Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: Need help removing search.conduit from my system

  1. #1
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default Need help removing search.conduit from my system

    I tried several things none have worked. Why does virus and spyware not detect this malware? How can I remove it?http://forums.spybot.info/images/smilies/confused1.gif

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR

    Download DDS from one of the links below to your desktop

    Link 1
    Link 2

    • Double click the tool to run it.
    • A black Screen will open, just read the contents and do nothing.
    • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
    • Copy/Paste the contents of 'DDS.txt' into your post.
    • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)


    Information on A/V control Here





    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default Help in removing search.conduit ...

    I have windows 8.1 and have not been able to get it to run as Administrator in order for the DDS program to run. Can you assist?

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets try this one instead

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default Need help removing search.conduit ran Awcleaner inserted report file

    Results of the executing AdwCleaner.exe
    # AdwCleaner v3.016 - Report created 27/12/2013 at 14:27:19
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : Mack - WORKPC
    # Running from : C:\Users\Mack\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : CltMngSvc

    ***** [ Files / Folders ] *****

    File Found : C:\Users\Public\Desktop\eBay.lnk
    Folder Found C:\Program Files (x86)\Searchprotect
    Folder Found C:\Users\Mack\AppData\Local\Searchprotect

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Found : HKLM\Software\SearchProtect
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16384


    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Users\Mack\AppData\Roaming\Mozilla\Firefox\Profiles\o13s4y14.default\prefs.js ]


    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1660 octets] - [27/12/2013 14:27:19]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1720 octets] ##########

    Thanks





    Quote Originally Posted by ken545 View Post
    Lets try this one instead

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    No need to quote me as some of the logs we may ask for maybe large and with a quote may not fit into a reply.

    Where you able to run aswMBR, if so run it and post that log please

    Then.....

    Double click on AdwCleaner.exe to run the tool again.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • This time, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.




    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.






    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default Results from aswMBR

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-12-28 10:49:53
    -----------------------------
    10:49:53.462 OS Version: Windows x64 6.2.9200
    10:49:53.462 Number of processors: 2 586 0x200
    10:49:53.465 ComputerName: WORKPC UserName: Mack
    10:49:54.100 Initialze error 1
    11:19:09.915 AVAST engine defs: 13122800
    11:19:18.220 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-12-28 10:49:53
    -----------------------------
    10:49:53.462 OS Version: Windows x64 6.2.9200
    10:49:53.462 Number of processors: 2 586 0x200
    10:49:53.465 ComputerName: WORKPC UserName: Mack
    10:49:54.100 Initialze error 1
    11:19:09.915 AVAST engine defs: 13122800
    11:19:18.220 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"
    11:19:41.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
    11:19:41.837 Disk 0 Vendor: HGST_HTS545032A7E380 GGBOACA0 Size: 305245MB BusType: 11
    11:19:41.898 Disk 0 MBR read successfully
    11:19:41.905 Disk 0 MBR scan
    11:19:41.932 Disk 0 unknown MBR code
    11:19:41.940 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    11:19:41.957 Disk 0 scanning C:\WINDOWS\system32\drivers
    11:19:41.968 Service scanning
    11:19:42.523 Modules scanning
    11:19:42.541 Disk 0 trace - called modules:
    11:19:42.565 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
    11:19:42.584 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000016ab5e0]
    11:19:42.601 3 CLASSPNP.SYS[fffff80000646abb] -> nt!IofCallDriver -> [0xffffe000002e9b30]
    11:19:42.617 5 amdxata.sys[fffff800007146b4] -> nt!IofCallDriver -> \Device\00000028[0xffffe0000139a060]
    11:19:42.633 AVAST engine scan C:\WINDOWS
    11:19:42.649 AVAST engine scan C:\WINDOWS\system32
    11:19:42.666 AVAST engine scan C:\WINDOWS\system32\drivers
    11:19:42.683 AVAST engine scan C:\Users\Mack
    11:19:42.700 AVAST engine scan C:\ProgramData
    11:19:42.717 Scan finished successfully
    11:20:11.844 Disk 0 MBR fix error
    11:20:41.924 Disk 0 MBR has been saved successfully to "C:\Users\Mack\Desktop\MBR.dat"
    11:20:41.947 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"

  8. #8
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default Results after cleaning with Adwcleaner

    Results after running Adwcleaner and allowing it to clean.

    # AdwCleaner v3.016 - Report created 28/12/2013 at 11:30:15
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : Mack - WORKPC
    # Running from : C:\Users\Mack\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : CltMngSvc

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\Searchprotect
    Folder Deleted : C:\Users\Mack\AppData\Local\Searchprotect
    File Deleted : C:\Users\Public\Desktop\eBay.lnk

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16384


    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Users\Mack\AppData\Roaming\Mozilla\Firefox\Profiles\o13s4y14.default\prefs.js ]


    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1808 octets] - [27/12/2013 14:27:19]
    AdwCleaner[R1].txt - [1868 octets] - [28/12/2013 11:28:37]
    AdwCleaner[S0].txt - [1704 octets] - [28/12/2013 11:30:15]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1764 octets] ##########

  9. #9
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default Results from running JRT

    Results from running JRT

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 8.1 x64
    Ran by Mack on Sat 12/28/2013 at 11:50:36.02
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 12/28/2013 at 12:06:37.60
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  10. #10
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default Results after running OTL Part 1 of 3

    OTL logfile created on: 12/28/2013 12:13:39 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mack\Desktop
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16476)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.60 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 69.75% Memory free
    4.22 Gb Paging File | 2.95 Gb Available in Paging File | 69.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 275.02 Gb Total Space | 238.23 Gb Free Space | 86.62% Space Free | Partition Type: NTFS
    Drive D: | 21.96 Gb Total Space | 2.18 Gb Free Space | 9.93% Space Free | Partition Type: NTFS

    Computer Name: WORKPC | User Name: Mack | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/28 10:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mack\Desktop\OTL.exe
    PRC - [2013/12/09 09:40:07 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    PRC - [2013/12/06 15:47:44 | 020,203,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    PRC - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
    PRC - [2013/02/25 13:39:26 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    PRC - [2013/02/01 17:00:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    PRC - [2012/07/13 16:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2012/06/07 21:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/28 11:42:20 | 001,153,024 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_ssl.pyd
    MOD - [2013/12/28 11:42:20 | 000,805,888 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._gdi_.pyd
    MOD - [2013/12/28 11:42:20 | 000,711,680 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_hashlib.pyd
    MOD - [2013/12/28 11:42:20 | 000,110,080 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\pywintypes27.dll
    MOD - [2013/12/28 11:42:20 | 000,026,624 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_multiprocessing.pyd
    MOD - [2013/12/28 11:42:19 | 001,175,040 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._core_.pyd
    MOD - [2013/12/28 11:42:19 | 001,062,400 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._controls_.pyd
    MOD - [2013/12/28 11:42:19 | 000,811,008 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._windows_.pyd
    MOD - [2013/12/28 11:42:19 | 000,735,232 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._misc_.pyd
    MOD - [2013/12/28 11:42:19 | 000,686,080 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\unicodedata.pyd
    MOD - [2013/12/28 11:42:19 | 000,557,056 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\pysqlite2._sqlite.pyd
    MOD - [2013/12/28 11:42:19 | 000,521,680 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\windows._lib_cacheinvalidation.pyd
    MOD - [2013/12/28 11:42:19 | 000,364,544 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\pythoncom27.dll
    MOD - [2013/12/28 11:42:19 | 000,320,512 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32com.shell.shell.pyd
    MOD - [2013/12/28 11:42:19 | 000,128,512 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_elementtree.pyd
    MOD - [2013/12/28 11:42:19 | 000,127,488 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\pyexpat.pyd
    MOD - [2013/12/28 11:42:19 | 000,122,368 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._wizard.pyd
    MOD - [2013/12/28 11:42:19 | 000,119,808 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32file.pyd
    MOD - [2013/12/28 11:42:19 | 000,108,544 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32security.pyd
    MOD - [2013/12/28 11:42:19 | 000,098,816 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32api.pyd
    MOD - [2013/12/28 11:42:19 | 000,087,040 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_ctypes.pyd
    MOD - [2013/12/28 11:42:19 | 000,070,656 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._html2.pyd
    MOD - [2013/12/28 11:42:19 | 000,044,032 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_socket.pyd
    MOD - [2013/12/28 11:42:19 | 000,038,912 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32inet.pyd
    MOD - [2013/12/28 11:42:19 | 000,035,840 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32process.pyd
    MOD - [2013/12/28 11:42:19 | 000,025,600 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32pdh.pyd
    MOD - [2013/12/28 11:42:19 | 000,024,064 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32pipe.pyd
    MOD - [2013/12/28 11:42:19 | 000,022,528 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32ts.pyd
    MOD - [2013/12/28 11:42:19 | 000,018,432 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32event.pyd
    MOD - [2013/12/28 11:42:19 | 000,017,408 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32profile.pyd
    MOD - [2013/12/28 11:42:19 | 000,011,264 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32crypt.pyd
    MOD - [2013/12/28 11:42:19 | 000,010,240 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\select.pyd
    MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    MOD - [2012/06/08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    MOD - [2012/06/07 21:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    MOD - [2012/05/30 00:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/12/25 16:31:42 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
    SRV:64bit: - [2013/12/25 16:25:30 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
    SRV:64bit: - [2013/12/13 10:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2013/12/13 00:57:52 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2013/11/14 01:29:02 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
    SRV:64bit: - [2013/11/14 01:29:02 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/11/14 01:29:01 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
    SRV:64bit: - [2013/11/14 01:28:59 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2013/11/14 01:25:27 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2013/11/14 01:25:27 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2013/11/14 01:25:26 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
    SRV:64bit: - [2013/11/14 01:25:26 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2013/08/22 06:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
    SRV:64bit: - [2013/08/22 06:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2013/08/22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2013/08/22 05:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
    SRV:64bit: - [2013/08/22 05:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2013/08/22 05:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2013/08/22 05:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2013/08/22 05:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2013/08/22 04:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
    SRV:64bit: - [2013/08/22 04:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2013/08/22 04:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
    SRV:64bit: - [2013/08/22 03:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2013/08/22 03:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2013/08/22 03:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
    SRV:64bit: - [2013/08/22 03:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2013/08/22 03:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2013/08/22 03:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2013/08/22 03:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
    SRV:64bit: - [2013/08/22 03:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2013/08/22 03:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2013/08/22 03:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2013/08/22 03:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2013/08/22 03:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2013/03/14 00:41:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2013/03/04 16:28:40 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
    SRV:64bit: - [2009/05/04 15:47:36 | 000,809,984 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
    SRV - [2013/12/25 16:25:32 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2013/12/25 16:25:29 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
    SRV - [2013/12/25 16:25:28 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2013/12/05 13:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/11/14 01:25:25 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
    SRV - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/08/22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2013/08/21 21:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
    SRV - [2013/08/21 20:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
    SRV - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
    SRV - [2013/02/01 17:00:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2012/11/15 17:49:48 | 002,468,496 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •