Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with Malware.. Cannot Get Rid of Conduit Search

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help with Malware.. Cannot Get Rid of Conduit Search

Unread postby reddog1992000 » January 7th, 2014, 12:32 pm

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428
Run by Bertha at 15:50:39 on 2014-01-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3036.1545 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\24x7Help\App24x7Svc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.CHURCHWINDOWS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRServer.exe
c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
c:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
C:\Program Files\Splashtop\Splashtop Remote\SERVER\DataProxy.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Inbox Toolbar\Inbox.exe
C:\Program Files\24x7Help\App24x7Help.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Program Files\PCPowerSpeed\PCPowerTray.exe
C:\Program Files\OnlineVault\OVTray.exe
C:\Program Files\24x7Help\App24x7Hook.exe
C:\Program Files\RebateInformer\RebateInf.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3303930
BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - c:\program files\siteranker\SiteRank.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - c:\program files\appgraffiti\AppGraffiti.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - c:\program files\rebateinformer\RebateI.dll
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - c:\program files\inbox toolbar\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RebateInformer] c:\program files\rebateinformer\RebateInf.exe /STARTUP
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [hpsjbmgr] c:\program files\hewlett-packard\hp precisionscan\precisionscan\hpsjbmgr.exe
mRun: [HP Lamp] c:\program files\hewlett-packard\hp precisionscan\precisionscan\HPLamp.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [InboxToolbar] "c:\program files\inbox toolbar\Inbox.exe" /STARTUP
mRun: [24x7HELP] "c:\program files\24x7help\App24x7Help.exe" /STARTUP
mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
mRun: [PCPowerSpeed] "c:\program files\pcpowerspeed\PCPowerTray.exe" /startup
mRun: [Online Vault] "c:\program files\onlinevault\OVTray.exe"
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{F1364B53-028A-497F-8521-A23C855D6DCC} : DHCPNameServer = 192.168.0.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\program files\inbox toolbar\Inbox.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\program files\rebateinformer\RebateI.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-12-3 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-12-3 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-20 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-20 403440]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448]
R2 24x7HelpSvc;24x7HelpService;c:\program files\24x7help\App24x7Svc.exe [2014-1-6 339808]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-20 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-20 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-3 50344]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-4-4 13336]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 MSSQL$CHURCHWINDOWS;SQL Server (CHURCHWINDOWS);c:\program files\microsoft sql server\mssql10_50.churchwindows\mssql\binn\sqlservr.exe [2012-6-29 43129288]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2013-10-24 790880]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2013-10-8 609056]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-10 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-10 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-4-5 224424]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys --> c:\windows\system32\drivers\tmevtmgr.sys [?]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008]
S0 epstwnt;epstwnt;c:\windows\system32\drivers\epstwnt.mpd [2011-6-30 84480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\Sharshtl.sys [2011-6-30 18432]
S2 SQLAgent$CHURCHWINDOWS;SQL Server Agent (CHURCHWINDOWS);c:\program files\microsoft sql server\mssql10_50.churchwindows\mssql\binn\SQLAGENT.EXE [2012-6-29 379848]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-12 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0153;RsFx0153 Driver;c:\windows\system32\drivers\RsFx0153.sys [2012-6-29 249288]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-01-06 23:42:52 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9ec0373d-5744-4a68-85f0-08ffdc26aae0}\offreg.dll
2014-01-06 19:52:42 -------- d-----w- c:\program files\AppGraffiti
2014-01-06 19:52:40 -------- d-----w- c:\users\bertha\appdata\roaming\OnlineVault
2014-01-06 19:52:38 -------- d-----w- c:\program files\OnlineVault
2014-01-06 19:52:36 -------- d-----w- c:\users\bertha\appdata\roaming\PCPowerSpeed
2014-01-06 19:52:36 -------- d-----w- c:\programdata\PCPowerSpeed
2014-01-06 19:52:35 -------- d-----w- c:\program files\PCPowerSpeed
2014-01-06 19:52:31 -------- d-----w- c:\program files\SiteRanker
2014-01-06 19:52:28 -------- d-----w- c:\program files\RebateInformer
2014-01-06 19:52:26 -------- d-----w- c:\users\bertha\appdata\roaming\24x7 Help
2014-01-06 19:52:21 -------- d-----w- c:\program files\24x7Help
2014-01-06 19:50:48 -------- d-----w- c:\program files\Inbox Toolbar
2014-01-03 16:36:17 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9ec0373d-5744-4a68-85f0-08ffdc26aae0}\mpengine.dll
2013-12-29 20:43:04 -------- d-----w- c:\programdata\Splashtop
2013-12-19 20:51:51 -------- d-----w- c:\program files\ESET
2013-12-18 18:38:03 -------- d-----w- C:\_OTL
2013-12-14 20:35:08 -------- d-----w- C:\AdwCleaner
2013-12-14 20:20:24 -------- d-----w- C:\RegBackup
2013-12-14 20:19:50 -------- d-----w- c:\program files\Tweaking.com
2013-12-12 11:04:57 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-12-12 11:02:21 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 11:02:20 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2013-12-12 06:06:17 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-12 06:06:17 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 06:06:17 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 06:06:17 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 06:06:17 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 06:06:17 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 06:06:16 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-12 06:06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-12 06:06:14 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 06:06:14 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 06:06:13 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
.
==================== Find3M ====================
.
2013-12-11 04:27:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 04:27:40 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-03 18:03:29 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-03 18:03:28 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-03 18:03:28 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-03 18:03:28 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-03 18:03:28 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-03 18:03:22 43152 ----a-w- c:\windows\avastSS.scr
2013-12-03 18:02:41 259928 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-19 11:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-05 18:51:12 103272 ----a-w- c:\users\bertha\GoToAssistDownloadHelper.exe
2013-10-31 07:46:14 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
============= FINISH: 15:57:23.80 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 04/11/2011 10:51:40 AM
System Uptime: 01/06/2014 3:40:41 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0200DY
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2933/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 154.302 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP662: 12/21/2013 12:00:01 AM - Scheduled Checkpoint
RP663: 12/24/2013 2:32:37 AM - Windows Update
RP664: 12/29/2013 12:42:13 PM - Installed Splashtop Streamer.
RP665: 12/30/2013 10:43:53 PM - Windows Update
RP666: 01/03/2014 8:35:40 AM - Windows Update
RP667: 01/06/2014 3:45:13 PM - Installed Church Windows Payroll
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
24x7 Help
32 Bit HP CIO Components Installer
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
aioprnt
aioscnnr
AppGraffiti
AudibleManager
avast! Free Antivirus
BioAPI Framework
BurnToDisk version 1.0
C4USelfUpdater
Church Windows (C:\CW\)
Church Windows Payroll
Church Windows Payroll (C:\CWPay\)
Conexant D850 PCI V.92 Modem
Custom
CutePDF Writer 2.8
CyberLink PowerDVD 9.5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
DellAccess
Digital Line Detect
DirectX 9 Runtime
EMBASSY Security Center
ESET Online Scanner v3
essentials
FastStone Image Viewer 4.6
Gemalto
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP PrecisionScan
Inbox Toolbar
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 15.2.89.0
Intel(R) Rapid Storage Technology
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Kodak AIO Printer
MDIConverter 3.0
MDIViewer 3.0
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook 2010
Microsoft Publisher 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netwaiting
NTRU TCG Software Stack
ocr
Online Vault
Pandoras Box V1.3.8
PC-CCID
PC Power Speed 1.1.0.43
PC Speed Maximizer v3.0
PhotoShowExpress
Preboot Manager
PreReq
Privacy SafeGuard version 1.1
Private Information Manager
RebateInformer
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Service Pack 2 for SQL Server 2008 R2 (KB2630458)
SiteRanker
Sonic CinePlayer Decoder Pack
SPBA 5.9
Splashtop Software Updater
Splashtop Streamer
SQL Server 2008 R2 SP2 Common Files
SQL Server 2008 R2 SP2 Database Engine Services
SQL Server 2008 R2 SP2 Database Engine Shared
Sql Server Customer Experience Improvement Program
Trend Micro Client/Server Security Agent
Trusted Drive Manager
Tweaking.com - Registry Backup
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Upek Touchchip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software Installer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
01/06/2014 3:41:48 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
01/06/2014 3:41:01 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
01/06/2014 10:32:47 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
01/05/2014 10:15:10 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer PREELAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1364B53-028A-497F-8521-A23C855. The master browser is stopping or an election is being forced.
01/04/2014 6:10:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
01/04/2014 6:10:09 PM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/04/2014 6:10:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SplashtopRemoteService service.
.
==== End Of File ===========================
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm
Advertisement
Register to Remove

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » January 11th, 2014, 9:14 pm

Hello reddog1992000, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » January 11th, 2014, 9:21 pm

Hi reddog1992000,

Please perform the following and post after each scan:

Step 1.
AdwCleaner Download and Run

Click on this link to download : ADWCleaner
Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

Image

You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete. When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.

Image


Step 2.
Junkware Removal Tool
  • Please download and run the following program: JRT.exe
  • Right-click JRT.exe and select " Run as administrator " to run it.
  • When the program is finished running, post the log JRT.txt in your next reply.


Step 3.
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 12th, 2014, 3:44 pm

# AdwCleaner v3.017 - Report created 12/01/2014 at 11:41:36
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Bertha - BERTHA-PC
# Running from : C:\Users\Bertha\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 24x7HelpSvc
Service Deleted : splashtopremoteservice
Service Deleted : SSUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Splashtop
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
Folder Deleted : C:\Program Files\24x7Help
Folder Deleted : C:\Program Files\AppGraffiti
Folder Deleted : C:\Program Files\Inbox Toolbar
Folder Deleted : C:\Program Files\RebateInformer
Folder Deleted : C:\Program Files\SiteRanker
[!] Folder Deleted : C:\Program Files\Splashtop
Folder Deleted : C:\Users\Bertha\AppData\LocalLow\AppGraffiti
Folder Deleted : C:\Users\Bertha\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Bertha\AppData\LocalLow\SiteRanker
Folder Deleted : C:\Users\Bertha\AppData\Roaming\24x7 help
Folder Deleted : C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\AppGraffiti@AppGraffiti.com
Folder Deleted : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\peloglcfgdfkabbnlaeolbgfejohochl
File Deleted : C:\Users\Public\Desktop\RebateInformer.lnk

***** [ Shortcuts ] *****
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 12th, 2014, 3:53 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x86
Ran by Bertha on 01/12/2014 at 11:46:27.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\24x7help
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\inboxtoolbar
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\online vault
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pcpowerspeed
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rebateinformer
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\siteranker
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\24x7help
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\appgraffiti
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262933362-4071809552-10700770-1000\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\24x7help
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\appgraffiti
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appgraffiti.appgraffitijs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.appserver
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.ibx404
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.jsserver
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\inbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\rebinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebatei.rebate informer bho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebatei.rebateinformimagegen
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{11bf46c6-b3de-48bd-bf70-3ad85cab80b5}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4ef645bd-65b0-4f98-ad56-d0437b7045f6}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{612ad33d-9824-4e87-8396-92374e91c4bb}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6f6a5334-78e9-4d9b-8182-8b41ea8c39ef}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{a957f04c-49f4-4375-8c8a-d04b769efe47}_is1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Bertha\AppData\LocalLow\FCTB000060231
Successfully deleted: [Folder] "C:\ProgramData\pcpowerspeed"
Successfully deleted: [Folder] "C:\Users\Bertha\AppData\Roaming\onlinevault"
Successfully deleted: [Folder] "C:\Users\Bertha\AppData\Roaming\pcpowerspeed"
Successfully deleted: [Folder] "C:\Users\Bertha\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Bertha\appdata\locallow\recipehub_2j"
Successfully deleted: [Folder] "C:\Users\Bertha\appdata\locallow\recipehub_2jei"
Successfully deleted: [Folder] "C:\Program Files\onlinevault"
Successfully deleted: [Folder] "C:\Program Files\pcpowerspeed"
Successfully deleted: [Folder] "C:\Program Files\privacysafeguard"
Successfully deleted: [Folder] "C:\Program Files\recipehub_2j"
Successfully deleted: [Folder] "C:\Program Files\recipehub_2jei"
Successfully deleted: [Folder] "C:\Program Files\splashtop"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"
Successfully deleted: [Empty Folder] C:\Users\Bertha\appdata\local\{06A11337-54DD-4EFB-AEAB-61A29C08F41D}
Successfully deleted: [Empty Folder] C:\Users\Bertha\appdata\local\{1779DF04-A771-4EE2-84A5-797264DCA9D6}
Successfully deleted: [Empty Folder] C:\Users\Bertha\appdata\local\{609BEC77-E486-47E5-BB41-6CB7864A5255}
Successfully deleted: [Empty Folder] C:\Users\Bertha\appdata\local\{6ACD2145-DC09-4FD4-836D-9FED55C2B588}
Successfully deleted: [Empty Folder] C:\Users\Bertha\appdata\local\{8A507BFA-40FE-4378-8685-DF8421495183}
Successfully deleted: [Empty Folder] C:\Users\Bertha\appdata\local\{E00E7A0C-75E3-4524-9D6A-2E15E40B843A}



~~~ Chrome

Failed to delete: [Folder] C:\Users\Bertha\appdata\local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Failed to delete: [Folder] C:\Users\Bertha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/12/2014 at 11:49:18.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 12th, 2014, 4:00 pm

Hello, i just noticed that the Adw Cleaner didn't have more text than what I posted.
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 12th, 2014, 4:11 pm

Ok and I missed that the Extra Registry was not set to "Use Safe List" so it scanned in the default setting "None"
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 12th, 2014, 4:17 pm

OTL logfile created on: 01/12/2014 12:06:18 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bertha\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.96 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 53.15% Memory free
5.93 Gb Paging File | 4.26 Gb Available in Paging File | 71.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.15 Gb Total Space | 150.09 Gb Free Space | 68.18% Space Free | Partition Type: NTFS

Computer Name: BERTHA-PC | User Name: Bertha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/12 12:00:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bertha\Downloads\OTL (1).exe
PRC - [2014/01/12 11:40:33 | 001,236,282 | ---- | M] () -- C:\Users\Bertha\Downloads\AdwCleaner.exe
PRC - [2014/01/06 20:05:55 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/12/03 10:03:16 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/03 10:03:16 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/01 16:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/19 13:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 10:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/10/16 13:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
PRC - [2010/09/15 08:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2010/07/05 10:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2010/07/05 10:37:28 | 000,017,920 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2010/06/22 10:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2010/06/22 10:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2010/03/03 17:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/01 08:13:12 | 000,345,352 | ---- | M] () -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/07/15 14:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
PRC - [2009/05/15 16:44:06 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/12 11:40:33 | 001,236,282 | ---- | M] () -- C:\Users\Bertha\Downloads\AdwCleaner.exe
MOD - [2014/01/06 20:05:53 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\ppgooglenaclpluginchrome.dll
MOD - [2014/01/06 20:05:49 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\pdf.dll
MOD - [2014/01/06 20:04:47 | 000,715,544 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\libglesv2.dll
MOD - [2014/01/06 20:04:46 | 000,100,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\libegl.dll
MOD - [2014/01/06 20:04:42 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\ffmpegsumo.dll
MOD - [2013/12/03 10:03:20 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


========== Services (SafeList) ==========

SRV - [2013/12/10 20:27:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/03 10:03:16 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/11/26 00:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/26 20:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/19 13:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 10:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/04/12 01:00:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/25 02:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 02:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/03 13:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/10/16 13:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/07/13 11:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/07/05 10:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2010/06/22 10:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2010/06/22 10:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2010/03/03 17:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/01 08:13:12 | 000,345,352 | ---- | M] () [On_Demand | Running] -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/07/15 14:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 14:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/04/29 11:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Bertha\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/12/03 10:03:29 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/03 10:03:29 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/12/03 10:03:28 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/03 10:03:28 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/03 10:03:28 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/12/03 10:03:28 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/03 10:03:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/03 10:03:28 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/06/26 18:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2013/06/26 18:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2013/06/26 18:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2013/06/26 18:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2012/06/29 01:24:02 | 000,249,288 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0153.sys -- (RsFx0153)
DRV - [2011/06/20 20:09:00 | 000,200,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/19 16:03:10 | 000,059,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 16:03:00 | 000,051,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/05/10 20:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2010/05/10 20:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/05/10 19:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2010/02/02 21:10:32 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/07/15 14:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/07/15 14:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/15 14:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/04/29 11:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/13 13:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/06/04 10:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [1998/10/28 11:49:02 | 000,084,480 | ---- | M] (Shuttle Technology. ) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\epstwnt.mpd -- (epstwnt)
DRV - [1998/08/12 01:41:02 | 000,018,432 | ---- | M] (Shuttle Technology) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Sharshtl.sys -- (SHARSHTL)
DRV - [1997/12/22 17:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{267D48CE-A942-49A3-9EC5-2753220560B1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3303930
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes,DefaultScope = {5CEAE635-BD84-4F88-ABE9-1D0F77016CE0}
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{5CEAE635-BD84-4F88-ABE9-1D0F77016CE0}: "URL" = http://www.bing.com/search?FORM=U146CD&PC=U146C&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{90182B2A-2920-411D-9895-9366069869D0}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120103,6901,0,8,0
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{F2BBD450-7955-4E04-BC27-0E533824C9BA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGNI_enUS476
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3303930&CUI=UN37900105254162392&UM=2
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.defaultengine: "Ask Search"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@RecipeHub_2j.com/Plugin: C:\Program Files\RecipeHub_2j\bar\1.bin\NP2jStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files\LivingPlay\nplplaypop.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2013/09/12 09:40:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/10/26 11:58:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\

[2011/07/19 08:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Extensions
[2014/01/12 11:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions
[2011/04/12 07:16:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Wallet = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

Hosts file not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll File not found
O3 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe ()
O4 - HKLM..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpsjbmgr.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1364B53-028A-497F-8521-A23C855D6DCC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/12 11:46:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/12 08:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2014/01/06 11:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Vault
[2014/01/06 11:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Power Speed
[2013/12/19 12:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/18 10:38:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/14 12:35:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/14 12:20:24 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/12/14 12:19:52 | 000,000,000 | ---D | C] -- C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/12/14 12:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com

========== Files - Modified Within 30 Days ==========

[2014/01/12 11:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/12 11:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/12 08:57:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/12 08:44:17 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 08:44:17 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 08:41:58 | 000,751,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/12 08:41:58 | 000,154,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/12 08:39:12 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2014/01/12 08:37:17 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2014/01/12 08:36:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/12 08:36:29 | 2387,288,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/07 17:10:40 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/06 15:44:30 | 000,882,691 | ---- | M] () -- C:\Users\Bertha\Desktop\CWPay.zip
[2014/01/06 11:52:36 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/01/06 11:52:28 | 000,000,052 | ---- | M] () -- C:\Users\Public\Desktop\RebateBlast.com.url
[2013/12/18 10:35:04 | 005,056,365 | ---- | M] () -- C:\Users\Bertha\Desktop\CWMSCF.zip
[2013/12/14 12:57:22 | 000,075,264 | ---- | M] () -- C:\Users\Bertha\Desktop\SystemLook (1).exe
[2013/12/14 12:21:58 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BERTHA-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
[2013/12/14 12:19:52 | 000,002,179 | ---- | M] () -- C:\Users\Bertha\Desktop\Tweaking.com - Registry Backup.lnk
[2013/12/13 12:14:59 | 000,022,449 | ---- | M] () -- C:\Users\Bertha\Desktop\ActiveReports Document.pdf

========== Files Created - No Company Name ==========

[2014/01/06 11:52:36 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/01/06 11:52:28 | 000,000,052 | ---- | C] () -- C:\Users\Public\Desktop\RebateBlast.com.url
[2013/12/14 12:57:22 | 000,075,264 | ---- | C] () -- C:\Users\Bertha\Desktop\SystemLook (1).exe
[2013/12/14 12:21:58 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BERTHA-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
[2013/12/14 12:19:52 | 000,002,179 | ---- | C] () -- C:\Users\Bertha\Desktop\Tweaking.com - Registry Backup.lnk
[2013/12/13 12:15:04 | 000,022,449 | ---- | C] () -- C:\Users\Bertha\Desktop\ActiveReports Document.pdf
[2013/12/03 09:52:39 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/12/03 09:52:39 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/05 10:51:10 | 000,103,272 | ---- | C] () -- C:\Users\Bertha\GoToAssistDownloadHelper.exe
[2013/07/03 11:59:02 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/11/06 13:31:20 | 000,000,258 | RHS- | C] () -- C:\Users\Bertha\ntuser.pol
[2012/03/23 10:44:02 | 000,000,000 | ---- | C] () -- C:\Users\Bertha\AppData\Local\rx_image32.Cache
[2012/03/22 14:15:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/22 14:15:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/22 14:15:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/22 14:15:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/22 14:15:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/08 13:37:45 | 000,404,033 | ---- | C] () -- C:\Users\Bertha\AppData\Local\census.cache
[2012/03/08 13:37:25 | 000,160,371 | ---- | C] () -- C:\Users\Bertha\AppData\Local\ars.cache
[2012/01/19 13:49:37 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/11/01 07:54:46 | 000,200,254 | ---- | C] () -- C:\Users\Bertha\KJ.jpg
[2011/04/27 11:54:04 | 000,007,597 | ---- | C] () -- C:\Users\Bertha\AppData\Local\resmon.resmoncfg
[2010/10/21 08:53:51 | 000,001,940 | ---- | C] () -- C:\Users\Bertha\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/07 09:20:10 | 000,000,036 | ---- | C] () -- C:\Users\Bertha\AppData\Local\housecall.guid.cache
[2009/06/15 09:27:24 | 000,006,520 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2005/04/14 12:11:41 | 000,019,456 | ---- | C] () -- C:\Users\Bertha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/12/09 10:50:05 | 000,038,408 | ---- | C] () -- C:\Users\Bertha\AppData\Roaming\Comma Separated Values (Windows).ADR
[2003/12/02 12:44:49 | 000,000,129 | ---- | C] () -- C:\Users\Bertha\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 362 bytes -> C:\ProgramData\Temp:D478F292

< End of report >
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 12th, 2014, 4:24 pm

ok so the above post is the scan where I missed that the Extra Registry was not set to "Use Safe List"
below is the second scan with the Extra Registry box set so it "Use Safe List"
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 12th, 2014, 4:24 pm

OTL logfile created on: 01/12/2014 12:18:23 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bertha\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.96 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 46.41% Memory free
5.93 Gb Paging File | 4.16 Gb Available in Paging File | 70.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.15 Gb Total Space | 150.09 Gb Free Space | 68.17% Space Free | Partition Type: NTFS

Computer Name: BERTHA-PC | User Name: Bertha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/12 12:00:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bertha\Downloads\OTL (1).exe
PRC - [2014/01/06 20:05:55 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/12/03 10:03:16 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/03 10:03:16 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/01 16:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/19 13:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 10:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/16 13:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
PRC - [2010/09/15 08:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2010/07/05 10:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2010/07/05 10:37:28 | 000,017,920 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2010/06/22 10:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2010/06/22 10:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2010/03/03 17:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/01 08:13:12 | 000,345,352 | ---- | M] () -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/07/15 14:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
PRC - [2009/05/15 16:44:06 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/06 20:05:53 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\ppgooglenaclpluginchrome.dll
MOD - [2014/01/06 20:05:49 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\pdf.dll
MOD - [2014/01/06 20:04:47 | 000,715,544 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\libglesv2.dll
MOD - [2014/01/06 20:04:46 | 000,100,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\libegl.dll
MOD - [2014/01/06 20:04:42 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\ffmpegsumo.dll
MOD - [2013/12/03 10:03:20 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


========== Services (SafeList) ==========

SRV - [2013/12/10 20:27:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/03 10:03:16 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/11/26 00:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/26 20:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/19 13:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 10:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/04/12 01:00:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/25 02:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 02:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/03 13:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/10/16 13:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/07/13 11:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/07/05 10:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2010/06/22 10:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2010/06/22 10:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2010/03/03 17:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/01 08:13:12 | 000,345,352 | ---- | M] () [On_Demand | Running] -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/07/15 14:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 14:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/04/29 11:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Bertha\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/12/03 10:03:29 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/03 10:03:29 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/12/03 10:03:28 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/03 10:03:28 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/03 10:03:28 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/12/03 10:03:28 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/03 10:03:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/03 10:03:28 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/06/26 18:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2013/06/26 18:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2013/06/26 18:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2013/06/26 18:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2012/06/29 01:24:02 | 000,249,288 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0153.sys -- (RsFx0153)
DRV - [2011/06/20 20:09:00 | 000,200,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/19 16:03:10 | 000,059,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 16:03:00 | 000,051,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/05/10 20:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2010/05/10 20:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/05/10 19:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2010/02/02 21:10:32 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/07/15 14:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/07/15 14:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/15 14:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/04/29 11:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/13 13:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/06/04 10:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [1998/10/28 11:49:02 | 000,084,480 | ---- | M] (Shuttle Technology. ) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\epstwnt.mpd -- (epstwnt)
DRV - [1998/08/12 01:41:02 | 000,018,432 | ---- | M] (Shuttle Technology) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Sharshtl.sys -- (SHARSHTL)
DRV - [1997/12/22 17:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{267D48CE-A942-49A3-9EC5-2753220560B1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3303930
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes,DefaultScope = {5CEAE635-BD84-4F88-ABE9-1D0F77016CE0}
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{5CEAE635-BD84-4F88-ABE9-1D0F77016CE0}: "URL" = http://www.bing.com/search?FORM=U146CD&PC=U146C&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{90182B2A-2920-411D-9895-9366069869D0}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120103,6901,0,8,0
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{F2BBD450-7955-4E04-BC27-0E533824C9BA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGNI_enUS476
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3303930&CUI=UN37900105254162392&UM=2
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.defaultengine: "Ask Search"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@RecipeHub_2j.com/Plugin: C:\Program Files\RecipeHub_2j\bar\1.bin\NP2jStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files\LivingPlay\nplplaypop.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2013/09/12 09:40:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/10/26 11:58:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\

[2011/07/19 08:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Extensions
[2011/07/19 08:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2014/01/12 11:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions
[2011/04/12 07:16:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Wallet = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

Hosts file not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll File not found
O3 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe ()
O4 - HKLM..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpsjbmgr.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-262933362-4071809552-10700770-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1364B53-028A-497F-8521-A23C855D6DCC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/12 11:46:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/12 08:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2014/01/06 11:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Vault
[2014/01/06 11:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Power Speed
[2013/12/19 12:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/18 10:38:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/14 12:35:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/14 12:20:24 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/12/14 12:19:52 | 000,000,000 | ---D | C] -- C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/12/14 12:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com

========== Files - Modified Within 30 Days ==========

[2014/01/12 11:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/12 11:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/12 08:57:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/12 08:44:17 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 08:44:17 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 08:41:58 | 000,751,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/12 08:41:58 | 000,154,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/12 08:39:12 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2014/01/12 08:37:17 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2014/01/12 08:36:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/12 08:36:29 | 2387,288,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/07 17:10:40 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/06 15:44:30 | 000,882,691 | ---- | M] () -- C:\Users\Bertha\Desktop\CWPay.zip
[2014/01/06 11:52:36 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/01/06 11:52:28 | 000,000,052 | ---- | M] () -- C:\Users\Public\Desktop\RebateBlast.com.url
[2013/12/18 10:35:04 | 005,056,365 | ---- | M] () -- C:\Users\Bertha\Desktop\CWMSCF.zip
[2013/12/14 12:57:22 | 000,075,264 | ---- | M] () -- C:\Users\Bertha\Desktop\SystemLook (1).exe
[2013/12/14 12:21:58 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BERTHA-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
[2013/12/14 12:19:52 | 000,002,179 | ---- | M] () -- C:\Users\Bertha\Desktop\Tweaking.com - Registry Backup.lnk

========== Files Created - No Company Name ==========

[2014/01/06 11:52:36 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/01/06 11:52:28 | 000,000,052 | ---- | C] () -- C:\Users\Public\Desktop\RebateBlast.com.url
[2013/12/14 12:57:22 | 000,075,264 | ---- | C] () -- C:\Users\Bertha\Desktop\SystemLook (1).exe
[2013/12/14 12:21:58 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BERTHA-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
[2013/12/14 12:19:52 | 000,002,179 | ---- | C] () -- C:\Users\Bertha\Desktop\Tweaking.com - Registry Backup.lnk
[2013/12/03 09:52:39 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/12/03 09:52:39 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/05 10:51:10 | 000,103,272 | ---- | C] () -- C:\Users\Bertha\GoToAssistDownloadHelper.exe
[2013/07/03 11:59:02 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/11/06 13:31:20 | 000,000,258 | RHS- | C] () -- C:\Users\Bertha\ntuser.pol
[2012/03/23 10:44:02 | 000,000,000 | ---- | C] () -- C:\Users\Bertha\AppData\Local\rx_image32.Cache
[2012/03/22 14:15:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/22 14:15:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/22 14:15:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/22 14:15:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/22 14:15:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/08 13:37:45 | 000,404,033 | ---- | C] () -- C:\Users\Bertha\AppData\Local\census.cache
[2012/03/08 13:37:25 | 000,160,371 | ---- | C] () -- C:\Users\Bertha\AppData\Local\ars.cache
[2012/01/19 13:49:37 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/11/01 07:54:46 | 000,200,254 | ---- | C] () -- C:\Users\Bertha\KJ.jpg
[2011/04/27 11:54:04 | 000,007,597 | ---- | C] () -- C:\Users\Bertha\AppData\Local\resmon.resmoncfg
[2010/10/21 08:53:51 | 000,001,940 | ---- | C] () -- C:\Users\Bertha\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/07 09:20:10 | 000,000,036 | ---- | C] () -- C:\Users\Bertha\AppData\Local\housecall.guid.cache
[2009/06/15 09:27:24 | 000,006,520 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2005/04/14 12:11:41 | 000,019,456 | ---- | C] () -- C:\Users\Bertha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/12/09 10:50:05 | 000,038,408 | ---- | C] () -- C:\Users\Bertha\AppData\Roaming\Comma Separated Values (Windows).ADR
[2003/12/02 12:44:49 | 000,000,129 | ---- | C] () -- C:\Users\Bertha\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 362 bytes -> C:\ProgramData\Temp:D478F292

< End of report >
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 12th, 2014, 4:24 pm

OTL Extras logfile created on: 01/12/2014 12:18:23 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bertha\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.96 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 46.41% Memory free
5.93 Gb Paging File | 4.16 Gb Available in Paging File | 70.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.15 Gb Total Space | 150.09 Gb Free Space | 68.17% Space Free | Partition Type: NTFS

Computer Name: BERTHA-PC | User Name: Bertha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB4DFC0-B3C9-4983-BB58-2A7BF3295979}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{27838348-9942-4A6F-A6DD-D3B3A6462A3C}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{31B5CB32-ACDB-4C69-88E4-9F581529DF8F}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent broadcast |
"{330A18B2-A833-4355-B414-B2E6EDEE7E11}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{37DE9F2F-ADE8-4C75-8F34-3D8CFAD2EDE9}" = lport=445 | protocol=6 | dir=in | app=system |
"{45284E45-6D0E-4A49-B163-28768FF26934}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4A62E959-61B0-4308-90CE-B18D672D308D}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{634A4B35-7EF7-4410-B0C1-D8DADDB439A4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{65D76F1B-3F45-44D0-B557-E73736E7B539}" = lport=139 | protocol=6 | dir=in | app=system |
"{66ECCB76-EBD4-4D40-B0EB-8D8E77A3E497}" = rport=139 | protocol=6 | dir=out | app=system |
"{6D5B4F24-D156-4C50-A58C-A83E384E1871}" = lport=137 | protocol=17 | dir=in | app=system |
"{70B9C0A1-9BBA-4B98-9EC0-FF217DC3FC92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{715AE85F-445C-4E2B-A158-BE4C1B105533}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8540035F-056A-4535-A5C7-9FD89E3D7D03}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update |
"{A073D09B-BD9A-4A40-990D-C6EFAD53E3D7}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{A453AB5D-06EB-470C-AC37-E254E2CD77E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA5FA8BF-EA52-4B1D-ADBC-2C1B7F47F4DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD9DBAA3-4CF9-4740-89F4-1BE66F1682D9}" = rport=137 | protocol=17 | dir=out | app=system |
"{CFB3B544-4181-4542-A084-BBCEC4E13F4F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6C4896D-9E1D-4D8D-82ED-867C6CA95D2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB3FEE90-B2F8-4304-8350-2804FADD994D}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC5BB6AA-18C6-4424-87F6-04A6C0676F33}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1A268B6-6B40-4A25-B833-7B3F9768D2C0}" = rport=138 | protocol=17 | dir=out | app=system |
"{FD29672C-14A5-44B7-BFB6-690FB7CC8883}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6A18CC-6693-4F47-A79E-E313A908AE7B}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{0C3C9E46-04DC-4418-B336-45F8CEA62EAD}" = protocol=6 | dir=in | app=c:\program files\microsoft sql server\mssql10_50.churchwindows\mssql |
"{1075D997-6132-405F-B50B-991FA57ED1C5}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{142E9557-3800-4D6C-8E53-14A52F19ED12}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{17D48409-E655-46ED-8661-12E2B8802A1E}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{1A6F1BA7-58CF-4BF9-A9C7-64C1B25A292E}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{26830F28-C87C-402D-A226-BA91676399F6}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
"{36C9B49A-0B56-4681-BD80-EF548D9DEE2E}" = protocol=6 | dir=out | app=c:\program files\microsoft sql server\100\shared\ |
"{3F3545F4-9CE4-4293-B671-DBC2BB0ECBE5}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{421A54EE-48CC-44C0-99A9-CB85EEECB169}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{4D8D28EC-0C2C-4B18-876D-1A646807C0BD}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
"{4EC5FEF5-460B-48D6-8B00-1A9527B61593}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{54BCFB01-5DFE-40A0-B1E4-31601D46D97E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{61A554DD-BE2B-4F72-8B1A-CCDE96787AAD}" = protocol=6 | dir=in | app=c:\program files\microsoft sql server\100\shared\ |
"{682AEE63-E87E-4649-AADF-FCEC2855B2E2}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{71463F6D-AAEF-4790-AD00-3122EDA0E277}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{7AF9D35D-BC90-41FC-9307-63553432B3E7}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
"{7DBF2A80-9CF8-48BF-A2B4-1C3D7683173D}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{7DE84200-6143-4A8A-AB55-EE7799322373}" = protocol=6 | dir=out | app=c:\program files\microsoft sql server\mssql10_50.churchwindows\mssql |
"{809D2214-8394-45BA-8B64-BD15690D0131}" = protocol=6 | dir=in | app=c:\cw\cw.exe |
"{8A83CD5F-84EE-4909-8D98-82A54CB6A8C1}" = protocol=6 | dir=out | app=c:\cw\cw.exe |
"{9142739D-EA7E-4458-A204-D31185687B7A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{93CBD347-FCFC-4270-8BA3-62F864E31E61}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{961350B9-61F6-408F-B676-24C9656ACCAB}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{AAB5B2EC-225C-4A58-BBC1-AC644879872B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B721C1AD-C6EA-4F23-BA44-07D4FA51B2C9}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{BD01AD16-822A-4C58-919F-2004B6ADDF7B}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{C65983C7-3689-4A0D-8267-A5CD60DC8E3F}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
"{CC93D847-0420-43D1-B463-1F4FD84725A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D8D6D326-F1AC-483F-B924-3C512E1C54D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EBBAE0D2-6ABB-4269-AC8C-23ABACD1ADC6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EDF7169D-9325-4C21-8E8E-2E6DDAF77738}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{F0BC2FB8-0AF6-4C0D-9466-51CFF798F7BE}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{F4BDB281-47A3-416A-BFF7-353C69D7BF89}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{F6A05AC5-E90C-4567-A559-B34792C8589A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{F72CB282-4EC8-409E-9DB8-879176446308}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{B6BD6137-0B47-4310-B28D-320466227CC3}C:\users\bertha\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\bertha\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"TCP Query User{D0FE5DE8-1A99-4C5C-AE8D-E9FEC19CA75B}C:\users\bertha\appdata\local\temp\simplehelpstandalone_30250226_-1112394739\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\bertha\appdata\local\temp\simplehelpstandalone_30250226_-1112394739\jre\bin\javaw.exe |
"UDP Query User{99026531-D772-4622-B6CA-188274980A82}C:\users\bertha\appdata\local\temp\simplehelpstandalone_30250226_-1112394739\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\bertha\appdata\local\temp\simplehelpstandalone_30250226_-1112394739\jre\bin\javaw.exe |
"UDP Query User{C4D072DA-ABCF-4701-8B92-D11DC5CB0495}C:\users\bertha\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\bertha\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}" = Gemalto
"{134F961C-3B94-47C4-9303-21C02D2CA309}" = Church Windows Payroll
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3BDEDA44-E016-4643-A740-68618D8CCFA2}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 SP2 Database Engine Services
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 SP2 Database Engine Shared
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}" = Microsoft SQL Server 2008 R2 Setup (English)
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{85D468B9-D074-4BC5-BAFD-121ED3D83657}" = Church Windows Payroll (C:\CWPay\)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F6B005C-C741-465A-AA72-20C866BBBEE7}" = Church Windows Payroll
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A32F592F-AA0E-49AF-8E85-A0A25AF83314}" = Wave Infrastructure Installer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1" = PC Power Speed 1.1.0.43
"{B7C5EA94-B96A-41F5-BE95-25D78B486678}" = Splashtop Streamer
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 SP2 Database Engine Services
"{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}" = PC-CCID
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP2 Common Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{D8AA026F-0EE5-4550-A6DA-8BE4AB5D3E54}" = Church Windows (C:\CW\)
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA15BE19-9E97-4864-AC2D-57EB1E55AC14}" = Church Windows Payroll
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EEB0EFE8-61EB-4C42-929A-CE25D3FBC0C6}" = Microsoft SQL Server 2008 R2 Native Client
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 SP2 Database Engine Shared
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP2 Common Files
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE60B87C-63A2-4A45-AC06-FFEFD5DB7846}_is1" = Online Vault
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AudibleManager" = AudibleManager
"avast" = avast! Free Antivirus
"BurnToDisk_is1" = BurnToDisk version 1.0
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Google Chrome" = Google Chrome
"HP PrecisionScan" = HP PrecisionScan
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"MDI Converter_is1" = MDIConverter 3.0
"MDI Viewer_is1" = MDIViewer 3.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"Office14.PUBLISHERR" = Microsoft Publisher 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pandora's Box_is1" = Pandoras Box V1.3.8
"PC Speed Maximizer_is1" = PC Speed Maximizer v3.0
"PROSetDX" = Intel(R) Network Connections 15.2.89.0
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Splashtop Software Updater" = Splashtop Software Updater
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

< End of report >
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » January 13th, 2014, 10:06 pm

Hi reddog1992000,

Please move OTL to your desktop before we continue. It was designed to be run from the desktop.
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bertha\Downloads

This is very important that you do this.

There are two programs I would like you to try and uninstall prior to running the OTL fixes.
If you are unable to locate them in the uninstall list, do not worry as we can manually remove them.


Step 1.
Uninstall Programs
I need you to uninstall some program(s).
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. then press enter.
    • Locate the following program(s):
      Inbox Toolbar
      RebateInformer
    • Select the program and click on Uninstall to uninstall it.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    • Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.




Step 2.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Click on the "Select ALL" link. Rt mouse click - Copy then Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :OTL
    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3303930
    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3303930&CUI=UN37900105254162392&UM=2
    FF - prefs.js..browser.search.defaultengine: "Ask Search"
    O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll File not found
    @Alternate Data Stream - 362 bytes -> C:\ProgramData\Temp:D478F292
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{26830F28-C87C-402D-A226-BA91676399F6}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
    "{4D8D28EC-0C2C-4B18-876D-1A646807C0BD}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
    "{7AF9D35D-BC90-41FC-9307-63553432B3E7}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
    "{C65983C7-3689-4A0D-8267-A5CD60DC8E3F}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
    
    :Files
    C:\Users\Bertha\appdata\local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
    C:\Users\Bertha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 3.
Please delete any copies of SystemLook.exe and then download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Click on the "Select ALL" link. Rt mouse click - Copy then Paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *dogpile*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *inboxtoolbar*
    *inbox toolbar*
    *rebateinformer*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *dogpile*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *inboxtoolbar*
    *inbox toolbar*
    *rebateinformer*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    Bandoo
    Community
    Conduit
    datamngr
    dogpile
    Fun4IM
    iLivid
    IObit
    Iminent
    inboxtoolbar
    inbox toolbar
    rebateinformer
    Searchqu
    Searchnu
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  2. Contents of SystemLook.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 15th, 2014, 6:12 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Unable to set value : HKU\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
Registry key HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Prefs.js: "Ask Search" removed from browser.search.defaultengine
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ deleted successfully.
ADS C:\ProgramData\Temp:D478F292 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{26830F28-C87C-402D-A226-BA91676399F6}" = protocol=6 | dir=in | app|c:\program files\dogpile bundle toolbar\troubleshooter.exe | /E :invalid edit format. Invalid data type.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{4D8D28EC-0C2C-4B18-876D-1A646807C0BD}" = protocol=17 | dir=in | app|c:\program files\dogpile bundle toolbar\toolbarupdate.exe | /E :invalid edit format. Invalid data type.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{7AF9D35D-BC90-41FC-9307-63553432B3E7}" = protocol=17 | dir=in | app|c:\program files\dogpile bundle toolbar\troubleshooter.exe | /E :invalid edit format. Invalid data type.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{C65983C7-3689-4A0D-8267-A5CD60DC8E3F}" = protocol=6 | dir=in | app|c:\program files\dogpile bundle toolbar\toolbarupdate.exe | /E :invalid edit format. Invalid data type.
========== FILES ==========
File\Folder C:\Users\Bertha\appdata\local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh not found.
File\Folder C:\Users\Bertha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Bertha
->Temp folder emptied: 9749450 bytes
->Temporary Internet Files folder emptied: 154773826 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 278216837 bytes
->Flash cache emptied: 4276 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2350090 bytes
RecycleBin emptied: 3846102 bytes

Total Files Cleaned = 428.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01152014_014137
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 15th, 2014, 6:18 pm

I appreciate all your help! :) I still have an add on for the IE browser now it's calling itself ConnectSo search engine. The Google Chrome appears to be unaffected now though. I had a hard time finding a way to complete Step 1 from your previous post and so hope we can figure out how to uninstall differently.
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » January 16th, 2014, 12:23 am

Do not worry about Step 1.
Please continue and complete Step 3.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware