Jump to content


Photo
- - - - -

Computer may be infected - does anything look fishy in this log?


  • This topic is locked This topic is locked
10 replies to this topic

#1 kevincares

kevincares

    New Member

  • Members
  • Pip
  • 5 posts

Posted 12 August 2013 - 10:02 PM

My computer seems to be running fine but a scan with MBAM shows that there may be 100+ infections on my computer. A majority of these seem to be found in the /user/AppData/ folder so I'm not entirely sure of what it may identifying.

 

Here's the MBAM log from my scan earlier today. I did not take any action as I am not sure if they are false positives or are components of an extension already on my computer. Anything mentioning the Conduit search servie is referring to the Swagbucks toolbar, something that I do not believe is malicious at all but I would like an expert's advice.

 

_____

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Guesl :: AGUI-HP [administrator]

8/12/2013 12:34:01 PM
MBAM-log-2013-08-12 (12-43-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270651
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> 1912 -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> 4616 -> No action taken.

Memory Modules Detected: 7
C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.SearchProtect.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtectAll (PUP.Optional.SearchProtect.A) -> Data: C:\Program Files (x86)\SearchProtect\bin\cltmng.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtect (PUP.Optional.SearchProtect.A) -> Data: C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\cltmng.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 32
C:\Program Files (x86)\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> No action taken.

Files Detected: 116
C:\Users\agui\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\Guesl\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\Guesl\AppData\Local\Temp\CT2260173\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Guesl\Downloads\SwagBucks.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\bin\rep.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\rep.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\agui\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Guesl\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> No action taken.

(end)
 

_____

 

I ran avast! and there were no known malicious files that came up after a scan. I also ran the Kaspersky TDSSKiller and nothing was found to be a threat there. Here is a HijackThis log for good measure.

 

_____

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:01:44 PM, on 8/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Guesl\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Users\Guesl\Documents\Computer Maintenence\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)

_____

 

Thank you for looking into this in advance.

 

- k.



#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2013 - 06:46 AM

Welcome to the forum, please start HERE
Post back the 2 logs here.....DDS.txt and Attach.txt
(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
MrC


Note:
Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 kevincares

kevincares

    New Member

  • Members
  • Pip
  • 5 posts

Posted 13 August 2013 - 12:15 PM

Logs are attached. This is a shared computer and after looking at the DDS/Attach logs, I have to say that I have never seen any of these games (Dora, Bejeweled, etc.) on the computer - even in the default desktop games.

Attached Files



#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2013 - 12:27 PM

You're loaded with adware........

Please uninstall -----------> Search Protect by conduit from your add/remove programs

Then........

Please download AdwCleaner from here and save it on your Desktop.
 

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:
Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.




Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.


MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 kevincares

kevincares

    New Member

  • Members
  • Pip
  • 5 posts

Posted 13 August 2013 - 07:11 PM

AdwCleaner log. It deleted the Conduit toolbar that I had in Firefox (Swagbucks toolbar). I don't really mind it being gone, but I didn't really have any problems with it installed. Anything else I can do to see if it's clean? I'm currently rescanning with MBAM.

_____

 

# AdwCleaner v3.000 - Report created13/08/2013at17:02:51
# Updated 13/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Guesl - AGUI-HP
# Running from : C:\Users\Guesl\Downloads\adwcleaner.exe

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\agui\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Guesl\AppData\Local\Temp\CT2260173
Folder Deleted : C:\Users\Guesl\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Guesl\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Guesl\AppData\Roaming\Mozilla\Firefox\Profiles\ftb83rjj.default\Smartbar
Folder Deleted : C:\Users\Guesl\AppData\Roaming\Mozilla\Firefox\Profiles\ftb83rjj.default\CT2260173
Folder Deleted : C:\Users\Guesl\AppData\Roaming\Mozilla\Firefox\Profiles\kr83rfbd.default\Smartbar
Folder Deleted : C:\Users\Guesl\AppData\Roaming\Mozilla\Firefox\Profiles\kr83rfbd.default\CT2260173
File Deleted : C:\Users\Guesl\AppData\Local\Temp\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] No bad entry found.

-\\ Mozilla Firefox v22.0 (en-US)

Folder Deleted : C:\Users\Guesl\AppData\Roaming\Mozilla\Firefox\Profiles\ftb83rjj.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Folder Deleted : C:\Users\Guesl\AppData\Roaming\Mozilla\Firefox\Profiles\kr83rfbd.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Can't open file !

[ File : C:\Users\Guesl\AppData\Roaming\Mozilla\Firefox\Profiles\kr83rfbd.default\prefs.js ]

Line Deleted : user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Line Deleted : user_pref("CT2260173.FF19Solved", "true");
Line Deleted : user_pref("CT2260173.FirstTime", "true");
Line Deleted : user_pref("CT2260173.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2260173.SBmemberInfo.enc", "eyJzdGF0dXMiOjEsInNidHYiOnRydWUsImRhaWx5U2IiOiIwIiwiYWxsb3d[...]
Line Deleted : user_pref("CT2260173.UserID", "UN11333440462578828");
Line Deleted : user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2260173.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT2260173.autoDisableScopes", -1);
Line Deleted : user_pref("CT2260173.countryCode", "US");
Line Deleted : user_pref("CT2260173.defaultSearch", "false");
Line Deleted : user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"cross[...]
Line Deleted : user_pref("CT2260173.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT2260173.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2260173.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2260173.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2260173.fixUrls", true);
Line Deleted : user_pref("CT2260173.fullUserID", "UN11333440462578828.UP.20130625163358");
Line Deleted : user_pref("CT2260173.homepageuserchanged", true);
Line Deleted : user_pref("CT2260173.hxxp___www_swagbucks_com.APP_WIN_FEATURES.enc", "c2F2ZWxvY2F0aW9uPTAsc2F2ZXJlc2[...]
Line Deleted : user_pref("CT2260173.installDate", "11/6/2013 20:50:57");
Line Deleted : user_pref("CT2260173.installId", "dm");
Line Deleted : user_pref("CT2260173.installSessionId", "B2B1377E-3243-4DFF-8B14-DA3FB68B2BB6");
Line Deleted : user_pref("CT2260173.installSp", "true");
Line Deleted : user_pref("CT2260173.installType", "xpe");
Line Deleted : user_pref("CT2260173.installUsage", "2013-06-12T06:51:23.4136328+03:00");
Line Deleted : user_pref("CT2260173.installUsageEarly", "2013-06-12T06:51:22.757387+03:00");
Line Deleted : user_pref("CT2260173.installerVersion", "1.4.2.3");
Line Deleted : user_pref("CT2260173.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2260173.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.keyword", "true");

Line Deleted : user_pref("CT2260173.lastVersion", "10.16.70.505");
Line Deleted : user_pref("CT2260173.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT2260173.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Line Deleted : user_pref("CT2260173.openThankYouPage", "true");
Line Deleted : user_pref("CT2260173.openUninstallPage", "true");
Line Deleted : user_pref("CT2260173.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT2260173.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT2260173.search.searchAppId", "128848965243869715");
Line Deleted : user_pref("CT2260173.search.searchCount", "2");
Line Deleted : user_pref("CT2260173.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2260173.searchRevert", "false");
Line Deleted : user_pref("CT2260173.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT2260173.searchUserMode", "2");
Line Deleted : user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Line Deleted : user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Line Deleted : user_pref("CT2260173.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Line Deleted : user_pref("CT2260173.serviceLayer_services_Configuration_lastUpdate", "1376357258990");
Line Deleted : user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375755504977");
Line Deleted : user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1376357259990");
Line Deleted : user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1375928581695");
Line Deleted : user_pref("CT2260173.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1371009086[...]
Line Deleted : user_pref("CT2260173.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1371009086883")[...]
Line Deleted : user_pref("CT2260173.serviceLayer_services_location_lastUpdate", "1372132261935");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372198739121");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.16.2.9_lastUpdate", "1371083581670");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374716772598");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.16.70.505_lastUpdate", "1376357260156");
Line Deleted : user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1375928581798");
Line Deleted : user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1376357258838");
Line Deleted : user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1376357258671");
Line Deleted : user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1375928581628");
Line Deleted : user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1376357260041");
Line Deleted : user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1376357260085");
Line Deleted : user_pref("CT2260173.settingsINI", true);
Line Deleted : user_pref("CT2260173.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2260173.showToolbarPermission", "false");
Line Deleted : user_pref("CT2260173.smartbar.CTID", "CT2260173");
Line Deleted : user_pref("CT2260173.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
Line Deleted : user_pref("CT2260173.startPage", "false");
Line Deleted : user_pref("CT2260173.toolbarBornServerTime", "12-6-2013");
Line Deleted : user_pref("CT2260173.toolbarCurrentServerTime", "13-8-2013");
Line Deleted : user_pref("CT2260173.toolbarLoginClientTime", "Tue Jun 11 2013 20:51:27 GMT-0700 (Pacific Standard T[...]
Line Deleted : user_pref("CT2260173.versionFromInstaller", "10.16.2.9");
Line Deleted : user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "Swag Bucks Customized Web Search");

Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT2260173");

Line Deleted : user_pref("smartbar.machineId", "4M0DGXHM7/F3J5CBAO8HD5RVC35XP8MMK/FLOJNFODUM7RCJDKKAILCGHXAGHURN6IG[...]

-\\ Google Chrome v


[ File : C:\Users\Guesl\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[OK] No bad entry found.

*************************

AdwCleaner[0].txt - [11517 octets] - [13/08/2013 17:02:51]

########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [11577 octets] ##########
 



#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2013 - 07:13 PM

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Last.........

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 kevincares

kevincares

    New Member

  • Members
  • Pip
  • 5 posts

Posted 13 August 2013 - 07:38 PM

MBAM log followed by the JRT log

_____

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Guesl :: AGUI-HP [administrator]

8/13/2013 5:32:33 PM
mbam-log-2013-08-13 (17-32-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 269791
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
____

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.4 (08.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Guesl on Tue 08/13/2013 at 17:19:47.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.searchprovidermanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.searchprovidermanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6DBAAE2D-37CE-462C-825F-57845AB5808C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6DBAAE2D-37CE-462C-825F-57845AB5808C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho9DFC.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Guesl\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Guesl\appdata\local\{6D053859-B7A1-4BFE-ABD6-589E521C81EF}



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}
Emptied folder: C:\Users\Guesl\AppData\Roaming\mozilla\firefox\profiles\kr83rfbd.default\minidumps [53 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/13/2013 at 17:29:48.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

No red flags, thanks!



#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2013 - 07:39 PM

OK, how is it?? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 kevincares

kevincares

    New Member

  • Members
  • Pip
  • 5 posts

Posted 13 August 2013 - 08:09 PM

It works the same as before really, and it was working close to perfect. I never had a problem with performance or anything but seeing the PUP alerts just reminded me to make sure everything is okay.

 

The help is much appreciated.



#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2013 - 08:10 PM

OK...MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 August 2013 - 07:19 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users