Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Hakezu on July 15, 2015, 04:47:22 PM
-
First and foremost I would like to say thank you to everyone who's willing to help me out, I know you guys are probably busy with posts like this all the time and I appreciate that you looked into this one. :)
Yesterday I commenced a scan with Malwarebytes and Avast while going to take a nap, however when I got back 6 hours later I noticed that the programs didn't finish scanning so I stopped it. That was when I started noticing a lot of temporary freezes.
I then went to safe mode and did a scan there.
Malwarebytes was able to detect 3 malwares, however when trying to scan with Avast in safe mode it states that I could not start a scan as it could not find an endpoint.
Edit: Not sure if this will contribute to anything, but currently every time I open up Steam it will install(or attempt to install) an update which takes a lot longer than it usually does. However, whenever it finishes doing its' update and Steam opens it'll pop-up another alert about having a new update. Which then loops back to the beginning.
Also, when I updated Mozilla, I noticed that the Mozilla folder had a .bak at the end of it.
I had Malwarebytes before posting here for help, so I'll post the log that detected the 3+the other needed logs.
I would have posted these logs in as attachments, but it's not letting me. I guess it's because it's over 700KB.
AdwCleaner
# AdwCleaner v4.208 - Logfile created 15/07/2015 at 15:10:37
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Joey - HAKEZU
# Running from : C:\Users\Joey\Desktop\adwcleaner_4.208.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\Itibiti Soft Phone
Folder Deleted : C:\Users\Joey\AppData\Local\apn
[/!\] Not Deleted ( Junction ) : C:\Users\Joey\AppData\Local\Conduit
Folder Deleted : C:\Users\Joey\AppData\Local\Hola
Folder Deleted : C:\Users\Joey\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
File Deleted : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\icpgjfneehieebagbmdbhnlpiopdcmna
File Deleted : C:\Users\Joey\AppData\Roaming\MPQEditor.ini
File Deleted : C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\4xhzapjq.default\user.js
***** [ Scheduled tasks ] *****
Task Deleted : RunAsStdUser Task for VeohWebPlayer
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\onekit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17840
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v39.0 (x86 en-US)
[4xhzapjq.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.styl e", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[4xhzapjq.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
-\\ Google Chrome v43.0.2357.134
[C:\Users\AdminDefault\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : icpgjfneehieebagbmdbhnlpiopdcmna
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Default_Search_Provider_Data] :
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [17280 bytes] - [15/07/2015 14:42:54]
AdwCleaner[R1].txt - [17340 bytes] - [15/07/2015 14:59:45]
AdwCleaner[S0].txt - [5467 bytes] - [15/07/2015 15:10:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5526 bytes] ##########
MalwareBytes
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/07/14 20:13:13 -0700</date>
<logfile>mbam-log-2015-07-14 (20-13-13).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.1.8.1057</version>
<malware-database>v2015.07.14.07</malware-database>
<rootkit-database>v2015.07.14.01</rootkit-database>
<license>premium</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Joey</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>508842</objects>
<time>10567</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>3</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Users\Joey\Desktop\WPE\WPE PRO - modified.exe</path><vendor>HackTool.Sniffer.WpePro</vendor><action>success</action><hash>6f40459cb8d2fe38b475d465db2abc44</hash></file>
<file><path>C:\Users\Joey\Desktop\WPE\WpeSpy.dll</path><vendor>HackTool.Sniffer.WpePro</vendor><action>success</action><hash>129d08d967232016f285a81bd331a759</hash></file>
<file><path>C:\Users\Joey\Desktop\wpepro09mod\WpeSpy.dll</path><vendor>HackTool.Sniffer.WpePro</vendor><action>success</action><hash>26899150305a9e98d0a7f4cf8a7aea16</hash></file>
</items>
</mbam-log>
Security Check
Results of screen317's Security Check version 1.005
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java 8 Update 45
Adobe Flash Player 18.0.0.209
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (39.0)
Google Chrome (43.0.2357.132)
Google Chrome (43.0.2357.134)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
I noticed that the Mozilla folder had a .bak at the end of it.
bak extension means it is a back up file or folder.
The MBAM log doesn't look correct. Could you post another one?
************************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
-
Here is my most recent Malware Bytes log.
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/07/15 05:53:08 -0700</date>
<logfile>mbam-log-2015-07-15 (05-53-00).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.1.8.1057</version>
<malware-database>v2015.07.15.03</malware-database>
<rootkit-database>v2015.07.14.01</rootkit-database>
<license>premium</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Joey</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>505916</objects>
<time>10969</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.0 (07.15.2015:1)
OS: Windows 7 Home Premium x64
Ran by Joey on Wed 07/15/2015 at 22:12:53.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\veohplugin
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{652853ad-5592-4231-88c6-706613a52e61}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{13FA2453-9287-4F18-8554-976D7C02F4EE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{652853ad-5592-4231-88c6-706613a52e61}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}
~~~ Files
~~~ Folders
Failed to delete: [Folder] C:\Program Files (x86)\somototoolbar
Failed to delete: [Folder] C:\Users\Joey\appdata\local\conduit
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\knctr
Successfully deleted: [Folder] C:\Users\Joey\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\Joey\appdata\local\tempdir
Successfully deleted: [Folder] C:\Users\Joey\appdata\locallow\somototoolbar
Successfully deleted: [Folder] C:\Users\Joey\AppData\Roaming\itibiti
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
Successfully deleted: [Folder] C:\Users\Joey\appdata\local\28050
~~~ FireFox
Emptied folder: C:\Users\Joey\AppData\Roaming\mozilla\firefox\profiles\4xhzapjq.default\minidumps [213 files]
~~~ Chrome
[C:\Users\Joey\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Joey\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Joey\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Joey\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/15/2015 at 22:33:59.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
I wasn't able to edit my previous post, hence the double reply. Apologies.
Computer blue-screened while scanning with avast and Malwarebytes on normal mode, felt like I was using a computer from the 90's. Ridiculously slow and unresponsive at times.
I'm now on Safe Mode with Networking and notice a huge difference in computer processing speed.
Going to re-run Malwarebytes and JRT to see if JRT will be able to successfully delete somototoolbar and conduit.
New JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.0 (07.15.2015:1)
OS: Windows 7 Home Premium x64
Ran by Joey on Thu 07/16/2015 at 3:43:26.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Failed to delete: [Folder] C:\Program Files (x86)\somototoolbar
Failed to delete: [Folder] C:\Users\Joey\appdata\local\conduit
~~~ Chrome
[C:\Users\Joey\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Joey\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Joey\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Joey\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/16/2015 at 3:53:32.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Most recent Malwarebytes scan
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7/16/2015
Scan Time: 3:56 AM
Logfile:
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.07.16.02
Rootkit Database: v2015.07.15.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joey
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 490478
Time Elapsed: 3 hr, 15 min, 16 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Took awhile for the program to finish scanning, sorry for the late reply!
Should I delete the quarantined files?
ESET Logs
C:\AeriaGames\Downloader\gunz_us_installer_20120718.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Components\toolbarconduit\ToolBarConduit.dll a variant of Win32/Toolbar.Conduit.K potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\ExpressBurn\burnsetup_v4.42.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\ExpressBurn\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Switch\switch.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Switch\switchsetup_v4.17.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Switch\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Swift Sound\ExpressRip\expressrip.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Swift Sound\ExpressRip\ripsetup_v1.81.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Swift Sound\ExpressRip\uninst.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Swift Sound\WavePad\uninst.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Swift Sound\WavePad\wavepad.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Swift Sound\WavePad\WavepadSoundEditor.4.40_v4.40.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\Program Files (x86)\OGPlanet\SD Gundam\SDGO_SETUP_V.1.4.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Program Files (x86)\OGPlanet\SD Gundam Capsule Fighter\xfire.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Windows Movie Maker\toolbar\solidyoutube-hybrid.exe Win32/Somoto.F potentially unwanted application deleted - quarantined
C:\Users\Joey\AppData\Roaming\uTorrent\updates\3.3.1_30003.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\Joey\Desktop\3.3.5\The Hitchhiker's Hack 3.3.5.exe Win32/RiskWare.GameHack.P application cleaned by deleting - quarantined
C:\Users\Joey\Desktop\Desktop 2013\01 다칠 준비가 돼 있어 (3).exe Win32/DownloadAdmin.D potentially unwanted application cleaned by deleting - quarantined
I also did new JRT scan just to see the results after, and noticed that Conduit and Somototoolbar is still there, should I be worried?
-
Try to uninstall those toolbars and you can delete those quarantined files and let me know how your computer's working.
-
Try to uninstall those toolbars and you can delete those quarantined files and let me know how your computer's working.
Those programs don't show up on the program list so I tried going to those folders manually.
I tried right-clicking and shift+delete the Somototoolbar folder but it would take a minute or so to calculate the amount and only delete 6 items, around 1.45kb but the folder is still there, and it does the same thing if I redo it.
As for Conduit, once I double-clicked Local folder, it starts lagging terribly however it would stop after a brief moment but if I clicked on the conduit folder(or any folder in there it seems) it freeze up my background and that window. It stops freezing if I close the window by hovering over the bottom and pressing x
I am still in safe mode with networking.
-
Those programs don't show up on the program list so I tried going to those folders manually.
They are probably in the add-ons of your browser.
Those programs don't show up on the program list so I tried going to those folders manually.
They all came from NCH Software. which is installed on your computer. If you don't use it, uninstall this program
-
They are probably in the add-ons of your browser.They all came from NCH Software. which is installed on your computer. If you don't use it, uninstall this program
Tried to uninstall all(three) programs by the Publisher of NCH, however when click uninstall it states that it seemed to have been already removed, and asked if I would like to remove it from the program list.
I still notice lag when in normal mode, also, my Windows 7 updates after shutting down appears to not progress, even after giving it 6+ hours. Which forces me to force shut down it.
-
Update: Used the Error-Check tool and noticed a great amount of improvement since before it.
Was able to delete Somototoolbar folder, and Conduit folder was gone when I checked the directory.
Steam no longer repeatedly asks for an update after the first one.
Did a System File Scan and showed there was no problem to the window's integrity. Also did a Disk Clean up, had 70gigs in my recycling bin and didn't even notice.
All seems well now, I appreciate the help SuperDave! Gave you your 900th "thanks" congrats!
If you could, please PM me your paypal e-mail. I would like to give you a tip! :)
This thread can now be locked.
(http://disruptmedia.co/wp-content/uploads/2013/07/success_baby.jpg)
-
You're welcome. I'm glad you got this all sorted out. Sorry, I don't have a paypal site and I don't accept donations. The only thing we ask for is a thank you and perhaps, you can do something similar for someone else.
-
You're welcome. I'm glad you got this all sorted out. Sorry, I don't have a paypal site and I don't accept donations. The only thing we ask for is a thank you and perhaps, you can do something similar for someone else.
For sure. I'll check for randomly new threads here and see if I can help out!
-
For sure. I'll check for randomly new threads here and see if I can help out!
Don't forget that only authorized malware experts are allowed to post in these the malware forums but your input is certainly welcome in all the others.
I will lock this thread. If you need it re-opened, please send me a pm.