Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Yahoo conduit.  (Read 24108 times)

0 Members and 1 Guest are viewing this topic.

harry 48

    Topic Starter


    Egghead

  • lay back , relax and chill out
  • Thanked: 129
    • Yes
    • Yes
    • Yes
    • Dribbling Pensioner
  • Certifications: List
  • Experience: Familiar
  • OS: Windows 7
Yahoo conduit.
« on: May 17, 2014, 03:25:00 PM »
This past three nights chrome browser would not work it always opened with yahoo, so I ran adwcleaner but i had to run every night as yahoo conduit comes back.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
harry :: HARRY-PC [administrator]

17/05/2014 21:31:45
mbam-log-2014-05-17 (21-31-45).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 387264
Time elapsed: 41 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

# AdwCleaner v3.208 - Report created 17/05/2014 at 21:13:42
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : harry - HARRY-PC
# Running from : C:\Users\harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FH448W8O\adwcleaner_3.208.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MDE40E8FE-E0BB-4989-B53F-BCBCEAB343D5&SearchSource=58&CUI=&UM=5&UP=&q={searchTerms}&SSPV=
Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MDE40E8FE-E0BB-4989-B53F-BCBCEAB343D5&SearchSource=58&CUI=&UM=5&UP=&q={searchTerms}&SSPV=
Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MDE40E8FE-E0BB-4989-B53F-BCBCEAB343D5&SearchSource=58&CUI=&UM=5&UP=SP46358F19-DD77-48FA-9727-E9DB45459528&q={searchTerms}&SSPV=
Found [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5EGB&gct=&itbv=12.10.6.48&apn_uid=B5ACD116-E0BF-4466-9453-034BD1C6EFAD&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=ie_11.0.9600.17041&doi=2014-04-22&trgb=IE&q={searchTerms}&psv=
Found [Startup_urls] : hxxp://search.yahoo.com/?type=AC6CABBA6ED3B4F86BCF_s55_g_e&fr=conduit
Found [Homepage] : hxxp://search.yahoo.com/?type=AC6CABBA6ED3B4F86BCF_s55_g_e&fr=conduit

*************************

AdwCleaner[R11].txt - [1887 octets] - [17/05/2014 21:13:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R11].txt - [1948 octets] ##########



SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Yahoo conduit.
« Reply #1 on: May 17, 2014, 04:11:52 PM »
Remove the Adware:
  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
Windows 8 and Windows 10 dual boot with two SSD's

harry 48

    Topic Starter


    Egghead

  • lay back , relax and chill out
  • Thanked: 129
    • Yes
    • Yes
    • Yes
    • Dribbling Pensioner
  • Certifications: List
  • Experience: Familiar
  • OS: Windows 7
Re: Yahoo conduit.
« Reply #2 on: May 17, 2014, 04:30:31 PM »
Dave it doe's not  say delete, only clean so here's the report.

# AdwCleaner v3.208 - Report created 17/05/2014 at 23:20:31
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : harry - HARRY-PC
# Running from : C:\Users\harry\Pictures\adwcleaner_3.208.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MDE40E8FE-E0BB-4989-B53F-BCBCEAB343D5&SearchSource=58&CUI=&UM=5&UP=&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MDE40E8FE-E0BB-4989-B53F-BCBCEAB343D5&SearchSource=58&CUI=&UM=5&UP=&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MDE40E8FE-E0BB-4989-B53F-BCBCEAB343D5&SearchSource=58&CUI=&UM=5&UP=SP46358F19-DD77-48FA-9727-E9DB45459528&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5EGB&gct=&itbv=12.10.6.48&apn_uid=B5ACD116-E0BF-4466-9453-034BD1C6EFAD&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=ie_11.0.9600.17041&doi=2014-04-22&trgb=IE&q={searchTerms}&psv=
Deleted [Startup_urls] : hxxp://search.yahoo.com/?type=AC6CABBA6ED3B4F86BCF_s55_g_e&fr=conduit
Deleted [Homepage] : hxxp://search.yahoo.com/?type=AC6CABBA6ED3B4F86BCF_s55_g_e&fr=conduit

*************************

AdwCleaner[R11].txt - [2029 octets] - [17/05/2014 21:13:42]
AdwCleaner[R12].txt - [1069 octets] - [17/05/2014 23:19:31]
AdwCleaner[S11].txt - [0 octets] - [17/05/2014 21:14:21]
AdwCleaner[S12].txt - [2013 octets] - [17/05/2014 23:20:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S12].txt - [2074 octets] ##########

SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Yahoo conduit.
« Reply #3 on: May 18, 2014, 11:36:54 AM »
How are things now?
Windows 8 and Windows 10 dual boot with two SSD's

harry 48

    Topic Starter


    Egghead

  • lay back , relax and chill out
  • Thanked: 129
    • Yes
    • Yes
    • Yes
    • Dribbling Pensioner
  • Certifications: List
  • Experience: Familiar
  • OS: Windows 7
Re: Yahoo conduit.
« Reply #4 on: May 18, 2014, 12:30:24 PM »
How are things now?

Still the same Dave.

SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Yahoo conduit.
« Reply #5 on: May 18, 2014, 04:24:02 PM »
Look in your Programs and Features to see if there are any programs there that shouldn't be  there such as Conduit.
Windows 8 and Windows 10 dual boot with two SSD's

harry 48

    Topic Starter


    Egghead

  • lay back , relax and chill out
  • Thanked: 129
    • Yes
    • Yes
    • Yes
    • Dribbling Pensioner
  • Certifications: List
  • Experience: Familiar
  • OS: Windows 7
Re: Yahoo conduit.
« Reply #6 on: May 19, 2014, 12:45:31 PM »
Look in your Programs and Features to see if there are any programs there that shouldn't be  there such as Conduit.

I have looked everywhere I know and I cannot find it.

I found trzCB.tmp   and also   wpcom.subscriptions.opml

SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Yahoo conduit.
« Reply #7 on: May 19, 2014, 05:46:19 PM »
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
Windows 8 and Windows 10 dual boot with two SSD's

harry 48

    Topic Starter


    Egghead

  • lay back , relax and chill out
  • Thanked: 129
    • Yes
    • Yes
    • Yes
    • Dribbling Pensioner
  • Certifications: List
  • Experience: Familiar
  • OS: Windows 7
Re: Yahoo conduit.
« Reply #8 on: May 20, 2014, 12:38:41 PM »
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by harry at 19:36:41 on 2014-05-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.4095.2683 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\WhatPulse2\whatpulse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.co.uk/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [whatpulse] "C:\Program Files (x86)\WhatPulse2\whatpulse.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{CCCBE9C0-486E-4E47-9D79-309BA697919E} : DHCPNameServer = 192.168.1.254 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-9 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-5-9 208416]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2012-10-19 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-10-19 423240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-5 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-19 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-15 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-5 50344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-17 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-9 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-17 1255736]
.
=============== Created Last 30 ================
.
2014-05-17 20:13:40   --------   d-----w-   C:\AdwCleaner
2014-05-16 18:21:51   10651704   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{579DE86C-F955-43FD-AE8C-A9B447B2852F}\mpengine.dll
2014-05-15 23:25:51   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-05-15 23:25:50   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-05-15 18:00:03   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2014-05-15 18:00:03   1460736   ----a-w-   C:\Windows\System32\lsasrv.dll
2014-05-15 18:00:02   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2014-05-15 18:00:02   3969984   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2014-05-15 18:00:01   455168   ----a-w-   C:\Windows\System32\winlogon.exe
2014-05-15 18:00:01   3914176   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2014-05-15 18:00:01   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2014-05-15 18:00:00   722944   ----a-w-   C:\Windows\System32\objsel.dll
2014-05-15 18:00:00   5550016   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2014-05-15 18:00:00   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2014-05-14 23:22:48   477184   ----a-w-   C:\Windows\System32\aepdu.dll
2014-05-14 23:22:48   424448   ----a-w-   C:\Windows\System32\aeinv.dll
2014-05-11 19:11:03   --------   d-----w-   C:\Program Files (x86)\WhatPulse2
2014-05-06 22:59:31   --------   d-s---w-   C:\Windows\System32\CompatTel
2014-05-05 13:43:48   29208   ----a-w-   C:\Windows\System32\drivers\aswHwid.sys
2014-05-05 13:43:43   43152   ----a-w-   C:\Windows\avastSS.scr
2014-04-22 17:29:41   --------   d-----w-   C:\Users\harry\AppData\Roaming\NVIDIA
2014-04-22 14:55:49   96168   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-22 14:51:25   --------   d-sh--w-   C:\Users\harry\AppData\Local\EmieUserList
2014-04-22 14:51:25   --------   d-sh--w-   C:\Users\harry\AppData\Local\EmieSiteList
2014-04-22 09:58:06   359936   ----a-w-   C:\Program Files\Internet Explorer\IEShims.dll
2014-04-22 09:58:06   257536   ----a-w-   C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-04-22 09:58:00   548352   ----a-w-   C:\Windows\System32\vbscript.dll
2014-04-22 09:58:00   455168   ----a-w-   C:\Windows\SysWow64\vbscript.dll
.
==================== Find3M  ====================
.
2014-05-15 17:55:21   85328   ----a-w-   C:\Windows\System32\drivers\aswstm.sys
2014-05-15 17:55:21   1039096   ----a-w-   C:\Windows\System32\drivers\aswsnx.sys
2014-05-13 21:43:00   70832   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 21:43:00   692400   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-05 13:43:44   208416   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
2014-05-05 13:43:43   93568   ----a-w-   C:\Windows\System32\drivers\aswRdr2.sys
2014-05-05 13:43:43   79184   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-05 13:43:43   65776   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
2014-04-12 02:22:05   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37   28160   ----a-w-   C:\Windows\System32\secur32.dll
2014-04-12 02:19:05   31232   ----a-w-   C:\Windows\System32\lsass.exe
2014-04-12 02:12:06   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2014-03-31 21:46:48   130712   ----a-w-   C:\Windows\SysWow64\MSSTDFMT.DLL
2014-03-31 21:46:48   1070232   ----a-w-   C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-31 08:35:08   270496   ------w-   C:\Windows\System32\MpSigStub.exe
2014-03-11 21:12:13   91352   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-06 09:31:33   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-03-06 08:57:20   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15   752640   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41   5784064   ----a-w-   C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:01:01   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43   38400   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36   4254720   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40   592896   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43   32256   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15   2043904   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39   1967104   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40   2260480   ----a-w-   C:\Windows\System32\wininet.dll
2014-03-06 05:41:49   1789440   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21   243712   ----a-w-   C:\Windows\System32\wow64.dll
2014-03-04 09:44:21   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20   39936   ----a-w-   C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06   340992   ----a-w-   C:\Windows\System32\schannel.dll
2014-03-04 09:44:03   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00   424960   ----a-w-   C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56   57344   ----a-w-   C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56   52736   ----a-w-   C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56   44544   ----a-w-   C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56   22016   ----a-w-   C:\Windows\System32\credssp.dll
2014-03-04 09:43:55   56832   ----a-w-   C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55   53760   ----a-w-   C:\Windows\System32\capiprovider.dll
2014-03-04 09:16:54   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29   2048   ----a-w-   C:\Windows\SysWow64\user.exe
.
============= FINISH: 19:37:07.05 ===============

harry 48

    Topic Starter


    Egghead

  • lay back , relax and chill out
  • Thanked: 129
    • Yes
    • Yes
    • Yes
    • Dribbling Pensioner
  • Certifications: List
  • Experience: Familiar
  • OS: Windows 7
Re: Yahoo conduit.
« Reply #9 on: May 20, 2014, 12:39:31 PM »
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 17/10/2012 19:37:10
System Uptime: 20/05/2014 19:07:03 (0 hours ago)
.
Motherboard: ASRock |  | N68C-S UCC
Processor: AMD Phenom(tm) II X4 B55 Processor | CPUSocket | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 409.323 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: X5XSEx_Pr143
Device ID: ROOT\LEGACY_X5XSEX_PR143\0000
Manufacturer:
Name: X5XSEx_Pr143
PNP Device ID: ROOT\LEGACY_X5XSEX_PR143\0000
Service: X5XSEx_Pr143
.
Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1274&DEV_1371&SUBSYS_13711274&REV_09\4&2F735D55&0&4020
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1274&DEV_1371&SUBSYS_13711274&REV_09\4&2F735D55&0&4020
Service:
.
==== System Restore Points ===================
.
RP211: 17/04/2014 00:37:14 - Installed Java 7 Update 55
RP212: 18/04/2014 19:04:19 - Windows Update
RP213: 22/04/2014 10:54:02 - Windows Update
RP214: 22/04/2014 10:57:31 - Windows Update
RP215: 22/04/2014 15:54:53 - Installed Java 7 Update 55
RP216: 25/04/2014 19:05:02 - Windows Update
RP217: 29/04/2014 20:24:12 - Windows Update
RP218: 03/05/2014 15:50:16 - Windows Update
RP219: 05/05/2014 14:42:35 - avast! antivirus system restore point
RP220: 06/05/2014 19:22:14 - Windows Update
RP221: 06/05/2014 23:59:19 - Windows Update
RP222: 14/05/2014 23:42:38 - Windows Update
RP223: 15/05/2014 00:37:50 - Windows Update
RP224: 15/05/2014 18:58:43 - Windows Update
RP225: 16/05/2014 00:24:58 - Windows Update
.
==== Installed Programs ======================
.
7 Wonders of the World
Adobe Flash Player 13 ActiveX
Adobe Reader XI (11.0.07)
Adobe Shockwave Player 11.6
avast! Free Antivirus
Big Fish: Game Manager
Big Kahuna Reef
Big Kahuna Reef 2 - Chain Reaction
Canon Utilities CameraWindow DC 8
Creative PCI Audio Drivers
EPSON Printer Software
ESET Online Scanner v3
Feeding Frenzy
Google Chrome
Google Update Helper
InstallConverter bundle uninstaller
Java 7 Update 55
Java Auto Updater
Magic Match
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
NVIDIA Control Panel 307.83
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
PokerStars.net
PVSonyDll
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
Snap.Do
Snap.Do Engine
SUPERAntiSpyware
swMSM
Teddy Factory
Unity Web Player
Unlocker 1.9.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WhatPulse version 2.0.4
WinPcap 4.1.2
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
20/05/2014 19:00:24, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
20/05/2014 18:56:14, Error: Microsoft-Windows-WHEA-Logger [20]  - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: CRC Error Processor ID: 0 The details view of this entry contains further information.
20/05/2014 18:56:14, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Unknown Error Processor ID: 1 The details view of this entry contains further information.
20/05/2014 18:56:14, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Unknown Error Processor ID: 0 The details view of this entry contains further information.
20/05/2014 18:56:14, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0 The details view of this entry contains further information.
20/05/2014 18:56:14, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 1 The details view of this entry contains further information.
20/05/2014 18:55:41, Error: Service Control Manager [7000]  - The X5XSEx_Pr143 service failed to start due to the following error:  The system cannot find the path specified.
20/05/2014 18:55:41, Error: Service Control Manager [7000]  - The PfModNT service failed to start due to the following error:  The system cannot find the file specified.
20/05/2014 18:55:27, Error: Application Popup [1060]  - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
19/05/2014 19:03:39, Error: Microsoft-Windows-WHEA-Logger [20]  - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: 11 Processor ID: 0 The details view of this entry contains further information.
18/05/2014 21:50:05, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user harry-PC\harry SID (S-1-5-21-260414698-275278998-2528326897-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
18/05/2014 21:50:05, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user harry-PC\harry SID (S-1-5-21-260414698-275278998-2528326897-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
16/05/2014 19:10:02, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
15/05/2014 18:52:44, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 0 The details view of this entry contains further information.
.
==== End Of File ===========================

SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Yahoo conduit.
« Reply #10 on: May 20, 2014, 01:03:11 PM »
I see you are running Poker Stars. Poker Stars has a history of distributing spyware in their products. However, security experts still question this program as good or bad. I recommend to remove it to prevent spyware, but it is up to you to decide if you want to keep it.

If you would like to uninstall it, do so as follows:

Press Start, and navigate to the Control Panel. When in the control panel enter Add or Remove programs. Search for and locate PokerStars, and either click Change/Remove or Remove.
******************************************
Did you install this? WinPcap 4.1.2
Does this happen when using another browser such as IE?

Windows 8 and Windows 10 dual boot with two SSD's

harry 48

    Topic Starter


    Egghead

  • lay back , relax and chill out
  • Thanked: 129
    • Yes
    • Yes
    • Yes
    • Dribbling Pensioner
  • Certifications: List
  • Experience: Familiar
  • OS: Windows 7
Re: Yahoo conduit.
« Reply #11 on: May 20, 2014, 01:36:36 PM »
Poker is gone.


Did you install this? WinPcap 4.1.2
Does this happen when using another browser such as IE?

#######################

No I didn't install wincap
IE is ok to use.


SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Yahoo conduit.
« Reply #12 on: May 20, 2014, 04:55:52 PM »
Poker is gone.


Did you install this? WinPcap 4.1.2
Does this happen when using another browser such as IE?

#######################

No I didn't install wincap
IE is ok to use.
I must have been bundled with something else. I would uninstall it if you're not using it.
Tell is Conduit shows up after you uninstall that WinPcap.
Windows 8 and Windows 10 dual boot with two SSD's

harry 48

    Topic Starter


    Egghead

  • lay back , relax and chill out
  • Thanked: 129
    • Yes
    • Yes
    • Yes
    • Dribbling Pensioner
  • Certifications: List
  • Experience: Familiar
  • OS: Windows 7
Re: Yahoo conduit.
« Reply #13 on: May 21, 2014, 02:00:14 PM »
Dave I removed winpcap and restarted the pc, yahoo conduit is still there so I used AdwCleaner and its gone. I'll report to-morrow if and when it comes back.

harry 48

    Topic Starter


    Egghead

  • lay back , relax and chill out
  • Thanked: 129
    • Yes
    • Yes
    • Yes
    • Dribbling Pensioner
  • Certifications: List
  • Experience: Familiar
  • OS: Windows 7
Re: Yahoo conduit.
« Reply #14 on: May 22, 2014, 02:35:37 PM »
Sorry to say yahoo conduit is back again Dave.