Adobe.Fake.Zusy

[ebb124]

How is your computer now? are you getting any alerts or error messages?

We are close now. One more scan or two to check for remnants.


What we can try, drop into safe mode and try to run it again, disable your antivirus.

http://www.bleepingcomputer.com/foru...ware-programs/


What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish

It quarantined everything but the worm!

C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip Win32/Bagle.gen.zip worm
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe.vir a variant of MSIL/Vittalia.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\UpdaterService.exe.vir a variant of MSIL/Vittalia.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\UpdaterService.exe_old.vir a variant of MSIL/Vittalia.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\plugins\ConduitChromeApiPlugin.dll.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\NativeMessaging\CT3279414\1_0_0_4\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\3071iady.default\Extensions\gx93i@cpd-uey.org\content\bg.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\3071iady.default\Extensions\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files\pcmax\pcmax.exe.xBAD a variant of Win32/Conduit.SearchProtect.O potentially unwanted application deleted - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A943640A426523FB696C6DC76F667A3B2E03687886 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A943640A426523FB69ED550F9C1624F22AA386AFD0 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A943640A426523FB69ED550F9C92284217 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A943640A42F10F79B8 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A9B267AD62 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973A62BD130C8A89C316 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973A62BD130CA3730ACA22DEBB882319C902 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973A62BD130CA3730ACA2359255864098B81 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973AB3EF2037384DD6E4AAF6DE7E02041028 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973AB3EF2037384DD6E4AAF6DE7EE77AF4C5 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973AB3EF20379A2A32136886C65D a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973AC70441CA a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\launcher.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
C:\temp\red.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
C:\temp\white2.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
C:\Users\Ed\AppData\Local\Viber\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Users\Ed\AppData\Roaming\0T1M1P0A1E1E0M1T1G\AdwCleaner Packages\uninstaller.exe Win32/InstallCore.PC potentially unwanted application deleted - quarantined
C:\Users\Ed\Downloads\AdwCleaner Setup.exe Win32/OutBrowse.S potentially unwanted application deleted - quarantined
C:\Users\Ed\Downloads\cbsidlm-cbsi188-Trojan_Remover-ORG-75964423.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined

[Juliet]

Actually it turned out good.

What was found has been previously dealt with by Spybot. To remove them from your computer completely, open Spybot, go to the Recovery folder and delete everything that’s in there.

Are we ready to remove tools and quarantine folders and post preventive tips?

[ebb124]

Actually it turned out good.

What was found has been previously dealt with by Spybot. To remove them from your computer completely, open Spybot, go to the Recovery folder and delete everything that’s in there.

Are we ready to remove tools and quarantine folders and post preventive tips?

Good morning!
I didn't find a "Recovery Folder" on Spybot so I ran another scan. I then got the message: malware not working. The same thing I get with malwarebytes. On the scan I ran I did find some cookies, etc.
I'm a little discouraged although I realize I may be responsible for these quirks.
Help!

[Juliet]

You can uninstall MalwareBytes and try again.
I haven't seen where others have had this issue just trying to run a scan....unless your antivirus has stopped it.

Have you tried running a scan in safe mode?

We can try to see if FRST can remove that file in SpyBot recovery folder.
Might be it's encrypted and not allowed.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[ebb124]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014 01
Ran by Ed at 2014-07-26 10:39:30 Run:2
Running from C:\Users\Ed\Desktop
Boot Mode: Normal
==============================================
Thank you for your perseverance! I will try malwarebytes and spybot again in safe mode BUT I need help there. My safemode will not open with either F8 or F12. I wondered if that was part of the malware. Below is the log you requested.



Content of fixlist:
*****************
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip
*****************

"C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip" => File/Directory not found.
"C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip" => File/Directory not found.

==== End of Fixlog ====

[Juliet]

C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

Might be already gone.
If not we'll have to uninstall SpyBot then reinstall.


First, try just uninstalling Malwarebytes, reinstall and try to run a scan in normal mode.


Also please download Windows Repair (all in one) from here
Please download from BleepingComputers.


Install the program then go to step 4 and create a new system restore point and new registry backup.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:




NEXT
On the the Start Repairs tab => Click the Start



Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):


Click on box next to the Restart System when Finished. Then click on Start.

[ebb124]

I messed up the one time only ESET scan so did the 30 day free trial and scanned the entire computer, Sorry! This is the result (71 threats):

C:\FRST\Quarantine\C\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\3071iady.default\Extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi.xBAD Win32/BrowseFox.B potentially unwanted application No action
C:\Users\Ed\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx a variant of Win32/Toolbar.Conduit.AA potentially unwanted application No action
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 18.zip Win32/DownloadAdmin.G potentially unwanted application No action
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 19.zip a variant of Win32/InstallCore.IU potentially unwanted application No action
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 2.zip Win32/InstallCore.AZ potentially unwanted application No action
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 3.zip multiple threats No action
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 4.zip a variant of Win32/Toolbar.Conduit.AA potentially unwanted application No action
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 6.zip a variant of Win32/Toolbar.Conduit.AH potentially unwanted application No action
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 7.zip Win64/Toolbar.Conduit.B potentially unwanted application No action
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-05-04 190000\Backup files 2.zip multiple threats No action
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-05-04 190000\Backup files 7.zip Win32/DownloadAdmin.G potentially unwanted application No action
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-05-11 211809\Backup files 2.zip a variant of Win32/Conduit.SearchProtect.P potentially unwanted application No action
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 10.zip a variant of Win32/Conduit.SearchProtect.P potentially unwanted application No action
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 12.zip a variant of Win32/Toolbar.Conduit.AH potentially unwanted application No action
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 24.zip Win32/DownloadAdmin.G potentially unwanted application No action
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 25.zip a variant of Win32/InstallCore.IU potentially unwanted application No action
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 41.zip Win32/DownloadAdmin.G potentially unwanted application No action
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 6.zip Win32/InstallCore.AZ potentially unwanted application No action
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 8.zip multiple threats No action
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-25 192314\Backup files 2.zip Win32/Conduit.SearchProtect potentially unwanted application No action
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-06-16 091350\Backup files 2.zip a variant of Win32/Conduit.SearchProtect.P potentially unwanted application No action
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-06-29 190000\Backup files 1.zip a variant of Win32/DomaIQ.BB potentially unwanted application No action
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-06-29 190000\Backup files 2.zip Win32/Toolbar.Montiera.B potentially unwanted application No action
G:\ED-PC\Backup Set 2014-07-06 190001\Backup Files 2014-07-06 190001\Backup files 11.zip a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application No action
G:\ED-PC\Backup Set 2014-07-06 190001\Backup Files 2014-07-06 190001\Backup files 23.zip Win32/Toolbar.Montiera.B potentially unwanted application No action
G:\ED-PC\Backup Set 2014-07-06 190001\Backup Files 2014-07-06 190001\Backup files 7.zip Win32/BrowseFox.B potentially unwanted application No action

Again, thanks for your efforts. I didn't delete anything.

[Juliet]

You were infected when you made some backups so, the back ups are infected and need to be removed.
When we're finished I suggest, you create a new restore point and then make a backup.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Users\Ed\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 18.zip
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 19.zip
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 2.zip
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 3.zip
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 4.zip
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 6.zip
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-04-13 195910\Backup files 7.zip
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-05-04 190000\Backup files 2.zip
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-05-04 190000\Backup files 7.zip
G:\ED-PC\Backup Set 2014-04-06 192742\Backup Files 2014-05-11 211809\Backup files 2.zip
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 10.zip
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 12.zip
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 24.zip
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 25.zip
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 41.zip
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 6.zip
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-18 202456\Backup files 8.zip
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-05-25 192314\Backup files 2.zip
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-06-16 091350\Backup files 2.zip
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-06-29 190000\Backup files 1.zip
G:\ED-PC\Backup Set 2014-05-18 202456\Backup Files 2014-06-29 190000\Backup files 2.zip
G:\ED-PC\Backup Set 2014-07-06 190001\Backup Files 2014-07-06 190001\Backup files 11.zip
G:\ED-PC\Backup Set 2014-07-06 190001\Backup Files 2014-07-06 190001\Backup files 23.zip
G:\ED-PC\Backup Set 2014-07-06 190001\Backup Files 2014-07-06 190001\Backup files 7.zip
End

Open FRST/FRST64 and press the Fix

button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[ebb124]

C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip Win32/Bagle.gen.zip worm
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe.vir a variant of MSIL/Vittalia.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\UpdaterService.exe.vir a variant of MSIL/Vittalia.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\UpdaterService.exe_old.vir a variant of MSIL/Vittalia.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\plugins\ConduitChromeApiPlugin.dll.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\NativeMessaging\CT3279414\1_0_0_4\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\3071iady.default\Extensions\gx93i@cpd-uey.org\content\bg.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\3071iady.default\Extensions\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files\pcmax\pcmax.exe.xBAD a variant of Win32/Conduit.SearchProtect.O potentially unwanted application deleted - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A943640A426523FB696C6DC76F667A3B2E03687886 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A943640A426523FB69ED550F9C1624F22AA386AFD0 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A943640A426523FB69ED550F9C92284217 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A943640A42F10F79B8 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A9B267AD62 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973A62BD130C8A89C316 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973A62BD130CA3730ACA22DEBB882319C902 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973A62BD130CA3730ACA2359255864098B81 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973AB3EF2037384DD6E4AAF6DE7E02041028 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973AB3EF2037384DD6E4AAF6DE7EE77AF4C5 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973AB3EF20379A2A32136886C65D a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973AC70441CA a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\launcher.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
C:\temp\red.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
C:\temp\white2.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
C:\Users\Ed\AppData\Local\Viber\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Users\Ed\AppData\Roaming\0T1M1P0A1E1E0M1T1G\AdwCleaner Packages\uninstaller.exe Win32/InstallCore.PC potentially unwanted application deleted - quarantined
C:\Users\Ed\Downloads\AdwCleaner Setup.exe Win32/OutBrowse.S potentially unwanted application deleted - quarantined
C:\Users\Ed\Downloads\cbsidlm-cbsi188-Trojan_Remover-ORG-75964423.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined

Sorry if I repeated this submission. I wasn't sure it was transmitted. I am not being impatient; rather I am very appreciative of your prompt and comprehensive replies.

C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip Win32/Bagle.gen.zip worm
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe.vir a variant of MSIL/Vittalia.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\UpdaterService.exe.vir a variant of MSIL/Vittalia.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\UpdaterService.exe_old.vir a variant of MSIL/Vittalia.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\plugins\ConduitChromeApiPlugin.dll.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\NativeMessaging\CT3279414\1_0_0_4\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\3071iady.default\Extensions\gx93i@cpd-uey.org\content\bg.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\3071iady.default\Extensions\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files\pcmax\pcmax.exe.xBAD a variant of Win32/Conduit.SearchProtect.O potentially unwanted application deleted - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO9.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A943640A426523FB696C6DC76F667A3B2E03687886 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A943640A426523FB69ED550F9C1624F22AA386AFD0 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A943640A426523FB69ED550F9C92284217 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A943640A42F10F79B8 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe1D9555A9B267AD62 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973A62BD130C8A89C316 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973A62BD130CA3730ACA22DEBB882319C902 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973A62BD130CA3730ACA2359255864098B81 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973AB3EF2037384DD6E4AAF6DE7E02041028 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973AB3EF2037384DD6E4AAF6DE7EE77AF4C5 a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973AB3EF20379A2A32136886C65D a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\guardian.exe56C5973AC70441CA a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\temp\launcher.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
C:\temp\red.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
C:\temp\white2.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
C:\Users\Ed\AppData\Local\Viber\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Users\Ed\AppData\Roaming\0T1M1P0A1E1E0M1T1G\AdwCleaner Packages\uninstaller.exe Win32/InstallCore.PC potentially unwanted application deleted - quarantined
C:\Users\Ed\Downloads\AdwCleaner Setup.exe Win32/OutBrowse.S potentially unwanted application deleted - quarantined
C:\Users\Ed\Downloads\cbsidlm-cbsi188-Trojan_Remover-ORG-75964423.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined

[Juliet]

Sorry if I repeated this submission. I wasn't sure it was transmitted. I am not being impatient; rather I am very appreciative of your prompt and comprehensive replies.

Yes, I did see the log and replied to delete the infected backup s you had made.
I had created another FRST script.
Did you see that?, thats the log I need to see now.

check post #18