12_0_0_70.exe    12.10    93,848 K    97,960 K    4876    Adobe Flash Player 12.0 r0    Adobe Systems, Inc.
 thunderbird.exe    0.03    114,224 K    137,840 K    5172    Thunderbird    Mozilla Corporation
 procexp.exe    3.79    15,548 K    31,548 K    2568    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
 procexp.exe    4.77    21,332 K    36,124 K    5900    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com

 

 

RESULT TXT

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by jeff mick (administrator) on 17-03-2014 at 04:41:21
Running from "C:\Users\jeff mick\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/16/2014 10:48:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2014 10:39:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2014 10:14:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2014 10:02:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.9016, time stamp: 0x52a1d50f
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00055f99
Faulting process id: 0x18c
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3


System errors:
=============
Error: (03/16/2014 10:49:45 PM) (Source: DCOM) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (03/16/2014 10:46:41 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.0.0 service failed to start due to the following error:
%%2

Error: (03/16/2014 10:38:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/16/2014 10:37:47 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.0.0 service failed to start due to the following error:
%%2

Error: (03/16/2014 10:29:56 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/16/2014 10:26:46 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.167.2078.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/16/2014 10:12:55 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.0.0 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (08/26/2013 09:24:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 126233 seconds with 60 seconds of active time.  This session ended with a crash.


=========================== Installed Programs ============================

7-Zip 9.20
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
AirParrot (Version: 1.1.7)
ANT Drivers Installer x86 (Version: 2.3.4)
Apple Application Support (Version: 3.0.1)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0.3 (Version: 2.0.3)
Bonjour (Version: 3.0.0.10)
Bonjour Print Services (Version: 2.0.2.0)
Dell Support Center (Version: 3.2.6032.125)
Elevated Installer (Version: 3.0.9.0)
eReg (Version: 1.20.138.34)
erLT (Version: 1.20.0137)
ESET Online Scanner v3
Gapminder World 0.0.7 (x86 en-US) (Version: 0.0.7)
Garmin Express (Version: 3.0.9.0)
Garmin Express Tray (Version: 3.0.9.0)
Garmin USB Drivers (Version: 2.3.1.0)
GeForce Experience NvStream Client Components (Version: 1.6.28)
HP Officejet 6500 E710n-z Basic Device Software (Version: 22.0.334.0)
HP Officejet 6500 E710n-z Help (Version: 140.0.2.2)
HP Officejet 6500 E710n-z Product Improvement Study (Version: 22.0.334.0)
HP Update (Version: 5.002.005.003)
I.R.I.S. OCR (Version: 12.3.4)
iCloud (Version: 3.1.0.40)
Intel® Processor ID Utility (Version: 4.80.0000)
iTunes (Version: 11.1.5.5)
Laptop Integrated Webcam Driver (1.04.01.1011)  
Logitech SetPoint 6.52 (Version: 6.52.74)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40820)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40825)
Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0)
Mozilla Maintenance Service (Version: 28.0)
Mozilla Thunderbird 28.0 (x86 en-US) (Version: 28.0)
Netflix in Windows Media Center (Version: 3.3.101.0)
NVIDIA 3D Vision Driver 327.23 (Version: 327.23)
NVIDIA Control Panel 327.23 (Version: 327.23)
NVIDIA Display Control Panel (Version: 1.6)
NVIDIA GeForce Experience 1.7 (Version: 1.7)
NVIDIA Graphics Driver 327.23 (Version: 327.23)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2723)
NVIDIA Update 9.3.16 (Version: 9.3.16)
NVIDIA Update Components (Version: 9.3.16)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
QuickTime 7 (Version: 7.75.80.95)
RICOH Media Driver ver.2.07.01.04 (Version: 2.07.01.04)
RICOH R5U8xx Media Driver ver.3.62.02 (Version: 3.62.02)
SHIELD Streaming (Version: 1.6.34)
Speccy (Version: 1.25)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WinDirStat 1.1.2
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (Version: 04/11/2012 1.2.40.201)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (Version: 02/06/2007 3.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Zoom (Version: 2.1)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3838.04 MB
Available physical RAM: 2416.37 MB
Total Pagefile: 5884.33 MB
Available Pagefile: 4479.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.39 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:157.94 GB) NTFS

========================= Users: ========================================

User accounts for \\JEFF-HOME-LAPTO

Administrator            Guest                    jeff mick                
UpdatusUser              


**** End of log ***

 

 

 

I hope this Works. It took 3.5 hours for EST to scan. I didn't have the browser shut,nor the virus protection turned off; hope not an issue. I also notice a couple of check boxes, that I left unchecked: uninstall & ???. I don't remember, as I am so tired & cloudy. That is the biz, when dealing with these issues!

 

Thanks again, noknojon, hope you are doing good.

 

Jeff
 

 

 


Windows 10 Pro 64 bit version 1709
Processor: Intel® Core™2 Duo i5-4210U CPU  T5750 @ 1.70gHz 2.40 GHz
Ram: 8.00 GB
system type: 64bit x-64-based processor
http://speccy.piriform.com/results/VNZNmcrsHQpEHgN51iurDWj


#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 AM

Posted 17 March 2014 - 04:00 PM

Please Update and re run a Full Scan with Malwarebytes Anti-Malware (it found PUP.Optional.Conduit.A)

This is the only program to have found any listing so far.

 

It may have been cleaned out by the first MBAM scan, but we are just checking.

 

With the log, please post if you think you have other computer problems.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users