PDA

View Full Version : win32.downloader.gen removal help...



enditys
2013-06-05, 04:11
having issues removing win32.downloader.gen please help...

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by Theresa at 17:06:31 on 2013-06-04
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4085.1977 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi Notebook\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Theresa\AppData\Local\Apps\2.0\866LPMJ7.1JZ\P5PYH541.T1D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sleeksearch.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: BTControl12DM2 Toolbar: {09110334-1bf2-481d-9ce3-7ac88f9ef9fe} - C:\Program Files (x86)\BTControl12DM2\prxtbBTCo.dll
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: BTControl12DM2 Toolbar: {09110334-1bf2-481d-9ce3-7ac88f9ef9fe} - C:\Program Files (x86)\BTControl12DM2\prxtbBTCo.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: BTControl12DM2 Toolbar: {09110334-1BF2-481D-9CE3-7AC88F9EF9FE} - C:\Program Files (x86)\BTControl12DM2\prxtbBTCo.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: BTControl12DM2 Toolbar: {09110334-1bf2-481d-9ce3-7ac88f9ef9fe} - C:\Program Files (x86)\BTControl12DM2\prxtbBTCo.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
uRun: [SearchProtect] C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\cltmng.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Notebook\Volume Panel\VolPanlu.exe" /r
mRun: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{00D4669A-BC21-426C-B4A6-FD2D7F2AA77C} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{992969E3-255B-43A3-80F1-AB2CE47C4BCA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{992969E3-255B-43A3-80F1-AB2CE47C4BCA}\2375942554234323 : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043&CUI=UN20816375541168785&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BTControl12DM2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.sleeksearch.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043&SearchSource=2&CUI=UN20816375541168785&UM=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\extensions\{09110334-1bf2-481d-9ce3-7ac88f9ef9fe}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\extensions\{09110334-1bf2-481d-9ce3-7ac88f9ef9fe}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-11 23:24; {09110334-1bf2-481d-9ce3-7ac88f9ef9fe}; C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\extensions\{09110334-1bf2-481d-9ce3-7ac88f9ef9fe}
FF - ExtSQL: 2013-05-10 14:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: !HIDDEN! 2012-01-04 00:38; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-6 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-6 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-21 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-21 378432]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2011-12-21 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-21 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-21 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-21 46808]
R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-4-11 93984]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 701512]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-12-22 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2011-12-22 80384]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2011-12-22 55808]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-21 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R3 copperhd;Razer Copperhead Driver;C:\Windows\System32\drivers\copperhd.sys [2006-5-24 13824]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-21 25928]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-5-1 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-5-1 79360]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-12-22 21712]
S3 ksaud;Creative USB Audio Driver;C:\Windows\System32\drivers\ksaud.sys [2012-5-1 983936]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-12-21 20992]
S3 SaiH075C;SaiH075C;C:\Windows\System32\drivers\SaiH075C.sys [2012-1-24 326784]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-22 1255736]
.
=============== Created Last 30 ================
.
2013-06-04 15:31:13 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{879927B7-3C22-42FF-9E4C-BFEFDCBA6E12}\offreg.dll
2013-06-04 15:29:38 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{879927B7-3C22-42FF-9E4C-BFEFDCBA6E12}\mpengine.dll
2013-05-26 05:46:20 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-26 05:46:20 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-26 05:46:20 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-26 05:46:20 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-26 05:46:20 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-26 05:38:13 -------- d-----w- C:\Program Files\iPod
2013-05-26 05:38:12 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-26 05:38:12 -------- d-----w- C:\Program Files\iTunes
2013-05-26 05:38:12 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-20 14:25:01 -------- d-----w- C:\Users\Theresa\AppData\Roaming\SearchProtect
2013-05-15 23:18:41 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 23:18:41 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 23:18:41 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 23:18:20 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 23:18:18 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 23:18:18 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 23:18:18 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 23:17:27 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 23:17:27 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 23:17:25 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-10 07:57:26 187456 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-09 04:02:58 -------- d-----r- C:\Program Files (x86)\Skype
2013-05-07 19:56:37 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-05-07 06:07:10 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-05-20 03:38:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-20 03:38:25 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-11 14:22:56 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-04-11 14:22:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-06 22:30:42 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-06 22:30:42 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 17:07:07.45 ===============



aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-04 17:49:35
-----------------------------
17:49:35.157 OS Version: Windows x64 6.1.7601 Service Pack 1
17:49:35.157 Number of processors: 8 586 0x1E05
17:49:35.157 ComputerName: THERESA-MUNOZ UserName: Theresa
17:49:35.859 Initialize success
17:49:35.968 AVAST engine defs: 13060400
17:49:37.762 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:49:37.762 Disk 0 Vendor: ST9320423AS D005SDM1 Size: 305245MB BusType: 11
17:49:37.778 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
17:49:37.778 Disk 1 Vendor: ST9320423AS 0002SDM1 Size: 305245MB BusType: 11
17:49:37.949 Disk 0 MBR read successfully
17:49:37.949 Disk 0 MBR scan
17:49:37.965 Disk 0 Windows 7 default MBR code
17:49:37.981 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:49:37.996 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
17:49:38.105 Disk 0 scanning C:\Windows\system32\drivers
17:49:56.560 Service scanning
17:50:11.100 Modules scanning
17:50:11.100 Disk 0 trace - called modules:
17:50:11.630 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:50:11.646 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047ee790]
17:50:11.646 3 CLASSPNP.SYS[fffff8800194943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80042552e0]
17:50:12.301 AVAST engine scan C:\Windows
17:50:23.096 AVAST engine scan C:\Windows\system32
17:54:19.327 AVAST engine scan C:\Windows\system32\drivers
17:54:47.126 AVAST engine scan C:\Users\Theresa
18:20:40.122 AVAST engine scan C:\ProgramData
18:23:29.117 Scan finished successfully
18:29:20.976 Disk 0 MBR has been saved successfully to "C:\Users\Theresa\Desktop\MBR.dat"
18:29:20.991 The log file has been saved successfully to "C:\Users\Theresa\Desktop\aswMBR.txt"



Win32.Downloader.gen: [SBI $BCCEBCBD] Program directory (Directory, nothing done)
C:\Users\Theresa\AppData\Roaming\SearchProtect\

Win32.Downloader.gen: [SBI $37CF691B] Autorun settings (SearchProtect) (Registry value, nothing done)
HKEY_USERS\S-1-5-21-147755331-2039841654-876228001-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchProtect

Win32.Downloader.gen: [SBI $37CF691B] Program file (File, nothing done)
C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\cltmng.exe
Properties.size=2730784
Properties.md5=51DE6288470B700C0CD663CDAC49A4B0
Properties.filedate=1365690488
Properties.filedatetext=2013-04-11 10:28:08

Win32.Downloader.gen: [SBI $4D2EF4F3] Autorun settings (SearchProtectAll) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchProtectAll

Win32.Downloader.gen: [SBI $4D2EF4F3] Program file (File, nothing done)
C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
Properties.size=2730784
Properties.md5=51DE6288470B700C0CD663CDAC49A4B0
Properties.filedate=1365690488
Properties.filedatetext=2013-04-11 10:28:08

Win32.Downloader.gen: [SBI $4FAD8AA1] Configuration file (File, nothing done)
C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\searchplugins\conduit.xml
Properties.size=1005
Properties.md5=3325FAA8777E79C59ADF1BB84E1C3578
Properties.filedate=1365737063
Properties.filedatetext=2013-04-11 23:24:22

Win32.Downloader.gen: [SBI $97C26527] Configuration file (File, nothing done)
C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\prefs.js
Properties.size=26161
Properties.md5=00BA28177DB5D9B43663EC32F22F9BE9
Properties.filedate=1370328689
Properties.filedatetext=2013-06-04 02:51:29

Win32.Downloader.gen: [SBI $2B63DD0C] Program directory (Directory, nothing done)
C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\

Win32.Downloader.gen: [SBI $CB403BBB] Library (File, nothing done)
C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\ChromeModule.dll
Properties.size=517920
Properties.md5=864605381EB8B0B5E022D98794284B5A
Properties.filedate=1365690486
Properties.filedatetext=2013-04-11 10:28:06

Win32.Downloader.gen: [SBI $B6021D1F] Configuration file (File, nothing done)
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Preferences
Properties.size=91633
Properties.md5=09D8AC33A9C0250B490F8643B2B767E6
Properties.filedate=1370296843
Properties.filedatetext=2013-06-03 18:00:43

Win32.Downloader.gen: [SBI $7EE5B2C0] Executable (File, nothing done)
C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe
Properties.size=93984
Properties.md5=934F4153380EDB6809EB9231C6B5F2A9
Properties.filedate=1365690488
Properties.filedatetext=2013-04-11 10:28:08

Win32.Downloader.gen: [SBI $38013861] Library (File, nothing done)
C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll
Properties.size=870176
Properties.md5=0F701EA1D517DA6350B8931ED7173DE3
Properties.filedate=1365690486
Properties.filedatetext=2013-04-11 10:28:06

Win32.Downloader.gen: [SBI $64A0E025] Library (File, nothing done)
C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll
Properties.size=792352
Properties.md5=806DAC3D5373BA708693C4B37B955707
Properties.filedate=1365690486
Properties.filedatetext=2013-04-11 10:28:06

Win32.Downloader.gen: [SBI $FAF2197D] Library (File, nothing done)
C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\msvcp100.dll
Properties.size=421200
Properties.md5=03E9314004F504A14A61C3D364B62F66
Properties.filedate=1365690176
Properties.filedatetext=2013-04-11 10:22:56

Win32.Downloader.gen: [SBI $D40431FB] Library (File, nothing done)
C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\msvcr100.dll
Properties.size=770384
Properties.md5=67EC459E42D3081DD8FD34356F7CAFC1
Properties.filedate=1365690176
Properties.filedatetext=2013-04-11 10:22:56

Win32.Downloader.gen: [SBI $C408DE11] Data (File, nothing done)
C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\rep.dat
Properties.size=20320
Properties.md5=D5BEB6BA5BEC3C7E6B725BA3490E53DF
Properties.filedate=1370389705
Properties.filedatetext=2013-06-04 19:48:24

Win32.Downloader.gen: [SBI $C35DA846] Library (File, nothing done)
C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\SPHook32.dll
Properties.size=149792
Properties.md5=F294E06F6213CD325208E09C0B0A2699
Properties.filedate=1365690488
Properties.filedatetext=2013-04-11 10:28:08

Win32.Downloader.gen: [SBI $72695CF4] Executable (File, nothing done)
C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\uninstall.exe
Properties.size=194520
Properties.md5=62566150BA62A00B7D4233F561E33B6A
Properties.filedate=1365690514
Properties.filedatetext=2013-04-11 10:28:34

Win32.Downloader.gen: [SBI $E6AD2227] Program directory (Directory, nothing done)
C:\Users\Theresa\AppData\Local\Conduit\

Win32.Downloader.gen: [SBI $F65FFCFA] Library (File, nothing done)
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll
Properties.size=638560
Properties.md5=6796F6E449F90A543DC3345538ACC46F
Properties.filedate=1362485924
Properties.filedatetext=2013-03-05 08:18:44

Win32.Downloader.gen: [SBI $84685D62] Program directory (Directory, nothing done)
C:\Program Files (x86)\SearchProtect\bin\

Win32.Downloader.gen: [SBI $6815DCAA] Library (File, nothing done)
C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll
Properties.size=517920
Properties.md5=864605381EB8B0B5E022D98794284B5A
Properties.filedate=1365690486
Properties.filedatetext=2013-04-11 10:28:06

Win32.Downloader.gen: [SBI $1B6AE556] Executable (File, nothing done)
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
Properties.size=93984
Properties.md5=934F4153380EDB6809EB9231C6B5F2A9
Properties.filedate=1365690488
Properties.filedatetext=2013-04-11 10:28:08

Win32.Downloader.gen: [SBI $7BE23E0D] Library (File, nothing done)
C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll
Properties.size=870176
Properties.md5=0F701EA1D517DA6350B8931ED7173DE3
Properties.filedate=1365690486
Properties.filedatetext=2013-04-11 10:28:06

Win32.Downloader.gen: [SBI $A31C5F5A] Library (File, nothing done)
C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll
Properties.size=792352
Properties.md5=806DAC3D5373BA708693C4B37B955707
Properties.filedate=1365690486
Properties.filedatetext=2013-04-11 10:28:06

Win32.Downloader.gen: [SBI $F3790893] Library (File, nothing done)
C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll
Properties.size=421200
Properties.md5=03E9314004F504A14A61C3D364B62F66
Properties.filedate=1365690176
Properties.filedatetext=2013-04-11 10:22:56

Win32.Downloader.gen: [SBI $DD8F2015] Library (File, nothing done)
C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll
Properties.size=770384
Properties.md5=67EC459E42D3081DD8FD34356F7CAFC1
Properties.filedate=1365690176
Properties.filedatetext=2013-04-11 10:22:56

Win32.Downloader.gen: [SBI $726854BC] Data (File, nothing done)
C:\Program Files (x86)\SearchProtect\bin\rep.dat
Properties.size=268
Properties.md5=30102E05D6A20F3F83B1B08E46F608C9
Properties.filedate=1366063748
Properties.filedatetext=2013-04-15 18:09:07

Win32.Downloader.gen: [SBI $CAD6B9A8] Library (File, nothing done)
C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll
Properties.size=149792
Properties.md5=F294E06F6213CD325208E09C0B0A2699
Properties.filedate=1365690488
Properties.filedatetext=2013-04-11 10:28:08

Win32.Downloader.gen: [SBI $17E60B62] Executable (File, nothing done)
C:\Program Files (x86)\SearchProtect\bin\uninstall.exe
Properties.size=194520
Properties.md5=62566150BA62A00B7D4233F561E33B6A
Properties.filedate=1365690514
Properties.filedatetext=2013-04-11 10:28:34

Right Media: Tracking cookie (Internet Explorer: Theresa) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-12-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-05-28 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-05-29 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-05-22 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-05-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-05-29 Includes\TrojansC-03.sbi (*)
2013-05-16 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

shelf life
2013-06-10, 00:04
Hi,

Sorry for the delay. If you still need help simply reply back.

enditys
2013-06-12, 08:09
Hi I still need help please
:crazy:


Hi,

Sorry for the delay. If you still need help simply reply back.

shelf life
2013-06-13, 03:56
ok. Look in your add/remove programs panel and uninstall each of these one by one:

BTControl12DM2 Toolbar
MarketResearch
Search Protect by conduit

After the last uninstall reboot your machine. Next we will get a download to use:

Please download:
Adwcleaner.exe (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
Right click on AdwCleaner.exe, and select "run as admin"
Click on Search
A logfile will automatically open after the scan has finished
Close AdwCleaner with the X button
Copy and paste the contents of the log in your reply
You can find the logfile at C:\AdwCleaner[R1].txt as well

We will go from there.

enditys
2013-06-14, 17:33
# AdwCleaner v2.303 - Logfile created 06/14/2013 at 10:29:06
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Theresa -
# Boot Mode : Normal
# Running from : C:\Users\Theresa\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : CltMngSvc

***** [Files / Folders] *****

File Found : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\searchplugins\Askcom.xml
File Found : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files (x86)\BTControl12DM2
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Theresa\AppData\Local\Conduit
Folder Found : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
Folder Found : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
Folder Found : C:\Users\Theresa\AppData\LocalLow\BTControl12DM2
Folder Found : C:\Users\Theresa\AppData\LocalLow\Conduit
Folder Found : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\CT3274043
Folder Found : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\extensions\{09110334-1bf2-481d-9ce3-7ac88f9ef9fe}
Folder Found : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\Smartbar
Folder Found : C:\Users\Theresa\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\BTControl12DM2
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
Key Found : HKCU\Software\Google\Chrome\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81650A1D-FDB2-4BBE-A718-A2C7EDE8CCC8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\Software\BTControl12DM2
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3274043
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{81650A1D-FDB2-4BBE-A718-A2C7EDE8CCC8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{81650A1D-FDB2-4BBE-A718-A2C7EDE8CCC8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24FEEAC9-9521-48CB-BDFE-BFF761E7C1FB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C460929-1C50-418B-B2F4-5A471BBD2CB7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BTControl12DM2 Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\prefs.js

Found : user_pref("CT3274043.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2NzkwNjU0NywidXVpZCI6ODE1NjQwOTYwNjYyNDE3LCJ[...]
Found : user_pref("CT3274043.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3274043.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3274043.FF19Solved", "true");
Found : user_pref("CT3274043.FirstTime", "true");
Found : user_pref("CT3274043.FirstTimeFF3", "true");
Found : user_pref("CT3274043.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]
Found : user_pref("CT3274043.UserID", "UN20816375541168785");
Found : user_pref("CT3274043.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3274043.autoDisableScopes", -1);
Found : user_pref("CT3274043.browser.search.defaultthis.engineName", "true");
Found : user_pref("CT3274043.defaultSearch", "true");
Found : user_pref("CT3274043.embeddedsData", "[{\"appId\":\"130009398660734442\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3274043.enableFix404ByUser", "FALSE");
Found : user_pref("CT3274043.enableSearchFromAddressBar", "true");
Found : user_pref("CT3274043.firstTimeDialogOpened", "true");
Found : user_pref("CT3274043.fixPageNotFoundErrorByUser", "TRUE");
Found : user_pref("CT3274043.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3274043.fixUrls", true);
Found : user_pref("CT3274043.installDate", "11/4/2013 23:24:22");
Found : user_pref("CT3274043.installType", "xpe");
Found : user_pref("CT3274043.installUsage", "2013-05-07T09:02:23.6031389+03:00");
Found : user_pref("CT3274043.installUsageEarly", "2013-05-07T09:02:22.6515145+03:00");
Found : user_pref("CT3274043.installerVersion", "1.3.7.3");
Found : user_pref("CT3274043.isCheckedStartAsHidden", true);
Found : user_pref("CT3274043.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3274043.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3274043.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3274043.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3274043.keyword", "true");
Found : user_pref("CT3274043.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Found : user_pref("CT3274043.lastVersion", "10.16.2.509");
Found : user_pref("CT3274043.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT3274043.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Found : user_pref("CT3274043.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Found : user_pref("CT3274043.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Found : user_pref("CT3274043.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT3274043.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3274043.migrateAppsAndComponents", true);
Found : user_pref("CT3274043.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Found : user_pref("CT3274043.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3274043.openThankYouPage", "true");
Found : user_pref("CT3274043.openUninstallPage", "false");
Found : user_pref("CT3274043.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT32[...]
Found : user_pref("CT3274043.revertSettingsEnabled", "false");
Found : user_pref("CT3274043.search.searchAppId", "130009398660734442");
Found : user_pref("CT3274043.search.searchCount", "2");
Found : user_pref("CT3274043.searchFromAddressBarEnabledByUser", "true");
Found : user_pref("CT3274043.searchInNewTabEnabledByUser", "true");
Found : user_pref("CT3274043.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3274043.searchUserMode", "2");
Found : user_pref("CT3274043.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3274043.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3274043.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3274043.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1370711068025");
Found : user_pref("CT3274043.serviceLayer_services_appsMetadata_lastUpdate", "1370711068359");
Found : user_pref("CT3274043.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370325734722");
Found : user_pref("CT3274043.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1367906535[...]
Found : user_pref("CT3274043.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1367906536469")[...]
Found : user_pref("CT3274043.serviceLayer_services_location_lastUpdate", "1370711068514");
Found : user_pref("CT3274043.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369285251550");
Found : user_pref("CT3274043.serviceLayer_services_login_10.15.0.62_lastUpdate", "1367906536728");
Found : user_pref("CT3274043.serviceLayer_services_login_10.16.2.509_lastUpdate", "1370743094882");
Found : user_pref("CT3274043.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370395521508");
Found : user_pref("CT3274043.serviceLayer_services_searchAPI_lastUpdate", "1370711068528");
Found : user_pref("CT3274043.serviceLayer_services_serviceMap_lastUpdate", "1370711067623");
Found : user_pref("CT3274043.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370325734822");
Found : user_pref("CT3274043.serviceLayer_services_toolbarSettings_lastUpdate", "1370743094579");
Found : user_pref("CT3274043.serviceLayer_services_translation_lastUpdate", "1370711069300");
Found : user_pref("CT3274043.settingsINI", true);
Found : user_pref("CT3274043.shouldFirstTimeDialog", "false");
Found : user_pref("CT3274043.showToolbarPermission", "false");
Found : user_pref("CT3274043.smartbar.CTID", "CT3274043");
Found : user_pref("CT3274043.smartbar.Uninstall", "0");
Found : user_pref("CT3274043.smartbar.homepage", true);
Found : user_pref("CT3274043.smartbar.toolbarName", "BTControl12DM2 ");
Found : user_pref("CT3274043.startPage", "true");
Found : user_pref("CT3274043.toolbarBornServerTime", "7-5-2013");
Found : user_pref("CT3274043.toolbarCurrentServerTime", "9-6-2013");
Found : user_pref("CT3274043.toolbarLoginClientTime", "Tue May 07 2013 02:02:16 GMT-0400 (Eastern Daylight T[...]
Found : user_pref("CT3274043_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3274043&CUI=UN20816375[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "BTControl12DM2 Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3274043");
Found : user_pref("browser.search.defaultthis.engineName", "BTControl12DM2 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043&CUI[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "BTControl12DM2 Customized Web Search");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043&SearchSource=2&CU[...]
Found : user_pref("smartbar.addressBarOwnerCTID", "CT3274043");
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3274043&CUI=UN208163755[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3274043");
Found : user_pref("smartbar.machineId", "WJ3QPF4WCH4L+JXXZ1AXO0GMCCNJBNPQQ4MWXEP5ZE3S7NFWJHSB8DQ2FMPZN+DWYOK[...]
Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3274043&CUI=UN208163755411[...]
Found : user_pref("smartbar.originalSearchAddressUrl", "");
Found : user_pref("smartbar.originalSearchEngine", "Ask.com");

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.2172] : homepage = "hxxp://search.conduit.com/?ctid=CT3274043&SearchSource=48&CUI=UN16342509561895818&UM=2",
Found [l.2375] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3274043&SearchSource=48&CUI=UN16342509561895818&UM=2" ]

*************************

AdwCleaner[R1].txt - [14679 octets] - [14/06/2013 10:29:06]

########## EOF - C:\AdwCleaner[R1].txt - [14740 octets] ##########

shelf life
2013-06-15, 00:56
ok good. Now launch adwcleaner once more and click on the delete button. Machine will reboot. At start up another log will be displayed which you can post in your next reply.

enditys
2013-06-17, 06:44
# AdwCleaner v2.303 - Logfile created 06/16/2013 at 23:34:23
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Theresa
# Boot Mode : Normal
# Running from : C:\Users\Theresa\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
File Deleted : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\BTControl12DM2
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Theresa\AppData\Local\Conduit
Folder Deleted : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
Folder Deleted : C:\Users\Theresa\AppData\LocalLow\BTControl12DM2
Folder Deleted : C:\Users\Theresa\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\CT3274043
Folder Deleted : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\extensions\{09110334-1bf2-481d-9ce3-7ac88f9ef9fe}
Folder Deleted : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\Smartbar
Folder Deleted : C:\Users\Theresa\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\BTControl12DM2
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81650A1D-FDB2-4BBE-A718-A2C7EDE8CCC8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKLM\Software\BTControl12DM2
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3274043
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{81650A1D-FDB2-4BBE-A718-A2C7EDE8CCC8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{81650A1D-FDB2-4BBE-A718-A2C7EDE8CCC8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24FEEAC9-9521-48CB-BDFE-BFF761E7C1FB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C460929-1C50-418B-B2F4-5A471BBD2CB7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BTControl12DM2 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\prefs.js

Deleted : user_pref("CT3274043.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2NzkwNjU0NywidXVpZCI6ODE1NjQwOTYwNjYyNDE3LCJ[...]
Deleted : user_pref("CT3274043.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3274043.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3274043.FF19Solved", "true");
Deleted : user_pref("CT3274043.FirstTime", "true");
Deleted : user_pref("CT3274043.FirstTimeFF3", "true");
Deleted : user_pref("CT3274043.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]
Deleted : user_pref("CT3274043.UserID", "UN20816375541168785");
Deleted : user_pref("CT3274043.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3274043.autoDisableScopes", -1);
Deleted : user_pref("CT3274043.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3274043.defaultSearch", "true");
Deleted : user_pref("CT3274043.embeddedsData", "[{\"appId\":\"130009398660734442\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3274043.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3274043.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3274043.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3274043.fixPageNotFoundErrorByUser", "TRUE");
Deleted : user_pref("CT3274043.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3274043.fixUrls", true);
Deleted : user_pref("CT3274043.installDate", "11/4/2013 23:24:22");
Deleted : user_pref("CT3274043.installType", "xpe");
Deleted : user_pref("CT3274043.installUsage", "2013-05-07T09:02:23.6031389+03:00");
Deleted : user_pref("CT3274043.installUsageEarly", "2013-05-07T09:02:22.6515145+03:00");
Deleted : user_pref("CT3274043.installerVersion", "1.3.7.3");
Deleted : user_pref("CT3274043.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3274043.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3274043.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3274043.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3274043.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3274043.keyword", "true");
Deleted : user_pref("CT3274043.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3274043.lastVersion", "10.16.2.509");
Deleted : user_pref("CT3274043.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3274043.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Deleted : user_pref("CT3274043.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Deleted : user_pref("CT3274043.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3274043.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3274043.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3274043.migrateAppsAndComponents", true);
Deleted : user_pref("CT3274043.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Deleted : user_pref("CT3274043.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3274043.openThankYouPage", "true");
Deleted : user_pref("CT3274043.openUninstallPage", "false");
Deleted : user_pref("CT3274043.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT32[...]
Deleted : user_pref("CT3274043.revertSettingsEnabled", "false");
Deleted : user_pref("CT3274043.search.searchAppId", "130009398660734442");
Deleted : user_pref("CT3274043.search.searchCount", "2");
Deleted : user_pref("CT3274043.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3274043.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3274043.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3274043.searchUserMode", "2");
Deleted : user_pref("CT3274043.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3274043.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3274043.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3274043.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1370711068025");
Deleted : user_pref("CT3274043.serviceLayer_services_appsMetadata_lastUpdate", "1370711068359");
Deleted : user_pref("CT3274043.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370325734722");
Deleted : user_pref("CT3274043.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1367906535[...]
Deleted : user_pref("CT3274043.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1367906536469")[...]
Deleted : user_pref("CT3274043.serviceLayer_services_location_lastUpdate", "1370711068514");
Deleted : user_pref("CT3274043.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369285251550");
Deleted : user_pref("CT3274043.serviceLayer_services_login_10.15.0.62_lastUpdate", "1367906536728");
Deleted : user_pref("CT3274043.serviceLayer_services_login_10.16.2.509_lastUpdate", "1370743094882");
Deleted : user_pref("CT3274043.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370395521508");
Deleted : user_pref("CT3274043.serviceLayer_services_searchAPI_lastUpdate", "1370711068528");
Deleted : user_pref("CT3274043.serviceLayer_services_serviceMap_lastUpdate", "1370711067623");
Deleted : user_pref("CT3274043.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370325734822");
Deleted : user_pref("CT3274043.serviceLayer_services_toolbarSettings_lastUpdate", "1370743094579");
Deleted : user_pref("CT3274043.serviceLayer_services_translation_lastUpdate", "1370711069300");
Deleted : user_pref("CT3274043.settingsINI", true);
Deleted : user_pref("CT3274043.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3274043.showToolbarPermission", "false");
Deleted : user_pref("CT3274043.smartbar.CTID", "CT3274043");
Deleted : user_pref("CT3274043.smartbar.Uninstall", "0");
Deleted : user_pref("CT3274043.smartbar.homepage", true);
Deleted : user_pref("CT3274043.smartbar.toolbarName", "BTControl12DM2 ");
Deleted : user_pref("CT3274043.startPage", "true");
Deleted : user_pref("CT3274043.toolbarBornServerTime", "7-5-2013");
Deleted : user_pref("CT3274043.toolbarCurrentServerTime", "9-6-2013");
Deleted : user_pref("CT3274043.toolbarLoginClientTime", "Tue May 07 2013 02:02:16 GMT-0400 (Eastern Daylight T[...]
Deleted : user_pref("CT3274043_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3274043&CUI=UN20816375[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "BTControl12DM2 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3274043");
Deleted : user_pref("browser.search.defaultthis.engineName", "BTControl12DM2 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043&CUI[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "BTControl12DM2 Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3274043");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3274043&CUI=UN208163755[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3274043");
Deleted : user_pref("smartbar.machineId", "WJ3QPF4WCH4L+JXXZ1AXO0GMCCNJBNPQQ4MWXEP5ZE3S7NFWJHSB8DQ2FMPZN+DWYOK[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3274043&CUI=UN208163755411[...]
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", "Ask.com");

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2172] : homepage = "hxxp://search.conduit.com/?ctid=CT3274043&SearchSource=48&CUI=UN16342509561895818&U[...]
Deleted [l.2375] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3274043&SearchSource=48&C[...]

*************************

AdwCleaner[R1].txt - [14810 octets] - [14/06/2013 10:29:06]
AdwCleaner[S1].txt - [14753 octets] - [16/06/2013 23:34:23]

########## EOF - C:\AdwCleaner[S1].txt - [14814 octets] ##########

shelf life
2013-06-18, 00:30
Ok good. Thanks for the info. Lets get one more download which is similar to adwcleaner. Lets see if it can dig up anymore stuff. Afterwards you can run Spybot which should come up clean now.

Please download JRT.exe (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) to your desktop.
Right click and select "run as admin"
The tool will open and start scanning.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply

enditys
2013-06-18, 05:09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Theresa on Mon 06/17/2013 at 21:59:14.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-147755331-2039841654-876228001-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E82CA3CE-F82D-4E9A-B069-D99971E9B448}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Theresa\appdata\local\{0712AF88-0315-48E6-9867-0D8DC4D3A6E6}
Successfully deleted: [Empty Folder] C:\Users\Theresa\appdata\local\{3720AE0D-4603-4346-AF1B-2DB2F1A9E90C}



~~~ FireFox

Successfully deleted the following from C:\Users\Theresa\AppData\Roaming\mozilla\firefox\profiles\s0ho6sxs.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://www.sleeksearch.com/");
Emptied folder: C:\Users\Theresa\AppData\Roaming\mozilla\firefox\profiles\s0ho6sxs.default\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/17/2013 at 22:05:46.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

shelf life
2013-06-19, 00:33
Go ahead and run Spybot now and see if its "clean."

enditys
2013-06-19, 03:14
It came up with some "right media"

enditys
2013-06-19, 03:16
It came up with "right media"

shelf life
2013-06-19, 04:46
Does it list a location or any more info about it? Iam thinking its a cookie your picking up during browsing. Which you can control from the browser.

Try this (http://kb.wisc.edu/page.php?id=15141) for deleting cookies and your cache.

enditys
2013-06-20, 06:35
it was a cookie from some ad.yieldmanager.com

enditys
2013-06-20, 06:36
tracking cookie from Internet explorer

shelf life
2013-06-21, 00:54
Cookies are not much to worry about. In IE you can somewhat manage cookies. IE>Tools>Interent Options>Privacy, Move the slider up. You can also set which sites are allowed to store cookies and block all others or block certain sites, (http://www.ghacks.net/2011/07/23/selectively-block-cookies-on-internet-explorer-and-firefox-in-realtime/) ( like ad.yieldmanager.com) I prefer FireFox's browser cookie control myself. I rarely use IE when in Windows.

enditys
2013-06-21, 03:35
sounds good thank you very much for all of your help!!! It's greatly appreciated! :D:

shelf life
2013-06-21, 23:50
ok. you are welcome. You can delete the JRT icon from your desktop. You can run adwcleaner once more and this time click on the uninstall button to remove it. If all is good on your end. Some tips for you:

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. ( http://secunia.com/vulnerability_scanning/online/)
Check your browser for vulnerabilities. ( https://browserscan.rapid7.com/scanme)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars or other "offers" if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits or lack of habits.*

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing tricks. (http://www.fraud.org/tips/internet/phishing.htm)

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX and Java applets with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista, Windows 7 and Windows 8 attempts to address.

Every MS remote code execution bulletin ends with this sentence: "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

8) Use Windows native firewall and get a inexpensive hardware router.

9) Your browser risks. The why and how (http://www.us-cert.gov/reading_room/securing_browser/) to secure your browser for safer surfing.
Consider disabling Java (http://disablejava.com/) in your browser.

10) Warez, cracks, keygens etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Do you really trust the source of the file?

More info with pictures in link below.
Happy Safe Surfing