Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with Malware.. Cannot Get Rid of Conduit Search

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 16th, 2014, 12:25 am

SystemLook 30.07.11 by jpshortstuff
Log created at 14:01 on 15/01/2014 by Bertha
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"
No files found.

Searching for "*Community*"
C:\Users\Bertha\Desktop\Deacon\R & R Reports - Deacons\Deacons Community Outreach Role R&R.docx --a---- 62879 bytes [16:10 01/10/2013] [16:35 01/10/2013] B7D584E60C64C2533BF259AEA092FF04
C:\Users\Bertha\Desktop\My Documents\Heather\Misc PDF, and PDF Reports\'13, 3rd Qtr 6 Mission and Community.pdf --a---- 28795 bytes [06:56 20/10/2013] [07:33 20/10/2013] CE57B59FDA85F3C871D46EBAC3910A09
C:\Users\Bertha\Desktop\My Documents\Office\Computer Stuff\Office_files\tabs_files\TransCommunity.gif --a---- 346 bytes [20:39 11/11/2003] [21:14 03/05/2001] 9DB81727D7A173EF105790CA182F7168
C:\Users\Bertha\Documents\Deacons Community Outreach Role R&R.docx --a---- 62770 bytes [16:03 01/10/2013] [14:51 29/09/2013] 2EFD7B57C6D4BDFE6D23A1F8C3378E25
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XRHHKK0\community[1].css --a---- 433 bytes [21:48 15/03/2012] [21:48 15/03/2012] C6185CD024948FF4CC0B59069DE5FFC0
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5NAOBSP1\community-logo[1].gif --a---- 8632 bytes [17:08 28/02/2012] [17:08 28/02/2012] 260B7D5FE2FE9108844FAF1CF8887AC1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NIJV33A\community[1].htm --a---- 37848 bytes [19:34 28/02/2012] [19:34 28/02/2012] C18A52328F6EBDB85308714A2BE27624
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6URLTW6N\community[1].htm --a---- 38396 bytes [17:02 18/03/2012] [17:02 18/03/2012] 33DAFE7F0D2D242F0C5D84A323050E4F
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MZSGNCD\community[1].htm --a---- 38526 bytes [17:26 26/02/2012] [17:26 26/02/2012] 6C8F07285A56055AE128CE8BA737ECB7
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9AUYPFMQ\icn-community-welcome[1].png --a---- 386 bytes [18:30 22/02/2012] [18:30 22/02/2012] 858A2F76AA52014119EFBDF4D5A3E536
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUX462CL\community[1].jpg --a---- 0 bytes [20:51 12/03/2012] [20:51 12/03/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJ2JHIZM\icon_community_activities[1].png --a---- 2217 bytes [21:49 15/03/2012] [21:49 15/03/2012] 99602A0E67233809FA82273B565F40AF
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJC4W9GH\icn-community-welcome[1].png --a---- 386 bytes [17:07 28/02/2012] [17:07 28/02/2012] 858A2F76AA52014119EFBDF4D5A3E536
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKFO3FOD\community[1].htm --a---- 37896 bytes [17:39 26/02/2012] [17:39 26/02/2012] 122E1A4C2195551AC12FD630B78F938E
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBC6T0VU\community[1].htm --a---- 38109 bytes [16:59 04/03/2012] [16:59 04/03/2012] 6787D50E6E7DDF8F5AE9F0E91DB0DE0C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LKU7QFCO\community[1].htm --a---- 37711 bytes [17:09 04/03/2012] [17:09 04/03/2012] 4CCD14799B233716A57F398EE7F41FB7
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SR2T2GFW\community[1].htm --a---- 37744 bytes [19:37 28/02/2012] [19:37 28/02/2012] B04901294FC8E98823EF18C4AE011EE4
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOB20MLP\community[1].htm --a---- 37823 bytes [17:35 04/03/2012] [17:35 04/03/2012] 6EBBAC748E3A2DC940A7E1076371646B
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9TJ8BQY\Community_SocialServices[1].jpg --a---- 787 bytes [22:29 05/03/2012] [22:29 05/03/2012] 960321CAB78DBA5ADB4BE4EEB690C71E
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZQ9FJM20\community[1].htm --a---- 38431 bytes [17:18 29/02/2012] [17:18 29/02/2012] 1F38E936467A561C7966E132122DF22E

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_2_2_4.xml.vir --a---- 10909 bytes [18:35 12/11/2010] [20:41 29/11/2010] 1B3B574AA349758343D3C80787B9739E
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png.vir --a---- 821 bytes [17:53 08/11/2010] [17:53 08/11/2010] 99D5F75C338F2A877CBF891E0F18746E
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png.vir --a---- 729 bytes [17:53 08/11/2010] [17:53 08/11/2010] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png.vir --a---- 531 bytes [17:53 08/11/2010] [17:53 08/11/2010] A847C5F6CE2C700048749892DD2E0619
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png.vir --a---- 669 bytes [17:53 08/11/2010] [17:53 08/11/2010] FED9E00C76F647EE6A0B7CC684C89F0C
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png.vir --a---- 263 bytes [16:48 11/01/2011] [16:48 11/01/2011] 36BD416D16391EFAAAFB2C3C54EAE986
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png.vir --a---- 734 bytes [17:53 08/11/2010] [17:53 08/11/2010] 943ADFD9E0DF1507F7BC419802BF4303
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png.vir --a---- 562 bytes [17:53 08/11/2010] [17:53 08/11/2010] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png.vir --a---- 610 bytes [17:53 08/11/2010] [17:53 08/11/2010] 68E9E9252E45ED7BD51B8680E8DD4462
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png.vir --a---- 606 bytes [17:53 08/11/2010] [17:53 08/11/2010] 8D8D187BA99DBEF76E4286668B474A4E
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png.vir --a---- 493 bytes [17:53 08/11/2010] [17:53 08/11/2010] 275C9DA2D536F18F528C80E050C3D705
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png.vir --a---- 706 bytes [17:53 08/11/2010] [17:53 08/11/2010] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png.vir --a---- 674 bytes [17:53 08/11/2010] [17:53 08/11/2010] 650731EEF807C292E699779B12CBE552
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png.vir --a---- 696 bytes [17:53 08/11/2010] [17:53 08/11/2010] 70D43EC3F4BD7C10D5534EFCEC6D7AE5
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png.vir --a---- 607 bytes [17:53 08/11/2010] [17:53 08/11/2010] 9B4D914888BCFFCBAE6757A0E450551C
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-us.xml.vir --a---- 6613 bytes [17:53 08/11/2010] [17:53 08/11/2010] FE3E6F69A41E7532957D7814E3E433E1
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-us.xml.vir --a---- 6819 bytes [17:53 08/11/2010] [16:56 11/04/2011] A278FCD81E7E9E287A0F8BB1C89CD2C6
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-us.xml.vir --a---- 4060 bytes [17:53 08/11/2010] [17:53 08/11/2010] D36423CECBFE5F806725E13ED7101201
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-us.xml.vir --a---- 4475 bytes [17:53 08/11/2010] [16:56 11/04/2011] 74F81E98677EB434ADD4BC697F677185
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\ConduitAbstractionLayerBack.js.vir --a---- 454854 bytes [18:28 11/12/2013] [18:28 11/12/2013] 7E6A4F6F01F813BBB79D3EAE0B02C213
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\ConduitAbstractionLayerFront.js.vir --a---- 222166 bytes [18:28 11/12/2013] [18:28 11/12/2013] DD3DFC8D0F098FBA8FC7CCEB1AD0A9D0
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\js\conduitEnv.js.vir --a---- 93693 bytes [18:29 11/12/2013] [18:29 11/12/2013] 9DB75E864BEA1C6855D203898ED5A7A2
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\plugins\ConduitChromeApiPlugin.dll.vir --a---- 492320 bytes [18:29 11/12/2013] [18:29 11/12/2013] 9D673D6C8471BF6D13338625FCF1FDC6
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\tb\al\aboutBox\images\conduit-logo-OLD.png.vir --a---- 1305 bytes [18:29 11/12/2013] [18:29 11/12/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\tb\al\aboutBox\images\conduit-logo.png.vir --a---- 3926 bytes [18:29 11/12/2013] [18:29 11/12/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\tb\al\options\images\conduit-logo.png.vir --a---- 3926 bytes [18:29 11/12/2013] [18:29 11/12/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\peloglcfgdfkabbnlaeolbgfejohochl\10.22.3.18_0\ConduitAbstractionLayerBack.js.vir --a---- 493840 bytes [19:35 12/01/2014] [19:35 12/01/2014] 956C6B5C3906F986224B55C1AD420B28
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\peloglcfgdfkabbnlaeolbgfejohochl\10.22.3.18_0\ConduitAbstractionLayerFront.js.vir --a---- 249477 bytes [19:35 12/01/2014] [19:35 12/01/2014] 507A133685F64AECB9C9D1E8B4CAF057
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\peloglcfgdfkabbnlaeolbgfejohochl\10.22.3.18_0\js\conduitEnv.js.vir --a---- 93693 bytes [19:35 12/01/2014] [19:35 12/01/2014] 9DB75E864BEA1C6855D203898ED5A7A2
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\peloglcfgdfkabbnlaeolbgfejohochl\10.22.3.18_0\plugins\ConduitChromeApiPlugin.dll.vir --a---- 890144 bytes [19:35 12/01/2014] [19:35 12/01/2014] 37EE249FE3D868771A257C196198AA0E
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\peloglcfgdfkabbnlaeolbgfejohochl\10.22.3.18_0\Search\plugins\npConduitNewTabPlugin.dll.vir --a---- 62240 bytes [19:35 12/01/2014] [19:35 12/01/2014] 49534CC842958DE8DCFC0CA7698FC540
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\peloglcfgdfkabbnlaeolbgfejohochl\10.22.3.18_0\tb\al\aboutBox\images\conduit-logo-OLD.png.vir --a---- 1305 bytes [19:35 12/01/2014] [19:35 12/01/2014] 5F8EF9A0B050532B90B2645E9627E3F9
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\peloglcfgdfkabbnlaeolbgfejohochl\10.22.3.18_0\tb\al\aboutBox\images\conduit-logo.png.vir --a---- 3926 bytes [19:35 12/01/2014] [19:35 12/01/2014] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\peloglcfgdfkabbnlaeolbgfejohochl\10.22.3.18_0\tb\al\options\images\conduit-logo.png.vir --a---- 3926 bytes [19:35 12/01/2014] [19:35 12/01/2014] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal.vir --a---- 16384 bytes [16:29 21/06/2013] [16:42 12/12/2013] C4B97C0FE7B753DB1E4DBE34A6E09C71
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage.vir --a---- 210944 bytes [16:29 21/06/2013] [16:42 12/12/2013] A2B9EFA171D7F7BAFDC7CAA240B0012C
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastcontent.conduit.com_0.localstorage-journal.vir --a---- 16384 bytes [19:16 26/11/2013] [19:49 11/12/2013] FCACB8F45D3ECAEDFDDEDF1D71324CFE
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastcontent.conduit.com_0.localstorage.vir --a---- 29696 bytes [19:16 26/11/2013] [19:49 11/12/2013] EE411F76D728CC580455C9B05C87360F
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal.vir --a---- 11864 bytes [20:29 18/11/2013] [20:03 11/12/2013] 1FCD6D1923DEE89CF38CC01B87EFC4AD
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage.vir --a---- 1879040 bytes [20:29 18/11/2013] [20:03 11/12/2013] B14A5E5F5ED40222B63868EE49B9297A
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal.vir --a---- 3608 bytes [16:38 27/06/2013] [17:16 27/06/2013] B709E7F26D05C201CE49BC88E40F32A9
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage.vir --a---- 3072 bytes [16:38 27/06/2013] [17:16 27/06/2013] 5959C795468576A3719B000C0DFBE45B
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal.vir --a---- 3608 bytes [20:29 18/11/2013] [19:47 11/12/2013] FB7075AAFA1FEAAB5AB79C666B1D8E0E
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage.vir --a---- 3072 bytes [20:29 18/11/2013] [19:47 11/12/2013] 4E6DFA5626D30EC81AEB7A85A25818F0
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1178763_1174448_US.xml.vir --a---- 179 bytes [20:28 21/06/2011] [20:28 21/06/2011] F7598DCC137C5BC7A12A1A69CF63D58D
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1774897_1765438_US.xml.vir --a---- 193 bytes [00:34 21/06/2013] [00:57 21/06/2013] 405DD1D7D36C626FAFD9AC9650D3CD76
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1788829_1779370_US.xml.vir --a---- 188 bytes [17:48 18/11/2013] [19:33 18/11/2013] BAC1CAF6C43C7E9968DBC080550AAA71
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_US.xml.vir --a---- 191 bytes [20:28 21/06/2011] [20:28 21/06/2011] 43C93B80235159F037CEA9A173922F92
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_3_5_3.xml.vir --a---- 10909 bytes [20:28 21/06/2011] [20:28 21/06/2011] 1B3B574AA349758343D3C80787B9739E
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com\chrome\conduitengine.jar.vir --a---- 729935 bytes [20:23 21/06/2011] [20:23 21/06/2011] 4A2D55615F60C3A00E03ECFD39224EC5
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js.vir --a---- 16435 bytes [20:23 21/06/2011] [20:23 21/06/2011] FA0D9E1396C227B8697E41996A95912B
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt.vir --a---- 166 bytes [20:23 21/06/2011] [20:23 21/06/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com\components\ConduitToolbar.idl.vir --a---- 152 bytes [20:23 21/06/2011] [20:23 21/06/2011] 33D4D4337895FCA507DF937B5980D41A
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com\components\ConduitToolbar.js.vir --a---- 2389 bytes [20:23 21/06/2011] [20:23 21/06/2011] 6A2C72DF1348F39C0CE44E1B8C10F5CE
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com\components\ConduitToolbar.xpt.vir --a---- 140 bytes [20:23 21/06/2011] [20:23 21/06/2011] DFFE26916941DE0A33E503FD38008290
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com\searchplugin\conduit.gif.vir --a---- 173 bytes [20:23 21/06/2011] [20:23 21/06/2011] 225B6898AE7D6E0CE88B3FE57BD750F2
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com\searchplugin\conduit.ico.vir --a---- 1406 bytes [20:23 21/06/2011] [20:23 21/06/2011] A23164BA794BE61799C67423F56C9163
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com\searchplugin\conduit.PNG.vir --a---- 255 bytes [20:23 21/06/2011] [20:23 21/06/2011] AF3A51D0B8D6F04EE33307A654560DBE
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com\searchplugin\conduit.src.vir --a---- 328 bytes [20:23 21/06/2011] [20:23 21/06/2011] 43317CC423A502C077AD68F838249117
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com\searchplugin\conduit.xml.vir --a---- 913 bytes [20:23 21/06/2011] [20:23 21/06/2011] 4E45A93B99F44F41EADFB167FB85FB02
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js.vir --a---- 16435 bytes [20:23 21/06/2011] [20:23 21/06/2011] FA0D9E1396C227B8697E41996A95912B
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt.vir --a---- 166 bytes [20:23 21/06/2011] [20:23 21/06/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl.vir --a---- 148 bytes [20:23 21/06/2011] [20:23 21/06/2011] 44D23D49A6D3961BDE3068EB38D75CF0
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js.vir --a---- 2377 bytes [20:23 21/06/2011] [20:23 21/06/2011] 8C830EA90BD3D62C5037BDCFF4F1F6F1
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt.vir --a---- 136 bytes [20:23 21/06/2011] [20:23 21/06/2011] E314B9BFDD420DCE4ECC6E9710D139D6
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif.vir --a---- 173 bytes [20:23 21/06/2011] [20:23 21/06/2011] 225B6898AE7D6E0CE88B3FE57BD750F2
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico.vir --a---- 1406 bytes [20:23 21/06/2011] [20:23 21/06/2011] A23164BA794BE61799C67423F56C9163
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG.vir --a---- 255 bytes [20:23 21/06/2011] [20:23 21/06/2011] AF3A51D0B8D6F04EE33307A654560DBE
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src.vir --a---- 254 bytes [20:23 21/06/2011] [20:23 21/06/2011] 1C54B2456A8AA2AE438000F3C28C3F17
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml.vir --a---- 863 bytes [20:23 21/06/2011] [20:23 21/06/2011] 9899FF3D3FB322748631B08B248D8055
C:\AdwCleaner\Quarantine\C\Windows\system32\conduitEngine.tmp.vir --a---- 0 bytes [20:23 21/06/2011] [20:23 21/06/2011] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage --a---- 4096 bytes [20:29 18/11/2013] [16:42 12/12/2013] 40BAC9964DBF006395F1331CF10C0644
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal --a---- 4640 bytes [20:29 18/11/2013] [16:42 12/12/2013] C0C64B30BE326D9A18B3B912847635BA
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K09MO91P\Conduit.Search[1].htm --a---- 510 bytes [20:21 15/01/2014] [20:21 15/01/2014] 7C80DF482C96642F59A576FD91E39B07
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CN9G968E\fastcontent.conduit[1].xml --a---- 363 bytes [00:34 21/06/2013] [00:36 21/06/2013] 842A5A1F51F377158E11947E85893394
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\apps.search.conduit[1].xml --a---- 13 bytes [00:34 21/06/2013] [00:34 21/06/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\facebook.conduitapps[1].xml --a---- 13 bytes [00:34 21/06/2013] [00:34 21/06/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\LYZM0OFG\cap1.conduit-apps[1].xml --a---- 13 bytes [17:48 18/11/2013] [17:48 18/11/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MGBO1MON\app.mam.conduit[1].xml --a---- 133 bytes [17:48 18/11/2013] [17:48 18/11/2013] E56D08FC5B78390487B331CF45FC3537
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UUOS2B1X\storage.conduit[1].xml --a---- 13 bytes [17:48 18/11/2013] [17:48 18/11/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\app.mam.conduit[1].xml --a---- 13 bytes [00:34 21/06/2013] [00:34 21/06/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\storage.conduit[1].xml --a---- 13 bytes [00:34 21/06/2013] [00:34 21/06/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YO6RQMHP\fastcontent.conduit[1].xml --a---- 840 bytes [17:48 18/11/2013] [19:30 18/11/2013] 43F35D85857319F7AED89FE3DD646393
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@apps.conduit[1].txt --a---- 438 bytes [18:37 12/11/2010] [16:54 10/12/2010] 7F8234C135550954E86FC636DE75056C
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@conduit[1].txt --a---- 244 bytes [18:16 10/12/2010] [18:16 10/12/2010] 9E7946F5D4A26620244393CE569D1387
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@search.conduit[1].txt --a---- 680 bytes [17:53 08/11/2010] [20:48 12/11/2010] 4F256A5EEEEAF8C9BF90B2A952C67AA4
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@shop.conduit-widgets[1].txt --a---- 270 bytes [20:23 02/12/2010] [20:23 02/12/2010] C134200FD7ABFD6C613914F0A1FB545D

Searching for "*datamngr*"
No files found.

Searching for "*dogpile*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*inboxtoolbar*"
No files found.

Searching for "*inbox toolbar*"
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Uninstall Inbox Toolbar.lnk.vir --a---- 998 bytes [19:51 06/01/2014] [19:51 06/01/2014] 7BA4F11AA8D307BA10545B712416B1F9

Searching for "*rebateinformer*"
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer\RebateInformer.lnk.vir --a---- 964 bytes [19:52 06/01/2014] [19:52 06/01/2014] 4473DC19C8467E66D41B0AC413AED291
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer\Uninstall RebateInformer.lnk.vir --a---- 959 bytes [19:52 06/01/2014] [19:52 06/01/2014] C136C2EC7377A94962F164A993B8DB8D
C:\AdwCleaner\Quarantine\C\Users\Public\Desktop\RebateInformer.lnk.vir --a---- 946 bytes [19:52 06/01/2014] [19:52 06/01/2014] EEC65606259B9F216EF28FB4C08C4BD9

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*Bandoo*"
No folders found.

Searching for "*Community*"
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts d------ [17:34 17/12/2013]
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\LocalLow\Conduit\Community Alerts d------ [17:34 17/12/2013]

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Program Files\Conduit d------ [17:34 17/12/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit d------ [17:34 17/12/2013]
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Conduit d------ [17:34 17/12/2013]
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\ConduitEngine d------ [17:34 17/12/2013]
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\LocalLow\Conduit d------ [17:34 17/12/2013]
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com d------ [17:34 17/12/2013]

Searching for "*datamngr*"
No folders found.

Searching for "*dogpile*"
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle Toolbar d------ [17:34 17/12/2013]

Searching for "*Fun4IM*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*inboxtoolbar*"
No folders found.

Searching for "*inbox toolbar*"
C:\AdwCleaner\Quarantine\C\Program Files\Inbox Toolbar d------ [17:34 17/12/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar d------ [19:41 12/01/2014]
C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\LocalLow\Inbox Toolbar d------ [17:34 17/12/2013]

Searching for "*rebateinformer*"
C:\AdwCleaner\Quarantine\C\Program Files\RebateInformer d------ [19:41 12/01/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer d------ [19:41 12/01/2014]

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer d------ [17:34 17/12/2013]

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "Bandoo"
No data found.

Searching for "Community"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\San Diego Shared IO\Protocols\HPZipm12.exe\SNMPCommunityName]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10_1]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10_2]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10_3]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10_4]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\X_XEROX5030]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10_1]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10_2]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10_3]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10_4]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\X_XEROX5030]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10_1]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10_2]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10_3]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.0.10_4]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\X_XEROX5030]
"SNMP Community"="public"

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com?SearchSource=10&CUI=UN37900105254162392&UM=2&ctid=CT3303930"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3303930&CUI=UN37900105254162392&UM=2"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"FaviconURL"="http://search.conduit.com/favicon.ico"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com?SearchSource=10&CUI=UN37900105254162392&UM=2&ctid=CT3303930"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3303930&CUI=UN37900105254162392&UM=2"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"FaviconURL"="http://search.conduit.com/favicon.ico"

Searching for "datamngr"
No data found.

Searching for "dogpile"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000060231\Layouts\60231]
@="Dogpile Bundle Toolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000060231\Toolbar]
"firstURL"="http://support.dogpile.com/toolbar/dp_toolbar-sushi-thankyou"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000060231\Toolbar]
"toolbar_version"="Dogpile Bundle Toolbar 1.614"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D70061CF-B3EC-47A4-A207-E0B91C518990}]
"AppPath"="C:\Program Files\Dogpile Bundle Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C329777A-0CD1-4A76-92A7-65867073661E}\InprocServer32]
@="C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}\1.0\0\win32]
@="C:\Program Files\Dogpile Bundle Toolbar\Helper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}\1.0\HELPDIR]
@="C:\Program Files\Dogpile Bundle Toolbar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26830F28-C87C-402D-A226-BA91676399F6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe|Name=Dogpile Bundle Toolbar (Helper)|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7AF9D35D-BC90-41FC-9307-63553432B3E7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe|Name=Dogpile Bundle Toolbar (Helper)|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C65983C7-3689-4A0D-8267-A5CD60DC8E3F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe|Name=Dogpile Bundle Toolbar (Update)|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4D8D28EC-0C2C-4B18-876D-1A646807C0BD}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe|Name=Dogpile Bundle Toolbar (Update)|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26830F28-C87C-402D-A226-BA91676399F6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe|Name=Dogpile Bundle Toolbar (Helper)|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7AF9D35D-BC90-41FC-9307-63553432B3E7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe|Name=Dogpile Bundle Toolbar (Helper)|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C65983C7-3689-4A0D-8267-A5CD60DC8E3F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe|Name=Dogpile Bundle Toolbar (Update)|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4D8D28EC-0C2C-4B18-876D-1A646807C0BD}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe|Name=Dogpile Bundle Toolbar (Update)|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26830F28-C87C-402D-A226-BA91676399F6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe|Name=Dogpile Bundle Toolbar (Helper)|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7AF9D35D-BC90-41FC-9307-63553432B3E7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe|Name=Dogpile Bundle Toolbar (Helper)|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C65983C7-3689-4A0D-8267-A5CD60DC8E3F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe|Name=Dogpile Bundle Toolbar (Update)|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4D8D28EC-0C2C-4B18-876D-1A646807C0BD}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe|Name=Dogpile Bundle Toolbar (Update)|"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\FCTB000060231\Layouts\60231]
@="Dogpile Bundle Toolbar"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\FCTB000060231\Toolbar]
"firstURL"="http://support.dogpile.com/toolbar/dp_toolbar-sushi-thankyou"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\FCTB000060231\Toolbar]
"toolbar_version"="Dogpile Bundle Toolbar 1.614"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D70061CF-B3EC-47A4-A207-E0B91C518990}]
"AppPath"="C:\Program Files\Dogpile Bundle Toolbar"

Searching for "Fun4IM"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "inboxtoolbar"
No data found.

Searching for "inbox toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}]
@="Inbox Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}\InprocServer32]
@="C:\Program Files\Inbox Toolbar\Inbox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}\LocalServer32]
@="C:\Program Files\Inbox Toolbar\Inbox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
@="Inbox Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\InprocServer32]
@="C:\Program Files\Inbox Toolbar\Inbox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}\1.0\0\win32]
@="C:\Program Files\Inbox Toolbar\Inbox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}\1.0\HELPDIR]
@="C:\Program Files\Inbox Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}\1.0\0\win32]
@="C:\Program Files\Inbox Toolbar\Inbox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}\1.0\HELPDIR]
@="C:\Program Files\Inbox Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}]
"AppPath"="C:\Program Files\Inbox Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
"AppPath"="C:\Program Files\Inbox Toolbar"

Searching for "rebateinformer"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7DFDE1A-30B3-43C9-82C4-92D3A5789311}]
"AppPath"="C:\Program Files\RebateInformer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7DFDE1A-30B3-43C9-82C4-92D3A5789311}]
"AppPath"="C:\Program Files\RebateInformer"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7DFDE1A-30B3-43C9-82C4-92D3A5789311}]
"AppPath"="C:\Program Files\RebateInformer"

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "Tarma"
No data found.

Searching for "trolltech"
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm
Advertisement
Register to Remove

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » January 17th, 2014, 1:35 am

Hi reddog1992000,

Please complete the following steps. I am asking for a new set of DDS logs to see if the program you mentioned, (ConnectSo), is listed in it.

Step 1.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Click on the "Select ALL" link. Rt mouse click - Copy then Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
    "URL"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
    "SuggestionsURL_JSON"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
    "FaviconURL"=-
    [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
    "URL"=-
    [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
    "SuggestionsURL_JSON"=-
    [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
    "FaviconURL"=-
    
    :Files
    C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage
    C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal
    C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K09MO91P\Conduit.Search[1].htm
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CN9G968E\fastcontent.conduit[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\apps.search.conduit[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\facebook.conduitapps[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\LYZM0OFG\cap1.conduit-apps[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MGBO1MON\app.mam.conduit[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UUOS2B1X\storage.conduit[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\app.mam.conduit[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\storage.conduit[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YO6RQMHP\fastcontent.conduit[1].xml
    C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@apps.conduit[1].txt
    C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@conduit[1].txt
    C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@search.conduit[1].txt
    C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@shop.conduit-widgets[1].txt
    
    :Commands
    [EMPTYTEMP]
    
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 2.
DDS Scan
DDS should still be on your desktop.
Disable any script blocking software you have running before running DDS.
  • Please right mouse click and select "Run As Administrator" on dds.com to run the tool. (File name will be different if alternate download used).
    If you are using DDS.com, a black window will open with some additional instructions and comments... There is no need to change the default settings.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Please post both the DDS.txt and Attach.txt files in your next reply.


Step 3.
SystemLook should still be on your Desktop.

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Click on the "Select ALL" link. Rt mouse click - Copy then Paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *ConnectSo*
    
    :folderfind
    *ConnectSo*
    
    :Regfind
    ConnectSo 
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  2. Contents of DDS.txt
  3. Contents of Attach.txt
  4. Contents of SystemLook.txt
  5. Any problem executing the instructions?
  6. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 18th, 2014, 12:17 pm

hello, I will get these for you today. Please don't close this topic. Thank you
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » January 18th, 2014, 9:00 pm

Thank you for posting back, I will be waiting.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 19th, 2014, 4:16 pm

OTL logfile created on: 01/19/2014 8:31:53 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bertha\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.96 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 53.66% Memory free
5.93 Gb Paging File | 4.22 Gb Available in Paging File | 71.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.15 Gb Total Space | 149.58 Gb Free Space | 67.95% Space Free | Partition Type: NTFS

Computer Name: BERTHA-PC | User Name: Bertha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/11 02:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/12/14 12:43:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bertha\Desktop\OTL.exe
PRC - [2013/12/03 10:03:16 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/03 10:03:16 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/24 11:58:32 | 000,790,880 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2013/10/24 11:58:30 | 003,212,128 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2013/10/24 11:58:28 | 007,064,416 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2013/10/24 11:58:16 | 002,003,808 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
PRC - [2013/10/22 05:36:11 | 015,815,600 | ---- | M] (Computer Helper Publishing) -- C:\CW\Cw.exe
PRC - [2013/09/03 05:54:02 | 000,840,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/08/01 16:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 18:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/19 13:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 10:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/10/15 10:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/16 13:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
PRC - [2010/09/15 08:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2010/07/05 10:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2010/07/05 10:37:28 | 000,017,920 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2010/06/25 10:13:18 | 001,099,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2010/06/22 10:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2010/06/22 10:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2010/03/03 17:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 17:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/01 08:13:12 | 000,345,352 | ---- | M] () -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/07/15 14:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
PRC - [2009/05/15 16:44:06 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [1998/11/24 01:00:00 | 000,043,520 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/11 02:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 02:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 02:28:15 | 000,715,544 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 02:28:14 | 000,100,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 02:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2013/12/03 10:03:20 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/11/03 12:30:04 | 001,785,856 | ---- | M] () -- C:\Windows\assembly\GAC_32\CHPUpgradeDatabase\13.1002.1.0__861de743b67055ac\CHPUpgradeDatabase.dll
MOD - [2013/11/03 12:30:03 | 000,237,568 | ---- | M] () -- C:\Windows\assembly\GAC_32\CHPSecurity\13.1002.1.0__861de743b67055ac\CHPSecurity.dll
MOD - [2013/11/03 12:30:03 | 000,229,376 | ---- | M] () -- C:\Windows\assembly\GAC_32\CHPObjects\13.1002.1.0__861de743b67055ac\CHPObjects.dll
MOD - [2013/11/03 12:30:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_32\BackupRestore\13.1002.1.0__861de743b67055ac\BackupRestore.dll
MOD - [2013/10/11 07:35:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/11 07:35:03 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/11 07:34:55 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/12 02:36:25 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/12 02:31:08 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\72abb24ec9ff71ff8815507b4f84f26a\System.Web.ni.dll
MOD - [2013/09/12 02:31:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 02:28:01 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll
MOD - [2013/08/15 02:26:10 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/08/15 02:25:56 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 02:25:55 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/15 02:25:55 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/08/15 02:25:26 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 02:25:09 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 02:24:50 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 16:20:07 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/01/12 15:30:45 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NHibernate.ByteCode.Castle\2.1.1.4000__aa95f207798dfdb4\NHibernate.ByteCode.Castle.dll
MOD - [2012/01/12 15:30:39 | 000,116,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Antlr3.Runtime\3.1.0.39271__3a9cab8f8d22bfb7\Antlr3.Runtime.dll
MOD - [2012/01/12 15:30:39 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Castle.DynamicProxy2\2.1.0.0__407dd0808d44fbdc\Castle.DynamicProxy2.dll
MOD - [2012/01/12 15:30:39 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Castle.Core\1.1.0.0__407dd0808d44fbdc\Castle.Core.dll
MOD - [2012/01/12 15:30:35 | 002,129,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NHibernate\2.1.1.4000__aa95f207798dfdb4\NHibernate.dll
MOD - [2012/01/12 15:30:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Iesi.Collections\1.0.1.0__aa95f207798dfdb4\Iesi.Collections.dll
MOD - [2011/04/12 07:30:29 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [1999/01/19 14:35:32 | 000,209,672 | ---- | M] () -- C:\Windows\System32\VSVIEW3.OCX
MOD - [1998/11/24 01:00:00 | 000,043,520 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe


========== Services (SafeList) ==========

SRV - [2013/12/10 20:27:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/03 10:03:16 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/11/26 00:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/24 11:58:32 | 000,790,880 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/26 20:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/19 13:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 10:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/04/12 01:00:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/25 02:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 02:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/03 13:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/10/16 13:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/07/13 11:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/07/05 10:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2010/06/22 10:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2010/06/22 10:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2010/03/03 17:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/01 08:13:12 | 000,345,352 | ---- | M] () [On_Demand | Running] -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/07/15 14:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 14:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/04/29 11:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Bertha\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/12/03 10:03:29 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/03 10:03:29 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/12/03 10:03:28 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/03 10:03:28 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/03 10:03:28 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/12/03 10:03:28 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/03 10:03:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/03 10:03:28 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/06/26 18:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2013/06/26 18:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2013/06/26 18:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2013/06/26 18:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2012/06/29 01:24:02 | 000,249,288 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0153.sys -- (RsFx0153)
DRV - [2011/06/20 20:09:00 | 000,200,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/19 16:03:10 | 000,059,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 16:03:00 | 000,051,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/05/10 20:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2010/05/10 20:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/05/10 19:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2010/02/02 21:10:32 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/07/15 14:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/07/15 14:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/15 14:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/04/29 11:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/13 13:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/06/04 10:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [1998/10/28 11:49:02 | 000,084,480 | ---- | M] (Shuttle Technology. ) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\epstwnt.mpd -- (epstwnt)
DRV - [1998/08/12 01:41:02 | 000,018,432 | ---- | M] (Shuttle Technology) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Sharshtl.sys -- (SHARSHTL)
DRV - [1997/12/22 17:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{267D48CE-A942-49A3-9EC5-2753220560B1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3303930
IE - HKCU\..\SearchScopes,DefaultScope = {5CEAE635-BD84-4F88-ABE9-1D0F77016CE0}
IE - HKCU\..\SearchScopes\{5CEAE635-BD84-4F88-ABE9-1D0F77016CE0}: "URL" = http://www.bing.com/search?FORM=U146CD&PC=U146C&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{90182B2A-2920-411D-9895-9366069869D0}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120103,6901,0,8,0
IE - HKCU\..\SearchScopes\{F2BBD450-7955-4E04-BC27-0E533824C9BA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGNI_enUS476
IE - HKCU\..\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3303930&CUI=UN37900105254162392&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.defaultengine: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@RecipeHub_2j.com/Plugin: C:\Program Files\RecipeHub_2j\bar\1.bin\NP2jStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files\LivingPlay\nplplaypop.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2013/09/12 09:40:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/10/26 11:58:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\

[2011/07/19 08:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Extensions
[2014/01/12 11:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions
[2011/04/12 07:16:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Wallet = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

Hosts file not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe ()
O4 - HKLM..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpsjbmgr.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1364B53-028A-497F-8521-A23C855D6DCC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/01/19 08:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2014/01/15 01:57:01 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/01/15 01:57:01 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/01/15 01:57:00 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/01/15 01:57:00 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/01/12 14:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Splashtop
[2014/01/12 11:46:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/06 11:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Vault
[2014/01/06 11:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Power Speed

========== Files - Modified Within 30 Days ==========

[2014/01/19 08:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/19 08:26:42 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/19 08:26:42 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/19 08:24:15 | 000,751,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/19 08:24:15 | 000,154,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/19 08:21:28 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2014/01/19 08:18:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/19 08:18:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2014/01/19 08:18:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/19 08:18:17 | 2387,288,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/17 12:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/17 09:01:37 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/15 03:05:06 | 000,470,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/14 14:59:23 | 000,993,098 | ---- | M] () -- C:\Users\Bertha\Desktop\Transaction Journal.pdf
[2014/01/13 06:00:54 | 005,066,511 | ---- | M] () -- C:\Users\Bertha\Desktop\CWMSCF.zip
[2014/01/12 14:26:32 | 000,000,022 | ---- | M] () -- C:\Users\Bertha\Desktop\CWPay.zip
[2014/01/06 11:52:36 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/01/06 11:52:28 | 000,000,052 | ---- | M] () -- C:\Users\Public\Desktop\RebateBlast.com.url

========== Files Created - No Company Name ==========

[2014/01/14 14:59:27 | 000,993,098 | ---- | C] () -- C:\Users\Bertha\Desktop\Transaction Journal.pdf
[2014/01/06 11:52:36 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/01/06 11:52:28 | 000,000,052 | ---- | C] () -- C:\Users\Public\Desktop\RebateBlast.com.url
[2013/12/14 12:21:58 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BERTHA-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
[2013/12/03 09:52:39 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/12/03 09:52:39 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/05 10:51:10 | 000,103,272 | ---- | C] () -- C:\Users\Bertha\GoToAssistDownloadHelper.exe
[2013/07/03 11:59:02 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/11/06 13:31:20 | 000,000,258 | RHS- | C] () -- C:\Users\Bertha\ntuser.pol
[2012/03/23 10:44:02 | 000,000,000 | ---- | C] () -- C:\Users\Bertha\AppData\Local\rx_image32.Cache
[2012/03/22 14:15:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/22 14:15:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/22 14:15:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/22 14:15:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/22 14:15:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/08 13:37:45 | 000,404,033 | ---- | C] () -- C:\Users\Bertha\AppData\Local\census.cache
[2012/03/08 13:37:25 | 000,160,371 | ---- | C] () -- C:\Users\Bertha\AppData\Local\ars.cache
[2011/11/01 07:54:46 | 000,200,254 | ---- | C] () -- C:\Users\Bertha\KJ.jpg
[2011/04/27 11:54:04 | 000,007,597 | ---- | C] () -- C:\Users\Bertha\AppData\Local\resmon.resmoncfg
[2010/10/21 08:53:51 | 000,001,940 | ---- | C] () -- C:\Users\Bertha\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/07 09:20:10 | 000,000,036 | ---- | C] () -- C:\Users\Bertha\AppData\Local\housecall.guid.cache
[2009/06/15 09:27:24 | 000,006,520 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2005/04/14 12:11:41 | 000,019,456 | ---- | C] () -- C:\Users\Bertha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/12/09 10:50:05 | 000,038,408 | ---- | C] () -- C:\Users\Bertha\AppData\Roaming\Comma Separated Values (Windows).ADR
[2003/12/02 12:44:49 | 000,000,129 | ---- | C] () -- C:\Users\Bertha\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< :commands >

< >

< :Reg >

< [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] >

< "Start Page"=- >

< [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3] >

< "URL"=- >

< [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3] >

< "SuggestionsURL_JSON"=- >

< [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3] >

< "FaviconURL"=- >

< [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\Main] >

< "Start Page"=- >

< [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3] >

< "URL"=- >

< [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3] >

< "SuggestionsURL_JSON"=- >

< [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3] >

< "FaviconURL"=- >

< >

< :Files >

< C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage >
[2013/12/12 08:42:13 | 000,004,096 | ---- | M] () -- C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage

< C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal >
[2013/12/12 08:42:13 | 000,004,640 | ---- | M] () -- C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal

< C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K09MO91P\Conduit.Search[1].htm >

< C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CN9G968E\fastcontent.conduit[1].xml >
[2013/06/20 16:36:12 | 000,000,363 | ---- | M] () -- C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CN9G968E\fastcontent.conduit[1].xml

< C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\apps.search.conduit[1].xml >
[2013/06/20 16:34:37 | 000,000,013 | ---- | M] () -- C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\apps.search.conduit[1].xml

< C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\facebook.conduitapps[1].xml >
[2013/06/20 16:34:20 | 000,000,013 | ---- | M] () -- C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\facebook.conduitapps[1].xml

< C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\LYZM0OFG\cap1.conduit-apps[1].xml >
[2013/11/18 09:48:10 | 000,000,013 | ---- | M] () -- C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\LYZM0OFG\cap1.conduit-apps[1].xml

< C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MGBO1MON\app.mam.conduit[1].xml >
[2013/11/18 09:48:16 | 000,000,133 | ---- | M] () -- C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MGBO1MON\app.mam.conduit[1].xml

< C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UUOS2B1X\storage.conduit[1].xml >
[2013/11/18 09:48:30 | 000,000,013 | ---- | M] () -- C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UUOS2B1X\storage.conduit[1].xml

< C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\app.mam.conduit[1].xml >
[2013/06/20 16:34:22 | 000,000,013 | ---- | M] () -- C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\app.mam.conduit[1].xml

< C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\storage.conduit[1].xml >
[2013/06/20 16:34:19 | 000,000,013 | ---- | M] () -- C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\storage.conduit[1].xml

< C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YO6RQMHP\fastcontent.conduit[1].xml >
[2013/11/18 11:30:46 | 000,000,840 | ---- | M] () -- C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YO6RQMHP\fastcontent.conduit[1].xml

< C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@apps.conduit[1].txt >
[2010/12/10 08:54:27 | 000,000,438 | ---- | M] () -- C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@apps.conduit[1].txt

< C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@conduit[1].txt >
[2010/12/10 10:16:07 | 000,000,244 | ---- | M] () -- C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@conduit[1].txt

< C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@search.conduit[1].txt >
[2010/11/12 12:48:33 | 000,000,680 | ---- | M] () -- C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@search.conduit[1].txt

< C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@shop.conduit-widgets[1].txt >
[2010/12/02 12:23:43 | 000,000,270 | ---- | M] () -- C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@shop.conduit-widgets[1].txt

< >

< :Commands >

< [EMPTYTEMP] >

< End of report >
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 19th, 2014, 4:21 pm

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 04/11/2011 10:51:40 AM
System Uptime: 01/19/2014 8:18:07 AM (4 hours ago)
.
Motherboard: Dell Inc. | | 0200DY
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2933/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 148.779 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP666: 01/03/2014 8:35:40 AM - Windows Update
RP667: 01/06/2014 3:45:13 PM - Installed Church Windows Payroll
RP668: 01/07/2014 4:34:43 AM - Windows Update
RP669: 01/08/2014 3:00:11 AM - Windows Update
RP670: 01/09/2014 8:24:43 AM - Windows Update
RP671: 01/09/2014 12:55:19 PM - Windows Update
RP672: 01/10/2014 3:00:13 AM - Windows Update
RP673: 01/10/2014 9:16:35 AM - Windows Update
RP674: 01/12/2014 8:40:51 AM - Windows Update
RP675: 01/13/2014 3:00:13 AM - Windows Update
RP676: 01/13/2014 12:54:05 PM - Windows Update
RP677: 01/14/2014 3:00:13 AM - Windows Update
RP678: 01/15/2014 1:41:50 AM - OTL Restore Point - 01/15/2014 1:41:49 AM
RP679: 01/15/2014 3:00:20 AM - Windows Update
RP680: 01/16/2014 12:50:19 PM - Windows Update
RP681: 01/17/2014 8:38:07 AM - Windows Update
RP682: 01/17/2014 12:57:52 PM - Windows Update
RP683: 01/19/2014 8:23:06 AM - Windows Update
RP684: 01/19/2014 8:33:49 AM - OTL Restore Point - 01/19/2014 8:33:48 AM
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
aioprnt
aioscnnr
AudibleManager
avast! Free Antivirus
BioAPI Framework
BurnToDisk version 1.0
C4USelfUpdater
Church Windows (C:\CW\)
Church Windows Payroll
Church Windows Payroll (C:\CWPay\)
Conexant D850 PCI V.92 Modem
Custom
CutePDF Writer 2.8
CyberLink PowerDVD 9.5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
DellAccess
Digital Line Detect
DirectX 9 Runtime
EMBASSY Security Center
ESET Online Scanner v3
essentials
FastStone Image Viewer 4.6
Gemalto
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP PrecisionScan
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 15.2.89.0
Intel(R) Rapid Storage Technology
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Kodak AIO Printer
MDIConverter 3.0
MDIViewer 3.0
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook 2010
Microsoft Publisher 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netwaiting
NTRU TCG Software Stack
ocr
Online Vault
Pandoras Box V1.3.8
PC-CCID
PC Power Speed 1.1.0.43
PC Speed Maximizer v3.0
PhotoShowExpress
Preboot Manager
PreReq
Privacy SafeGuard version 1.1
Private Information Manager
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for SQL Server 2008 R2 (KB2630458)
Sonic CinePlayer Decoder Pack
SPBA 5.9
Splashtop Software Updater
Splashtop Streamer
SQL Server 2008 R2 SP2 Common Files
SQL Server 2008 R2 SP2 Database Engine Services
SQL Server 2008 R2 SP2 Database Engine Shared
Sql Server Customer Experience Improvement Program
Trend Micro Client/Server Security Agent
Trusted Drive Manager
Tweaking.com - Registry Backup
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Upek Touchchip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software Installer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
01/19/2014 8:24:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition.
01/19/2014 8:19:49 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
01/19/2014 8:18:26 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
01/16/2014 7:35:48 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer PREELAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1364B53-028A-497F-8521-A23C855. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 19th, 2014, 4:21 pm

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428
Run by Bertha at 12:17:12 on 2014-01-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3036.1643 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.CHURCHWINDOWS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
C:\Windows\system32\conhost.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Trend Micro\BM\TMBMSRV.exe
c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Bertha\Desktop\OTL.exe
C:\Windows\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3303930
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [hpsjbmgr] c:\program files\hewlett-packard\hp precisionscan\precisionscan\hpsjbmgr.exe
mRun: [HP Lamp] c:\program files\hewlett-packard\hp precisionscan\precisionscan\HPLamp.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{F1364B53-028A-497F-8521-A23C855D6DCC} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-12-3 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-12-3 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-20 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-20 403440]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-20 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-20 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-3 50344]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-4-4 13336]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 MSSQL$CHURCHWINDOWS;SQL Server (CHURCHWINDOWS);c:\program files\microsoft sql server\mssql10_50.churchwindows\mssql\binn\sqlservr.exe [2012-6-29 43129288]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2013-10-24 790880]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-10 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-10 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-4-5 224424]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys --> c:\windows\system32\drivers\tmevtmgr.sys [?]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008]
S0 epstwnt;epstwnt;c:\windows\system32\drivers\epstwnt.mpd [2011-6-30 84480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\Sharshtl.sys [2011-6-30 18432]
S2 SQLAgent$CHURCHWINDOWS;SQL Server Agent (CHURCHWINDOWS);c:\program files\microsoft sql server\mssql10_50.churchwindows\mssql\binn\SQLAGENT.EXE [2012-6-29 379848]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-12 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0153;RsFx0153 Driver;c:\windows\system32\drivers\RsFx0153.sys [2012-6-29 249288]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-01-19 16:21:37 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5324a577-a83e-4699-a27f-4a01208af4f4}\offreg.dll
2014-01-17 18:25:19 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5324a577-a83e-4699-a27f-4a01208af4f4}\mpengine.dll
2014-01-15 09:57:01 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 09:57:01 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 09:57:00 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 09:57:00 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 09:57:00 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 09:57:00 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 09:57:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 09:57:00 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 09:57:00 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-12 22:29:32 -------- d-----w- c:\program files\Splashtop
2014-01-12 19:46:25 -------- d-----w- c:\windows\ERUNT
.
==================== Find3M ====================
.
2013-12-11 04:27:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 04:27:40 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-03 18:03:29 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-03 18:03:28 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-03 18:03:28 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-03 18:03:28 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-03 18:03:28 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-03 18:03:22 43152 ----a-w- c:\windows\avastSS.scr
2013-12-03 18:02:41 259928 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 11:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:07:29 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-05 18:51:12 103272 ----a-w- c:\users\bertha\GoToAssistDownloadHelper.exe
2013-10-31 07:46:14 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-10-30 02:19:52 301568 ----a-w- c:\windows\system32\msieftp.dll
.
============= FINISH: 12:17:40.35 ===============
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 19th, 2014, 4:26 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 12:22 on 19/01/2014 by Bertha
Administrator - Elevation successful

========== filefind ==========

Searching for "*ConnectSo*"
No files found.

========== folderfind ==========

Searching for "*ConnectSo*"
No folders found.

========== Regfind ==========

Searching for "ConnectSo "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"DisplayName"="ConnectSo Customized Web Search"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"DisplayName"="ConnectSo Customized Web Search"

-= EOF =-
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 19th, 2014, 4:43 pm

I see that SystemLook didn't find anything for ConnectSo... I went to IE again and the URL still displays http://search.conduit.com/ even though the screen says ConnectSo. aha :)
I wanted to see if I could change the internet otions under the general tab in IE to open at google.com instead of this search.conduit, well i changed it and clicked apply but it went straight back to http://search.conduit.com/
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » January 20th, 2014, 1:23 am

Please post the attach.txt log from the recent scan. I am checking over what you have posted, but still need the other log from the dds.scr scan.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 20th, 2014, 1:34 am

here is the attach.txt log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 04/11/2011 10:51:40 AM
System Uptime: 01/19/2014 8:18:07 AM (4 hours ago)
.
Motherboard: Dell Inc. | | 0200DY
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2933/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 148.779 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP666: 01/03/2014 8:35:40 AM - Windows Update
RP667: 01/06/2014 3:45:13 PM - Installed Church Windows Payroll
RP668: 01/07/2014 4:34:43 AM - Windows Update
RP669: 01/08/2014 3:00:11 AM - Windows Update
RP670: 01/09/2014 8:24:43 AM - Windows Update
RP671: 01/09/2014 12:55:19 PM - Windows Update
RP672: 01/10/2014 3:00:13 AM - Windows Update
RP673: 01/10/2014 9:16:35 AM - Windows Update
RP674: 01/12/2014 8:40:51 AM - Windows Update
RP675: 01/13/2014 3:00:13 AM - Windows Update
RP676: 01/13/2014 12:54:05 PM - Windows Update
RP677: 01/14/2014 3:00:13 AM - Windows Update
RP678: 01/15/2014 1:41:50 AM - OTL Restore Point - 01/15/2014 1:41:49 AM
RP679: 01/15/2014 3:00:20 AM - Windows Update
RP680: 01/16/2014 12:50:19 PM - Windows Update
RP681: 01/17/2014 8:38:07 AM - Windows Update
RP682: 01/17/2014 12:57:52 PM - Windows Update
RP683: 01/19/2014 8:23:06 AM - Windows Update
RP684: 01/19/2014 8:33:49 AM - OTL Restore Point - 01/19/2014 8:33:48 AM
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
aioprnt
aioscnnr
AudibleManager
avast! Free Antivirus
BioAPI Framework
BurnToDisk version 1.0
C4USelfUpdater
Church Windows (C:\CW\)
Church Windows Payroll
Church Windows Payroll (C:\CWPay\)
Conexant D850 PCI V.92 Modem
Custom
CutePDF Writer 2.8
CyberLink PowerDVD 9.5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
DellAccess
Digital Line Detect
DirectX 9 Runtime
EMBASSY Security Center
ESET Online Scanner v3
essentials
FastStone Image Viewer 4.6
Gemalto
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP PrecisionScan
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 15.2.89.0
Intel(R) Rapid Storage Technology
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Kodak AIO Printer
MDIConverter 3.0
MDIViewer 3.0
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook 2010
Microsoft Publisher 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netwaiting
NTRU TCG Software Stack
ocr
Online Vault
Pandoras Box V1.3.8
PC-CCID
PC Power Speed 1.1.0.43
PC Speed Maximizer v3.0
PhotoShowExpress
Preboot Manager
PreReq
Privacy SafeGuard version 1.1
Private Information Manager
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for SQL Server 2008 R2 (KB2630458)
Sonic CinePlayer Decoder Pack
SPBA 5.9
Splashtop Software Updater
Splashtop Streamer
SQL Server 2008 R2 SP2 Common Files
SQL Server 2008 R2 SP2 Database Engine Services
SQL Server 2008 R2 SP2 Database Engine Shared
Sql Server Customer Experience Improvement Program
Trend Micro Client/Server Security Agent
Trusted Drive Manager
Tweaking.com - Registry Backup
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Upek Touchchip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software Installer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
01/19/2014 8:24:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition.
01/19/2014 8:19:49 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
01/19/2014 8:18:26 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
01/16/2014 7:35:48 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer PREELAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1364B53-028A-497F-8521-A23C855. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » January 22nd, 2014, 10:00 am

Hi reddog1992000,

I wish to apologize for taking so long to get back to you.

I was reviewing the OTL log you posted for the fix. It appears that you may have clicked on the "Run Scan" button. This may explain why you still have the "ConnectSo" entry in your browser.
Please run the fix again and be sure to click on the "Run Fix" button.

Run OTL Fix

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Click on the "Select ALL" link. Rt mouse click - Copy then Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
    "URL"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
    "SuggestionsURL_JSON"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
    "FaviconURL"=-
    [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
    "URL"=-
    [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
    "SuggestionsURL_JSON"=-
    [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
    "FaviconURL"=-
    
    :Files
    C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage
    C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal
    C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K09MO91P\Conduit.Search[1].htm
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CN9G968E\fastcontent.conduit[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\apps.search.conduit[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\facebook.conduitapps[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\LYZM0OFG\cap1.conduit-apps[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MGBO1MON\app.mam.conduit[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UUOS2B1X\storage.conduit[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\app.mam.conduit[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\storage.conduit[1].xml
    C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YO6RQMHP\fastcontent.conduit[1].xml
    C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@apps.conduit[1].txt
    C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@conduit[1].txt
    C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@search.conduit[1].txt
    C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@shop.conduit-widgets[1].txt
    
    :Commands
    [EMPTYTEMP]
    
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 22nd, 2014, 6:16 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3 not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3 not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3 not found.
Registry value HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\Main\\Start Page not found.
Registry key HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3 not found.
Registry key HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3 not found.
Registry key HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3 not found.
========== FILES ==========
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage moved successfully.
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal moved successfully.
File\Folder C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K09MO91P\Conduit.Search[1].htm not found.
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CN9G968E\fastcontent.conduit[1].xml moved successfully.
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\apps.search.conduit[1].xml moved successfully.
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\facebook.conduitapps[1].xml moved successfully.
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\LYZM0OFG\cap1.conduit-apps[1].xml moved successfully.
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MGBO1MON\app.mam.conduit[1].xml moved successfully.
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UUOS2B1X\storage.conduit[1].xml moved successfully.
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\app.mam.conduit[1].xml moved successfully.
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\storage.conduit[1].xml moved successfully.
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YO6RQMHP\fastcontent.conduit[1].xml moved successfully.
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@apps.conduit[1].txt moved successfully.
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@conduit[1].txt moved successfully.
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@search.conduit[1].txt moved successfully.
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@shop.conduit-widgets[1].txt moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Bertha
->Temp folder emptied: 442055 bytes
->Temporary Internet Files folder emptied: 242130358 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 82048477 bytes
->Flash cache emptied: 4106 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27747 bytes
RecycleBin emptied: 828279 bytes

Total Files Cleaned = 310.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01222014_140913

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 22nd, 2014, 6:19 pm

Hey there, Hooray!!! no conduitsearch!
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » January 24th, 2014, 1:53 am

Hi reddog1992000,

That is great news! :)

Please run the following and post the results when finished.

ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Remember to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Remember to re-enable your Anti-Virus application after running the above scan!
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware