Solved Help needed to determine if my machine is infected..

Status
Not open for further replies.
I'm getting kind of sick of the intrusion into my personal space, so want to get to the bottom of this once and for all.
Click to expand...
As cruel as this may sound, you lose your right to 'personal space' once you share files. They are ways to 'share' pictures, articles, etc. without using file sharing. That may sound like a contradiction to you, but it isn't. Photos can be emailed and so can articles. The difference is that you can 'save' from there before opening and scan with your antivirus and other security program before you open it!

Give me a few hours to check out some of these keys to see if I can safely remove them.
 
Sound job.

As the Sacl issue is present on the first scan also, I am all out of ideas as to how this problem my have happened.

Thanks!
 
I have been having mega internet connection problems! Went down at 9 last night-again- took 5 attempts at 9 this AM to connect. Making me crazy and getting behind!

The SACL entries are okay. I'm setting up some script for removals in Combofix- if my internet stays up, I'll be back shortly.
 
It's getting confusing to go through all the logs posted for different problems! For instance, AVG is running in Combofix- supposedly the program will not run with AVG. And I see Norton entries as well as a-squared. You've been asked not to run any other scanning programs or make Registry changed.

Please decide which AV you want to keep and remove the others

Note: the following script has entries to remove Conduit-related entries. They are not malware. But since your main concern is your loss of privacy on Social Networking interaction, this will help eliminate a vulnerability. There were also multiple entries for the uTorrent toolbar, which I set for removal. Make sure you copy everything in the code box as it is lengthy.
=========================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all antvirus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
Code: 
File::
c:\program files (x86)\a-squared Free\a2service.exe
Extra::
Firefox::
Firefox-: - Profile - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\omm3n6o8.default\
Firefox-: - prefs.js - SEARCH.DEFAULTURL
Firefox-: - prefs.js - STARTUP.HOMEPAGE 
Firefox-: - prefs.js - KEYWORD.URL

DDS::
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=-
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=-
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-
RegNull::
[HKEY_USERS\S-1-5-21-2692080489-224753940-1066125639-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4BF5041B-071B-2CB2-14D0-D9F88302CA33}*]
RegLock::
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Regarding the Conduit Engine and DVDVideoSoftTB Toolbar:>These are Browser plugins bundled with various Conduit "Community Toolbars". Conduit toolbars are reputed to have a certain trackware functionality.Another one is DVDVideoSoftTB Toolbar.

If they show in Add/Remove Programs also, they should be uninstalled there. The using Windows Explorer (Windows key + E) you should follow this ath to remove the program folders: Windows explorer> My Computer> Double click on Local Drive (C)> Programs> Right click on the appropriate program folder> Delete.
=======================
I'd like you to repeat an Eset scan. And follow that with:
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
====================================
There are installs for Java v6u16. These are out of date. Check this site .Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back