Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Search protect by conduit  (Read 3151 times)

0 Members and 1 Guest are viewing this topic.

TylerDoom

    Topic Starter


    Beginner

    • Experience: Beginner
    • OS: Windows 8
    Search protect by conduit
    « on: August 10, 2013, 09:10:55 AM »
    I recently found in my weekly mbam scan this PUP "Search protect by conduit"..

    I removed the items mbam found, then scanned again, mbam found it again. A few times.

    I uninstalled Searchprotect from add/remove programs, then scanned with mbam again, found a few other PUP items.

     After removing those in mbam, I came here and followed the steps to create the 3 logs needed to start the CH assisted check up.

    The mbam came back clean after doing this, but I am worried that it may still be hiding on my pc, since google search showed me other people complaining that this was hard to get rid off, or perhaps there may be something else hiding on my PC.

      Here are the logs, and Thanks you ahead of time to anyone that can help me out. I appreciate you donating your time to helping others with PC/Virus problems.

    [recovering disk space, attachment deleted by admin]

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Sage
    • Thanked: 862
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Search protect by conduit
    « Reply #1 on: August 10, 2013, 04:38:46 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)
    ******************************************

    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    *******************************************
    Download Combofix from any of the links below, and save it to your DESKTOP
    If your version of Windows defaults to you download folder you will need to copy it to your desktop.

    Link 1
    Link 2
    Link 3

    To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.

      You will see the following image:


    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:



    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.



    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

    TylerDoom

      Topic Starter


      Beginner

      • Experience: Beginner
      • OS: Windows 8
      Re: Search protect by conduit
      « Reply #2 on: August 10, 2013, 05:43:12 PM »
      Hey again Superdave! You helped me back in 2010. Thanks for all the time and help. Here are the logs from JRT and ComboFix:


      JRT

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Thisisu
      Version: 5.4.1 (08.10.2013:1)
      OS: Windows 7 Home Premium x64
      Ran by Tyler on Sat 08/10/2013 at 18:09:19.02
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      ~~~ Services



      ~~~ Registry Values

      Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



      ~~~ Registry Keys

      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8F28E0F3-5E35-46FB-8681-1CDA5434C63E}
      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A956D909-6947-427E-BA1B-A310E8C656A6}
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9090374E-E74F-4310-B227-600F3700693C}
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A956D909-6947-427E-BA1B-A310E8C656A6}



      ~~~ Files



      ~~~ Folders



      ~~~ Chrome

      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf



      ~~~ Event Viewer Logs were cleared





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on Sat 08/10/2013 at 18:16:20.04
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



      COMBO FIX


      ComboFix 13-08-09.02 - Tyler 08/10/2013  18:20:44.1.2 - x64
      Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.4668 [GMT -5:00]
      Running from: c:\users\Tyler\Desktop\ComboFix.exe
      AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
      SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      C:\install.exe
      .
      .
      (((((((((((((((((((((((((   Files Created from 2013-07-10 to 2013-08-10  )))))))))))))))))))))))))))))))
      .
      .
      2013-08-10 23:29 . 2013-08-10 23:29   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
      2013-08-10 23:29 . 2013-08-10 23:29   --------   d-----w-   c:\users\Default\AppData\Local\temp
      2013-08-10 23:09 . 2013-08-10 23:09   --------   d-----w-   c:\windows\ERUNT
      2013-08-10 21:47 . 2013-08-10 21:47   --------   d-----w-   c:\users\Tyler\AppData\Local\PunkBuster
      2013-08-10 14:36 . 2013-08-10 14:36   76232   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3757B2CE-C64C-4C66-A2B1-A16F114A5222}\offreg.dll
      2013-08-10 01:45 . 2013-07-02 08:34   9460976   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3757B2CE-C64C-4C66-A2B1-A16F114A5222}\mpengine.dll
      2013-08-08 04:21 . 2013-08-08 04:21   --------   d-----w-   c:\programdata\vsosdk
      2013-07-27 04:06 . 2013-07-27 04:06   --------   d-----w-   c:\users\Tyler\AppData\Roaming\XRay Engine
      2013-07-24 08:07 . 2013-07-24 08:09   --------   d-----w-   c:\windows\system32\MRT
      2013-07-18 01:32 . 2013-07-27 00:05   --------   d-----w-   c:\users\Tyler\AppData\Local\dxhr
      2013-07-18 01:31 . 2013-07-18 01:31   --------   d-----w-   c:\users\Tyler\AppData\Local\28050
      2013-07-17 20:40 . 2013-07-17 20:40   --------   d-----w-   c:\programdata\SystemRequirementsLab
      2013-07-17 20:40 . 2013-07-17 20:40   --------   d-----w-   c:\program files (x86)\SystemRequirementsLab
      2013-07-17 20:38 . 2013-07-17 20:38   --------   d-----w-   c:\users\Tyler\AppData\Roaming\Oracle
      2013-07-17 20:34 . 2013-07-17 20:34   --------   d-----w-   c:\program files (x86)\Common Files\Java
      2013-07-17 20:34 . 2013-07-17 20:33   867240   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
      2013-07-17 20:34 . 2013-07-17 20:33   789416   ----a-w-   c:\windows\SysWow64\deployJava1.dll
      2013-07-17 20:33 . 2013-07-17 20:33   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
      2013-07-17 20:33 . 2013-07-17 20:33   --------   d-----w-   c:\program files (x86)\Java
      2013-07-17 20:32 . 2013-07-17 20:32   --------   d-----w-   c:\programdata\McAfee
      2013-07-15 19:48 . 2013-07-15 19:49   --------   d-----w-   c:\users\Tyler\AppData\Local\Adobe
      2013-07-13 06:52 . 2013-06-11 23:25   15404032   ----a-w-   c:\windows\system32\ieframe.dll
      2013-07-13 06:52 . 2013-06-11 23:25   19238912   ----a-w-   c:\windows\system32\mshtml.dll
      2013-07-13 06:21 . 2013-05-27 05:50   1011712   ----a-w-   c:\program files\Windows Defender\MpSvc.dll
      2013-07-13 06:21 . 2013-05-27 05:50   571904   ----a-w-   c:\program files\Windows Defender\MpClient.dll
      2013-07-13 06:21 . 2013-05-27 05:50   314880   ----a-w-   c:\program files\Windows Defender\MpCommu.dll
      2013-07-13 06:21 . 2013-05-27 04:57   4608   ----a-w-   c:\program files (x86)\Windows Defender\MsMpLics.dll
      2013-07-13 06:21 . 2013-05-27 04:57   54784   ----a-w-   c:\program files (x86)\Windows Defender\MpOAV.dll
      2013-07-13 06:21 . 2013-05-27 04:57   392704   ----a-w-   c:\program files (x86)\Windows Defender\MpClient.dll
      2013-07-13 06:21 . 2013-05-27 03:15   9216   ----a-w-   c:\program files (x86)\Windows Defender\MpAsDesc.dll
      2013-07-13 06:20 . 2013-06-04 06:00   624128   ----a-w-   c:\windows\system32\qedit.dll
      2013-07-13 06:20 . 2013-06-04 04:53   509440   ----a-w-   c:\windows\SysWow64\qedit.dll
      2013-07-13 06:20 . 2013-05-06 06:03   1887744   ----a-w-   c:\windows\system32\WMVDECOD.DLL
      2013-07-13 06:20 . 2013-05-06 04:56   1620480   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
      2013-07-13 06:20 . 2013-06-05 03:34   3153920   ----a-w-   c:\windows\system32\win32k.sys
      2013-07-13 06:20 . 2013-04-10 05:48   1732608   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
      2013-07-13 06:20 . 2013-04-10 05:46   1393152   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
      2013-07-13 06:20 . 2013-04-10 05:46   1367040   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
      2013-07-13 06:20 . 2013-04-10 05:46   1402880   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
      2013-07-13 06:20 . 2013-04-10 05:03   936448   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
      2013-07-13 06:20 . 2013-04-02 22:51   1643520   ----a-w-   c:\windows\system32\DWrite.dll
      2013-07-13 06:20 . 2013-04-09 23:34   1247744   ----a-w-   c:\windows\SysWow64\DWrite.dll
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-08-10 21:47 . 2012-12-27 21:01   107832   ----a-w-   c:\windows\SysWow64\PnkBstrB.exe
      2013-07-15 19:49 . 2012-07-16 23:39   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-07-15 19:49 . 2012-07-16 23:39   692104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
      2013-06-28 19:42 . 2013-03-11 05:17   189936   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
      2013-06-28 19:42 . 2012-07-03 06:00   378944   ----a-w-   c:\windows\system32\drivers\aswSP.sys
      2013-06-28 19:42 . 2012-07-03 06:00   1030952   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
      2013-06-24 05:57 . 2012-07-03 00:35   78277128   ----a-w-   c:\windows\system32\MRT.exe
      2013-06-22 03:00 . 2013-06-22 03:00   719360   ----a-w-   c:\windows\SysWow64\mshtmlmedia.dll
      2013-06-22 03:00 . 2013-06-22 03:00   523264   ----a-w-   c:\windows\SysWow64\vbscript.dll
      2013-06-22 03:00 . 2013-06-22 03:00   38400   ----a-w-   c:\windows\SysWow64\imgutil.dll
      2013-06-22 03:00 . 2013-06-22 03:00   226304   ----a-w-   c:\windows\system32\elshyph.dll
      2013-06-22 03:00 . 2013-06-22 03:00   185344   ----a-w-   c:\windows\SysWow64\elshyph.dll
      2013-06-22 03:00 . 2013-06-22 03:00   158720   ----a-w-   c:\windows\SysWow64\msls31.dll
      2013-06-22 03:00 . 2013-06-22 03:00   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
      2013-06-22 03:00 . 2013-06-22 03:00   138752   ----a-w-   c:\windows\SysWow64\wextract.exe
      2013-06-22 03:00 . 2013-06-22 03:00   137216   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
      2013-06-22 03:00 . 2013-06-22 03:00   12800   ----a-w-   c:\windows\SysWow64\mshta.exe
      2013-06-22 03:00 . 2013-06-22 03:00   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
      2013-06-22 03:00 . 2013-06-22 03:00   1054720   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
      2013-06-22 03:00 . 2013-06-22 03:00   97280   ----a-w-   c:\windows\system32\mshtmled.dll
      2013-06-22 03:00 . 2013-06-22 03:00   92160   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
      2013-06-22 03:00 . 2013-06-22 03:00   905728   ----a-w-   c:\windows\system32\mshtmlmedia.dll
      2013-06-22 03:00 . 2013-06-22 03:00   81408   ----a-w-   c:\windows\system32\icardie.dll
      2013-06-22 03:00 . 2013-06-22 03:00   77312   ----a-w-   c:\windows\system32\tdc.ocx
      2013-06-22 03:00 . 2013-06-22 03:00   762368   ----a-w-   c:\windows\system32\ieapfltr.dll
      2013-06-22 03:00 . 2013-06-22 03:00   73728   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
      2013-06-22 03:00 . 2013-06-22 03:00   62976   ----a-w-   c:\windows\system32\pngfilt.dll
      2013-06-22 03:00 . 2013-06-22 03:00   61952   ----a-w-   c:\windows\SysWow64\tdc.ocx
      2013-06-22 03:00 . 2013-06-22 03:00   599552   ----a-w-   c:\windows\system32\vbscript.dll
      2013-06-22 03:00 . 2013-06-22 03:00   52224   ----a-w-   c:\windows\system32\msfeedsbs.dll
      2013-06-22 03:00 . 2013-06-22 03:00   51200   ----a-w-   c:\windows\system32\imgutil.dll
      2013-06-22 03:00 . 2013-06-22 03:00   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
      2013-06-22 03:00 . 2013-06-22 03:00   48640   ----a-w-   c:\windows\system32\mshtmler.dll
      2013-06-22 03:00 . 2013-06-22 03:00   452096   ----a-w-   c:\windows\system32\dxtmsft.dll
      2013-06-22 03:00 . 2013-06-22 03:00   441856   ----a-w-   c:\windows\system32\html.iec
      2013-06-22 03:00 . 2013-06-22 03:00   361984   ----a-w-   c:\windows\SysWow64\html.iec
      2013-06-22 03:00 . 2013-06-22 03:00   281600   ----a-w-   c:\windows\system32\dxtrans.dll
      2013-06-22 03:00 . 2013-06-22 03:00   27648   ----a-w-   c:\windows\system32\licmgr10.dll
      2013-06-22 03:00 . 2013-06-22 03:00   270848   ----a-w-   c:\windows\system32\iedkcs32.dll
      2013-06-22 03:00 . 2013-06-22 03:00   247296   ----a-w-   c:\windows\system32\webcheck.dll
      2013-06-22 03:00 . 2013-06-22 03:00   235008   ----a-w-   c:\windows\system32\url.dll
      2013-06-22 03:00 . 2013-06-22 03:00   23040   ----a-w-   c:\windows\SysWow64\licmgr10.dll
      2013-06-22 03:00 . 2013-06-22 03:00   216064   ----a-w-   c:\windows\system32\msls31.dll
      2013-06-22 03:00 . 2013-06-22 03:00   197120   ----a-w-   c:\windows\system32\msrating.dll
      2013-06-22 03:00 . 2013-06-22 03:00   173568   ----a-w-   c:\windows\system32\ieUnatt.exe
      2013-06-22 03:00 . 2013-06-22 03:00   167424   ----a-w-   c:\windows\system32\iexpress.exe
      2013-06-22 03:00 . 2013-06-22 03:00   1509376   ----a-w-   c:\windows\system32\inetcpl.cpl
      2013-06-22 03:00 . 2013-06-22 03:00   149504   ----a-w-   c:\windows\system32\occache.dll
      2013-06-22 03:00 . 2013-06-22 03:00   144896   ----a-w-   c:\windows\system32\wextract.exe
      2013-06-22 03:00 . 2013-06-22 03:00   1441280   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
      2013-06-22 03:00 . 2013-06-22 03:00   1400416   ----a-w-   c:\windows\system32\ieapfltr.dat
      2013-06-22 03:00 . 2013-06-22 03:00   13824   ----a-w-   c:\windows\system32\mshta.exe
      2013-06-22 03:00 . 2013-06-22 03:00   136192   ----a-w-   c:\windows\system32\iepeers.dll
      2013-06-22 03:00 . 2013-06-22 03:00   135680   ----a-w-   c:\windows\system32\IEAdvpack.dll
      2013-06-22 03:00 . 2013-06-22 03:00   12800   ----a-w-   c:\windows\system32\msfeedssync.exe
      2013-06-22 03:00 . 2013-06-22 03:00   102912   ----a-w-   c:\windows\system32\inseng.dll
      2013-06-21 12:06 . 2013-07-02 02:53   7641832   ----a-w-   c:\windows\system32\nvopencl.dll
      2013-06-21 12:06 . 2013-07-02 02:53   6324360   ----a-w-   c:\windows\SysWow64\nvopencl.dll
      2013-06-21 12:06 . 2013-07-02 02:53   572704   ----a-w-   c:\windows\system32\NvFBC64.dll
      2013-06-21 12:06 . 2013-07-02 02:53   570656   ----a-w-   c:\windows\system32\NvIFR64.dll
      2013-06-21 12:06 . 2013-07-02 02:53   467232   ----a-w-   c:\windows\SysWow64\NvIFR.dll
      2013-06-21 12:06 . 2013-07-02 02:53   465184   ----a-w-   c:\windows\SysWow64\NvFBC.dll
      2013-06-21 12:06 . 2013-07-02 02:53   27781920   ----a-w-   c:\windows\system32\nvoglv64.dll
      2013-06-21 12:06 . 2013-07-02 02:53   21102368   ----a-w-   c:\windows\SysWow64\nvoglv32.dll
      2013-06-21 12:06 . 2013-07-02 02:53   15920536   ----a-w-   c:\windows\system32\nvwgf2umx.dll
      2013-06-21 12:06 . 2013-07-02 02:53   13411896   ----a-w-   c:\windows\SysWow64\nvwgf2um.dll
      2013-06-21 12:06 . 2013-07-02 02:53   11235104   ----a-w-   c:\windows\system32\drivers\nvlddmkm.sys
      2013-06-21 12:06 . 2013-07-02 02:53   9239344   ----a-w-   c:\windows\system32\nvcuda.dll
      2013-06-21 12:06 . 2013-07-02 02:53   7687592   ----a-w-   c:\windows\SysWow64\nvcuda.dll
      2013-06-21 12:06 . 2013-07-02 02:53   2953504   ----a-w-   c:\windows\system32\nvcuvid.dll
      2013-06-21 12:06 . 2013-07-02 02:53   2777888   ----a-w-   c:\windows\SysWow64\nvcuvid.dll
      2013-06-21 12:06 . 2013-07-02 02:53   25256224   ----a-w-   c:\windows\system32\nvcompiler.dll
      2013-06-21 12:06 . 2013-07-02 02:53   2363680   ----a-w-   c:\windows\system32\nvcuvenc.dll
      2013-06-21 12:06 . 2013-07-02 02:53   2002720   ----a-w-   c:\windows\SysWow64\nvcuvenc.dll
      2013-06-21 12:06 . 2013-07-02 02:53   1832224   ----a-w-   c:\windows\system32\nvdispco6432049.dll
      2013-06-21 12:06 . 2013-07-02 02:53   17560352   ----a-w-   c:\windows\SysWow64\nvcompiler.dll
      2013-06-21 12:06 . 2013-07-02 02:53   15144928   ----a-w-   c:\windows\system32\nvd3dumx.dll
      2013-06-21 12:06 . 2013-07-02 02:53   1511712   ----a-w-   c:\windows\system32\nvdispgenco6432049.dll
      2013-06-21 12:06 . 2013-02-26 05:32   2597856   ----a-w-   c:\windows\SysWow64\nvapi.dll
      2013-06-21 12:06 . 2013-02-26 05:32   12427240   ----a-w-   c:\windows\SysWow64\nvd3dum.dll
      2013-06-21 12:06 . 2013-02-26 05:32   2936208   ----a-w-   c:\windows\system32\nvapi64.dll
      2013-06-21 10:23 . 2012-07-04 02:47   3514656   ----a-w-   c:\windows\system32\nvsvc64.dll
      2013-06-21 10:23 . 2012-07-04 02:47   6496544   ----a-w-   c:\windows\system32\nvcpl.dll
      2013-06-21 10:23 . 2012-07-04 02:47   884512   ----a-w-   c:\windows\system32\nvvsvc.exe
      2013-06-21 10:23 . 2012-07-04 02:47   63776   ----a-w-   c:\windows\system32\nvshext.dll
      2013-06-21 10:23 . 2012-07-04 02:47   237856   ----a-w-   c:\windows\system32\nvmctray.dll
      2013-06-21 10:16 . 2013-06-21 10:16   566048   ----a-w-   c:\windows\SysWow64\nvStreaming.exe
      2013-06-01 13:45 . 2012-07-17 19:37   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
      2013-05-13 05:51 . 2013-06-12 12:28   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
      2013-05-13 05:51 . 2013-06-12 12:28   1464320   ----a-w-   c:\windows\system32\crypt32.dll
      2013-05-13 05:51 . 2013-06-12 12:28   139776   ----a-w-   c:\windows\system32\cryptnet.dll
      2013-05-13 05:50 . 2013-06-12 12:28   52224   ----a-w-   c:\windows\system32\certenc.dll
      2013-05-13 04:45 . 2013-06-12 12:28   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
      2013-05-13 04:45 . 2013-06-12 12:28   1160192   ----a-w-   c:\windows\SysWow64\crypt32.dll
      2013-05-13 04:45 . 2013-06-12 12:28   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
      2013-05-13 03:43 . 2013-06-12 12:28   1192448   ----a-w-   c:\windows\system32\certutil.exe
      2013-05-13 03:08 . 2013-06-12 12:28   903168   ----a-w-   c:\windows\SysWow64\certutil.exe
      2013-05-13 03:08 . 2013-06-12 12:28   43008   ----a-w-   c:\windows\SysWow64\certenc.dll
      .
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
      "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
      "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
      "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
      "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
      "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
      "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
      "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
      "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-2-9 430080]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

      R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe

      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

      R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys

      R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe

      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

      R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys

      R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys

      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

      S0 aswRvrt;aswRvrt;

      S0 aswVmm;aswVmm;

      S1 aswSnx;aswSnx;

      S1 aswSP;aswSP;

      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS

      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS

      S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE

      S2 aswFsBlk;aswFsBlk;

      S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys

      S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe

      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

      S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys

      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys

      .
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
      2013-08-01 06:58   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 19:49]
      .
      2013-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03 06:00]
      .
      2013-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03 06:00]
      .
      2013-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2756764288-1278937953-4141701874-1000Core.job
      - c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-10 21:43]
      .
      2013-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2756764288-1278937953-4141701874-1000UA.job
      - c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-10 21:43]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
      @="{472083B0-C522-11CF-8763-00608CC02F24}"
      [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
      2013-05-09 08:58   133840   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
      "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 165912]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 385560]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 363544]
      "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-03 1028896]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://www.google.com
      mLocal Page = c:\windows\SysWOW64\blank.htm
      TCP: DhcpNameServer = 192.168.1.254
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
      HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
      AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000001
      "MSCurrentCountry"=dword:000000b5
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2013-08-10  18:33:24
      ComboFix-quarantined-files.txt  2013-08-10 23:33
      .
      Pre-Run: 121,367,785,472 bytes free
      Post-Run: 120,983,789,568 bytes free
      .
      - - End Of File - - 68D81F78057CEE2D217ACE2EDB6947DD
      A36C5E4F47E84449FF07ED3517B43A31


      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Sage
      • Thanked: 862
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: Search protect by conduit
      « Reply #3 on: August 10, 2013, 07:42:47 PM »
      • Download RogueKiller on the desktop
      • Close all the running programs
      • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
      • Otherwise just double-click on RogueKiller.exe
      • Pre-scan will start. Let it finish.
      • Click on SCAN button.
      • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
      • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

      TylerDoom

        Topic Starter


        Beginner

        • Experience: Beginner
        • OS: Windows 8
        Re: Search protect by conduit
        « Reply #4 on: August 10, 2013, 08:26:48 PM »
        RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
        mail : tigzyRK<at>gmail<dot>com
        Feedback : http://www.adlice.com/forum/
        Website : http://www.adlice.com/softwares/roguekiller/
        Blog : http://tigzyrk.blogspot.com/

        Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
        Started in : Normal mode
        User : Tyler [Admin rights]
        Mode : Scan -- Date : 08/10/2013 21:24:16
        | ARK || FAK || MBR |

        ¤¤¤ Bad processes : 0 ¤¤¤

        ¤¤¤ Registry Entries : 6 ¤¤¤
        [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
        [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
        [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
        [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
        [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
        [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

        ¤¤¤ Scheduled tasks : 4 ¤¤¤
        [V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2756764288-1278937953-4141701874-1000UA.job : C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7]
        • -> FOUND
        • [V1]
        [SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2756764288-1278937953-4141701874-1000Core.job : C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
        [V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2756764288-1278937953-4141701874-1000Core : C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
        [V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2756764288-1278937953-4141701874-1000UA : C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7]
        • -> FOUND


        ¤¤¤ Startup Entries : 0 ¤¤¤

        ¤¤¤ Web browsers : 0 ¤¤¤

        ¤¤¤ Particular Files / Folders: ¤¤¤

        ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

        ¤¤¤ External Hives: ¤¤¤

        ¤¤¤ Infection :  ¤¤¤

        ¤¤¤ HOSTS File: ¤¤¤
        --> %SystemRoot%\System32\drivers\etc\hosts


        127.0.0.1       localhost


        ¤¤¤ MBR Check: ¤¤¤

        +++++ PhysicalDrive0: WDC WD6400AAKS-65A7B2 +++++
        --- User ---
        [MBR] b2b37ac5808a24eae34aa0b42fc10d9c
        [BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
        Partition table:
        0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 596475 Mo
        1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221582600 | Size: 14001 Mo
        User = LL1 ... OK!
        User = LL2 ... OK!

        Finished : << RKreport[0]_S_08102013_212416.txt >>
        RKreport[0]_S_08102013_212115.txt



        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Sage
        • Thanked: 862
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: Search protect by conduit
        « Reply #5 on: August 11, 2013, 04:32:04 PM »
        Please run RogueKiller again and delete those items.

        I'd like to scan your machine with ESET OnlineScan

        •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
        ESET OnlineScan

        •Click the button.
        •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the icon on your desktop.
        •Check
        •Click the button.
        •Accept any security warnings from your browser.
        • Leave the check mark next to Remove found threats.
        •Check
        •Push the Start button.
        •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
        •When the scan completes, push
        •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
        •Push the button.
        •Push
        A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

        TylerDoom

          Topic Starter


          Beginner

          • Experience: Beginner
          • OS: Windows 8
          Re: Search protect by conduit
          « Reply #6 on: August 11, 2013, 10:35:15 PM »
          Here is that ESET log, I noticed it found three items, but only removed 2, do you know why?? Thanks SuperDave.

          ESETSmartInstaller@High as downloader log:
          all ok
          # version=8
          # OnlineScannerApp.exe=1.0.0.1
          # OnlineScanner.ocx=1.0.0.6920
          # api_version=3.0.2
          # EOSSerial=0fba07db5af71a488656601623eba9d1
          # engine=14740
          # end=finished
          # remove_checked=true
          # archives_checked=true
          # unwanted_checked=false
          # unsafe_checked=false
          # antistealth_checked=true
          # utc_time=2013-08-12 03:27:09
          # local_time=2013-08-11 10:27:09 (-0600, Central Daylight Time)
          # country="United States"
          # lang=1033
          # osver=6.1.7601 NT Service Pack 1
          # compatibility_mode=774 16777213 85 91 1660566 152066301 0 0
          # compatibility_mode=5893 16776573 100 94 0 127821479 0 0
          # scanned=343556
          # found=3
          # cleaned=2
          # scan_time=10502
          sh=7C892C31C23DA4AEC3FF6C0B47E063EDD11FB718 ft=1 fh=5726dad9f9cfdf7f vn="a variant of Win32/Kryptik.SH trojan" ac=I fn="C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe"
          sh=425F8BD7E056F4F7DFC92D1F739E2CD3E72CBB20 ft=1 fh=85991a53f1f2e9fe vn="a variant of Win32/Kryptik.SH trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe"
          sh=7C892C31C23DA4AEC3FF6C0B47E063EDD11FB718 ft=1 fh=5726dad9f9cfdf7f vn="a variant of Win32/Kryptik.SH trojan (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe"

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Sage
          • Thanked: 862
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: Search protect by conduit
          « Reply #7 on: August 12, 2013, 01:09:37 PM »
          Please run ESET again and see what turns up.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

          TylerDoom

            Topic Starter


            Beginner

            • Experience: Beginner
            • OS: Windows 8
            Re: Search protect by conduit
            « Reply #8 on: August 12, 2013, 04:40:25 PM »
            Hey again, Ran ESET with the same setting boxes check as before, and it came back with no threats found. Also there was no new log file in the ESET folder.

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Sage
            • Thanked: 862
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: Search protect by conduit
            « Reply #9 on: August 12, 2013, 05:02:01 PM »
            Good, if there are no other issues, we can do some cleanup.

            To uninstall ComboFix

            • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
            • In the field, type in ComboFix /uninstall


            (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

            • Then, press Enter, or click OK.
            • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
            ***************************************
            Click Start> Computer> right click the C Drive and choose Properties> enter
            Click Disk Cleanup from there.



            Click OK on the Disk Cleanup Screen.
            Click Yes on the Confirmation screen.



            This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
            ****************************************
            Go to Microsoft Windows Update and get all critical updates.

            ----------

            I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

            SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
            * Using SpywareBlaster to protect your computer from Spyware and Malware
            * If you don't know what ActiveX controls are, see here

            Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

            Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

            Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
            Safe Surfing!
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

            TylerDoom

              Topic Starter


              Beginner

              • Experience: Beginner
              • OS: Windows 8
              Re: Search protect by conduit
              « Reply #10 on: August 12, 2013, 05:50:04 PM »
              Alright, I did everything you instructed. Thanks a ton for all your help, from back in 2010 and this time also. Is there anything else I need to do?

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Sage
              • Thanked: 862
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: Search protect by conduit
              « Reply #11 on: August 12, 2013, 06:26:18 PM »
              Quote
              Is there anything else I need to do?
              Just be careful what you click on.

              You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender