SRVS weblink/window pops up & Possible Pup Bitminer!

Hello,

When I click on certain links a new window opens up with a .com site called SRVS and then a long name after, I also have the PupBitminer that comes threw consistently.

I hope someone could help me destroy these bad viruses, thank you.

Here is the AdwCleaner copy:

# AdwCleaner v3.014 - Report created 07/12/2013 at 11:09:57
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : BlackOps - BLACKOPS-HP
# Running from : C:\Users\BlackOps\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\BlackOps\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\BlackOps\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\BlackOps\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : C:\Users\BlackOps\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : C:\Users\BlackOps\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Users\BlackOps\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
Folder Found : C:\Users\BlackOps\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Folder Found : C:\Users\BlackOps\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Folder Found : C:\Users\BlackOps\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Folder Found : C:\Users\BlackOps\AppData\Roaming\Mozilla\Firefox\Profiles\hm20z9j9.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Users\BlackOps\AppData\Roaming\Mozilla\Firefox\Profiles\hm20z9j9.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Users\BlackOps\AppData\Roaming\Mozilla\Firefox\Profiles\hm20z9j9.default\Extensions\wecarereminder@bryan
Folder Found C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\WeCareReminder
Folder Found C:\Users\BlackOps\AppData\Local\Conduit
Folder Found C:\Users\BlackOps\AppData\Local\NativeMessaging
Folder Found C:\Users\BlackOps\AppData\Local\TBHostSupport
Folder Found C:\Users\BlackOps\AppData\Local\WhiteListing
Folder Found C:\Users\BlackOps\AppData\LocalLow\Conduit
Folder Found C:\Users\BlackOps\AppData\LocalLow\PriceGong
Folder Found C:\Users\BlackOps\AppData\Roaming\dvdvideosoftiehelpers
Folder Found C:\Users\BlackOps\AppData\Roaming\Mozilla\Firefox\Profiles\hm20z9j9.default\CT2269050
Folder Found C:\Users\BlackOps\AppData\Roaming\Mozilla\Firefox\Profiles\hm20z9j9.default\Smartbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Found : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Found : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\wecarereminder
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Users\BlackOps\AppData\Roaming\Mozilla\Firefox\Profiles\hm20z9j9.default\prefs.js ]

Line Found : user_pref("CT2269050.1000082.isDisplayHidden", "true");
Line Found : user_pref("CT2269050.1000082.shrinkState", "shrinked");
Line Found : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"hxxp://67.202.67.18:8082\"}");
Line Found : user_pref("CT2269050.1000234.TWC_TMP_city", "PHOENIX");
Line Found : user_pref("CT2269050.1000234.TWC_TMP_country", "US");
Line Found : user_pref("CT2269050.1000234.TWC_locId", "USAZ0166");
Line Found : user_pref("CT2269050.1000234.TWC_location", "Phoenix, AZ");
Line Found : user_pref("CT2269050.1000234.TWC_region", "US");
Line Found : user_pref("CT2269050.1000234.TWC_temp_dis", "f");
Line Found : user_pref("CT2269050.1000234.TWC_wind_dis", "mph");
Line Found : user_pref("CT2269050.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"73°F\",\"temperatureClear\":\"73°F\",\"highTemperature\":\"73°F\",\"lowTemperature\":\"50°F\",\"feelsLike\":\"73°F\",[...]
Line Found : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2269050.FirstTime", "true");
Line Found : user_pref("CT2269050.FirstTimeFF3", "true");
Line Found : user_pref("CT2269050.LoginRevertSettingsEnabled", true);
Line Found : user_pref("CT2269050.RevertSettingsEnabled", true);
Line Found : user_pref("CT2269050.SearchAppState.enc", "Mw==");
Line Found : user_pref("CT2269050.SearchAppTracking.enc", "c2VudA==");
Line Found : user_pref("CT2269050.UserID", "UN10428765869859482");
Line Found : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT2269050.autoDisableScopes", -1);
Line Found : user_pref("CT2269050.cbcountry_001", "VVM=");
Line Found : user_pref("CT2269050.cbfirsttime", "RnJpIE9jdCAwNSAyMDEyIDE2OjQ2OjQ0IEdNVC0wNzAwIChVUyBNb3VudGFpbiBTdGFuZGFyZCBUaW1lKQ==");
Line Found : user_pref("CT2269050.countryCode", "US");
Line Found : user_pref("CT2269050.defaultSearch", "false");
Line Found : user_pref("CT2269050.enableAlerts", "false");
Line Found : user_pref("CT2269050.enableFix404ByUser", "TRUE");
Line Found : user_pref("CT2269050.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT2269050.firstTimeDialogOpened", "true");
Line Found : user_pref("CT2269050.fixPageNotFoundError", "true");
Line Found : user_pref("CT2269050.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT2269050.fixUrls", true);
Line Found : user_pref("CT2269050.fullUserID", "UN10428765869859482.UP.20130625225909");
Line Found : user_pref("CT2269050.hxxp___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.PriceSparrowUuid.enc", "ZTM5NGQ5ZjQtZTgyZS00MTk1LWJkODQtMzQxY2Q2OGI4NDg4");
Line Found : user_pref("CT2269050.installId", "ConduitNSISIntegration");
Line Found : user_pref("CT2269050.installType", "ConduitNSISIntegration");
Line Found : user_pref("CT2269050.isCheckedStartAsHidden", true);
Line Found : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT2269050.isNewTabEnabled", false);
Line Found : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2269050&octid=CT2269050&SearchSource=15&CUI=UN10428765869859482&SSPV=&Lay=1&UM=false\"[...]
Line Found : user_pref("CT2269050.lastVersion", "10.16.4.519");
Line Found : user_pref("CT2269050.migrateAppsAndComponents", true);
Line Found : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://DVDVideoSoftTB.OurToolbar.com/\",\"EB_[...]
Line Found : user_pref("CT2269050.openThankYouPage", "false");
Line Found : user_pref("CT2269050.openUninstallPage", "true");
Line Found : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Line Found : user_pref("CT2269050.search.searchCount", "2");
Line Found : user_pref("CT2269050.searchInNewTabEnabled", "false");
Line Found : user_pref("CT2269050.searchInNewTabEnabledByUser", "false");
Line Found : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT2269050.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2269050.searchSuggestEnabledByUser", "false");
Line Found : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2269050.sendUsageEnabled", "false");
Line Found : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}");
Line Found : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTB.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB\"}");
Line Found : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2269050.serviceLayer_services_Configuration_lastUpdate", "1373507080324");
Line Found : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365299530240");
Line Found : user_pref("CT2269050.serviceLayer_services_appTracking_lastUpdate", "1353369370353");
Line Found : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1365509320364");
Line Found : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1365176438382");
Line Found : user_pref("CT2269050.serviceLayer_services_location_lastUpdate", "1372196494445");
Line Found : user_pref("CT2269050.serviceLayer_services_login_10.13.1.89_lastUpdate", "1352649753672");
Line Found : user_pref("CT2269050.serviceLayer_services_login_10.13.40.15_lastUpdate", "1361727556763");
Line Found : user_pref("CT2269050.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363903008080");
Line Found : user_pref("CT2269050.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365640901969");
Line Found : user_pref("CT2269050.serviceLayer_services_login_10.15.2.523_lastUpdate", "1367933041067");
Line Found : user_pref("CT2269050.serviceLayer_services_login_10.16.1.521_lastUpdate", "1368796972909");
Line Found : user_pref("CT2269050.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372198203549");
Line Found : user_pref("CT2269050.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373506957713");
Line Found : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1352325044108");
Line Found : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1365176438168");
Line Found : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1373507080208");
Line Found : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1373507080062");
Line Found : user_pref("CT2269050.serviceLayer_services_setupAPI_lastUpdate", "1363903144105");
Line Found : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1365176438496");
Line Found : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1373513542916");
Line Found : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1372196494433");
Line Found : user_pref("CT2269050.settingsINI", true);
Line Found : user_pref("CT2269050.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT2269050.showToolbarPermission", "false");
Line Found : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Line Found : user_pref("CT2269050.smartbar.Uninstall", "0");
Line Found : user_pref("CT2269050.smartbar.isHidden", true);
Line Found : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Line Found : user_pref("CT2269050.startPage", "false");
Line Found : user_pref("CT2269050.toolbarBornServerTime", "6-10-2012");
Line Found : user_pref("CT2269050.toolbarCurrentServerTime", "11-7-2013");
Line Found : user_pref("CT2269050.toolbarLoginClientTime", "Thu Mar 21 2013 18:18:45 GMT-0700 (US Mountain Standard Time)");
Line Found : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1373514071246,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("smartbar.machineId", "ST3W93B0KNAYMA3B6BMSVFI0JNRWTR9WPMP31MYO7/Q7ZCWZ8VL3XB792DNLECV7DQPC8J8KCARZLSKWPRP6RG");

[ File : C:\Users\Delisa\AppData\Roaming\Mozilla\Firefox\Profiles\9puuxq49.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\BlackOps\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15583 octets] - [07/12/2013 11:09:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15644 octets] ##########

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Hi Dave, Nice to meet you and thank you for your help

Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
BlackOps :: BLACKOPS-HP [administrator]

12/7/2013 11:14:58 AM
mbam-log-2013-12-07 (11-14-58).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 509734
Time elapsed: 1 hour(s), 37 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\BlackOps\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TBHostSupport (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\BlackOps\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\BlackOps\AppData\Local\TBHostSupport (PUP.Optional.Conduit) -> Delete on reboot.

Files Detected: 1
C:\Users\BlackOps\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Delete on reboot.

(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by BlackOps on Mon 12/09/2013 at 10:31:14.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3F8B6612-7A97-4B33-AF38-22E1B15E3962}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3F8B6612-7A97-4B33-AF38-22E1B15E3962}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files

Successfully deleted: [File] "C:\Users\BlackOps\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\BlackOps\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\BlackOps\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\BlackOps\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\BlackOps\appdata\local\google\chrome\user data\default\local storage\http_storage.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
Successfully deleted: [File] "C:\end"



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\BlackOps\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\BlackOps\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\BlackOps\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\BlackOps\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\BlackOps\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\BlackOps\AppData\Roaming\mozilla\firefox\profiles\hm20z9j9.default\smartbar
Successfully deleted: [Folder] C:\Users\BlackOps\AppData\Roaming\mozilla\firefox\profiles\hm20z9j9.default\extensions\wecarereminder@bryan
Successfully deleted: [Folder] C:\Users\BlackOps\AppData\Roaming\mozilla\firefox\profiles\hm20z9j9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted the following from C:\Users\BlackOps\AppData\Roaming\mozilla\firefox\profiles\hm20z9j9.default\prefs.js

user_pref("CT2269050.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"73°F\",\"temperatureClear\":\"73°F\",\"highTemperature\":\"73°F\",\"lowTemperature\":\"50
user_pref("CT2269050.hxxp___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.PriceSparrowUuid.enc", "ZTM5NGQ5ZjQtZTgyZS00MTk1LWJkODQtMzQxY2Q2OGI4NDg
user_pref("CT2269050.installId", "ConduitNSISIntegration");
user_pref("CT2269050.installType", "ConduitNSISIntegration");
user_pref("CT2269050.isPerformedSmartBarTransition", "true");
user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2269050&octid=CT2269050&SearchSource=15&CUI=UN104287658698594
user_pref("CT2269050.search.searchAppId", "128834881989343895");
user_pref("CT2269050.search.searchCount", "2");
user_pref("CT2269050.smartbar.CTID", "CT2269050");
user_pref("CT2269050.smartbar.Uninstall", "0");
user_pref("CT2269050.smartbar.isHidden", true);
user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
user_pref("smartbar.machineId", "ST3W93B0KNAYMA3B6BMSVFI0JNRWTR9WPMP31MYO7/Q7ZCWZ8VL3XB792DNLECV7DQPC8J8KCARZLSKWPRP6RG");
Emptied folder: C:\Users\BlackOps\AppData\Roaming\mozilla\firefox\profiles\hm20z9j9.default\minidumps [225 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\BlackOps\appdata\local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Successfully deleted: [Folder] C:\Users\BlackOps\appdata\local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/09/2013 at 10:41:25.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SecurityCheck Results:

UNSUPPORTED OPERATING SYSTEM! ABORTED!

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

ComboFix 13-12-10.01 - BlackOps 12/10/2013 14:13:55.7.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1684 [GMT -7:00]
Running from: c:\users\BlackOps\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-11-10 to 2013-12-10 )))))))))))))))))))))))))))))))
.
.
2013-12-10 21:24 . 2013-12-10 21:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-10 21:24 . 2013-12-10 21:24 -------- d-----w- c:\users\Delisa\AppData\Local\temp
2013-12-10 21:24 . 2013-12-10 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-10 17:57 . 2013-12-10 17:57 -------- d-----w- c:\program files\Common Files\EPSON
2013-12-10 17:56 . 2013-12-10 17:57 -------- d-----w- c:\programdata\EPSON
2013-12-10 17:56 . 2008-11-12 01:00 118784 ----a-w- c:\windows\system32\E_ILMHMA.DLL
2013-12-10 17:56 . 2011-03-14 01:03 83968 ----a-w- c:\windows\system32\E_IBCBHMA.DLL
2013-12-10 14:21 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB2E98DD-403B-49A4-BE3B-535C40CF4A0D}\mpengine.dll
2013-12-09 17:31 . 2013-12-09 17:31 -------- d-----w- c:\windows\ERUNT
2013-12-07 18:09 . 2013-12-07 18:10 -------- d-----w- C:\AdwCleaner
2013-12-06 15:39 . 2013-12-06 15:39 -------- d-----w- c:\users\BlackOps\AppData\Local\NativeMessaging
2013-12-06 15:39 . 2013-12-06 15:39 -------- d-----w- c:\users\BlackOps\AppData\Local\WhiteListing
2013-12-05 18:12 . 2013-12-05 23:58 -------- d-----w- c:\users\BlackOps\AppData\Local\LogMeIn Rescue Applet
2013-12-05 03:17 . 2013-01-22 21:25 76648 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2013-12-05 03:17 . 2013-01-22 21:25 65896 ----a-w- c:\windows\system32\ftcserco.dll
2013-12-05 03:17 . 2013-01-22 21:25 85864 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2013-12-05 03:17 . 2013-01-22 21:25 55656 ----a-w- c:\windows\system32\ftserui2.dll
2013-12-05 03:17 . 2013-01-18 22:54 219496 ----a-w- c:\windows\SysWow64\ftd2xx.dll
2013-12-05 03:17 . 2013-01-18 22:54 257384 ----a-w- c:\windows\system32\ftd2xx.dll
2013-12-05 03:17 . 2013-01-18 22:54 109416 ----a-w- c:\windows\system32\ftbusui.dll
2013-12-05 03:17 . 2013-01-18 22:54 215400 ----a-w- c:\windows\system32\FTLang.dll
2013-11-16 13:37 . 2013-10-15 01:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-13 22:20 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 15:25 . 2011-01-04 01:01 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-11 12:50 . 2010-11-27 22:18 267936 ------w- c:\windows\system32\MpSigStub.exe
2011-09-23 01:53 . 2011-09-23 01:53 1732809 ----a-w- c:\program files\cdm20814_setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"cdloader"="c:\users\BlackOps\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Spybot-S&D Cleaning"="c:\users\BlackOps\Pictures\quincinera\001\Downloads\SpybotPortable\App\Spybot\SDCleaner.exe" [2013-05-16 3642312]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHMA.EXE" [2011-04-25 239488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-01-10 296056]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\BlackOps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN21G3N05C05D1;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ta10avs;Traktor Audio 10 WDM Audio;c:\windows\system32\Drivers\ta10avs.sys;c:\windows\SYSNATIVE\Drivers\ta10avs.sys [x]
R3 ta10usb_svc;Traktor Audio 10;c:\windows\system32\Drivers\ta10usb.sys;c:\windows\SYSNATIVE\Drivers\ta10usb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17 14:25]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17 14:25]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068227813-752040018-3191100409-1000Core.job
- c:\users\BlackOps\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 20:43]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068227813-752040018-3191100409-1000UA.job
- c:\users\BlackOps\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 20:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\BlackOps\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\BlackOps\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\BlackOps\AppData\Roaming\Mozilla\Firefox\Profiles\hm20z9j9.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Wow6432Node-HKLM-Run- - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Sendori\SendoriUp.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2013-12-10 16:54:46 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-10 23:54
ComboFix2.txt 2012-02-12 21:43
ComboFix3.txt 2012-02-12 16:01
ComboFix4.txt 2012-01-07 17:07
ComboFix5.txt 2013-12-10 21:11
.
Pre-Run: 34,711,773,184 bytes free
Post-Run: 38,439,260,160 bytes free
.
- - End Of File - - 08FAF312CDB646318D76CA74FABB8714

I see no evidence of an Anti-Virus on your computer. What are you using for protection?

Dave, I don't have one at the moment. I don't know which to get, I have purchased them in the past and all viruses have bypassed the protection software, from Symantec, avg, etc. I dont see a benfit really.

We can't proceed until you install one. Here are some free ones. I would recommend MicroSoft Security Essentials. Most of the malware going around these days are not stopped by an AV program. That's why you need a layer approach to protect your computer. Malwarebytes-Antimalware is a good one to buy. You can have the free version but it doesn't include full-time on-line scanning.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Good Morning Dave,

I looked at the MalwareBytes since it is already installed, I activated/enabled the real time protection mode for 30 days, after that I can purchase, but most likely since its real time and our technology is finally moving much faster I do see the benefit so Ill pick it up later today depending on my schedule (requires me to visit the bank).

Is this okay to use? and as I am typing this I see the Anti-Malwarebytes update icon flash in real time (I feel ugh never mind).

I take it we can proceed forward but you are the Boss  :cool2: 

Let me know thank you

I'm not going to attempt to clean a computer without an up-to-date AV installed.

Okay we have lift off!

I have the Malwarebytes Anti-Exploit! Running Now

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Esest Scan Results:

C:\Users\BlackOps\Pictures\quincinera\001\Downloads\Signblazer.zip a variant of Generik.CGKPELW trojan deleted - quarantined

Hi Dave,

it appears to be running much, much better, my firefox pop up blocker is activated on web page transitions, coming here it activated is that normal? do you have pop ups embedded in these pages? If so then it makes sense, if not I just wonder whats trying to pop up?

I am going to uninstall exploit and install one on the links.

my firefox pop up blocker is activated on web page transitions, coming here it activated is that normal? do you have pop ups embedded in these pages? If so then it makes sense, if not I just wonder whats trying to pop up?

I don't get any pop-ups on this site. Do you get pop-ups using Internet Explorer? I'm not that familiar with Firefox. In the meantime, let's do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*******************************************

I am going to uninstall exploit and install one on the links..

It wouldn't hurt to leave it on. It won't interfere with your AV. I installed it on my computer to evaluate it.

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)

Hi Dave,

Okay I went ahead and processed those two steps, the Comodo Antivirus is doing its job, I like the program its interface is simple and appealing.

MW3Ghost wrote:

Hi Dave,

Okay I went ahead and processed those two steps, the Comodo Antivirus is doing its job, I like the program its interface is simple and appealing.

Good, if you're happy, I'm happy. 

Superdave wrote:

MW3Ghost wrote:

Hi Dave,

Okay I went ahead and processed those two steps, the Comodo Antivirus is doing its job, I like the program its interface is simple and appealing.

Good, if you're happy, I'm happy. 

Thank You SuperDave! You handled it quick and efficiently! 

I secured my network this am, and all is running on full cylinders!  

The best my laptop has been running in a long time! 

Awesome Support! I will share