Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Win32.download.gen

  1. #1
    Junior Member
    Join Date
    Mar 2013
    Posts
    10

    Default

    Trying to get rid of the pesty malware. Any help would be appreciated
    Here are the logs.


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
    Run by Tanner at 15:41:32 on 2013-03-22
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2251 [GMT -6:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Backblaze\bzserv.exe
    C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Macrium\Reflect\ReflectService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
    C:\Program Files (x86)\Sendori\sndappv2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Users\Tanner\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files (x86)\Backblaze\bzbui.exe
    C:\Users\Tanner\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\SelectRebates\SelectRebates.exe
    C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
    C:\Program Files (x86)\NoteBurner\VTBurnerGUI.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Users\Tanner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Sendori\SendoriSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Sendori\Sendori.Service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe
    C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Sendori\SendoriTray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Sendori\SendoriUp.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Users\Tanner\AppData\Roaming\SearchProtect\bin\cltmng.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyOverride = 127.0.0.1:9421;*.local;<local>
    uURLSearchHooks: {37153479-1976-43c3-a1ee-557513977b64} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB: ShopAtHome Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB: ShopAtHome Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
    uRun: [Akamai NetSession Interface] "C:\Users\Tanner\AppData\Local\Akamai\netsession_win.exe"
    uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
    uRun: [SearchProtect] C:\Users\Tanner\AppData\Roaming\SearchProtect\bin\cltmng.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe
    mRun: [NoteBurner] C:\Program Files (x86)\NoteBurner\VTBurnerGUI.exe /silence
    mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [iXL_MiddleWare] C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe
    mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
    mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Tanner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tanner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Tanner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Tanner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    LSP: C:\Windows\System32\Sendori.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://maceys.lifepics.com/net/Uploader/LPUploader57.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.10.1
    TCP: Interfaces\{3EEE7577-0BF6-4806-9D8C-E1BA8E3A6F32} : NameServer = 216.146.35.240,216.146.36.240,192.168.10.1
    TCP: Interfaces\{3EEE7577-0BF6-4806-9D8C-E1BA8E3A6F32} : DHCPNameServer = 192.168.10.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tanner\AppData\Roaming\Mozilla\Firefox\Profiles\5nafkyrk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3277370&SearchSource=3&q={searchTerms}&CUI=UN98570879922735116
    FF - prefs.js: browser.search.selectedEngine - InternetHelper3 Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3277370&octid=CT3277370&SearchSource=61&CUI=UN98570879922735116&UM=UM_ID&UP=SP76D24ACD-4759-4A28-891B-ECC91D08B839
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3277370&SearchSource=2&CUI=UN98570879922735116&UM=UM_ID&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-6 65336]
    R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-6 178624]
    R0 ntcdrdrv;ntcdrdrv;C:\Windows\System32\drivers\ntcdrdrv.sys [2010-12-26 23424]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-1 55856]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-5 1025808]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-9-18 377920]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-4 203776]
    R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-3-18 119072]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-9-18 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-9-18 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-3-13 45248]
    R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-3-7 168536]
    R2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2012-11-6 206000]
    R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-2-20 93984]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
    R2 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2010-7-29 301024]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-18 1153368]
    R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-3-18 19744]
    R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-3-18 3623200]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-27 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-7 19456]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-7 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-18 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-03-22 19:47:31 -------- d-----w- C:\Users\Tanner\AppData\Roaming\SearchProtect
    2013-03-22 11:33:02 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6AB8B72B-0AFB-4C1C-9BF8-AC77C43B9BF6}\mpengine.dll
    2013-03-21 15:39:37 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-21 04:58:21 -------- d--h--w- C:\ProgramData\CanonIJScan
    2013-03-17 19:13:23 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-03-12 23:57:28 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2013-03-08 04:40:35 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-03-08 00:42:42 5664768 ----a-w- C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktop.msi
    2013-03-06 23:25:01 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-03-06 23:25:00 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-02-28 23:09:28 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll
    2013-02-28 23:09:24 -------- d-----w- C:\ProgramData\Sendori
    2013-02-28 23:09:23 -------- d-----w- C:\Program Files (x86)\Sendori
    2013-02-28 23:09:10 -------- d-----w- C:\Users\Tanner\AppData\Roaming\Conduit
    2013-02-28 23:08:45 -------- d-----w- C:\Program Files (x86)\SearchProtect
    2013-02-28 23:08:16 -------- d-----w- C:\Program Files (x86)\Flash Player Pro
    2013-02-28 17:18:51 -------- d-----w- C:\Users\Tanner\AppData\Local\Macromedia
    2013-02-28 17:17:23 -------- d-----w- C:\Users\Tanner\AppData\Local\Mozilla
    2013-02-27 03:29:16 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2013-02-25 20:51:08 -------- d-----w- C:\Program Files\iPod
    2013-02-25 20:51:03 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-02-25 20:51:03 -------- d-----w- C:\Program Files\iTunes
    2013-02-25 03:22:22 -------- d-----w- C:\ProgramData\CanonIJ
    .
    ==================== Find3M ====================
    .
    2013-03-21 15:39:32 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-03-21 15:39:32 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-03-13 00:56:15 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-13 00:56:15 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-08 04:40:27 963488 ----a-w- C:\Windows\System32\deployJava1.dll
    2013-03-08 04:40:27 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2013-03-06 22:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-03-06 22:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-03-06 22:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-03-06 22:32:51 41664 ----a-w- C:\Windows\avastSS.scr
    2013-03-06 10:38:36 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
    2013-03-06 10:38:36 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-19 07:44:44 421888 ----a-w- C:\Windows\SysWow64\RealMediaSplitter.ax
    2013-01-19 07:44:40 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll
    2013-01-17 07:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
    2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
    2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
    2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ============= FINISH: 15:42:04.50 ===============

    here is the aswMBR results

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-03-22 16:02:10
    -----------------------------
    16:02:10.311 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:02:10.312 Number of processors: 4 586 0x203
    16:02:10.312 ComputerName: TANNER-PC UserName: Tanner
    16:02:11.156 Initialize success
    16:02:13.975 AVAST engine defs: 13032200
    16:02:36.865 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    16:02:36.867 Disk 0 Vendor: ST3320620NS 3.AEK Size: 305245MB BusType: 3
    16:02:36.871 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
    16:02:36.873 Disk 1 Vendor: ST31000340AS SD15 Size: 953869MB BusType: 3
    16:02:36.982 Disk 0 MBR read successfully
    16:02:36.985 Disk 0 MBR scan
    16:02:36.988 Disk 0 Windows 7 default MBR code
    16:02:36.995 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
    16:02:37.104 Disk 0 scanning C:\Windows\system32\drivers
    16:02:47.087 Service scanning
    16:03:03.908 Modules scanning
    16:03:03.915 Disk 0 trace - called modules:
    16:03:03.930 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    16:03:03.935 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a24060]
    16:03:03.939 3 CLASSPNP.SYS[fffff8800198043f] -> nt!IofCallDriver -> [0xfffffa8003acf580]
    16:03:03.944 5 ACPI.sys[fffff88000ef67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003ac1060]
    16:03:04.450 AVAST engine scan C:\Windows
    16:03:06.174 AVAST engine scan C:\Windows\system32
    16:05:15.010 AVAST engine scan C:\Windows\system32\drivers
    16:05:24.948 AVAST engine scan C:\Users\Tanner
    17:02:46.045 AVAST engine scan C:\ProgramData
    17:31:55.582 Scan finished successfully
    17:54:27.381 Disk 0 MBR has been saved successfully to "C:\Users\Tanner\Desktop\MBR.dat"
    17:54:27.386 The log file has been saved successfully to "C:\Users\Tanner\Desktop\aswMBR.txt"
    Last edited by tashi; 2013-03-28 at 00:10. Reason: Merged two posts

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Mar 2013
    Posts
    10

    Default Combofix report

    ComboFix 13-03-27.01 - Tanner 03/28/2013 8:03.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1895 [GMT -6:00]
    Running from: c:\users\Tanner\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
    c:\program files (x86)\SelectRebates
    c:\program files (x86)\SelectRebates\FFToolbar\chrome.manifest
    c:\program files (x86)\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
    c:\program files (x86)\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
    c:\program files (x86)\SelectRebates\FFToolbar\install.rdf
    c:\program files (x86)\SelectRebates\SahImages\alert.png
    c:\program files (x86)\SelectRebates\SahImages\bg-gradient.gif
    c:\program files (x86)\SelectRebates\SahImages\button-close.gif
    c:\program files (x86)\SelectRebates\SahImages\check.png
    c:\program files (x86)\SelectRebates\SahImages\close.png
    c:\program files (x86)\SelectRebates\SahImages\sah-logopop.gif
    c:\program files (x86)\SelectRebates\SelectAlerts.dat
    c:\program files (x86)\SelectRebates\SelectRebates.exe
    c:\program files (x86)\SelectRebates\SelectRebates.ini
    c:\program files (x86)\SelectRebates\SelectRebatesA.dat
    c:\program files (x86)\SelectRebates\SelectRebatesB.dat
    c:\program files (x86)\SelectRebates\SelectRebatesBT.dat
    c:\program files (x86)\SelectRebates\SelectRebatesDownload.exe
    c:\program files (x86)\SelectRebates\SelectRebatesH.dat
    c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
    c:\program files (x86)\SelectRebates\SRebates.dll
    c:\program files (x86)\SelectRebates\SRFF3.dll
    c:\program files (x86)\SelectRebates\Toolbar\AddtoList.bmp
    c:\program files (x86)\SelectRebates\Toolbar\basis.xml
    c:\program files (x86)\SelectRebates\Toolbar\Basis.xml.dym
    c:\program files (x86)\SelectRebates\Toolbar\Blank.bmp
    c:\program files (x86)\SelectRebates\Toolbar\CashBack.bmp
    c:\program files (x86)\SelectRebates\Toolbar\Coupons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\GroceryCoupon.bmp
    c:\program files (x86)\SelectRebates\Toolbar\i_magnifying.bmp
    c:\program files (x86)\SelectRebates\Toolbar\icons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\logo.bmp
    c:\program files (x86)\SelectRebates\Toolbar\logo_24.bmp
    c:\program files (x86)\SelectRebates\Toolbar\logo_HotSpots.bmp
    c:\program files (x86)\SelectRebates\Toolbar\ReviewSite.bmp
    c:\program files (x86)\SelectRebates\Toolbar\RightControls.dym
    c:\program files (x86)\SelectRebates\Toolbar\Scissors.bmp
    c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    c:\users\Tanner\Documents\claud.ax
    c:\users\Tanner\Documents\clvsd.ax
    c:\users\Tanner\g2mdlhlpx.exe
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-28 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-28 14:13 . 2013-03-28 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-03-22 20:05 . 2013-03-22 20:06 -------- d-----w- c:\program files (x86)\ERUNT
    2013-03-22 19:47 . 2013-03-27 22:51 -------- d-----w- c:\users\Tanner\AppData\Roaming\SearchProtect
    2013-03-21 15:39 . 2013-03-21 15:39 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-21 04:58 . 2013-03-21 04:58 -------- d--h--w- c:\programdata\CanonIJScan
    2013-03-17 19:13 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-03-12 23:57 . 2013-03-13 00:56 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-03-08 04:40 . 2013-03-08 04:40 310688 ----a-w- c:\windows\system32\javaws.exe
    2013-03-08 04:40 . 2013-03-08 04:40 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2013-03-07 21:21 . 2013-03-07 21:21 -------- d-----w- c:\programdata\Motive
    2013-03-06 23:25 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-03-06 23:25 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-02-28 23:09 . 2013-03-18 16:52 325920 ----a-w- c:\windows\SysWow64\Sendori.dll
    2013-02-28 23:09 . 2013-03-18 21:20 -------- d-----w- c:\programdata\Sendori
    2013-02-28 23:09 . 2013-03-18 21:20 -------- d-----w- c:\program files (x86)\Sendori
    2013-02-28 23:09 . 2013-02-28 23:09 -------- d-----w- c:\users\Tanner\AppData\Roaming\Conduit
    2013-02-28 23:08 . 2013-02-28 23:08 -------- d-----w- c:\program files (x86)\SearchProtect
    2013-02-28 23:08 . 2013-02-28 23:08 -------- d-----w- c:\program files (x86)\Flash Player Pro
    2013-02-28 17:18 . 2013-02-28 17:18 -------- d-----w- c:\users\Tanner\AppData\Local\Macromedia
    2013-02-28 17:17 . 2013-02-28 17:17 -------- d-----w- c:\users\Tanner\AppData\Local\Mozilla
    2013-02-28 17:16 . 2013-03-21 15:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-21 15:39 . 2012-07-29 16:31 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2013-03-21 15:39 . 2010-09-29 00:56 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-03-15 06:28 . 2013-03-26 08:47 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6068F78C-0ACE-4936-9088-97F55E623DDF}\mpengine.dll
    2013-03-14 09:05 . 2010-09-19 00:03 72013344 ----a-w- c:\windows\system32\MRT.exe
    2013-03-13 00:56 . 2012-03-30 13:31 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-13 00:56 . 2011-05-17 14:00 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-08 04:40 . 2012-08-29 04:55 188832 ----a-w- c:\windows\system32\javaw.exe
    2013-03-08 04:40 . 2012-08-29 04:55 188320 ----a-w- c:\windows\system32\java.exe
    2013-03-08 04:40 . 2012-08-29 04:55 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-03-08 04:40 . 2010-09-19 02:44 963488 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-08 00:25 . 2012-12-18 14:31 92248 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
    2013-03-06 22:33 . 2012-02-25 01:48 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-03-06 22:33 . 2011-06-06 04:08 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-03-06 22:33 . 2010-09-18 23:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-03-06 22:33 . 2010-09-18 23:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-03-06 22:33 . 2010-09-18 23:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-03-06 22:33 . 2010-09-18 23:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-03-06 22:32 . 2010-09-18 23:33 41664 ----a-w- c:\windows\avastSS.scr
    2013-03-06 22:32 . 2011-06-06 04:08 287840 ----a-w- c:\windows\system32\aswBoot.exe
    2013-03-06 10:38 . 2011-02-20 05:03 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
    2013-03-06 10:38 . 2011-02-19 06:40 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
    2013-02-12 05:45 . 2013-03-13 14:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45 . 2013-03-13 14:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45 . 2013-03-13 14:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45 . 2013-03-13 14:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48 . 2013-03-13 14:21 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48 . 2013-03-13 14:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-01-19 07:44 . 2013-01-19 07:44 421888 ----a-w- c:\windows\SysWow64\RealMediaSplitter.ax
    2013-01-19 07:44 . 2013-01-19 07:44 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
    2013-01-17 07:28 . 2010-09-18 22:45 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-05 05:53 . 2013-02-14 00:58 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-05 05:00 . 2013-02-14 00:58 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00 . 2013-02-14 00:58 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-01-04 05:46 . 2013-02-14 00:58 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-01-04 04:51 . 2013-02-14 00:58 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-01-04 04:43 . 2013-02-14 00:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-01-04 03:26 . 2013-02-14 00:58 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-01-04 02:47 . 2013-02-14 00:58 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-01-04 02:47 . 2013-02-14 00:58 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-01-04 02:47 . 2013-02-14 00:58 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-01-04 02:47 . 2013-02-14 00:58 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00 . 2013-02-14 00:57 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-01-03 06:00 . 2013-02-14 00:57 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]
    .
    [HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-06 1945536]
    "Akamai NetSession Interface"="c:\users\Tanner\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
    "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2013-01-24 6824024]
    "Backblaze"="c:\program files (x86)\Backblaze\bzbui.exe" [2012-11-07 491184]
    "SearchProtect"="c:\users\Tanner\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-03-06 2731296]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "NoteBurner"="c:\program files (x86)\NoteBurner\VTBurnerGUI.exe" [2010-08-05 5674312]
    "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-03-06 4767304]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "iXL_MiddleWare"="c:\program files (x86)\Fisher-Price\iXL\iXL.Middleware.exe" [2011-08-04 56376]
    "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-03-22 2387032]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
    "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    "SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-02-20 2674464]
    "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-03-18 83232]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Tanner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    GoZone iSync.lnk - c:\program files (x86)\GoZone\GoZone_iSync.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2013-03-18 19744]
    R2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2013-03-18 3623200]
    R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-19 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 aswRvrt;aswRvrt; [x]
    S0 aswVmm;aswVmm; [x]
    S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [2010-08-03 23424]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
    S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2013-03-18 119072]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
    S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-03-22 168536]
    S2 bzserv;Backblaze Service;c:\program files (x86)\Backblaze\bzserv.exe [2012-11-07 206000]
    S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-02-20 93984]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-07-30 301024]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-13 19:36 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:56]
    .
    2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 13:44]
    .
    2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 13:44]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-03-06 22:32 133840 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.10.1
    TCP: Interfaces\{3EEE7577-0BF6-4806-9D8C-E1BA8E3A6F32}: NameServer = 216.146.35.240,216.146.36.240,192.168.10.1
    FF - ProfilePath - c:\users\Tanner\AppData\Roaming\Mozilla\Firefox\Profiles\5nafkyrk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3277370&SearchSource=3&q={searchTerms}&CUI=UN98570879922735116
    FF - prefs.js: browser.search.selectedEngine - InternetHelper3 Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3277370&octid=CT3277370&SearchSource=61&CUI=UN98570879922735116&UM=UM_ID&UP=SP76D24ACD-4759-4A28-891B-ECC91D08B839
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3277370&SearchSource=2&CUI=UN98570879922735116&UM=UM_ID&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)
    BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    Toolbar-{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
    Wow6432Node-HKLM-Run-SelectRebates - c:\program files (x86)\SelectRebates\SelectRebates.exe
    WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
    WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-GoZone iSync - c:\program files (x86)\GoZone\GoZone_iSync.exe
    AddRemove-SelectRebatesUninstall - c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    @="131473"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @Allowed: (B 1 4 5 6) (S-1-5-5-0-266895)
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @Allowed: (B 1 4 5 6) (S-1-5-5-0-266895)
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
    "Licence0"="04F0D21-79D8-7A25-D702-433F"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Sendori\SendoriUp.exe
    .
    **************************************************************************
    .
    Completion time: 2013-03-28 08:27:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-03-28 14:26
    .
    Pre-Run: 92,138,676,224 bytes free
    Post-Run: 92,522,704,896 bytes free
    .
    - - End Of File - - 761E65861D11B132F0752D055607B3FD

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Mar 2013
    Posts
    10

    Default AdwCleaner Log

    # AdwCleaner v2.115 - Logfile created 03/29/2013 at 13:13:13
    # Updated 17/03/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Tanner - TANNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Tanner\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****

    Found : CltMngSvc

    ***** [Files / Folders] *****

    File Found : C:\END
    File Found : C:\Users\Tanner\AppData\Roaming\Mozilla\Firefox\Profiles\5nafkyrk.default\searchplugins\Conduit.xml
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\SearchProtect
    Folder Found : C:\ProgramData\Ask
    Folder Found : C:\Users\Tanner\AppData\Local\Conduit
    Folder Found : C:\Users\Tanner\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Tanner\AppData\LocalLow\Toolbar4
    Folder Found : C:\Users\Tanner\AppData\Roaming\Conduit
    Folder Found : C:\Users\Tanner\AppData\Roaming\Mozilla\Firefox\Profiles\5nafkyrk.default\Smartbar
    Folder Found : C:\Users\Tanner\AppData\Roaming\SearchProtect

    ***** [Registry] *****

    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKCU\Software\SearchProtect
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Key Found : HKCU\Software\TBSB07898
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\Software\PIP
    Key Found : HKLM\Software\SearchProtect
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Found : HKU\S-1-5-21-1889004888-2876482986-4115938818-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16470

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0.2 (en-US)

    File : C:\Users\Tanner\AppData\Roaming\Mozilla\Firefox\Profiles\5nafkyrk.default\prefs.js

    Found : user_pref("CT3277370.1000082.isPlayDisplay", "true");
    Found : user_pref("CT3277370.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Found : user_pref("CT3277370.1000234.TWC_TMP_city", "SALT LAKE CITY");
    Found : user_pref("CT3277370.1000234.TWC_TMP_country", "US");
    Found : user_pref("CT3277370.1000234.TWC_country", "UNITED STATES");
    Found : user_pref("CT3277370.1000234.TWC_locId", "USUT0225");
    Found : user_pref("CT3277370.1000234.TWC_location", "Salt Lake City, UT");
    Found : user_pref("CT3277370.1000234.TWC_region", "US");
    Found : user_pref("CT3277370.1000234.TWC_temp_dis", "f");
    Found : user_pref("CT3277370.1000234.TWC_wind_dis", "mph");
    Found : user_pref("CT3277370.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"39°F\",\"temperat[...]
    Found : user_pref("CT3277370.CT3277370ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMzY3MzIlMj[...]
    Found : user_pref("CT3277370.CT3277370current_term.enc", "Z3luZWNvbG9naXN0K2NhbWVyYQ==");
    Found : user_pref("CT3277370.CT3277370sdate.enc", "Mjg=");
    Found : user_pref("CT3277370.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3277370.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Found : user_pref("CT3277370.FF19Solved", "true");
    Found : user_pref("CT3277370.FirstTime", "true");
    Found : user_pref("CT3277370.FirstTimeFF3", "true");
    Found : user_pref("CT3277370.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]
    Found : user_pref("CT3277370.UserID", "UN98570879922735116");
    Found : user_pref("CT3277370.addressBarTakeOverEnabledInHidden", "true");
    Found : user_pref("CT3277370.autoDisableScopes", -1);
    Found : user_pref("CT3277370.browser.search.defaultthis.engineName", "true");
    Found : user_pref("CT3277370.defaultSearch", "true");
    Found : user_pref("CT3277370.embeddedsData", "[{\"appId\":\"130021582164426878\",\"apiPermissions\":{\"cross[...]
    Found : user_pref("CT3277370.enableAlerts", "always");
    Found : user_pref("CT3277370.enableFix404ByUser", "FALSE");
    Found : user_pref("CT3277370.enableSearchFromAddressBar", "true");
    Found : user_pref("CT3277370.firstTimeDialogOpened", "true");
    Found : user_pref("CT3277370.fixPageNotFoundError", "true");
    Found : user_pref("CT3277370.fixPageNotFoundErrorByUser", "true");
    Found : user_pref("CT3277370.fixPageNotFoundErrorInHidden", "true");
    Found : user_pref("CT3277370.fixUrls", true);
    Found : user_pref("CT3277370.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
    Found : user_pref("CT3277370.installDate", "28/2/2013 16:08:39");
    Found : user_pref("CT3277370.installId", "stub.exe");
    Found : user_pref("CT3277370.installType", "conduitnsisintegration");
    Found : user_pref("CT3277370.isCheckedStartAsHidden", true);
    Found : user_pref("CT3277370.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3277370.isFirstTimeToolbarLoading", "false");
    Found : user_pref("CT3277370.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Found : user_pref("CT3277370.keyword", "true");
    Found : user_pref("CT3277370.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
    Found : user_pref("CT3277370.lastVersion", "10.14.65.43");
    Found : user_pref("CT3277370.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    Found : user_pref("CT3277370.migrateAppsAndComponents", true);
    Found : user_pref("CT3277370.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
    Found : user_pref("CT3277370.openThankYouPage", "false");
    Found : user_pref("CT3277370.openUninstallPage", "true");
    Found : user_pref("CT3277370.revertSettingsEnabled", "false");
    Found : user_pref("CT3277370.search.searchAppId", "130021582164426878");
    Found : user_pref("CT3277370.search.searchCount", "0");
    Found : user_pref("CT3277370.searchFromAddressBarEnabledByUser", "true");
    Found : user_pref("CT3277370.searchInNewTabEnabledByUser", "true");
    Found : user_pref("CT3277370.searchInNewTabEnabledInHidden", "true");
    Found : user_pref("CT3277370.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3277370.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Found : user_pref("CT3277370.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
    Found : user_pref("CT3277370.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Found : user_pref("CT3277370.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Found : user_pref("CT3277370.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Found : user_pref("CT3277370.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Found : user_pref("CT3277370.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362092929647");
    Found : user_pref("CT3277370.serviceLayer_services_appsMetadata_lastUpdate", "1362092929478");
    Found : user_pref("CT3277370.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362092929509");
    Found : user_pref("CT3277370.serviceLayer_services_location_lastUpdate", "1362092928357");
    Found : user_pref("CT3277370.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362092929668");
    Found : user_pref("CT3277370.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362092929442");
    Found : user_pref("CT3277370.serviceLayer_services_searchAPI_lastUpdate", "1362092928354");
    Found : user_pref("CT3277370.serviceLayer_services_serviceMap_lastUpdate", "1362092927237");
    Found : user_pref("CT3277370.serviceLayer_services_setupAPI_lastUpdate", "1362092930052");
    Found : user_pref("CT3277370.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362092929152");
    Found : user_pref("CT3277370.serviceLayer_services_toolbarSettings_lastUpdate", "1362092928051");
    Found : user_pref("CT3277370.serviceLayer_services_translation_lastUpdate", "1362092929587");
    Found : user_pref("CT3277370.settingsINI", true);
    Found : user_pref("CT3277370.shouldFirstTimeDialog", "false");
    Found : user_pref("CT3277370.smartbar.CTID", "CT3277370");
    Found : user_pref("CT3277370.smartbar.Uninstall", "0");
    Found : user_pref("CT3277370.smartbar.homepage", true);
    Found : user_pref("CT3277370.smartbar.toolbarName", "InternetHelper3 ");
    Found : user_pref("CT3277370.startPage", "true");
    Found : user_pref("CT3277370.toolbarBornServerTime", "1-3-2013");
    Found : user_pref("CT3277370.toolbarCurrentServerTime", "1-3-2013");
    Found : user_pref("CT3277370_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3277370&octid=CT327737[...]
    Found : user_pref("Smartbar.ConduitSearchEngineList", "InternetHelper3 Customized Web Search");
    Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3277370[...]
    Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3277370");
    Found : user_pref("browser.search.defaultthis.engineName", "InternetHelper3 Customized Web Search");
    Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3277370&Sea[...]
    Found : user_pref("browser.search.selectedEngine", "InternetHelper3 Customized Web Search");
    Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3277370&octid=CT3277370&Sea[...]
    Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3277370&SearchSource=2&CU[...]
    Found : user_pref("smartBar.searchInNewTabOwner", "CT3277370");
    Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3277370&SearchSource=13[...]
    Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
    Found : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
    Found : user_pref("smartbar.originalSearchAddressUrl", "");
    Found : user_pref("smartbar.originalSearchEngine", "");

    -\\ Google Chrome v25.0.1364.172

    File : C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Found [l.27] : icon_url = "hxxp://www.ask.com/favicon.ico",
    Found [l.30] : keyword = "ask.com",
    Found [l.33] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=121A5633-9C7D-4B17-8B0A-AB2D12C36784&apn_ptnrs=TV&apn_sauid=4F3F0E3A-7912-4885-A613-7DCE57A78D74&apn_dtid=OSJ000YYUS&q={searchTerms}",
    Found [l.34] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"

    *************************

    AdwCleaner[R1].txt - [18503 octets] - [29/03/2013 13:13:13]

    ########## EOF - C:\AdwCleaner[R1].txt - [18564 octets] ##########

  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Junior Member
    Join Date
    Mar 2013
    Posts
    10

    Default Adwcleaner(S1) logfile

    # AdwCleaner v2.115 - Logfile created 04/01/2013 at 07:30:10
    # Updated 17/03/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Tanner - TANNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Tanner\Desktop\Virus\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : CltMngSvc

    ***** [Files / Folders] *****

    File Deleted : C:\END
    File Deleted : C:\Users\Tanner\AppData\Roaming\Mozilla\Firefox\Profiles\5nafkyrk.default\searchplugins\Conduit.xml
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\SearchProtect
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\Users\Tanner\AppData\Local\Conduit
    Folder Deleted : C:\Users\Tanner\AppData\Local\Temp\boost_interprocess
    Folder Deleted : C:\Users\Tanner\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Tanner\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Tanner\AppData\Roaming\Conduit
    Folder Deleted : C:\Users\Tanner\AppData\Roaming\Mozilla\Firefox\Profiles\5nafkyrk.default\Smartbar
    Folder Deleted : C:\Users\Tanner\AppData\Roaming\SearchProtect

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Key Deleted : HKCU\Software\TBSB07898
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16470

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0.2 (en-US)

    File : C:\Users\Tanner\AppData\Roaming\Mozilla\Firefox\Profiles\5nafkyrk.default\prefs.js

    Deleted : user_pref("CT3277370.1000082.isPlayDisplay", "true");
    Deleted : user_pref("CT3277370.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Deleted : user_pref("CT3277370.1000234.TWC_TMP_city", "SALT LAKE CITY");
    Deleted : user_pref("CT3277370.1000234.TWC_TMP_country", "US");
    Deleted : user_pref("CT3277370.1000234.TWC_country", "UNITED STATES");
    Deleted : user_pref("CT3277370.1000234.TWC_locId", "USUT0225");
    Deleted : user_pref("CT3277370.1000234.TWC_location", "Salt Lake City, UT");
    Deleted : user_pref("CT3277370.1000234.TWC_region", "US");
    Deleted : user_pref("CT3277370.1000234.TWC_temp_dis", "f");
    Deleted : user_pref("CT3277370.1000234.TWC_wind_dis", "mph");
    Deleted : user_pref("CT3277370.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"39°F\",\"temperat[...]
    Deleted : user_pref("CT3277370.CT3277370ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMzY3MzIlMj[...]
    Deleted : user_pref("CT3277370.CT3277370current_term.enc", "Z3luZWNvbG9naXN0K2NhbWVyYQ==");
    Deleted : user_pref("CT3277370.CT3277370sdate.enc", "Mjg=");
    Deleted : user_pref("CT3277370.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3277370.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT3277370.FF19Solved", "true");
    Deleted : user_pref("CT3277370.FirstTime", "true");
    Deleted : user_pref("CT3277370.FirstTimeFF3", "true");
    Deleted : user_pref("CT3277370.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]
    Deleted : user_pref("CT3277370.UserID", "UN98570879922735116");
    Deleted : user_pref("CT3277370.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT3277370.autoDisableScopes", -1);
    Deleted : user_pref("CT3277370.browser.search.defaultthis.engineName", "true");
    Deleted : user_pref("CT3277370.defaultSearch", "true");
    Deleted : user_pref("CT3277370.embeddedsData", "[{\"appId\":\"130021582164426878\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT3277370.enableAlerts", "always");
    Deleted : user_pref("CT3277370.enableFix404ByUser", "FALSE");
    Deleted : user_pref("CT3277370.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT3277370.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT3277370.fixPageNotFoundError", "true");
    Deleted : user_pref("CT3277370.fixPageNotFoundErrorByUser", "true");
    Deleted : user_pref("CT3277370.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT3277370.fixUrls", true);
    Deleted : user_pref("CT3277370.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
    Deleted : user_pref("CT3277370.installDate", "28/2/2013 16:08:39");
    Deleted : user_pref("CT3277370.installId", "stub.exe");
    Deleted : user_pref("CT3277370.installType", "conduitnsisintegration");
    Deleted : user_pref("CT3277370.isCheckedStartAsHidden", true);
    Deleted : user_pref("CT3277370.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3277370.isFirstTimeToolbarLoading", "false");
    Deleted : user_pref("CT3277370.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT3277370.keyword", "true");
    Deleted : user_pref("CT3277370.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
    Deleted : user_pref("CT3277370.lastVersion", "10.14.65.43");
    Deleted : user_pref("CT3277370.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    Deleted : user_pref("CT3277370.migrateAppsAndComponents", true);
    Deleted : user_pref("CT3277370.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
    Deleted : user_pref("CT3277370.openThankYouPage", "false");
    Deleted : user_pref("CT3277370.openUninstallPage", "true");
    Deleted : user_pref("CT3277370.revertSettingsEnabled", "false");
    Deleted : user_pref("CT3277370.search.searchAppId", "130021582164426878");
    Deleted : user_pref("CT3277370.search.searchCount", "0");
    Deleted : user_pref("CT3277370.searchFromAddressBarEnabledByUser", "true");
    Deleted : user_pref("CT3277370.searchInNewTabEnabledByUser", "true");
    Deleted : user_pref("CT3277370.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT3277370.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3277370.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT3277370.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
    Deleted : user_pref("CT3277370.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT3277370.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3277370.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3277370.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT3277370.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362092929647");
    Deleted : user_pref("CT3277370.serviceLayer_services_appsMetadata_lastUpdate", "1362092929478");
    Deleted : user_pref("CT3277370.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362092929509");
    Deleted : user_pref("CT3277370.serviceLayer_services_location_lastUpdate", "1362092928357");
    Deleted : user_pref("CT3277370.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362092929668");
    Deleted : user_pref("CT3277370.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362092929442");
    Deleted : user_pref("CT3277370.serviceLayer_services_searchAPI_lastUpdate", "1362092928354");
    Deleted : user_pref("CT3277370.serviceLayer_services_serviceMap_lastUpdate", "1362092927237");
    Deleted : user_pref("CT3277370.serviceLayer_services_setupAPI_lastUpdate", "1362092930052");
    Deleted : user_pref("CT3277370.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362092929152");
    Deleted : user_pref("CT3277370.serviceLayer_services_toolbarSettings_lastUpdate", "1362092928051");
    Deleted : user_pref("CT3277370.serviceLayer_services_translation_lastUpdate", "1362092929587");
    Deleted : user_pref("CT3277370.settingsINI", true);
    Deleted : user_pref("CT3277370.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT3277370.smartbar.CTID", "CT3277370");
    Deleted : user_pref("CT3277370.smartbar.Uninstall", "0");
    Deleted : user_pref("CT3277370.smartbar.homepage", true);
    Deleted : user_pref("CT3277370.smartbar.toolbarName", "InternetHelper3 ");
    Deleted : user_pref("CT3277370.startPage", "true");
    Deleted : user_pref("CT3277370.toolbarBornServerTime", "1-3-2013");
    Deleted : user_pref("CT3277370.toolbarCurrentServerTime", "1-3-2013");
    Deleted : user_pref("CT3277370_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3277370&octid=CT327737[...]
    Deleted : user_pref("Smartbar.ConduitSearchEngineList", "InternetHelper3 Customized Web Search");
    Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3277370[...]
    Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3277370");
    Deleted : user_pref("browser.search.defaultthis.engineName", "InternetHelper3 Customized Web Search");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3277370&Sea[...]
    Deleted : user_pref("browser.search.selectedEngine", "InternetHelper3 Customized Web Search");
    Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3277370&octid=CT3277370&Sea[...]
    Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3277370&SearchSource=2&CU[...]
    Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3277370");
    Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3277370&SearchSource=13[...]
    Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
    Deleted : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
    Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
    Deleted : user_pref("smartbar.originalSearchEngine", "");

    -\\ Google Chrome v26.0.1410.43

    File : C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.27] : icon_url = "hxxp://www.ask.com/favicon.ico",
    Deleted [l.30] : keyword = "ask.com",
    Deleted [l.33] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=12[...]
    Deleted [l.34] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

    *************************

    AdwCleaner[R1].txt - [18596 octets] - [29/03/2013 13:13:13]
    AdwCleaner[S1].txt - [18802 octets] - [01/04/2013 07:30:10]

    ########## EOF - C:\AdwCleaner[S1].txt - [18863 octets] ##########

  8. #8
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please run ComboFix again and post back its log + fresh dds.txt log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Junior Member
    Join Date
    Mar 2013
    Posts
    10

    Default Combofix report

    ComboFix 13-04-04.01 - Tanner 04/05/2013 7:37.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2552 [GMT -6:00]
    Running from: c:\users\Tanner\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Tanner\AppData\Roaming\Igohe
    c:\users\Tanner\AppData\Roaming\Igohe\tini.ema
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-03-05 to 2013-04-05 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-05 13:49 . 2013-04-05 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-04-05 13:49 . 2013-04-05 13:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2013-04-02 08:34 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49D64414-CFBE-4765-A16C-BD1010C3AD0E}\mpengine.dll
    2013-03-22 22:00 . 2013-03-22 22:00 5664768 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktop.msi
    2013-03-22 20:05 . 2013-03-22 20:06 -------- d-----w- c:\program files (x86)\ERUNT
    2013-03-21 15:39 . 2013-03-21 15:39 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-21 04:58 . 2013-03-21 04:58 -------- d--h--w- c:\programdata\CanonIJScan
    2013-03-17 19:13 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-03-12 23:57 . 2013-03-13 00:56 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-03-08 04:40 . 2013-03-08 04:40 310688 ----a-w- c:\windows\system32\javaws.exe
    2013-03-08 04:40 . 2013-03-08 04:40 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2013-03-07 21:21 . 2013-03-07 21:21 -------- d-----w- c:\programdata\Motive
    2013-03-06 23:25 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-03-06 23:25 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-21 15:39 . 2012-07-29 16:31 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2013-03-21 15:39 . 2010-09-29 00:56 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-03-18 16:52 . 2013-02-28 23:09 325920 ----a-w- c:\windows\SysWow64\Sendori.dll
    2013-03-14 09:05 . 2010-09-19 00:03 72013344 ----a-w- c:\windows\system32\MRT.exe
    2013-03-13 00:56 . 2012-03-30 13:31 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-13 00:56 . 2011-05-17 14:00 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-08 04:40 . 2012-08-29 04:55 188832 ----a-w- c:\windows\system32\javaw.exe
    2013-03-08 04:40 . 2012-08-29 04:55 188320 ----a-w- c:\windows\system32\java.exe
    2013-03-08 04:40 . 2012-08-29 04:55 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-03-08 04:40 . 2010-09-19 02:44 963488 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-08 00:25 . 2012-12-18 14:31 92248 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
    2013-03-06 22:33 . 2012-02-25 01:48 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-03-06 22:33 . 2011-06-06 04:08 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-03-06 22:33 . 2010-09-18 23:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-03-06 22:33 . 2010-09-18 23:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-03-06 22:33 . 2010-09-18 23:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-03-06 22:33 . 2010-09-18 23:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-03-06 22:32 . 2010-09-18 23:33 41664 ----a-w- c:\windows\avastSS.scr
    2013-03-06 22:32 . 2011-06-06 04:08 287840 ----a-w- c:\windows\system32\aswBoot.exe
    2013-03-06 10:38 . 2011-02-20 05:03 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
    2013-03-06 10:38 . 2011-02-19 06:40 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
    2013-02-12 05:45 . 2013-03-13 14:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45 . 2013-03-13 14:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45 . 2013-03-13 14:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45 . 2013-03-13 14:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48 . 2013-03-13 14:21 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48 . 2013-03-13 14:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-01-19 07:44 . 2013-01-19 07:44 421888 ----a-w- c:\windows\SysWow64\RealMediaSplitter.ax
    2013-01-19 07:44 . 2013-01-19 07:44 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
    2013-01-17 07:28 . 2010-09-18 22:45 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-13 21:17 . 2013-02-27 03:29 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17 . 2013-02-27 03:29 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16 . 2013-02-27 03:29 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12 . 2013-02-27 03:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11 . 2013-02-27 03:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11 . 2013-02-27 03:29 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11 . 2013-02-27 03:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11 . 2013-02-27 03:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 21:11 . 2013-02-27 03:29 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:35 . 2013-02-27 03:29 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35 . 2013-02-27 03:29 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35 . 2013-02-27 03:29 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32 . 2013-02-27 03:29 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31 . 2013-02-27 03:29 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31 . 2013-02-27 03:29 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31 . 2013-02-27 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31 . 2013-02-27 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31 . 2013-02-27 03:29 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31 . 2013-02-27 03:29 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
    2013-01-13 20:22 . 2013-02-27 03:29 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20 . 2013-02-27 03:29 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
    2013-01-13 20:09 . 2013-02-27 03:29 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08 . 2013-02-27 03:29 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
    2013-01-13 20:08 . 2013-02-27 03:29 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
    2013-01-13 19:59 . 2013-02-27 03:29 1643520 ----a-w- c:\windows\system32\DWrite.dll
    2013-01-13 19:58 . 2013-02-27 03:29 1175552 ----a-w- c:\windows\system32\FntCache.dll
    2013-01-13 19:54 . 2013-02-27 03:29 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53 . 2013-02-27 03:29 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53 . 2013-02-27 03:29 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51 . 2013-02-27 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    2013-01-13 19:49 . 2013-02-27 03:29 363008 ----a-w- c:\windows\system32\dxgi.dll
    2013-01-13 19:48 . 2013-02-27 03:29 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46 . 2013-02-27 03:29 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
    2013-01-13 19:43 . 2013-02-27 03:29 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38 . 2013-02-27 03:29 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
    2013-01-13 19:38 . 2013-02-27 03:29 1887232 ----a-w- c:\windows\system32\d3d11.dll
    2013-01-13 19:38 . 2013-02-27 03:29 296960 ----a-w- c:\windows\system32\d3d10core.dll
    2013-01-13 19:37 . 2013-02-27 03:29 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
    2013-01-13 19:25 . 2013-02-27 03:29 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2013-01-13 19:24 . 2013-02-27 03:29 648192 ----a-w- c:\windows\system32\d3d10level9.dll
    2013-01-13 19:24 . 2013-02-27 03:29 221184 ----a-w- c:\windows\system32\UIAnimation.dll
    2013-01-13 19:20 . 2013-02-27 03:29 194560 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-01-13 19:20 . 2013-02-27 03:29 1238528 ----a-w- c:\windows\system32\d3d10.dll
    2013-01-13 19:15 . 2013-02-27 03:29 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2013-01-13 19:10 . 2013-02-27 03:29 3928064 ----a-w- c:\windows\system32\d2d1.dll
    2013-01-13 19:02 . 2013-02-27 03:29 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34 . 2013-02-27 03:29 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32 . 2013-02-27 03:29 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-01-13 18:09 . 2013-02-27 03:29 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2013-01-13 17:26 . 2013-02-27 03:29 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05 . 2013-02-27 03:29 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]
    .
    [HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-06 1945536]
    "Akamai NetSession Interface"="c:\users\Tanner\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
    "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2013-01-24 6824024]
    "Backblaze"="c:\program files (x86)\Backblaze\bzbui.exe" [2012-11-07 491184]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "NoteBurner"="c:\program files (x86)\NoteBurner\VTBurnerGUI.exe" [2010-08-05 5674312]
    "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-03-06 4767304]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "iXL_MiddleWare"="c:\program files (x86)\Fisher-Price\iXL\iXL.Middleware.exe" [2011-08-04 56376]
    "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-03-22 2387032]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
    "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-03-18 83232]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Tanner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    GoZone iSync.lnk - c:\program files (x86)\GoZone\GoZone_iSync.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2013-03-18 3623200]
    R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-19 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 aswRvrt;aswRvrt; [x]
    S0 aswVmm;aswVmm; [x]
    S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [2010-08-03 23424]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
    S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2013-03-18 119072]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
    S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-03-22 168536]
    S2 bzserv;Backblaze Service;c:\program files (x86)\Backblaze\bzserv.exe [2012-11-07 206000]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-07-30 301024]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2013-03-18 19744]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-31 07:36 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:56]
    .
    2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 13:44]
    .
    2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 13:44]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-03-06 22:32 133840 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Tanner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.10.1
    TCP: Interfaces\{3EEE7577-0BF6-4806-9D8C-E1BA8E3A6F32}: NameServer = 216.146.35.240,216.146.36.240,192.168.10.1
    FF - ProfilePath - c:\users\Tanner\AppData\Roaming\Mozilla\Firefox\Profiles\5nafkyrk.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-GoZone iSync - c:\program files (x86)\GoZone\GoZone_iSync.exe
    AddRemove-SelectRebatesUninstall - c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    @="131473"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @Allowed: (B 1 4 5 6) (S-1-5-5-0-266895)
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @Allowed: (B 1 4 5 6) (S-1-5-5-0-266895)
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
    "Licence0"="04F0D21-79D8-7A25-D702-433F"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-04-05 07:51:33
    ComboFix-quarantined-files.txt 2013-04-05 13:51
    ComboFix2.txt 2013-03-28 14:27
    .
    Pre-Run: 97,941,426,176 bytes free
    Post-Run: 97,711,783,936 bytes free
    .
    - - End Of File - - 1D4F05B22250269CCA9DF61EB5725275

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,


    Uninstall your current Adobe shockwave player and get the fresh one here if needed.

    Uninstall these old Javas (if still exist) via Control Panel's Programs and Features:
    Java(TM) 6 Update 33
    Java(TM) 6 Update 39 (64-bit)
    Java(TM) 7 Update 5



    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
    • Click Scan
    • Wait for the scan to finish.


    Post back its report, and fresh DDS logs contents (dds.txt & attach.txt). How's the system running?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •