Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: win32.downloader.gen removal help...

  1. 2013-06-05, 03:11 #1
    enditys
    enditys is offline
    Junior Member
    Join Date
    Jun 2013
    Posts
    10

    Default win32.downloader.gen removal help...

    having issues removing win32.downloader.gen please help...

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
    Run by Theresa at 17:06:31 on 2013-06-04
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4085.1977 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi Notebook\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Users\Theresa\AppData\Local\Apps\2.0\866LPMJ7.1JZ\P5PYH541.T1D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
    C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\cltmng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://sleeksearch.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mURLSearchHooks: BTControl12DM2 Toolbar: {09110334-1bf2-481d-9ce3-7ac88f9ef9fe} - C:\Program Files (x86)\BTControl12DM2\prxtbBTCo.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: BTControl12DM2 Toolbar: {09110334-1bf2-481d-9ce3-7ac88f9ef9fe} - C:\Program Files (x86)\BTControl12DM2\prxtbBTCo.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: BTControl12DM2 Toolbar: {09110334-1BF2-481D-9CE3-7AC88F9EF9FE} - C:\Program Files (x86)\BTControl12DM2\prxtbBTCo.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: BTControl12DM2 Toolbar: {09110334-1bf2-481d-9ce3-7ac88f9ef9fe} - C:\Program Files (x86)\BTControl12DM2\prxtbBTCo.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
    uRun: [SearchProtect] C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\cltmng.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Notebook\Volume Panel\VolPanlu.exe" /r
    mRun: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
    mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{00D4669A-BC21-426C-B4A6-FD2D7F2AA77C} : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{992969E3-255B-43A3-80F1-AB2CE47C4BCA} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{992969E3-255B-43A3-80F1-AB2CE47C4BCA}\2375942554234323 : DHCPNameServer = 192.168.1.254
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043&CUI=UN20816375541168785&UM=2&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - BTControl12DM2 Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.sleeksearch.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043&SearchSource=2&CUI=UN20816375541168785&UM=2&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\extensions\{09110334-1bf2-481d-9ce3-7ac88f9ef9fe}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\extensions\{09110334-1bf2-481d-9ce3-7ac88f9ef9fe}\plugins\npConduitFirefoxPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
    FF - ExtSQL: 2013-04-11 23:24; {09110334-1bf2-481d-9ce3-7ac88f9ef9fe}; C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\extensions\{09110334-1bf2-481d-9ce3-7ac88f9ef9fe}
    FF - ExtSQL: 2013-05-10 14:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - ExtSQL: !HIDDEN! 2012-01-04 00:38; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-6 65336]
    R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-6 189936]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-21 1025808]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-21 378432]
    R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2011-12-21 14904]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-21 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-21 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-21 46808]
    R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-4-11 93984]
    R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 701512]
    R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-12-22 60416]
    R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2011-12-22 80384]
    R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2011-12-22 55808]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-21 1153368]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
    R3 copperhd;Razer Copperhead Driver;C:\Windows\System32\drivers\copperhd.sys [2006-5-24 13824]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-21 25928]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-5-1 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-5-1 79360]
    S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-12-22 21712]
    S3 ksaud;Creative USB Audio Driver;C:\Windows\System32\drivers\ksaud.sys [2012-5-1 983936]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-12-21 20992]
    S3 SaiH075C;SaiH075C;C:\Windows\System32\drivers\SaiH075C.sys [2012-1-24 326784]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-21 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-22 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-06-04 15:31:13 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{879927B7-3C22-42FF-9E4C-BFEFDCBA6E12}\offreg.dll
    2013-06-04 15:29:38 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{879927B7-3C22-42FF-9E4C-BFEFDCBA6E12}\mpengine.dll
    2013-05-26 05:46:20 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
    2013-05-26 05:46:20 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
    2013-05-26 05:46:20 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
    2013-05-26 05:46:20 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
    2013-05-26 05:46:20 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
    2013-05-26 05:38:13 -------- d-----w- C:\Program Files\iPod
    2013-05-26 05:38:12 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-05-26 05:38:12 -------- d-----w- C:\Program Files\iTunes
    2013-05-26 05:38:12 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-05-20 14:25:01 -------- d-----w- C:\Users\Theresa\AppData\Roaming\SearchProtect
    2013-05-15 23:18:41 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-05-15 23:18:41 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-05-15 23:18:41 144384 ----a-w- C:\Windows\System32\cdd.dll
    2013-05-15 23:18:20 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-05-15 23:18:18 70144 ----a-w- C:\Windows\System32\appinfo.dll
    2013-05-15 23:18:18 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-05-15 23:18:18 111448 ----a-w- C:\Windows\System32\consent.exe
    2013-05-15 23:17:27 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
    2013-05-15 23:17:27 230400 ----a-w- C:\Windows\System32\wwansvc.dll
    2013-05-15 23:17:25 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-05-10 07:57:26 187456 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2013-05-09 04:02:58 -------- d-----r- C:\Program Files (x86)\Skype
    2013-05-07 19:56:37 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2013-05-07 06:07:10 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ==================== Find3M ====================
    .
    2013-05-20 03:38:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-20 03:38:25 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
    2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-11 14:22:56 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
    2013-04-11 14:22:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
    2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
    2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-03-06 22:30:42 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-03-06 22:30:42 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 17:07:07.45 ===============



    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-06-04 17:49:35
    -----------------------------
    17:49:35.157 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:49:35.157 Number of processors: 8 586 0x1E05
    17:49:35.157 ComputerName: THERESA-MUNOZ UserName: Theresa
    17:49:35.859 Initialize success
    17:49:35.968 AVAST engine defs: 13060400
    17:49:37.762 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    17:49:37.762 Disk 0 Vendor: ST9320423AS D005SDM1 Size: 305245MB BusType: 11
    17:49:37.778 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
    17:49:37.778 Disk 1 Vendor: ST9320423AS 0002SDM1 Size: 305245MB BusType: 11
    17:49:37.949 Disk 0 MBR read successfully
    17:49:37.949 Disk 0 MBR scan
    17:49:37.965 Disk 0 Windows 7 default MBR code
    17:49:37.981 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    17:49:37.996 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
    17:49:38.105 Disk 0 scanning C:\Windows\system32\drivers
    17:49:56.560 Service scanning
    17:50:11.100 Modules scanning
    17:50:11.100 Disk 0 trace - called modules:
    17:50:11.630 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    17:50:11.646 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047ee790]
    17:50:11.646 3 CLASSPNP.SYS[fffff8800194943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80042552e0]
    17:50:12.301 AVAST engine scan C:\Windows
    17:50:23.096 AVAST engine scan C:\Windows\system32
    17:54:19.327 AVAST engine scan C:\Windows\system32\drivers
    17:54:47.126 AVAST engine scan C:\Users\Theresa
    18:20:40.122 AVAST engine scan C:\ProgramData
    18:23:29.117 Scan finished successfully
    18:29:20.976 Disk 0 MBR has been saved successfully to "C:\Users\Theresa\Desktop\MBR.dat"
    18:29:20.991 The log file has been saved successfully to "C:\Users\Theresa\Desktop\aswMBR.txt"



    Win32.Downloader.gen: [SBI $BCCEBCBD] Program directory (Directory, nothing done)
    C:\Users\Theresa\AppData\Roaming\SearchProtect\

    Win32.Downloader.gen: [SBI $37CF691B] Autorun settings (SearchProtect) (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-147755331-2039841654-876228001-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchProtect

    Win32.Downloader.gen: [SBI $37CF691B] Program file (File, nothing done)
    C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\cltmng.exe
    Properties.size=2730784
    Properties.md5=51DE6288470B700C0CD663CDAC49A4B0
    Properties.filedate=1365690488
    Properties.filedatetext=2013-04-11 10:28:08

    Win32.Downloader.gen: [SBI $4D2EF4F3] Autorun settings (SearchProtectAll) (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchProtectAll

    Win32.Downloader.gen: [SBI $4D2EF4F3] Program file (File, nothing done)
    C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
    Properties.size=2730784
    Properties.md5=51DE6288470B700C0CD663CDAC49A4B0
    Properties.filedate=1365690488
    Properties.filedatetext=2013-04-11 10:28:08

    Win32.Downloader.gen: [SBI $4FAD8AA1] Configuration file (File, nothing done)
    C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\searchplugins\conduit.xml
    Properties.size=1005
    Properties.md5=3325FAA8777E79C59ADF1BB84E1C3578
    Properties.filedate=1365737063
    Properties.filedatetext=2013-04-11 23:24:22

    Win32.Downloader.gen: [SBI $97C26527] Configuration file (File, nothing done)
    C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\prefs.js
    Properties.size=26161
    Properties.md5=00BA28177DB5D9B43663EC32F22F9BE9
    Properties.filedate=1370328689
    Properties.filedatetext=2013-06-04 02:51:29

    Win32.Downloader.gen: [SBI $2B63DD0C] Program directory (Directory, nothing done)
    C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\

    Win32.Downloader.gen: [SBI $CB403BBB] Library (File, nothing done)
    C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\ChromeModule.dll
    Properties.size=517920
    Properties.md5=864605381EB8B0B5E022D98794284B5A
    Properties.filedate=1365690486
    Properties.filedatetext=2013-04-11 10:28:06

    Win32.Downloader.gen: [SBI $B6021D1F] Configuration file (File, nothing done)
    C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Properties.size=91633
    Properties.md5=09D8AC33A9C0250B490F8643B2B767E6
    Properties.filedate=1370296843
    Properties.filedatetext=2013-06-03 18:00:43

    Win32.Downloader.gen: [SBI $7EE5B2C0] Executable (File, nothing done)
    C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe
    Properties.size=93984
    Properties.md5=934F4153380EDB6809EB9231C6B5F2A9
    Properties.filedate=1365690488
    Properties.filedatetext=2013-04-11 10:28:08

    Win32.Downloader.gen: [SBI $38013861] Library (File, nothing done)
    C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll
    Properties.size=870176
    Properties.md5=0F701EA1D517DA6350B8931ED7173DE3
    Properties.filedate=1365690486
    Properties.filedatetext=2013-04-11 10:28:06

    Win32.Downloader.gen: [SBI $64A0E025] Library (File, nothing done)
    C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll
    Properties.size=792352
    Properties.md5=806DAC3D5373BA708693C4B37B955707
    Properties.filedate=1365690486
    Properties.filedatetext=2013-04-11 10:28:06

    Win32.Downloader.gen: [SBI $FAF2197D] Library (File, nothing done)
    C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\msvcp100.dll
    Properties.size=421200
    Properties.md5=03E9314004F504A14A61C3D364B62F66
    Properties.filedate=1365690176
    Properties.filedatetext=2013-04-11 10:22:56

    Win32.Downloader.gen: [SBI $D40431FB] Library (File, nothing done)
    C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\msvcr100.dll
    Properties.size=770384
    Properties.md5=67EC459E42D3081DD8FD34356F7CAFC1
    Properties.filedate=1365690176
    Properties.filedatetext=2013-04-11 10:22:56

    Win32.Downloader.gen: [SBI $C408DE11] Data (File, nothing done)
    C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\rep.dat
    Properties.size=20320
    Properties.md5=D5BEB6BA5BEC3C7E6B725BA3490E53DF
    Properties.filedate=1370389705
    Properties.filedatetext=2013-06-04 19:48:24

    Win32.Downloader.gen: [SBI $C35DA846] Library (File, nothing done)
    C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\SPHook32.dll
    Properties.size=149792
    Properties.md5=F294E06F6213CD325208E09C0B0A2699
    Properties.filedate=1365690488
    Properties.filedatetext=2013-04-11 10:28:08

    Win32.Downloader.gen: [SBI $72695CF4] Executable (File, nothing done)
    C:\Users\Theresa\AppData\Roaming\SearchProtect\bin\uninstall.exe
    Properties.size=194520
    Properties.md5=62566150BA62A00B7D4233F561E33B6A
    Properties.filedate=1365690514
    Properties.filedatetext=2013-04-11 10:28:34

    Win32.Downloader.gen: [SBI $E6AD2227] Program directory (Directory, nothing done)
    C:\Users\Theresa\AppData\Local\Conduit\

    Win32.Downloader.gen: [SBI $F65FFCFA] Library (File, nothing done)
    C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll
    Properties.size=638560
    Properties.md5=6796F6E449F90A543DC3345538ACC46F
    Properties.filedate=1362485924
    Properties.filedatetext=2013-03-05 08:18:44

    Win32.Downloader.gen: [SBI $84685D62] Program directory (Directory, nothing done)
    C:\Program Files (x86)\SearchProtect\bin\

    Win32.Downloader.gen: [SBI $6815DCAA] Library (File, nothing done)
    C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll
    Properties.size=517920
    Properties.md5=864605381EB8B0B5E022D98794284B5A
    Properties.filedate=1365690486
    Properties.filedatetext=2013-04-11 10:28:06

    Win32.Downloader.gen: [SBI $1B6AE556] Executable (File, nothing done)
    C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
    Properties.size=93984
    Properties.md5=934F4153380EDB6809EB9231C6B5F2A9
    Properties.filedate=1365690488
    Properties.filedatetext=2013-04-11 10:28:08

    Win32.Downloader.gen: [SBI $7BE23E0D] Library (File, nothing done)
    C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll
    Properties.size=870176
    Properties.md5=0F701EA1D517DA6350B8931ED7173DE3
    Properties.filedate=1365690486
    Properties.filedatetext=2013-04-11 10:28:06

    Win32.Downloader.gen: [SBI $A31C5F5A] Library (File, nothing done)
    C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll
    Properties.size=792352
    Properties.md5=806DAC3D5373BA708693C4B37B955707
    Properties.filedate=1365690486
    Properties.filedatetext=2013-04-11 10:28:06

    Win32.Downloader.gen: [SBI $F3790893] Library (File, nothing done)
    C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll
    Properties.size=421200
    Properties.md5=03E9314004F504A14A61C3D364B62F66
    Properties.filedate=1365690176
    Properties.filedatetext=2013-04-11 10:22:56

    Win32.Downloader.gen: [SBI $DD8F2015] Library (File, nothing done)
    C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll
    Properties.size=770384
    Properties.md5=67EC459E42D3081DD8FD34356F7CAFC1
    Properties.filedate=1365690176
    Properties.filedatetext=2013-04-11 10:22:56

    Win32.Downloader.gen: [SBI $726854BC] Data (File, nothing done)
    C:\Program Files (x86)\SearchProtect\bin\rep.dat
    Properties.size=268
    Properties.md5=30102E05D6A20F3F83B1B08E46F608C9
    Properties.filedate=1366063748
    Properties.filedatetext=2013-04-15 18:09:07

    Win32.Downloader.gen: [SBI $CAD6B9A8] Library (File, nothing done)
    C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll
    Properties.size=149792
    Properties.md5=F294E06F6213CD325208E09C0B0A2699
    Properties.filedate=1365690488
    Properties.filedatetext=2013-04-11 10:28:08

    Win32.Downloader.gen: [SBI $17E60B62] Executable (File, nothing done)
    C:\Program Files (x86)\SearchProtect\bin\uninstall.exe
    Properties.size=194520
    Properties.md5=62566150BA62A00B7D4233F561E33B6A
    Properties.filedate=1365690514
    Properties.filedatetext=2013-04-11 10:28:34

    Right Media: Tracking cookie (Internet Explorer: Theresa) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2011-12-21 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2013-04-11 Includes\Adware.sbi (*)
    2013-05-28 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2013-04-11 Includes\DialerC.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2013-04-11 Includes\HijackersC.sbi (*)
    2012-11-14 Includes\iPhone.sbi (*)
    2012-11-14 Includes\Keyloggers.sbi (*)
    2013-04-11 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2013-05-29 Includes\Malware.sbi (*)
    2013-05-29 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-05-22 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2013-04-11 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2013-05-22 Includes\Spyware.sbi (*)
    2013-05-08 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2013-01-16 Includes\Trojans.sbi (*)
    2013-05-13 Includes\TrojansC-02.sbi (*)
    2013-05-29 Includes\TrojansC-03.sbi (*)
    2013-05-16 Includes\TrojansC-04.sbi (*)
    2013-05-08 Includes\TrojansC-05.sbi (*)
    2013-04-19 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    Attached Files Attached Files
  2. 2013-06-09, 23:04 #2
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Hi,

    Sorry for the delay. If you still need help simply reply back.
    How Can I Reduce My Risk?
  3. 2013-06-12, 07:09 #3
    enditys
    enditys is offline
    Junior Member
    Join Date
    Jun 2013
    Posts
    10

    Default still need help

    Hi I still need help please


    Quote Originally Posted by shelf life View Post
    Hi,

    Sorry for the delay. If you still need help simply reply back.
  4. 2013-06-13, 02:56 #4
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok. Look in your add/remove programs panel and uninstall each of these one by one:

    BTControl12DM2 Toolbar
    MarketResearch
    Search Protect by conduit

    After the last uninstall reboot your machine. Next we will get a download to use:

    Please download:
    Adwcleaner.exe by Xplode onto your desktop.
    Right click on AdwCleaner.exe, and select "run as admin"
    Click on Search
    A logfile will automatically open after the scan has finished
    Close AdwCleaner with the X button
    Copy and paste the contents of the log in your reply
    You can find the logfile at C:\AdwCleaner[R1].txt as well

    We will go from there.
    How Can I Reduce My Risk?
  5. 2013-06-14, 16:33 #5
    enditys
    enditys is offline
    Junior Member
    Join Date
    Jun 2013
    Posts
    10

    Default as requested

    # AdwCleaner v2.303 - Logfile created 06/14/2013 at 10:29:06
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Theresa -
    # Boot Mode : Normal
    # Running from : C:\Users\Theresa\Desktop\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****

    Found : CltMngSvc

    ***** [Files / Folders] *****

    File Found : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\searchplugins\Askcom.xml
    File Found : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\searchplugins\Conduit.xml
    Folder Found : C:\Program Files (x86)\BTControl12DM2
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\SearchProtect
    Folder Found : C:\ProgramData\Ask
    Folder Found : C:\Users\Theresa\AppData\Local\Conduit
    Folder Found : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
    Folder Found : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
    Folder Found : C:\Users\Theresa\AppData\LocalLow\BTControl12DM2
    Folder Found : C:\Users\Theresa\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\CT3274043
    Folder Found : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\extensions\{09110334-1bf2-481d-9ce3-7ac88f9ef9fe}
    Folder Found : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\Smartbar
    Folder Found : C:\Users\Theresa\AppData\Roaming\SearchProtect

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\BTControl12DM2
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AppDataLow\Toolbar
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Google\Chrome\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
    Key Found : HKCU\Software\Google\Chrome\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81650A1D-FDB2-4BBE-A718-A2C7EDE8CCC8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Found : HKCU\Software\SearchProtect
    Key Found : HKLM\Software\BTControl12DM2
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3274043
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\DeviceVM
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{81650A1D-FDB2-4BBE-A718-A2C7EDE8CCC8}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\Software\SearchProtect
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{81650A1D-FDB2-4BBE-A718-A2C7EDE8CCC8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24FEEAC9-9521-48CB-BDFE-BFF761E7C1FB}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C460929-1C50-418B-B2F4-5A471BBD2CB7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BTControl12DM2 Toolbar
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16611

    [OK] Registry is clean.

    -\\ Mozilla Firefox v21.0 (en-US)

    File : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\prefs.js

    Found : user_pref("CT3274043.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2NzkwNjU0NywidXVpZCI6ODE1NjQwOTYwNjYyNDE3LCJ[...]
    Found : user_pref("CT3274043.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3274043.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Found : user_pref("CT3274043.FF19Solved", "true");
    Found : user_pref("CT3274043.FirstTime", "true");
    Found : user_pref("CT3274043.FirstTimeFF3", "true");
    Found : user_pref("CT3274043.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]
    Found : user_pref("CT3274043.UserID", "UN20816375541168785");
    Found : user_pref("CT3274043.addressBarTakeOverEnabledInHidden", "true");
    Found : user_pref("CT3274043.autoDisableScopes", -1);
    Found : user_pref("CT3274043.browser.search.defaultthis.engineName", "true");
    Found : user_pref("CT3274043.defaultSearch", "true");
    Found : user_pref("CT3274043.embeddedsData", "[{\"appId\":\"130009398660734442\",\"apiPermissions\":{\"cross[...]
    Found : user_pref("CT3274043.enableFix404ByUser", "FALSE");
    Found : user_pref("CT3274043.enableSearchFromAddressBar", "true");
    Found : user_pref("CT3274043.firstTimeDialogOpened", "true");
    Found : user_pref("CT3274043.fixPageNotFoundErrorByUser", "TRUE");
    Found : user_pref("CT3274043.fixPageNotFoundErrorInHidden", "true");
    Found : user_pref("CT3274043.fixUrls", true);
    Found : user_pref("CT3274043.installDate", "11/4/2013 23:24:22");
    Found : user_pref("CT3274043.installType", "xpe");
    Found : user_pref("CT3274043.installUsage", "2013-05-07T09:02:23.6031389+03:00");
    Found : user_pref("CT3274043.installUsageEarly", "2013-05-07T09:02:22.6515145+03:00");
    Found : user_pref("CT3274043.installerVersion", "1.3.7.3");
    Found : user_pref("CT3274043.isCheckedStartAsHidden", true);
    Found : user_pref("CT3274043.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3274043.isFirstTimeToolbarLoading", "false");
    Found : user_pref("CT3274043.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Found : user_pref("CT3274043.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Found : user_pref("CT3274043.keyword", "true");
    Found : user_pref("CT3274043.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
    Found : user_pref("CT3274043.lastVersion", "10.16.2.509");
    Found : user_pref("CT3274043.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
    Found : user_pref("CT3274043.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
    Found : user_pref("CT3274043.mam_gk_currentVersion.enc", "MS40LjQuNg==");
    Found : user_pref("CT3274043.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    Found : user_pref("CT3274043.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
    Found : user_pref("CT3274043.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
    Found : user_pref("CT3274043.migrateAppsAndComponents", true);
    Found : user_pref("CT3274043.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
    Found : user_pref("CT3274043.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Found : user_pref("CT3274043.openThankYouPage", "true");
    Found : user_pref("CT3274043.openUninstallPage", "false");
    Found : user_pref("CT3274043.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT32[...]
    Found : user_pref("CT3274043.revertSettingsEnabled", "false");
    Found : user_pref("CT3274043.search.searchAppId", "130009398660734442");
    Found : user_pref("CT3274043.search.searchCount", "2");
    Found : user_pref("CT3274043.searchFromAddressBarEnabledByUser", "true");
    Found : user_pref("CT3274043.searchInNewTabEnabledByUser", "true");
    Found : user_pref("CT3274043.searchInNewTabEnabledInHidden", "true");
    Found : user_pref("CT3274043.searchUserMode", "2");
    Found : user_pref("CT3274043.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3274043.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Found : user_pref("CT3274043.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Found : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Found : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Found : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Found : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Found : user_pref("CT3274043.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1370711068025");
    Found : user_pref("CT3274043.serviceLayer_services_appsMetadata_lastUpdate", "1370711068359");
    Found : user_pref("CT3274043.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370325734722");
    Found : user_pref("CT3274043.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1367906535[...]
    Found : user_pref("CT3274043.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1367906536469")[...]
    Found : user_pref("CT3274043.serviceLayer_services_location_lastUpdate", "1370711068514");
    Found : user_pref("CT3274043.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369285251550");
    Found : user_pref("CT3274043.serviceLayer_services_login_10.15.0.62_lastUpdate", "1367906536728");
    Found : user_pref("CT3274043.serviceLayer_services_login_10.16.2.509_lastUpdate", "1370743094882");
    Found : user_pref("CT3274043.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370395521508");
    Found : user_pref("CT3274043.serviceLayer_services_searchAPI_lastUpdate", "1370711068528");
    Found : user_pref("CT3274043.serviceLayer_services_serviceMap_lastUpdate", "1370711067623");
    Found : user_pref("CT3274043.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370325734822");
    Found : user_pref("CT3274043.serviceLayer_services_toolbarSettings_lastUpdate", "1370743094579");
    Found : user_pref("CT3274043.serviceLayer_services_translation_lastUpdate", "1370711069300");
    Found : user_pref("CT3274043.settingsINI", true);
    Found : user_pref("CT3274043.shouldFirstTimeDialog", "false");
    Found : user_pref("CT3274043.showToolbarPermission", "false");
    Found : user_pref("CT3274043.smartbar.CTID", "CT3274043");
    Found : user_pref("CT3274043.smartbar.Uninstall", "0");
    Found : user_pref("CT3274043.smartbar.homepage", true);
    Found : user_pref("CT3274043.smartbar.toolbarName", "BTControl12DM2 ");
    Found : user_pref("CT3274043.startPage", "true");
    Found : user_pref("CT3274043.toolbarBornServerTime", "7-5-2013");
    Found : user_pref("CT3274043.toolbarCurrentServerTime", "9-6-2013");
    Found : user_pref("CT3274043.toolbarLoginClientTime", "Tue May 07 2013 02:02:16 GMT-0400 (Eastern Daylight T[...]
    Found : user_pref("CT3274043_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3274043&CUI=UN20816375[...]
    Found : user_pref("Smartbar.ConduitSearchEngineList", "BTControl12DM2 Customized Web Search");
    Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043[...]
    Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3274043");
    Found : user_pref("browser.search.defaultthis.engineName", "BTControl12DM2 Customized Web Search");
    Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043&CUI[...]
    Found : user_pref("browser.search.order.1", "Ask.com");
    Found : user_pref("browser.search.selectedEngine", "BTControl12DM2 Customized Web Search");
    Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043&SearchSource=2&CU[...]
    Found : user_pref("smartbar.addressBarOwnerCTID", "CT3274043");
    Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3274043&CUI=UN208163755[...]
    Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
    Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3274043");
    Found : user_pref("smartbar.machineId", "WJ3QPF4WCH4L+JXXZ1AXO0GMCCNJBNPQQ4MWXEP5ZE3S7NFWJHSB8DQ2FMPZN+DWYOK[...]
    Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3274043&CUI=UN208163755411[...]
    Found : user_pref("smartbar.originalSearchAddressUrl", "");
    Found : user_pref("smartbar.originalSearchEngine", "Ask.com");

    -\\ Google Chrome v27.0.1453.110

    File : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Found [l.2172] : homepage = "hxxp://search.conduit.com/?ctid=CT3274043&SearchSource=48&CUI=UN16342509561895818&UM=2",
    Found [l.2375] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3274043&SearchSource=48&CUI=UN16342509561895818&UM=2" ]

    *************************

    AdwCleaner[R1].txt - [14679 octets] - [14/06/2013 10:29:06]

    ########## EOF - C:\AdwCleaner[R1].txt - [14740 octets] ##########
    Last edited by shelf life; 2013-06-20 at 23:23.
  6. 2013-06-14, 23:56 #6
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok good. Now launch adwcleaner once more and click on the delete button. Machine will reboot. At start up another log will be displayed which you can post in your next reply.
    How Can I Reduce My Risk?
  7. 2013-06-17, 05:44 #7
    enditys
    enditys is offline
    Junior Member
    Join Date
    Jun 2013
    Posts
    10

    Default

    # AdwCleaner v2.303 - Logfile created 06/16/2013 at 23:34:23
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Theresa
    # Boot Mode : Normal
    # Running from : C:\Users\Theresa\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : CltMngSvc

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
    File Deleted : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\searchplugins\Askcom.xml
    File Deleted : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\searchplugins\Conduit.xml
    Folder Deleted : C:\Program Files (x86)\BTControl12DM2
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\SearchProtect
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\Users\Theresa\AppData\Local\Conduit
    Folder Deleted : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
    Folder Deleted : C:\Users\Theresa\AppData\LocalLow\BTControl12DM2
    Folder Deleted : C:\Users\Theresa\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\CT3274043
    Folder Deleted : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\extensions\{09110334-1bf2-481d-9ce3-7ac88f9ef9fe}
    Folder Deleted : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\Smartbar
    Folder Deleted : C:\Users\Theresa\AppData\Roaming\SearchProtect

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\BTControl12DM2
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81650A1D-FDB2-4BBE-A718-A2C7EDE8CCC8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKLM\Software\BTControl12DM2
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3274043
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DeviceVM
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{81650A1D-FDB2-4BBE-A718-A2C7EDE8CCC8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{81650A1D-FDB2-4BBE-A718-A2C7EDE8CCC8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknnnemlggnbpceofncdgnakmgfnhbli
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24FEEAC9-9521-48CB-BDFE-BFF761E7C1FB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C460929-1C50-418B-B2F4-5A471BBD2CB7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BTControl12DM2 Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{09110334-1BF2-481D-9CE3-7AC88F9EF9FE}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16611

    [OK] Registry is clean.

    -\\ Mozilla Firefox v21.0 (en-US)

    File : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\s0ho6sxs.default\prefs.js

    Deleted : user_pref("CT3274043.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2NzkwNjU0NywidXVpZCI6ODE1NjQwOTYwNjYyNDE3LCJ[...]
    Deleted : user_pref("CT3274043.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3274043.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT3274043.FF19Solved", "true");
    Deleted : user_pref("CT3274043.FirstTime", "true");
    Deleted : user_pref("CT3274043.FirstTimeFF3", "true");
    Deleted : user_pref("CT3274043.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]
    Deleted : user_pref("CT3274043.UserID", "UN20816375541168785");
    Deleted : user_pref("CT3274043.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT3274043.autoDisableScopes", -1);
    Deleted : user_pref("CT3274043.browser.search.defaultthis.engineName", "true");
    Deleted : user_pref("CT3274043.defaultSearch", "true");
    Deleted : user_pref("CT3274043.embeddedsData", "[{\"appId\":\"130009398660734442\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT3274043.enableFix404ByUser", "FALSE");
    Deleted : user_pref("CT3274043.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT3274043.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT3274043.fixPageNotFoundErrorByUser", "TRUE");
    Deleted : user_pref("CT3274043.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT3274043.fixUrls", true);
    Deleted : user_pref("CT3274043.installDate", "11/4/2013 23:24:22");
    Deleted : user_pref("CT3274043.installType", "xpe");
    Deleted : user_pref("CT3274043.installUsage", "2013-05-07T09:02:23.6031389+03:00");
    Deleted : user_pref("CT3274043.installUsageEarly", "2013-05-07T09:02:22.6515145+03:00");
    Deleted : user_pref("CT3274043.installerVersion", "1.3.7.3");
    Deleted : user_pref("CT3274043.isCheckedStartAsHidden", true);
    Deleted : user_pref("CT3274043.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3274043.isFirstTimeToolbarLoading", "false");
    Deleted : user_pref("CT3274043.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT3274043.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT3274043.keyword", "true");
    Deleted : user_pref("CT3274043.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
    Deleted : user_pref("CT3274043.lastVersion", "10.16.2.509");
    Deleted : user_pref("CT3274043.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
    Deleted : user_pref("CT3274043.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
    Deleted : user_pref("CT3274043.mam_gk_currentVersion.enc", "MS40LjQuNg==");
    Deleted : user_pref("CT3274043.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    Deleted : user_pref("CT3274043.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT3274043.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
    Deleted : user_pref("CT3274043.migrateAppsAndComponents", true);
    Deleted : user_pref("CT3274043.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
    Deleted : user_pref("CT3274043.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT3274043.openThankYouPage", "true");
    Deleted : user_pref("CT3274043.openUninstallPage", "false");
    Deleted : user_pref("CT3274043.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT32[...]
    Deleted : user_pref("CT3274043.revertSettingsEnabled", "false");
    Deleted : user_pref("CT3274043.search.searchAppId", "130009398660734442");
    Deleted : user_pref("CT3274043.search.searchCount", "2");
    Deleted : user_pref("CT3274043.searchFromAddressBarEnabledByUser", "true");
    Deleted : user_pref("CT3274043.searchInNewTabEnabledByUser", "true");
    Deleted : user_pref("CT3274043.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT3274043.searchUserMode", "2");
    Deleted : user_pref("CT3274043.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3274043.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT3274043.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3274043.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT3274043.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1370711068025");
    Deleted : user_pref("CT3274043.serviceLayer_services_appsMetadata_lastUpdate", "1370711068359");
    Deleted : user_pref("CT3274043.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370325734722");
    Deleted : user_pref("CT3274043.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1367906535[...]
    Deleted : user_pref("CT3274043.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1367906536469")[...]
    Deleted : user_pref("CT3274043.serviceLayer_services_location_lastUpdate", "1370711068514");
    Deleted : user_pref("CT3274043.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369285251550");
    Deleted : user_pref("CT3274043.serviceLayer_services_login_10.15.0.62_lastUpdate", "1367906536728");
    Deleted : user_pref("CT3274043.serviceLayer_services_login_10.16.2.509_lastUpdate", "1370743094882");
    Deleted : user_pref("CT3274043.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370395521508");
    Deleted : user_pref("CT3274043.serviceLayer_services_searchAPI_lastUpdate", "1370711068528");
    Deleted : user_pref("CT3274043.serviceLayer_services_serviceMap_lastUpdate", "1370711067623");
    Deleted : user_pref("CT3274043.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370325734822");
    Deleted : user_pref("CT3274043.serviceLayer_services_toolbarSettings_lastUpdate", "1370743094579");
    Deleted : user_pref("CT3274043.serviceLayer_services_translation_lastUpdate", "1370711069300");
    Deleted : user_pref("CT3274043.settingsINI", true);
    Deleted : user_pref("CT3274043.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT3274043.showToolbarPermission", "false");
    Deleted : user_pref("CT3274043.smartbar.CTID", "CT3274043");
    Deleted : user_pref("CT3274043.smartbar.Uninstall", "0");
    Deleted : user_pref("CT3274043.smartbar.homepage", true);
    Deleted : user_pref("CT3274043.smartbar.toolbarName", "BTControl12DM2 ");
    Deleted : user_pref("CT3274043.startPage", "true");
    Deleted : user_pref("CT3274043.toolbarBornServerTime", "7-5-2013");
    Deleted : user_pref("CT3274043.toolbarCurrentServerTime", "9-6-2013");
    Deleted : user_pref("CT3274043.toolbarLoginClientTime", "Tue May 07 2013 02:02:16 GMT-0400 (Eastern Daylight T[...]
    Deleted : user_pref("CT3274043_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3274043&CUI=UN20816375[...]
    Deleted : user_pref("Smartbar.ConduitSearchEngineList", "BTControl12DM2 Customized Web Search");
    Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043[...]
    Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3274043");
    Deleted : user_pref("browser.search.defaultthis.engineName", "BTControl12DM2 Customized Web Search");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043&CUI[...]
    Deleted : user_pref("browser.search.order.1", "Ask.com");
    Deleted : user_pref("browser.search.selectedEngine", "BTControl12DM2 Customized Web Search");
    Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3274043&SearchSource=2&CU[...]
    Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3274043");
    Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3274043&CUI=UN208163755[...]
    Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
    Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3274043");
    Deleted : user_pref("smartbar.machineId", "WJ3QPF4WCH4L+JXXZ1AXO0GMCCNJBNPQQ4MWXEP5ZE3S7NFWJHSB8DQ2FMPZN+DWYOK[...]
    Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3274043&CUI=UN208163755411[...]
    Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
    Deleted : user_pref("smartbar.originalSearchEngine", "Ask.com");

    -\\ Google Chrome v27.0.1453.110

    File : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.2172] : homepage = "hxxp://search.conduit.com/?ctid=CT3274043&SearchSource=48&CUI=UN16342509561895818&U[...]
    Deleted [l.2375] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3274043&SearchSource=48&C[...]

    *************************

    AdwCleaner[R1].txt - [14810 octets] - [14/06/2013 10:29:06]
    AdwCleaner[S1].txt - [14753 octets] - [16/06/2013 23:34:23]

    ########## EOF - C:\AdwCleaner[S1].txt - [14814 octets] ##########
    Last edited by shelf life; 2013-06-20 at 23:24.
  8. 2013-06-17, 23:30 #8
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Ok good. Thanks for the info. Lets get one more download which is similar to adwcleaner. Lets see if it can dig up anymore stuff. Afterwards you can run Spybot which should come up clean now.

    Please download JRT.exe to your desktop.
    Right click and select "run as admin"
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next reply
    How Can I Reduce My Risk?
  9. 2013-06-18, 04:09 #9
    enditys
    enditys is offline
    Junior Member
    Join Date
    Jun 2013
    Posts
    10

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Theresa on Mon 06/17/2013 at 21:59:14.89
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-147755331-2039841654-876228001-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E82CA3CE-F82D-4E9A-B069-D99971E9B448}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Theresa\appdata\local\{0712AF88-0315-48E6-9867-0D8DC4D3A6E6}
    Successfully deleted: [Empty Folder] C:\Users\Theresa\appdata\local\{3720AE0D-4603-4346-AF1B-2DB2F1A9E90C}



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Theresa\AppData\Roaming\mozilla\firefox\profiles\s0ho6sxs.default\prefs.js

    user_pref("browser.startup.homepage", "hxxp://www.sleeksearch.com/");
    Emptied folder: C:\Users\Theresa\AppData\Roaming\mozilla\firefox\profiles\s0ho6sxs.default\minidumps [15 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 06/17/2013 at 22:05:46.29
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. 2013-06-18, 23:33 #10
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Go ahead and run Spybot now and see if its "clean."
    How Can I Reduce My Risk?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules