inasad Posted August 2, 2013 ID:709957 Share Posted August 2, 2013 My husband's computer is infected with some ICE cyber virus and in searching for a fix, he ended up downloading something that installed the Conduit search toolbar among other things. I ran malwarebytes before I went to bed last night and this afternoon my husband looked at it and said there were infections. He deleted them and rebooted the computer, ran malwarebytes again. There were more things, so he rebooted and now I'm running it for the third time. I downloaded the dds file and ran that before the third malwarebytes scan. Should I have waited to do this until after? Unfortunately, I just found out that more items were found on the second scan. Also, last night I bought four malwarebytes pro licenses. Is it best to post questions here or should I be asking somewhere else? I have two computers that need help! I won't post the dds logs until I know I'm in the right place. =) Thanks. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 2, 2013 ID:709959 Share Posted August 2, 2013 Sounds to me like you're on the right track. Go ahead and post those logs and I can help guide you through the rest of it. Link to post Share on other sites More sharing options...
inasad Posted August 2, 2013 Author ID:709960 Share Posted August 2, 2013 If it isn't clear, he was using my computer to search for a fix and that's how I ended up with malware on my computer. Link to post Share on other sites More sharing options...
inasad Posted August 2, 2013 Author ID:709961 Share Posted August 2, 2013 Thank you! I'm confused as to whether I should copy and paste or attach. Here's the attachments. I can copy and paste if that's preferred.attach.txtdds.txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 2, 2013 ID:709974 Share Posted August 2, 2013 Okay here's what we will do- for the ICE Cyber Crime infected computer, open up a new topic in the Malware Removal Support section. Post the link here and I'll help you with that one as well. -------- For this computer, please start off with the following: ----------Step 1----------------Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.----------Step 2----------------Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt----------Step 3----------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.----------Step 4----------------Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.----------Step 5----------------In your next reply, please include the following:TDSSKiller's logfileMBAR mbar-log.txt and system-log.txtComboFix's report (C:\ComboFix.txt)Security Check checkup.txtAfter that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Note:Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly" -------> Your topic will be closed if you haven't replied within 3 days! <--------(If I don't respond within 24 hours, please send me a PM)-DFB Link to post Share on other sites More sharing options...
inasad Posted August 2, 2013 Author ID:710036 Share Posted August 2, 2013 I tried to copy and paste the logs but I received an error message saying my post was too long. Therefore, I'm attaching the requested logs. Thanks.TDSSKiller.2.8.18.0_01.08.2013_20.25.18_log.txtmbar-log-2013-08-01 (20-31-27).txtsystem-log.txtComboFix.txtcheckup.txt Link to post Share on other sites More sharing options...
inasad Posted August 2, 2013 Author ID:710037 Share Posted August 2, 2013 The conduit search is still present. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 2, 2013 ID:710243 Share Posted August 2, 2013 Please do the following:1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Open notepad and copy/paste the text in the quotebox below into it:KILLALL:: Driver::29720227File::C:\Windows\System32\Drivers\29720227.sysReboot::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now Link to post Share on other sites More sharing options...
inasad Posted August 3, 2013 Author ID:710487 Share Posted August 3, 2013 Conduit still present and it takes longer than usual for pages to load. Here's the log: ComboFix 13-08-02.01 - Jen 08/02/2013 21:21:23.3.2 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2592 [GMT -7:00]Running from: c:\users\Jen\Desktop\ComboFix.exeCommand switches used :: c:\users\Jen\Desktop\CFScript.txtAV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\windows\System32\Drivers\29720227.sys"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_29720227..((((((((((((((((((((((((( Files Created from 2013-07-03 to 2013-08-03 )))))))))))))))))))))))))))))))..2013-08-03 04:31 . 2013-08-03 04:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-08-03 04:31 . 2013-08-03 04:31 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-01 05:00 . 2013-08-01 05:00 -------- d-----w- c:\users\Jen\FrostWire2013-08-01 05:00 . 2013-08-01 05:00 -------- d-----w- c:\users\Jen\.frostwire52013-08-01 04:58 . 2013-08-01 04:58 -------- d-----w- c:\users\Jen\AppData\Local\Conduit2013-08-01 04:57 . 2013-08-01 04:57 -------- d-----w- c:\users\Jen\AppData\Local\CRE2013-08-01 04:57 . 2013-08-01 04:58 -------- d-----w- c:\program files (x86)\Conduit2013-08-01 04:57 . 2013-08-01 04:57 -------- d-----w- c:\program files (x86)\SearchProtect2013-08-01 04:57 . 2013-05-08 06:10 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll2013-08-01 04:57 . 2013-05-08 06:10 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll2013-08-01 04:57 . 2013-08-01 05:02 -------- d-----w- c:\users\Jen\AppData\Roaming\SearchProtect2013-08-01 04:56 . 2013-08-01 04:56 -------- d-----w- c:\users\Jen\AppData\Roaming\OpenCandy2013-07-12 08:18 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll2013-07-12 08:15 . 2013-05-08 10:12 106088 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2013-07-11 07:47 . 2013-07-11 07:47 57344 ----a-r- c:\users\Jen\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe2013-07-11 07:47 . 2013-07-11 07:47 57344 ----a-r- c:\users\Jen\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe2013-07-11 07:47 . 2013-07-11 07:47 53248 ----a-r- c:\users\Jen\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\ARPPRODUCTICON.exe2013-07-11 07:38 . 2013-07-11 07:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-07-11 01:50 . 2013-07-11 01:50 -------- d-----w- c:\users\Jen\Doctor Web2013-07-10 06:38 . 2013-07-10 06:38 -------- d-----w- c:\windows\ERUNT2013-07-10 04:21 . 2013-08-02 03:59 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-07-10 01:38 . 2013-07-10 01:38 -------- d-----w- c:\users\Jen\AppData\Local\Programs...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-11 08:23 . 2011-08-11 22:20 78185248 ----a-w- c:\windows\system32\MRT.exe2013-07-11 07:38 . 2012-06-21 15:03 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-07-11 07:38 . 2010-05-25 13:44 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-06-13 02:05 . 2012-05-24 14:02 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-06-13 02:05 . 2011-05-27 14:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-13 02:05 . 2013-06-13 02:05 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-06-08 08:11 . 2013-06-08 08:11 226304 ----a-w- c:\windows\system32\elshyph.dll2013-06-08 08:11 . 2013-06-08 08:11 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-06-08 08:11 . 2013-06-08 08:11 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-06-08 08:11 . 2013-06-08 08:11 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-06-08 08:11 . 2013-06-08 08:11 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-06-08 08:11 . 2013-06-08 08:11 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-06-08 08:11 . 2013-06-08 08:11 81408 ----a-w- c:\windows\system32\icardie.dll2013-06-08 08:11 . 2013-06-08 08:11 77312 ----a-w- c:\windows\system32\tdc.ocx2013-06-08 08:11 . 2013-06-08 08:11 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-06-08 08:11 . 2013-06-08 08:11 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-06-08 08:11 . 2013-06-08 08:11 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-06-08 08:11 . 2013-06-08 08:11 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-06-08 08:11 . 2013-06-08 08:11 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-06-08 08:11 . 2013-06-08 08:11 599552 ----a-w- c:\windows\system32\vbscript.dll2013-06-08 08:11 . 2013-06-08 08:11 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-06-08 08:11 . 2013-06-08 08:11 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-06-08 08:11 . 2013-06-08 08:11 51200 ----a-w- c:\windows\system32\imgutil.dll2013-06-08 08:11 . 2013-06-08 08:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-06-08 08:11 . 2013-06-08 08:11 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-06-08 08:11 . 2013-06-08 08:11 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-06-08 08:11 . 2013-06-08 08:11 441856 ----a-w- c:\windows\system32\html.iec2013-06-08 08:11 . 2013-06-08 08:11 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-06-08 08:11 . 2013-06-08 08:11 361984 ----a-w- c:\windows\SysWow64\html.iec2013-06-08 08:11 . 2013-06-08 08:11 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-06-08 08:11 . 2013-06-08 08:11 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-06-08 08:11 . 2013-06-08 08:11 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-06-08 08:11 . 2013-06-08 08:11 247296 ----a-w- c:\windows\system32\webcheck.dll2013-06-08 08:11 . 2013-06-08 08:11 235008 ----a-w- c:\windows\system32\url.dll2013-06-08 08:11 . 2013-06-08 08:11 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-06-08 08:11 . 2013-06-08 08:11 216064 ----a-w- c:\windows\system32\msls31.dll2013-06-08 08:11 . 2013-06-08 08:11 197120 ----a-w- c:\windows\system32\msrating.dll2013-06-08 08:11 . 2013-06-08 08:11 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-06-08 08:11 . 2013-06-08 08:11 167424 ----a-w- c:\windows\system32\iexpress.exe2013-06-08 08:11 . 2013-06-08 08:11 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-06-08 08:11 . 2013-06-08 08:11 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-06-08 08:11 . 2013-06-08 08:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-06-08 08:11 . 2013-06-08 08:11 149504 ----a-w- c:\windows\system32\occache.dll2013-06-08 08:11 . 2013-06-08 08:11 144896 ----a-w- c:\windows\system32\wextract.exe2013-06-08 08:11 . 2013-06-08 08:11 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-06-08 08:11 . 2013-06-08 08:11 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-06-08 08:11 . 2013-06-08 08:11 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-06-08 08:11 . 2013-06-08 08:11 13824 ----a-w- c:\windows\system32\mshta.exe2013-06-08 08:11 . 2013-06-08 08:11 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-06-08 08:11 . 2013-06-08 08:11 136192 ----a-w- c:\windows\system32\iepeers.dll2013-06-08 08:11 . 2013-06-08 08:11 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-06-08 08:11 . 2013-06-08 08:11 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-06-08 08:11 . 2013-06-08 08:11 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-06-08 08:11 . 2013-06-08 08:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-06-08 08:11 . 2013-06-08 08:11 102912 ----a-w- c:\windows\system32\inseng.dll2013-06-08 08:10 . 2013-06-08 08:10 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 648192 ----a-w- c:\windows\system32\d3d10level9.dll2013-06-08 08:10 . 2013-06-08 08:10 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll2013-06-08 08:10 . 2013-06-08 08:10 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll2013-06-08 08:10 . 2013-06-08 08:10 465920 ----a-w- c:\windows\system32\WMPhoto.dll2013-06-08 08:10 . 2013-06-08 08:10 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-06-08 08:10 . 2013-06-08 08:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 3928064 ----a-w- c:\windows\system32\d2d1.dll2013-06-08 08:10 . 2013-06-08 08:10 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2013-06-08 08:10 . 2013-06-08 08:10 363008 ----a-w- c:\windows\system32\dxgi.dll2013-06-08 08:10 . 2013-06-08 08:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll2013-06-08 08:10 . 2013-06-08 08:10 333312 ----a-w- c:\windows\system32\d3d10_1core.dll2013-06-08 08:10 . 2013-06-08 08:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 296960 ----a-w- c:\windows\system32\d3d10core.dll2013-06-08 08:10 . 2013-06-08 08:10 293376 ----a-w- c:\windows\SysWow64\dxgi.dll2013-06-08 08:10 . 2013-06-08 08:10 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll2013-06-08 08:10 . 2013-06-08 08:10 2565120 ----a-w- c:\windows\system32\d3d10warp.dll2013-06-08 08:10 . 2013-06-08 08:10 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-08 08:10 . 2013-06-08 08:10 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll2013-06-08 08:10 . 2013-06-08 08:10 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll2013-06-08 08:10 . 2013-06-08 08:10 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll2013-06-08 08:10 . 2013-06-08 08:10 221184 ----a-w- c:\windows\system32\UIAnimation.dll2013-06-08 08:10 . 2013-06-08 08:10 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll2013-06-08 08:10 . 2013-06-08 08:10 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll2013-06-08 08:10 . 2013-06-08 08:10 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll2013-06-08 08:10 . 2013-06-08 08:10 194560 ----a-w- c:\windows\system32\d3d10_1.dll2013-06-08 08:10 . 2013-06-08 08:10 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll2013-06-08 08:10 . 2013-06-08 08:10 1682432 ----a-w- c:\windows\system32\XpsPrint.dll2013-06-08 08:10 . 2013-06-08 08:10 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll2013-06-08 08:10 . 2013-06-08 08:10 1238528 ----a-w- c:\windows\system32\d3d10.dll2013-06-08 08:10 . 2013-06-08 08:10 1175552 ----a-w- c:\windows\system32\FntCache.dll2013-06-08 08:10 . 2013-06-08 08:10 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll2013-06-08 08:10 . 2013-06-08 08:10 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}]c:\program files (x86)\TrustWorthy\prxtbTrus.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{8480b7b1-a45c-4feb-8653-60f834f7ca4b}"= "c:\program files (x86)\TrustWorthy\prxtbTrus.dll" [bU].[HKEY_CLASSES_ROOT\clsid\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]"cdloader"="c:\users\Jen\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]"ConduitFloatingPlugin_dkjaldeegndmngnahlmdbfnejdobkmil"="c:\program files (x86)\Conduit\CT3309758\plugins\TBVerifier.dll" [1623-04-06 287008].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"XeroxRegistation"="c:\program files (x86)\" [X]"EEventManager"="c:\program files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]"QuickFinder Scheduler"="c:\program files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 77892]"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2010-11-21 274608]"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-05-27 480768]"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-10-16 30264]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392].c:\users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 246368]Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\users\Jen\AppData\Roaming\VERIZON\UA_ar\UA.exe [2013-7-4 868208].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-4-13 1207312].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\SYMEFA64.SYS [x]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\ccSetx64.sys [x]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130801.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130801.001\IDSvia64.sys [x]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\0604010.00E\SYMNETS.SYS [x]S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [x]S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [x]S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [x]S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe;c:\windows\SYSNATIVE\Pen_Tablet.exe [x]S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [x]S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe;c:\program files\WTouch\WTouchService.exe [x]S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - ccHP.Contents of the 'Scheduled Tasks' folder.2013-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 02:05].2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 02:21].2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 02:21].2013-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3800125130-518831920-2582569376-1000Core.job- c:\users\Jen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 07:41].2013-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3800125130-518831920-2582569376-1000UA.job- c:\users\Jen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 07:41]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="RAVCpl64.exe" [2007-03-23 5055488]"Skytel"="Skytel.exe" [2007-03-16 1822720]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Open with WordPerfect - c:\program files (x86)\WordPerfect Office X3\Programs\WPLauncher.htaIE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105Trusted Zone: intuit.com\ttlcTCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12FF - ProfilePath - c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\y6p4dcvr.default\FF - prefs.js: browser.search.selectedEngine - TrustWorthy Customized Web SearchFF - ExtSQL: 2013-07-31 21:57; {8480b7b1-a45c-4feb-8653-60f834f7ca4b}; c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\y6p4dcvr.default\extensions\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}FF - ExtSQL: !HIDDEN! 2011-03-05 16:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension.- - - - ORPHANS REMOVED - - - -.AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-TrustWorthy Toolbar - c:\program files (x86)\TrustWorthy\uninstall.exeAddRemove-Yahoo! Companion - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXEAddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"--.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Flip Video\FlipShare\FlipShareService.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exec:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe.**************************************************************************.Completion time: 2013-08-02 21:42:52 - machine was rebootedComboFix-quarantined-files.txt 2013-08-03 04:42ComboFix2.txt 2013-08-02 04:26.Pre-Run: 269,199,790,080 bytes freePost-Run: 268,625,100,800 bytes free.- - End Of File - - D57DBC5D33F2BA367A9C962409985204A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 3, 2013 ID:710495 Share Posted August 3, 2013 Let's try the following: ----------Step 1----------------Please download AdwCleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[R1].txt as well.----------Step 2----------------Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.----------Step 3----------------We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:Main MirrorSave it to your desktop.Double click on the OTL icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the Run Scan button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized----------Step 4 (note: this scan may take a little time)---------------- I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Push the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt----------Step 5----------------Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.Let me know how things go. Link to post Share on other sites More sharing options...
inasad Posted August 3, 2013 Author ID:710663 Share Posted August 3, 2013 Conduit search is still there and I if I manually switch to google, it goes right back to Conduit. Attached are the logs.Extras.TxtJRT.txtOTL.TxtAdwCleanerR1.txtlog.txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 3, 2013 ID:710664 Share Posted August 3, 2013 The following should remove Conduit. Let me know if it's still there after you complete these steps.----------Step 1----------------We need to run an OTL FixPlease reopen on your desktop.Copy and Paste the following code into the textbox.:OTL[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]:Commands[purity][emptytemp][emptyjava][emptyflash][Reboot]Push OTL may ask to reboot the machine. Please do so if asked.Click the OK button.A report will open. Copy and Paste that report in your next reply.----------Step 2----------------Instructions for DELETE:Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[s1].txt as well.Afterwards, please reboot the computer.----------Step 3----------------Please post the OTL and AdwCleaner reports in your next reply. How are things running now? Link to post Share on other sites More sharing options...
inasad Posted August 3, 2013 Author ID:710673 Share Posted August 3, 2013 By simply opening a new browser window in IE, FF, and Chrome, it appears to be better. The logs are attached. 08032013_131812.logAdwCleanerS2.txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 3, 2013 ID:710674 Share Posted August 3, 2013 Things look good. Judging by your last few logs, I'd say your system is clean. Before we move on, please take the time to install the following updates. Program updates are a critical part of your computer's safety net, as outdated applications leave you vulnerable to malware. ---------Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:Download the latest version of Adobe Reader and save it to your desktop.Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offeredClick the download button at the bottom.If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your ComputerThen from your desktop double-click on Adobe Reader to install the newest version.If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.When the "Adobe Setup - Welcome" window opens, click the Install > button.If offered to install a Toolbar, just uncheck the box before continuing unless you want it.--------- Please let me know how the updates went, as failed updates may be due to malware. Link to post Share on other sites More sharing options...
inasad Posted August 3, 2013 Author ID:710676 Share Posted August 3, 2013 I installed Adobe Reader XI. I thought I already had done that. I didn't remove anything because I wasn't sure what to remove. I didn't see an older version of Reader. I do have Adobe Acrobat Pro 9 which is an older version but it's not free software and I don't really want to have to pay for it again. Is it bad to keep this? I do use the pro version of the Adobe suite (CS3 and CS5). It's very expensive and I think they make you pay a monthly subscription fee now....not something I really want to do! Thanks! Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 3, 2013 ID:710679 Share Posted August 3, 2013 I see where you're coming from. As long as you keep your paid software up-to-date, you should be fine. Make sure to download the latest patches and updates for all of your applications within Adobe Suite . ---------------------------- Unless there are any other issues, I will now provide you with some steps to better protect your computer.First, we need to remove ComboFix.The following will implement some cleanup procedures as well as reset System Restore points:Click Start > Run and copy/paste the following bolded text into the Run box and click OK:ComboFix /Uninstall -------------------Let's remove OTL and the other tools we used as well:Reopen on your desktop. Click on You will be prompted to reboot your system. Please do so.-------------------Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.-------------------It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.avast!.AntiVirAVGMicrosoft Security Essentials-------------------Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:Spybot-Search & DestroyA tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.SpywareBlasterA tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.SpywareGuardA tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.-------------------Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too. A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.These firewalls are good and do have free versions availableOutpost Firewall FreeOnline Armor FirewallA tutorial on understanding and using firewalls may be found here.-------------------Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.-------------------Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:http://www.spywarewa...nti-spyware.htmA similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.-------------------Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.If you are interested, Firefox may be downloaded from hereOpera is available here: http://www.opera.com/download/-------------------For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first placeHopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.-------------------I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.---------------------------------------------------------My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here: Every little bit helps. -DFB Link to post Share on other sites More sharing options...
inasad Posted August 3, 2013 Author ID:710685 Share Posted August 3, 2013 Thanks Should I uninstall the other stuff as well? Security Check, AdwCleaner, JRT, ESET, etc? One other thing: when my computer reboots, I get the following error message: Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 3, 2013 ID:710687 Share Posted August 3, 2013 Yeah you can delete those as well. As for the popup, I think it's just a leftover. We'll delete it. First,Go ahead and download and run ComboFix again from here http://www.bleepingcomputer.com/download/combofix/Post the new C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
inasad Posted August 3, 2013 Author ID:710699 Share Posted August 3, 2013 The log is attached...ComboFix.txt Link to post Share on other sites More sharing options...
inasad Posted August 3, 2013 Author ID:710700 Share Posted August 3, 2013 I restarted my computer and the error message did not appear. =) Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 3, 2013 ID:710716 Share Posted August 3, 2013 Excellent. Go ahead and remove ComboFix: Click Start > Run and copy/paste the following bolded text into the Run box and click OK:ComboFix /Uninstall That should be it I believe. Let me know if there's anything further I can help you with. Link to post Share on other sites More sharing options...
inasad Posted August 4, 2013 Author ID:710771 Share Posted August 4, 2013 Thank you!! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 7, 2013 Root Admin ID:711857 Share Posted August 7, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts