Jump to content

Conduit Search Engine Not Being Removed


Recommended Posts

I've been trying to remove conduit search engine from a computer today, and I'm not having luck.

 

I did not find any related programs in my Control Panel to uninstall, but I reset my internet explorer and chrome and ran avast, super anti-spyware, malwarebytes and adwcleaner. Adwcleaner, avast and SAS. All but avast found and removed problems, and all but malwarebytes are now coming up clean. Malwarebytes keeps finding two conduit folders.

 

Any suggestions for getting this last little bit off? Are these just empty folders?

 

Many thanks!

 

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6001.18639  BrowserJavaVersion: 10.51.2
Run by OlesonEA at 14:03:32 on 2014-04-02
Microsoft® Windows Vista™ Business   6.0.6001.1.1252.1.1033.18.3325.1678 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\olesonea\AppData\Local\ATT Connect\Participant\pull.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IP Scanner\Receiver\MGS.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [Push Client] "c:\users\olesonea\appdata\local\att connect\participant\pull.exe"
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imager~1.lnk - c:\program files\ip scanner\receiver\MGS.exe
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: AllowX-ForestPolicy-and-RUP = dword:1
mPolicies-Windows\System: UserPolicyMode = dword:1
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 10.10.7.6 10.10.11.2
TCP: Interfaces\{1E464625-F7C3-4DD0-8C72-419D49448739} : DHCPNameServer = 10.10.7.6 10.10.11.2
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-2 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-2 180760]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-2-10 107256]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-4-2 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-4-2 411552]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2013-12-13 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-2-10 155704]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-2-10 228888]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-2 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-2 50344]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-2-10 1444120]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-2 107736]
.
=============== Created Last 30 ================
.
2014-04-02 16:13:18 -------- d-----w- c:\users\olesonea\appdata\roaming\SUPERAntiSpyware.com
2014-04-02 16:13:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-04-02 16:13:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-04-02 16:12:13 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-02 16:12:00 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-02 16:12:00 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-02 16:12:00 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-02 16:12:00 -------- d-----w- c:\programdata\Malwarebytes
2014-04-02 16:12:00 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-02 15:42:27 -------- d-----w- C:\AdwCleaner
2014-04-02 14:58:50 -------- d-----w- c:\users\olesonea\appdata\roaming\AVAST Software
2014-04-02 14:57:48 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-02 14:57:47 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-02 14:57:44 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-02 14:57:44 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-02 14:57:23 43152 ----a-w- c:\windows\avastSS.scr
2014-04-02 14:56:55 -------- d-----w- c:\program files\AVAST Software
2014-04-02 14:56:04 -------- d-----w- c:\programdata\AVAST Software
2014-04-01 21:59:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-01 15:21:25 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4aff7c7e-ba66-4e29-923c-7d597bebab58}\mpengine.dll
2014-03-19 19:15:08 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2014-03-19 18:17:10 -------- d-----w- c:\users\olesonea\appdata\roaming\PDF Reader 10
2014-03-19 18:17:09 -------- d-----w- c:\programdata\Avanquest Software
2014-03-12 21:11:24 -------- d-----w- c:\programdata\Oracle
.
==================== Find3M  ====================
.
2014-03-13 23:20:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 23:20:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-10 18:35:40 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
============= FINISH: 14:05:42.47 ===============
 
 
Attatch.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business 
Boot Device: \Device\HarddiskVolume3
Install Date: 3/24/2008 1:32:48 AM
System Uptime: 4/2/2014 12:33:20 PM (2 hours ago)
.
Motherboard: Dell Inc. |  | 0GM819
Processor: Intel® Core2 Duo CPU     E8400  @ 3.00GHz | CPU | 3000/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 158.838 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.4 GiB free.
E: is CDROM ()
F: is CDROM ()
P: is NetworkDisk (NTFS) - 80 GiB total, 36.65 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP811: 2/21/2014 9:30:08 AM - Windows Update
RP813: 2/21/2014 3:17:08 PM - Installed Rapport
RP814: 2/25/2014 12:45:19 PM - Windows Update
RP815: 2/27/2014 10:25:40 AM - Scheduled Checkpoint
RP816: 3/6/2014 11:58:21 AM - Windows Update
RP817: 3/7/2014 11:06:21 AM - Windows Update
RP818: 3/10/2014 12:10:29 PM - Scheduled Checkpoint
RP819: 3/11/2014 8:51:55 AM - Windows Update
RP820: 3/12/2014 9:39:11 AM - Windows Update
RP821: 3/12/2014 3:08:56 PM - Installed Java 7 Update 51
RP822: 3/13/2014 12:32:41 PM - Scheduled Checkpoint
RP823: 3/14/2014 9:44:38 AM - Windows Update
RP824: 3/17/2014 9:39:48 AM - Scheduled Checkpoint
RP825: 3/18/2014 8:29:24 AM - Windows Update
RP826: 3/19/2014 2:48:23 PM - Scheduled Checkpoint
RP827: 3/25/2014 9:11:57 AM - Windows Update
RP828: 3/25/2014 1:51:08 PM - Removed Java 6 Update 45
RP829: 3/25/2014 1:52:08 PM - Removed Java 7 Update 51
RP830: 3/25/2014 1:54:18 PM - Installed Java 7 Update 51
RP831: 3/25/2014 2:54:43 PM - Removed Java SE Runtime Environment 6
RP832: 3/26/2014 11:20:29 AM - Scheduled Checkpoint
RP833: 3/31/2014 9:53:59 AM - Windows Update
RP834: 4/1/2014 9:20:11 AM - Windows Update
RP835: 4/1/2014 3:57:11 PM - Removed Java 7 Update 51
RP836: 4/1/2014 3:59:03 PM - Installed Java 7 Update 51
RP838: 4/2/2014 8:56:42 AM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
Abacast Client
AccuWage 2011 Java
Adobe Acrobat  8 Standard
Adobe Acrobat 8.1.3 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 12 ActiveX
AT&T Connect Participant Application v9.5.35
ATI Catalyst Control Center
avast! Free Antivirus
Browser Address Error Redirector
Canon D1300/MF6700
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
Crystal Reports 10
Crystal Reports 2008 SP3
Dell ETS Factory Installation
Dell Getting Started Guide
FRx 6.7 Client (\\MAUREEN\Dynamics\sl\frx67)
FRx 6.7 Supplemental Files
Google Chrome
Google Update Helper
GoToMeeting 4.8.0.723
Harvard ChartXL
Harvard Graphics Advanced Presentations 3.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
Intel® PRO Alerting Agent
Intel® PRO Network Connections 12.1.12.4
IP Scanner
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 2.00.0.1000
MFCLOC
Microsoft .NET Framework 3.5 SP1
Microsoft Dynamics SL 2011 Client
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio 2007 Service Pack 1 (SP1)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft ReportViewer 2010 Redistributable
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network FAX
Oracle JInitiator 1.3.1.28
Rapport
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB982127)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Serif MediaPlus 1.0
Skins
Sonic Activation Module
SUPERAntiSpyware
surveyor 3.5.30
Trusteer Endpoint Protection
TValue 5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Visio 2007 Help (KB957251)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
User's Guides
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VS2005SP1CRUNTIME
Windows Live ID Sign-in Assistant
.
==== Event Viewer Messages From Past Week ========
.
4/2/2014 9:21:30 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the FLEXnet Licensing Service service to connect.
4/2/2014 9:21:30 AM, Error: Service Control Manager [7000]  - The FLEXnet Licensing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/1/2014 4:06:50 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
4/1/2014 4:06:50 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/31/2014 9:50:06 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
3/26/2014 9:06:39 AM, Error: Service Control Manager [7022]  - The Function Discovery Provider Host service hung on starting.
3/26/2014 9:06:39 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  After starting, the service hung in a start-pending state.
3/26/2014 9:03:44 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Also, here is what malwarebytes is still coming up with:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/2/2014
Scan Time: 2:03:57 PM
Logfile: MBAM log.txt
Administrator: Yes
 
Version: 2.00.0.1000
Malware Database: v2014.04.02.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: OlesonEA
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338020
Time Elapsed: 1 hr, 28 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.Conduit.A, C:\Users\olesonea\AppData\Local\Temp\ct3291325, , [93fcf33297e42016875e9fb327db48b8], 
PUP.Optional.Conduit.A, C:\Users\olesonea\AppData\Local\Temp\ct3291325\plugins, , [93fcf33297e42016875e9fb327db48b8], 
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Here is the roguekiller log. I think I posted the log from a Malwarebytes 2.0 threat scan just as you were posting your own answer. If you need me to run it again, please let me know.

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : OlesonEA [Admin rights]
Mode : Scan -- Date : 04/02/2014 14:29:10
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
::1             localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAJS-75VWA0 +++++
--- User ---
[MBR] 4e9e3c0285ef1daf59f2a995c47ba239
[bSP] 143500e28e0f7628a019343ed6099823 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 2048 MB
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4356096 | Size: 236290 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_04022014_142910.txt >>
Link to post
Share on other sites

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then.........

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Looks OK, just clean these up:

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.


Update and run a Threat scan with Malwarebytes


Let me know......MrC

Link to post
Share on other sites

I think that did it! Anything else that I should do?

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by OlesonEA at 2014-04-02 15:42:52 Run:1
Running from C:\Users\olesonea\Desktop\New Folder
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [] - [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - DefaultScope value is missing.
C:\Users\olesonea\AppData\Roaming\desktop.ini
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\olesonea\AppData\Roaming\desktop.ini => Moved successfully.
 
==== End of Fixlog ====
 
Log of latest malwarebytes scan:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/2/2014
Scan Time: 3:51:53 PM
Logfile: MBAM log.txt
Administrator: Yes
 
Version: 2.00.0.1000
Malware Database: v2014.04.02.09
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: OlesonEA
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309315
Time Elapsed: 7 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

Link to post
Share on other sites

Good.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.81  

 Windows Vista Service Pack 1 x86 (UAC is disabled!)  


 Internet Explorer 7 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 SUPERAntiSpyware     

 Java 7 Update 51  

 Google Chrome 33.0.1750.146  

 Google Chrome 33.0.1750.154  

````````Process Check: objlist.exe by Laurent````````  

 Windows Defender MSASCui.exe 

 Windows Defender MSASCui.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1 % 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Results of screen317's Security Check version 0.99.81
Windows Vista Service Pack 1 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!


You should visit Windows Update to correct this.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.