Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with adware / cpu chewing malicious software


  • Please log in to reply
11 replies to this topic

#1 adoreoner

adoreoner

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 14 May 2014 - 04:34 AM

hey all im currently wondering what kind of malicious software ive got and how to get rid of it,im running windows 7 home premium. heres the story.

I downloaded a game from bittorrent(kerbal space program) about a week ago, and everything was okay, and i was using my computer normaly, then a couple of days after, I started up my computer and opened chrome and was suddenly plagued with ads and popups, i immediatly thought it was adware i commonly get and remove without hassel, i went to remove it via "uninstall or change programs" in the control panel, and it wasnt there..

so i investigated further(with my limited knowledge) and have found multiple things that seem to unrelated to each other .. they are

in "Resource Monitor" in the CPU tab, i have a program that starts automaticly on startup called "WindowsUpdater.exe". it uses 25-75% cpu power(growing from around 25% to around 75% after about 10 minutes of my comouter being on. i can and do "rightclick>end process" but thats only a temporary thing.

in "system configuration"(msconfig) in the startup tab, there are two new things called:
Mobilegeni daemon
NextLive

their "commands" are:

C:\Program Files(x86)\Mobogenie\Daemonprocess.exd
C:\Windows\SysWOW64\rundl32.exe "C:\Users\James\AppData\Roaming\newnext.me\nenginr.dll" ,EntryPoint -m|

respectivly.

when i am in windows explorer i cannot find the "Mobogenie" folder in "program files(x86)" and i do have "show hidden files,folders and drives" checked

however i can find the location of "NextLive" and have tried to delete it, it remakes itself from somewhere else and has a new name(the first name was "nengine") and location.

I wouldnt have a clue how to find the location of the "WindowsUpdater.exe" thing.

i have tried a full MSE scan and found nothing, and full Malwarebytes scan and found 64 things, "Quarentine"d them and it didnt seem to change or fix anything..

**extra random(maybe helpful) info**

some of the ads i get say "ads by robosaver" or "ads not by this site".
i have windows auto updater turned off.
i tried a thing to get rid of the ads where i delete the extention file in google chrome settings, it worked.. for a while but now i have the ads back but no extention file to delete.

soo yeah,, not really sure how is should go about removing these things and wether there is more hiding somewhere , please help?

btw ive probly left out a lot of info you need so just let me know,

Edited by adoreoner, 14 May 2014 - 04:40 AM.


BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 14 May 2014 - 06:00 AM

Hallo adoneoner and :welcome:

Would you do the following:

 

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Thank you!



#3 adoreoner

adoreoner
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 14 May 2014 - 06:48 PM


Hey, Here are the results from what you have said to do:

 

checkup.txt results from SecurityCheck:

 

 

 

 

 Results of screen317's Security Check version 0.99.83  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 45  

 Java version out of Date! 

 Adobe Reader XI  

 Google Chrome 34.0.1847.116  

 Google Chrome 34.0.1847.131  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 41% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 

 

 

 

 

 

 

 

 

 

 

 

 

results.txt results from MiniToolBox:

 

 

 

 

MiniToolBox by Farbar  Version: 23-01-2014

Ran by James (administrator) on 15-05-2014 at 09:26:19

Running from "C:\Users\James\Downloads"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ============================== 

 

Proxy is enabled.

ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

 

 

 

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (05/14/2014 08:10:19 PM) (Source: Application Error) (User: )

Description: Faulting application name: KSP.exe, version: 4.3.3.30826, time stamp: 0x52cd4305

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc000041d

Fault offset: 0x000222d2

Faulting process id: 0x1168

Faulting application start time: 0xKSP.exe0

Faulting application path: KSP.exe1

Faulting module path: KSP.exe2

Report Id: KSP.exe3

 

Error: (05/11/2014 11:00:04 PM) (Source: Windows Backup) (User: )

Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).

 

Error: (05/11/2014 02:42:36 PM) (Source: Application Error) (User: )

Description: Faulting application name: iPodService.exe, version: 11.1.2.32, time stamp: 0x52686349

Faulting module name: iPodService.exe, version: 11.1.2.32, time stamp: 0x52686349

Exception code: 0xc0000005

Fault offset: 0x0000000000029a70

Faulting process id: 0x4d8

Faulting application start time: 0xiPodService.exe0

Faulting application path: iPodService.exe1

Faulting module path: iPodService.exe2

Report Id: iPodService.exe3

 

Error: (05/09/2014 08:48:00 PM) (Source: Application Error) (User: )

Description: Faulting application name: iPodService.exe, version: 11.1.2.32, time stamp: 0x52686349

Faulting module name: iPodService.exe, version: 11.1.2.32, time stamp: 0x52686349

Exception code: 0xc0000005

Fault offset: 0x0000000000029a70

Faulting process id: 0x1228

Faulting application start time: 0xiPodService.exe0

Faulting application path: iPodService.exe1

Faulting module path: iPodService.exe2

Report Id: iPodService.exe3

 

Error: (05/08/2014 11:58:57 AM) (Source: Application Error) (User: )

Description: Faulting application name: iPodService.exe, version: 11.1.2.32, time stamp: 0x52686349

Faulting module name: iPodService.exe, version: 11.1.2.32, time stamp: 0x52686349

Exception code: 0xc0000005

Fault offset: 0x0000000000029a70

Faulting process id: 0x1084

Faulting application start time: 0xiPodService.exe0

Faulting application path: iPodService.exe1

Faulting module path: iPodService.exe2

Report Id: iPodService.exe3

 

Error: (05/06/2014 02:02:10 PM) (Source: Application Error) (User: )

Description: Faulting application name: KSP.exe, version: 4.3.3.30826, time stamp: 0x52cd4305

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc000041d

Fault offset: 0x000222d2

Faulting process id: 0x7f0

Faulting application start time: 0xKSP.exe0

Faulting application path: KSP.exe1

Faulting module path: KSP.exe2

Report Id: KSP.exe3

 

Error: (04/17/2014 09:37:29 PM) (Source: Application Error) (User: )

Description: Faulting application name: CitiesXL_Platinum.exe, version: 1.0.5.725, time stamp: 0x50f1e568

Faulting module name: CitiesXL_Platinum.exe, version: 1.0.5.725, time stamp: 0x50f1e568

Exception code: 0xc0000005

Fault offset: 0x0022961e

Faulting process id: 0xc68

Faulting application start time: 0xCitiesXL_Platinum.exe0

Faulting application path: CitiesXL_Platinum.exe1

Faulting module path: CitiesXL_Platinum.exe2

Report Id: CitiesXL_Platinum.exe3

 

Error: (04/17/2014 03:40:38 PM) (Source: Application Error) (User: )

Description: Faulting application name: SimCity.exe, version: 10.0.0.0, time stamp: 0x5318d470

Faulting module name: SimCity.exe, version: 10.0.0.0, time stamp: 0x5318d470

Exception code: 0xc0000005

Fault offset: 0x004daa10

Faulting process id: 0x13d8

Faulting application start time: 0xSimCity.exe0

Faulting application path: SimCity.exe1

Faulting module path: SimCity.exe2

Report Id: SimCity.exe3

 

Error: (04/17/2014 11:21:00 AM) (Source: Application Error) (User: )

Description: Faulting application name: CitiesXL_Platinum.exe, version: 1.0.5.725, time stamp: 0x50f1e568

Faulting module name: CitiesXL_Platinum.exe, version: 1.0.5.725, time stamp: 0x50f1e568

Exception code: 0xc0000005

Fault offset: 0x0022961e

Faulting process id: 0xfcc

Faulting application start time: 0xCitiesXL_Platinum.exe0

Faulting application path: CitiesXL_Platinum.exe1

Faulting module path: CitiesXL_Platinum.exe2

Report Id: CitiesXL_Platinum.exe3

 

Error: (04/16/2014 10:33:21 PM) (Source: Application Error) (User: )

Description: Faulting application name: SimCity.exe, version: 10.0.0.0, time stamp: 0x5318d470

Faulting module name: SimCity.exe, version: 10.0.0.0, time stamp: 0x5318d470

Exception code: 0xc0000005

Fault offset: 0x004daa10

Faulting process id: 0x10a4

Faulting application start time: 0xSimCity.exe0

Faulting application path: SimCity.exe1

Faulting module path: SimCity.exe2

Report Id: SimCity.exe3

 

 

System errors:

=============

Error: (05/15/2014 09:01:35 AM) (Source: Service Control Manager) (User: )

Description: The System Update kb70007 service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (05/14/2014 05:44:17 PM) (Source: Service Control Manager) (User: )

Description: The System Update kb70007 service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (05/14/2014 01:05:31 PM) (Source: Service Control Manager) (User: )

Description: The System Update kb70007 service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (05/13/2014 09:48:23 AM) (Source: Service Control Manager) (User: )

Description: The System Update kb70007 service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (05/12/2014 02:53:46 PM) (Source: Service Control Manager) (User: )

Description: The System Update kb70007 service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (05/12/2014 07:48:33 AM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

            New Signature Version: 

 

            Previous Signature Version: 1.173.1787.0

 

            Update Source: %NT AUTHORITY59

 

            Update Stage: 4.5.0216.00

 

            Source Path: 4.5.0216.01

 

            Signature Type: %NT AUTHORITY602

 

            Update Type: %NT AUTHORITY604

 

            User: NT AUTHORITY\SYSTEM

 

            Current Engine Version: %NT AUTHORITY605

 

            Previous Engine Version: %NT AUTHORITY606

 

            Error code: %NT AUTHORITY607

 

            Error description: %NT AUTHORITY608

 

Error: (05/11/2014 07:48:55 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume SSD Drive.

 

Error: (05/11/2014 07:18:58 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume SSD Drive.

 

Error: (05/11/2014 07:18:58 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume SSD Drive.

 

Error: (05/11/2014 07:18:58 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume SSD Drive.

 

 

Microsoft Office Sessions:

=========================

Error: (08/06/2013 09:43:23 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (08/06/2013 09:43:10 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (08/06/2013 09:42:29 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1763 seconds with 600 seconds of active time.  This session ended with a crash.

 

 

=========================== Installed Programs ============================

 

Adobe Flash Player 13 ActiveX (Version: 13.0.0.206)

Adobe Reader XI (11.0.06) (Version: 11.0.06)

Apple Application Support (Version: 2.3.6)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (Version: 2.1.3.127)

AutoHotkey 1.1.14.03 (Version: 1.1.14.03)

Banished v1.0.0 64-bit (Version: 1.0.0)

BitTorrent (Version: 7.9.0.30659)

Bonjour (Version: 3.0.0.10)

Cities XL Platinum (Version: 1.0.0)

D3DX10 (Version: 15.4.2368.0902)

Diablo II

Dota 2 Test

Dual Monitor 1.22 (Version: 1.22.021813)

Free Mouse Auto Clicker 3.1

Google Chrome (Version: 34.0.1847.131)

Google Earth (Version: 7.1.2.2041)

Google Update Helper (Version: 1.3.23.9)

iFunbox (v2.6.2375.747), iFunbox DevTeam (Version: v2.6.2375.747)

iTunes (Version: 11.1.2.32)

Java 7 Update 17 (64-bit) (Version: 7.0.170)

Java 7 Update 45 (Version: 7.0.450)

Java Auto Updater (Version: 2.1.9.8)

Junk Mail filter update (Version: 15.4.3502.0922)

Logitech Gaming Software (Version: 8.45.88)

Logitech Gaming Software 8.52 (Version: 8.52.15)

Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)

Mesh Runtime (Version: 15.4.5722.2)

Messenger Companion (Version: 15.4.3502.0922)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook Connector (Version: 14.0.5118.5000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Security Client (Version: 4.5.0216.0)

Microsoft Security Essentials (Version: 4.5.216.0)

Microsoft Silverlight (Version: 5.1.30214.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

NanoSync 1.30 (Version: 1.30)

NVIDIA Control Panel 335.23 (Version: 335.23)

NVIDIA Graphics Driver 335.23 (Version: 335.23)

NVIDIA HD Audio Driver 1.3.30.1 (Version: 1.3.30.1)

NVIDIA Install Application (Version: 2.1002.147.1067)

NVIDIA PhysX (Version: 9.13.1220)

NVIDIA PhysX System Software 9.13.1220 (Version: 9.13.1220)

Origin (Version: 9.1.10.2728)

SimCity™ (Version: 2.0.0.0)

Skype Click to Call (Version: 7.2.15747.10003)

Skype™ 6.11 (Version: 6.11.102)

SpeedFan (remove only)

StarCraft II

Steam (Version: 1.0.0.0)

Synekism 0.5.3.36 (Version: 0.5.3.36)

System Update kb70007 (Version: 1.0.0)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3555.0308)

Windows Live Family Safety (Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3555.0308)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live Messenger Companion Core (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

WinRAR 5.10 beta 1 (32-bit) (Version: 5.10.1)

World of Tanks

World of Warcraft

XLNation User Interface Mod (Version: 1.79.8)

 

========================= Devices: ================================

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 19%

Total physical RAM: 8191.05 MB

Available physical RAM: 6577.29 MB

Total Pagefile: 16380.28 MB

Available Pagefile: 14761.18 MB

Total Virtual: 4095.88 MB

Available Virtual: 3982.73 MB

 

========================= Partitions: =====================================

 

1 Drive c: (SSD Drive) (Fixed) (Total:119.24 GB) (Free:5.97 GB) NTFS

2 Drive d: (2nd drive) (Fixed) (Total:931.51 GB) (Free:820 GB) NTFS

3 Drive e: (SIMCITY) (CDROM) (Total:1.85 GB) (Free:0 GB) UDF

 

========================= Users: ========================================

 

User accounts for \\JAMES-PC

 

Administrator            Guest                    James                    

James Admin              

 

 

**** End of log ****

 

 

I ran both the programs with the cpu grinding "WindowsUpdater.exe" running, I hope that is what i was suposed to do :)



#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 15 May 2014 - 08:31 AM

Hallo adoreoner!

Would you do the following:

Uninstall System Update kb70007 from Programs and Features if there is a location.

Also Java 7 Update 17.

Download latest Java - https://www.java.com/en/download/

Download and install or use portable Anvir Task manager free - http://www.anvir.com/download.htm

Start the program and click tab Processes and find this WindowsUpdater.exe.

Select it and with right click choose Check online. A page of Virus Total will be opened. Post the link of result.

Also open with Notepad log file of Malwarebytes where the detection was and copy and paste here the info.

It is located in - C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
 

After that:

Please download AdwCleaner by Xplode HERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Next one:

Please download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

 

Thank you!


Edited by Alex&Vanko, 15 May 2014 - 09:34 AM.


#5 adoreoner

adoreoner
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 16 May 2014 - 05:07 AM

Hey again :)

I was unable to find "System Udate kb70007" in "Programs and Features", sorry

 

 

here is the Virus Total Page link: 

https://www.virustotal.com/en/file/ea3475774db9269bbc7ae6e88984b0506efec8bcb30e5164ffec6b2b95e2fb19/analysis/

 

My Malwarebytes is installed on my second drive( D:\<FOLDER NAME>\Malwarebytes Anti-Malware ) and there is no "log" folder in there, or anywhere else i can find (i tired searching the start menu) so you'll have to advise me further on that.

 

 

After i ran Adwcleaner, I ran junkware removal tool, which shut down my computer. I couldnt find "Adwcleaner[S1].txt" but i have "Adwcleaner[S0].txt" and "Adwcleaner[R0].txt" so i will post both of them. :|

 

Adwcleaner[S0].txt:

 

# AdwCleaner v3.208 - Report created 16/05/2014 at 18:02:14

# Updated 11/05/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : James - JAMES-PC

# Running from : D:\virusstoof\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : Util SecretSauce

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\DealExPruess

Folder Deleted : C:\Program Files (x86)\CostMin

Folder Deleted : C:\Program Files (x86)\goforfiles

Folder Deleted : C:\Program Files (x86)\VideoPlayerV3

Folder Deleted : C:\Program Files (x86)\DealExPruess

Folder Deleted : C:\Windows\SysWOW64\SearchProtect

Folder Deleted : C:\Users\Administrator\AppData\Local\torch

Folder Deleted : C:\Users\Guest\AppData\Local\torch

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch

Folder Deleted : C:\Users\James\AppData\Local\Mobogenie

Folder Deleted : C:\Users\James\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\James\AppData\Local\torch

Folder Deleted : C:\Users\James\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\James\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\James\Documents\Mobogenie

Folder Deleted : C:\Users\James Admin\AppData\Local\torch

File Deleted : C:\END

File Deleted : C:\Users\James\daemonprocess.txt

File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Deleted : HKLM\SOFTWARE\Classes\DaeailExppresS.DaeailExppresS

Key Deleted : HKLM\SOFTWARE\Classes\DaeailExppresS.DaeailExppresS.2.1

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F5A6FA10-90DE-BEED-BB33-161F58CD6A88}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F5A6FA10-90DE-BEED-BB33-161F58CD6A88}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F5A6FA10-90DE-BEED-BB33-161F58CD6A88}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKCU\Software\GoforFiles

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\GoforFiles

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

 

-\\ Google Chrome v34.0.1847.131

 

[ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321541&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPCDFB50C6-4DC1-4D5B-B841-C6063B149478&q={searchTerms}&SSPV=

 

*************************

 

AdwCleaner[R0].txt - [4577 octets] - [16/05/2014 18:00:20]

AdwCleaner[S0].txt - [4256 octets] - [16/05/2014 18:02:14]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4316 octets] ##########

 

 

 

 

 

 

 

 

 

Adwcleaner[R0].txt:

 

 

# AdwCleaner v3.208 - Report created 16/05/2014 at 18:00:20

# Updated 11/05/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : James - JAMES-PC

# Running from : D:\virusstoof\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : Util SecretSauce

 

***** [ Files / Folders ] *****

 

File Found : C:\END

File Found : C:\Users\James\daemonprocess.txt

File Found : C:\Windows\System32\Tasks\GoforFilesUpdate

Folder Found : C:\Program Files (x86)\CostMin

Folder Found : C:\Program Files (x86)\DealExPruess

Folder Found : C:\Program Files (x86)\goforfiles

Folder Found : C:\Program Files (x86)\VideoPlayerV3

Folder Found : C:\ProgramData\DealExPruess

Folder Found : C:\Users\Administrator\AppData\Local\torch

Folder Found : C:\Users\Guest\AppData\Local\torch

Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch

Folder Found : C:\Users\James Admin\AppData\Local\torch

Folder Found : C:\Users\James\AppData\Local\Mobogenie

Folder Found : C:\Users\James\AppData\Local\SwvUpdater

Folder Found : C:\Users\James\AppData\Local\torch

Folder Found : C:\Users\James\AppData\LocalLow\Conduit

Folder Found : C:\Users\James\AppData\LocalLow\PriceGong

Folder Found : C:\Users\James\Documents\Mobogenie

Folder Found : C:\Windows\SysWOW64\SearchProtect

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\GoforFiles

Key Found : HKCU\Software\installedbrowserextensions

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Found : HKCU\Software\Softonic

Key Found : [x64] HKCU\Software\GoforFiles

Key Found : [x64] HKCU\Software\installedbrowserextensions

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Found : [x64] HKCU\Software\Softonic

Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F5A6FA10-90DE-BEED-BB33-161F58CD6A88}

Key Found : HKLM\SOFTWARE\Classes\DaeailExppresS.DaeailExppresS

Key Found : HKLM\SOFTWARE\Classes\DaeailExppresS.DaeailExppresS.2.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3201318

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\GoforFiles

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F5A6FA10-90DE-BEED-BB33-161F58CD6A88}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F5A6FA10-90DE-BEED-BB33-161F58CD6A88}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

 

-\\ Google Chrome v34.0.1847.131

 

[ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321541&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPCDFB50C6-4DC1-4D5B-B841-C6063B149478&q={searchTerms}&SSPV=

 

*************************

 

AdwCleaner[R0].txt - [4405 octets] - [16/05/2014 18:00:20]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4465 octets] ##########

 

sorry i dont know which one you want.

 

 

here is Junkware Removal Tool results(JRT.txt):

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows 7 Home Premium x64

Ran by James on Fri 16/05/2014 at 18:11:04.51

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{998343EC-853F-4B33-AF3B-CC82878B3AEF}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 16/05/2014 at 18:14:10.92

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I hope you can help me further, Thanks :)

 

Also, would you mind explaining what i am actually doing? Thanks again! 



#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 16 May 2014 - 12:40 PM

Hallo adoreoner!

 

You may start AdwCleaner and click Uninstall button and it will disappear.JRT just delete.
Start and open Malwarebytes. On main window click History. In the left panel click Application logs. Click in the table on Scan Log where the detection was and set tick. There is a date. After that click on View button above. A window will appear. Under left click on Copy to Clipboard and then paste it here.
Also I suggest to uninstall it from drive D: and to install it where it should be in C:/Program files
Do another scan. Click Scan from main window, Custom Scan, then green botton Scan now, set ticks in the left for everything and for your drives C: D: E: etc. and Start scan.
Never has happened to me Junkware Removal Tool to shutdown the computer. Did you turned off your protection software?
You may uninstall Anvir Task manager if you wish so.
You mean what we are doing here now?

 

Thank you!


Edited by Alex&Vanko, 16 May 2014 - 12:41 PM.


#7 adoreoner

adoreoner
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 16 May 2014 - 09:26 PM

Hey there :)

 

Here are The results from my previous Malwarebytes scan(11-5-2014):

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/05/2014

Scan Time: 5:47:59 PM

Logfile: MalwarebytesResult.txt

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.05.11.03

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: James

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 308966

Time Elapsed: 8 min, 44 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 9

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [cc53143c2a518bab4bcc9d88cf3325db], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [cc53143c2a518bab4bcc9d88cf3325db], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [cc53143c2a518bab4bcc9d88cf3325db], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [cc53143c2a518bab4bcc9d88cf3325db], 

PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2F5F003B-C71B-72E3-42B4-DE51AB079EB2}, Quarantined, [69b6212f29521e18738fd3522ed433cd], 

PUP.Optional.SecretSauce.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update SecretSauce, Quarantined, [5cc3460a6c0f2115b0f22c8df211a35d], 

PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2114348866-683858665-2034716777-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [829de36ddba01f1709f85a52719247b9], 

PUP.Optional.PriceGong.A, HKU\S-1-5-21-2114348866-683858665-2034716777-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [73ac3d130279eb4bf4d7fd915ca69f61], 

PUP.Optional.Softonic.A, HKU\S-1-5-21-2114348866-683858665-2034716777-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [f32c3b15dba0290dd2f71f63d52d9b65], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 1

PUP.Optional.Conduit.A, HKU\S-1-5-21-2114348866-683858665-2034716777-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPAC47244D-A9EF-493D-8126-B78BD35EA738&SSPV=, Good: (http://www.google.com), Bad: (http://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPAC47244D-A9EF-493D-8126-B78BD35EA738&SSPV=),Replaced,[de4172dea1dad0665c8e6cccb252b14f]

 

Folders: 2

PUP.Optional.Webexp, C:\Program Files (x86)\WebexpEnhancedV1, Quarantined, [0817f35d89f23afca0e698d6ac56e51b], 

PUP.Optional.CostMin.A, C:\ProgramData\CostMin, Quarantined, [45dae070d4a7ed498dc95b20ae54ae52], 

 

Files: 38

PUP.Optional.Softonic.A, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$RKHYE5Q.exe, Quarantined, [60bfa5ab394281b5dfcad64846bba858], 

PUP.Optional.OneClickDownloader.A, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$RPUC9T7.exe, Quarantined, [ae7189c7d7a40234712cdb35f8097090], 

PUP.Optional.InstallMonetizer, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$RUWNE4I.exe, Quarantined, [6eb161ef661594a293d773b424ddd828], 

PUP.Optional.OneClickDownloader.A, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$RPL7YM3.exe, Quarantined, [b6695ff1aad189ad9904ff1102ff6c94], 

PUP.Optional.Softonic.A, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$R8W5HCW.exe, Quarantined, [1e011b35dba094a213963ae4e61bfc04], 

PUP.Optional.GoForFiles.A, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$RAWFVY2.exe, Quarantined, [3ae5232d4b30c175199fdc3d09f8d62a], 

PUP.Optional.Conduit, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$RBM5PG4.exe, Quarantined, [cb5476dad9a23cfa76092e01936dd52b], 

PUP.Optional.NextLive.A, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$R80RZ64.me\nengine.dll, Quarantined, [f42b91bfaccf979f35f3fb584eb32bd5], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nscED11.exe, Quarantined, [eb34e769bdbe3006876ec760fe03a25e], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nsh2D0C.exe, Quarantined, [1a05064a8bf0ef47f302e5424bb69b65], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nsh58A1.exe, Quarantined, [8a959ab6413a93a32bca2cfb6d94ec14], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nshE939.exe, Quarantined, [43dc09474e2d9c9a5e97cb5c28d9817f], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nsi3CBA.exe, Quarantined, [041b361a4f2cef47fff678afd031db25], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nsiAFB2.exe, Quarantined, [59c6aba53c3fcc6a0beaff2818e99f61], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nsnA873.exe, Quarantined, [b06f7ad6b6c5270ff9fc72b5bf42b34d], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nss40A1.exe, Quarantined, [d14ebc941566f54139bc8a9d24ddae52], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nss5B9F.exe, Quarantined, [b86755fba1dafc3acc29be6946bb3ac6], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nsx2A0F.exe, Quarantined, [c15e60f02f4c3ff7c82d081f43be8a76], 

Trojan.Downloader, C:\Users\James\AppData\Local\Temp\xcthavl3.ojd.exe, Quarantined, [a47bb59b13684fe7df262a4c8f729d63], 

PUP.Optional.Somoto, C:\Users\James\AppData\Local\Temp\UpdateCheckerSetup.exe, Quarantined, [5bc4ada34734cf673db482a4ef1139c7], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Temp\utt3E0D.tmp.exe, Quarantined, [d946b39dbebd64d2c75bdb40be4360a0], 

Trojan.SProtector, C:\Users\James\AppData\Local\Temp\18be6784_.exe, Quarantined, [26f9eb65accffa3ceced3519966b33cd], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Temp\nsh7090\SpSetup.exe, Quarantined, [1f0094bc77048aacaf37bb6140c1eb15], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Temp\nsrCFBE\SpSetup.exe, Quarantined, [e837ada3a1dadd5916d0ce4e9d6426da], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsdB5CC.exe, Quarantined, [8798fb55f68510266c8956d130d1c33d], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk1C2D.exe, Quarantined, [f22ddf712952fa3c52a372b58a77df21], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk1E01.exe, Quarantined, [7fa054fc92e9f73fef0640e703fe52ae], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsm5B5C.exe, Quarantined, [b36ccf812c4f92a49e577cab2ed3a759], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsn8A29.exe, Quarantined, [7aa5252baecd54e226cf3fe8bf42d42c], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsnB2FE.exe, Quarantined, [1e010e42c8b39c9aae47f730e918bb45], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr5B2D.exe, Quarantined, [dc43b799b8c3cc6a31c48f986b960bf5], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr8BA0.exe, Quarantined, [f42bcb8584f7a88e65904fd8877a867a], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss89FA.exe, Quarantined, [0a157fd14f2c3105cc2933f4926f926e], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx8902.exe, Quarantined, [74abd080c1ba0a2cea0b9691e819a759], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz561.exe, Quarantined, [a57af0609cdff73faf460d1a3cc501ff], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz562.exe, Quarantined, [1e01bd930e6dd16520d5ed3a52af9d63], 

PUP.Optional.NextLive.A, C:\Users\James\AppData\Local\genienext\nengine.dll, Quarantined, [f629c28ec8b3f4421e0afe55c83932ce], 

PUP.Optional.Amonetize.A, C:\Users\James\AppData\Local\SwvUpdater\Updater.exe, Quarantined, [100f6ee21e5d0234574c95a4659bb54b], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

I Installed Malwarebytes to my main drive, and here are the results from the Custom Scan you have said to do today:

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/05/2014

Scan Time: 12:17:56 PM

Logfile: newscan1.txt

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.05.16.17

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: James

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 609158

Time Elapsed: 2 hr, 40 min, 41 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 10

PUP.Optional.SecretSauce.A, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FCADI4H\Setup[1].exe, Quarantined, [0af6916fcc34df216edc6bcb55acf50b], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FCADI4H\SPSetup[1].exe, Quarantined, [ec14a35dd22e2bd5a62b56c78d74fd03], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NB0KT69\SPSetup[1].exe, Quarantined, [06fa7d83649cef11844da776748d9769], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NB0KT69\SPSetup[2].exe, Quarantined, [10f054ac52ae24dcc60b30ed1fe27090], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NB0KT69\spstub[1].exe, Quarantined, [55ab01ff24dc01ffcf3e9e7e4db411ef], 

PUP.Optional.Conduit, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ER9YIBO9\FLV_Runner.exe, Quarantined, [40c01ae645bba7590679121d57a92ed2], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVVBTRDP\SPSetup[1].exe, Quarantined, [13eda65a3bc56f910dc41c01c63b6c94], 

PUP.Optional.NextLive.A, D:\JAMES-PC\Backup Set 2014-01-26 152006\Backup Files 2014-02-17 194036\Backup files 2.zip, Quarantined, [f60ac63ac53b46ba2ce199bbdc250bf5], 

PUP.Optional.Superfish.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [9d63ac543ec2649c67fe9ee559a97987], 

PUP.Optional.Superfish.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [0ff1e41c9f6147b9e77e740fc43eca36], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

Regarding Junkware Removal Tool, I did turn off my other protection but during the JRT scan it said it found a bad "module" and it asked me if i wanted to restart to fix it, i said yes.

 

Also, Yes i mean what are we doing here now? 

 

Thanks again :)Hey there :)

 

Here are The results from my previous Malwarebytes scan(11-5-2014):

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/05/2014

Scan Time: 5:47:59 PM

Logfile: MalwarebytesResult.txt

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.05.11.03

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: James

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 308966

Time Elapsed: 8 min, 44 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 9

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [cc53143c2a518bab4bcc9d88cf3325db], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [cc53143c2a518bab4bcc9d88cf3325db], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [cc53143c2a518bab4bcc9d88cf3325db], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [cc53143c2a518bab4bcc9d88cf3325db], 

PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2F5F003B-C71B-72E3-42B4-DE51AB079EB2}, Quarantined, [69b6212f29521e18738fd3522ed433cd], 

PUP.Optional.SecretSauce.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update SecretSauce, Quarantined, [5cc3460a6c0f2115b0f22c8df211a35d], 

PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2114348866-683858665-2034716777-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [829de36ddba01f1709f85a52719247b9], 

PUP.Optional.PriceGong.A, HKU\S-1-5-21-2114348866-683858665-2034716777-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [73ac3d130279eb4bf4d7fd915ca69f61], 

PUP.Optional.Softonic.A, HKU\S-1-5-21-2114348866-683858665-2034716777-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [f32c3b15dba0290dd2f71f63d52d9b65], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 1

PUP.Optional.Conduit.A, HKU\S-1-5-21-2114348866-683858665-2034716777-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPAC47244D-A9EF-493D-8126-B78BD35EA738&SSPV=, Good: (http://www.google.com), Bad: (http://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPAC47244D-A9EF-493D-8126-B78BD35EA738&SSPV=),Replaced,[de4172dea1dad0665c8e6cccb252b14f]

 

Folders: 2

PUP.Optional.Webexp, C:\Program Files (x86)\WebexpEnhancedV1, Quarantined, [0817f35d89f23afca0e698d6ac56e51b], 

PUP.Optional.CostMin.A, C:\ProgramData\CostMin, Quarantined, [45dae070d4a7ed498dc95b20ae54ae52], 

 

Files: 38

PUP.Optional.Softonic.A, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$RKHYE5Q.exe, Quarantined, [60bfa5ab394281b5dfcad64846bba858], 

PUP.Optional.OneClickDownloader.A, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$RPUC9T7.exe, Quarantined, [ae7189c7d7a40234712cdb35f8097090], 

PUP.Optional.InstallMonetizer, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$RUWNE4I.exe, Quarantined, [6eb161ef661594a293d773b424ddd828], 

PUP.Optional.OneClickDownloader.A, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$RPL7YM3.exe, Quarantined, [b6695ff1aad189ad9904ff1102ff6c94], 

PUP.Optional.Softonic.A, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$R8W5HCW.exe, Quarantined, [1e011b35dba094a213963ae4e61bfc04], 

PUP.Optional.GoForFiles.A, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$RAWFVY2.exe, Quarantined, [3ae5232d4b30c175199fdc3d09f8d62a], 

PUP.Optional.Conduit, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$RBM5PG4.exe, Quarantined, [cb5476dad9a23cfa76092e01936dd52b], 

PUP.Optional.NextLive.A, C:\$Recycle.Bin\S-1-5-21-2114348866-683858665-2034716777-1001\$R80RZ64.me\nengine.dll, Quarantined, [f42b91bfaccf979f35f3fb584eb32bd5], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nscED11.exe, Quarantined, [eb34e769bdbe3006876ec760fe03a25e], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nsh2D0C.exe, Quarantined, [1a05064a8bf0ef47f302e5424bb69b65], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nsh58A1.exe, Quarantined, [8a959ab6413a93a32bca2cfb6d94ec14], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nshE939.exe, Quarantined, [43dc09474e2d9c9a5e97cb5c28d9817f], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nsi3CBA.exe, Quarantined, [041b361a4f2cef47fff678afd031db25], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nsiAFB2.exe, Quarantined, [59c6aba53c3fcc6a0beaff2818e99f61], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nsnA873.exe, Quarantined, [b06f7ad6b6c5270ff9fc72b5bf42b34d], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nss40A1.exe, Quarantined, [d14ebc941566f54139bc8a9d24ddae52], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nss5B9F.exe, Quarantined, [b86755fba1dafc3acc29be6946bb3ac6], 

PUP.Optional.SearchProtect.A, C:\Users\James\AppData\Local\Temp\nsx2A0F.exe, Quarantined, [c15e60f02f4c3ff7c82d081f43be8a76], 

Trojan.Downloader, C:\Users\James\AppData\Local\Temp\xcthavl3.ojd.exe, Quarantined, [a47bb59b13684fe7df262a4c8f729d63], 

PUP.Optional.Somoto, C:\Users\James\AppData\Local\Temp\UpdateCheckerSetup.exe, Quarantined, [5bc4ada34734cf673db482a4ef1139c7], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Temp\utt3E0D.tmp.exe, Quarantined, [d946b39dbebd64d2c75bdb40be4360a0], 

Trojan.SProtector, C:\Users\James\AppData\Local\Temp\18be6784_.exe, Quarantined, [26f9eb65accffa3ceced3519966b33cd], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Temp\nsh7090\SpSetup.exe, Quarantined, [1f0094bc77048aacaf37bb6140c1eb15], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Temp\nsrCFBE\SpSetup.exe, Quarantined, [e837ada3a1dadd5916d0ce4e9d6426da], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsdB5CC.exe, Quarantined, [8798fb55f68510266c8956d130d1c33d], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk1C2D.exe, Quarantined, [f22ddf712952fa3c52a372b58a77df21], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk1E01.exe, Quarantined, [7fa054fc92e9f73fef0640e703fe52ae], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsm5B5C.exe, Quarantined, [b36ccf812c4f92a49e577cab2ed3a759], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsn8A29.exe, Quarantined, [7aa5252baecd54e226cf3fe8bf42d42c], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsnB2FE.exe, Quarantined, [1e010e42c8b39c9aae47f730e918bb45], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr5B2D.exe, Quarantined, [dc43b799b8c3cc6a31c48f986b960bf5], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr8BA0.exe, Quarantined, [f42bcb8584f7a88e65904fd8877a867a], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss89FA.exe, Quarantined, [0a157fd14f2c3105cc2933f4926f926e], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx8902.exe, Quarantined, [74abd080c1ba0a2cea0b9691e819a759], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz561.exe, Quarantined, [a57af0609cdff73faf460d1a3cc501ff], 

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz562.exe, Quarantined, [1e01bd930e6dd16520d5ed3a52af9d63], 

PUP.Optional.NextLive.A, C:\Users\James\AppData\Local\genienext\nengine.dll, Quarantined, [f629c28ec8b3f4421e0afe55c83932ce], 

PUP.Optional.Amonetize.A, C:\Users\James\AppData\Local\SwvUpdater\Updater.exe, Quarantined, [100f6ee21e5d0234574c95a4659bb54b], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

I Installed Malwarebytes to my main drive, and here are the results from the Custom Scan you have said to do:

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/05/2014

Scan Time: 12:17:56 PM

Logfile: newscan1.txt

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.05.16.17

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: James

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 609158

Time Elapsed: 2 hr, 40 min, 41 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 10

PUP.Optional.SecretSauce.A, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FCADI4H\Setup[1].exe, Quarantined, [0af6916fcc34df216edc6bcb55acf50b], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FCADI4H\SPSetup[1].exe, Quarantined, [ec14a35dd22e2bd5a62b56c78d74fd03], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NB0KT69\SPSetup[1].exe, Quarantined, [06fa7d83649cef11844da776748d9769], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NB0KT69\SPSetup[2].exe, Quarantined, [10f054ac52ae24dcc60b30ed1fe27090], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NB0KT69\spstub[1].exe, Quarantined, [55ab01ff24dc01ffcf3e9e7e4db411ef], 

PUP.Optional.Conduit, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ER9YIBO9\FLV_Runner.exe, Quarantined, [40c01ae645bba7590679121d57a92ed2], 

PUP.Optional.Conduit.A, C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVVBTRDP\SPSetup[1].exe, Quarantined, [13eda65a3bc56f910dc41c01c63b6c94], 

PUP.Optional.NextLive.A, D:\JAMES-PC\Backup Set 2014-01-26 152006\Backup Files 2014-02-17 194036\Backup files 2.zip, Quarantined, [f60ac63ac53b46ba2ce199bbdc250bf5], 

PUP.Optional.Superfish.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [9d63ac543ec2649c67fe9ee559a97987], 

PUP.Optional.Superfish.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [0ff1e41c9f6147b9e77e740fc43eca36], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

Regarding Junkware Removal Tool, I did turn off my other protection but during the JRT scan it said it found a bad "module" and it asked me if i wanted to restart to fix it, i said yes.

 

Also, Yes i mean what are we doing here now? 

 

Thanks again :)



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,198 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:37 AM

Posted 17 May 2014 - 10:49 AM

Hello, because Alex is currently not available, I'll work with you from here. :)
 
As for what you've been doing so far, a few tools were run that remove Adware/PUPs from your computer. Basically what all these tools do is scan your computer for traces of adware (folders, files, registry entries), list them and remove them. Malwarebytes also scans for and cleans malicious software, although that was not found in your case (which is a good thing).

Can you tell me how things are running at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 adoreoner

adoreoner
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 17 May 2014 - 08:08 PM

Hey there :)
thanks for explanation, things are going better at the moment, all the ads are gone (i think) but i still have that weird "WindowsUpdater.exe" thing starting on startup. Do you know what it is actually doing?

thanks :)

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,198 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:37 AM

Posted 18 May 2014 - 03:02 AM

Hi, lets see if we can find out a bit more about it. Please do not kill the process manually.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 adoreoner

adoreoner
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 21 May 2014 - 11:05 PM

Hi there, sorry i havent replied yet :( been really busy, but what do you want me to do after ive done that? and what do you mean by "do not reboot the computer"?

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,198 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:37 AM

Posted 22 May 2014 - 02:05 AM

This tool will stop any process that is malicious/unnecessary. It will show the complete file paths, so if windowsupdater.exe is present there, you can then see its location and delete it.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users