Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How do I combat the evil of conduit.search.com? [Solved]


  • This topic is locked This topic is locked

#16
sac270

sac270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
# AdwCleaner v2.106 - Logfile created 01/19/2013 at 17:07:23
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Dr Corbell - MOTHER
# Boot Mode : Normal
# Running from : C:\Users\Dr Corbell\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Dr Corbell\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48"[...]
Deleted [l.2285] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48" ]

*************************

AdwCleaner[S1].txt - [1195 octets] - [19/01/2013 17:07:23]

########## EOF - C:\AdwCleaner[S1].txt - [1255 octets] ##########




Now that is interesting. Obviously, it found at least one remaining conduit pieces, and opening Chrome did not redirect me. But it DID open a 'Thank you for installing uTorrent toolbar!' page and restore that toolbar, despire my uninstalling it from Windows. I do use Google Sync, yes.
  • 0

Advertisements


#17
sac270

sac270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Upon deleting uTorrent Control from Chrome->Extensions (again) and restarting the browser, it no longer displays any obvious symptoms, but I'll wait for your 'all clear' before getting excited :)

Edited by sac270, 19 January 2013 - 04:21 PM.

  • 0

#18
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I could see the Conduit with OTL, but OTL was having trouble finding the folder to delete, however, adwCleaner found and deleted a setting that was restoring the conduit URL on startup along with the other tidbits that were still there.

Since you state that you do use Google sync I have to warn you that if the uTorrent toolbar or the conduit return after syncing, then you will have to reset Chrome sync to permanently rid yourself of them. To reset your sync, go to your Google Dashboard here. After logging in scroll down to the area Chrome Sync and click "Stop sync and delete data from Google". Be advised that this will deleted ALL of your synced data.

Now for a final sweep so we can make sure everything is gone.

Step 1 Malwarebytes Scan

Since you already have Malwarebytes on your computer. Make sure the definitions are up to date and run a quick Scan.
Post that log in your next reply.

Step 2 ESET Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

  • You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan
  • 0

#19
sac270

sac270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Malware Bytes:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.21.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dr Corbell :: MOTHER [administrator]

1/21/2013 6:21:24 PM
mbam-log-2013-01-21 (18-21-24).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 354077
Time elapsed: 44 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET Log:

C:\Users\Dr Corbell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZOQGH39\bi_downloader[1].exe a variant of Win32/Somoto.A application
C:\Users\Dr Corbell\AppData\Local\Temp\nsk4689.tmp a variant of Win32/Somoto.A application
C:\Users\Dr Corbell\Downloads\DTLite4461-0328.exe Win32/OpenCandy application
C:\Users\Dr Corbell\Downloads\FreeFileViewer2012Setup.exe a variant of Win32/InstallIQ application
  • 0

#20
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
One more final OTL Fix to get rid of the small bits ESET found. After it is successful I can then give you instructions to remove all my tools. :)

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box, right click and click Copy.

:Commands
[CREATERESTOREPOINT]

:Files
C:\Users\Dr Corbell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZOQGH39\bi_downloader[1].exe
C:\Users\Dr Corbell\AppData\Local\Temp\nsk4689.tmp
C:\Users\Dr Corbell\Downloads\DTLite4461-0328.exe
C:\Users\Dr Corbell\Downloads\FreeFileViewer2012Setup.exe
 
:Commands
[emptytemp]

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.
  • 0

#21
sac270

sac270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Fix Log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Dr Corbell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZOQGH39\bi_downloader[1].exe moved successfully.
C:\Users\Dr Corbell\AppData\Local\Temp\nsk4689.tmp moved successfully.
C:\Users\Dr Corbell\Downloads\DTLite4461-0328.exe moved successfully.
C:\Users\Dr Corbell\Downloads\FreeFileViewer2012Setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dr Corbell
->Temp folder emptied: 4860659 bytes
->Temporary Internet Files folder emptied: 12846125 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 353450612 bytes
->Flash cache emptied: 506 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4112 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49621 bytes
RecycleBin emptied: 74684372 bytes

Total Files Cleaned = 425.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01232013_204533

Files\Folders moved on Reboot...
C:\Users\Dr Corbell\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Quick Scan Log:

OTL logfile created on: 1/23/2013 8:50:45 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dr Corbell\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 66.96% Memory free
8.00 Gb Paging File | 6.54 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.73 Gb Total Space | 86.94 Gb Free Space | 37.36% Space Free | Partition Type: NTFS
Drive E: | 2.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOTHER | User Name: Dr Corbell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/14 19:56:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dr Corbell\Desktop\OTL.exe
PRC - [2013/01/14 19:28:19 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/03 10:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Dr Corbell\AppData\Local\Akamai\netsession_win.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/07 19:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
MOD - [2013/01/07 19:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013/01/07 19:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013/01/07 19:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013/01/07 19:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/19 08:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 08:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2013/01/15 09:30:24 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/03 10:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/19 09:03:48 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/30 13:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\..\SearchScopes,DefaultScope = {5E735A10-371F-421F-BFC0-06F21E5959D4}
IE - HKCU\..\SearchScopes\{5E735A10-371F-421F-BFC0-06F21E5959D4}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/01/05 17:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Corbell\AppData\Roaming\Mozilla\Extensions
[2013/01/05 17:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Corbell\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/16 19:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Corbell\AppData\Roaming\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Dr Corbell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Dr Corbell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: avast! WebRep = C:\Users\Dr Corbell\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dr Corbell\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60BC403C-2D9A-4D04-A844-C9BCE73516E0}: DhcpNameServer = 10.0.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/07 10:17:24 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/29 12:34:26 | 000,231,823 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/10/28 01:20:41 | 000,000,080 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3f9631fa-61b3-11e2-b87d-0023548501d6}\Shell - "" = AutoRun
O33 - MountPoints2\{3f9631fa-61b3-11e2-b87d-0023548501d6}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2012/02/20 08:05:04 | 001,145,907 | R--- | M] (Firaxis )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 11:30:00 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\FreeFileViewer
[2013/01/21 11:31:40 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\FreeFileViewer
[2013/01/21 11:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
[2013/01/21 11:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeFileViewer
[2013/01/21 11:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/01/19 09:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\3DMGAME
[2013/01/19 09:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meier's Civilization V
[2013/01/19 09:07:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2013/01/19 09:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013/01/19 09:03:48 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/01/19 09:03:42 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\DAEMON Tools Lite
[2013/01/19 09:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/01/19 09:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013/01/17 14:35:24 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Documents\Downloads
[2013/01/17 14:07:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/16 19:45:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/15 20:49:38 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\My Games
[2013/01/15 20:49:27 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Documents\My Games
[2013/01/15 20:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[2013/01/15 20:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2013/01/15 20:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2013/01/15 09:30:38 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Macromedia
[2013/01/15 09:30:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/01/15 09:30:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/01/14 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\qBittorrent
[2013/01/14 21:53:35 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\qBittorrent
[2013/01/14 19:56:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dr Corbell\Desktop\OTL.exe
[2013/01/14 19:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/14 19:28:19 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\Google
[2013/01/14 19:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/14 15:57:48 | 000,000,000 | R--D | C] -- C:\Users\Dr Corbell\Searches
[2013/01/14 15:40:48 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/01/14 15:40:46 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/01/14 15:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/01/14 15:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/01/14 15:36:39 | 000,406,528 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2013/01/14 15:36:39 | 000,338,432 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2013/01/14 14:55:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/14 14:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/14 14:54:32 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/14 12:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qBittorrent
[2013/01/14 11:49:05 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Technical Documents
[2013/01/14 11:45:12 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Documents\School
[2013/01/14 11:44:28 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Torrents
[2013/01/14 10:35:21 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\Programs
[2013/01/14 10:33:51 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Malwarebytes
[2013/01/14 10:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/14 10:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/11 11:38:16 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Adobe
[2013/01/11 11:38:16 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\Adobe
[2013/01/11 10:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software
[2013/01/11 10:40:34 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Propellerhead Software
[2013/01/05 17:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{F0489EF2-D393-4114-85BA-A94D71D89543}
[2013/01/05 14:44:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/01/05 10:59:44 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\CRE
[2013/01/05 10:59:40 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Mozilla
[2013/01/04 10:59:59 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\NVIDIA
[2013/01/04 10:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/01/04 10:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/12/30 14:29:21 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Desktop\hmmmmm_data
[2012/12/30 13:13:42 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Audacity
[2012/12/29 12:43:49 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\MediaMonkey
[2012/12/29 12:43:42 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\MediaMonkey
[2012/12/29 12:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2012/12/29 12:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2012/12/29 12:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2012/12/28 11:59:19 | 000,000,000 | R--D | C] -- C:\Users\Dr Corbell\Favorites
[2012/12/27 11:41:47 | 000,000,000 | ---D | C] -- C:\Funcom
[2012/12/26 19:33:42 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\Chromium
[2012/12/26 12:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/12/26 11:48:23 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\Akamai
[2012/12/26 09:41:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/12/26 09:40:22 | 000,000,000 | ---D | C] -- C:\f74f922ed460ea8bccc7141cf505b476

========== Files - Modified Within 30 Days ==========

[2013/01/23 20:53:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/23 20:53:24 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/23 20:53:24 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/23 20:47:49 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/01/23 20:47:44 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/23 20:47:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/23 20:47:14 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/23 20:33:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/23 20:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/23 19:54:09 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 19:54:09 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 11:29:56 | 000,001,107 | ---- | M] () -- C:\Users\Dr Corbell\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2013/01/19 09:03:48 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/01/16 19:58:20 | 000,881,914 | ---- | M] () -- C:\Users\Dr Corbell\Desktop\SecurityCheck.exe
[2013/01/15 09:17:16 | 000,002,283 | ---- | M] () -- C:\Users\Dr Corbell\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 19:56:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dr Corbell\Desktop\OTL.exe
[2013/01/14 15:36:39 | 000,406,528 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2013/01/14 15:36:39 | 000,338,432 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2013/01/14 14:50:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/11 11:25:59 | 000,016,543 | ---- | M] () -- C:\Users\Dr Corbell\Desktop\hmmmmm.aup
[2013/01/11 11:17:10 | 000,123,380 | ---- | M] () -- C:\Users\Dr Corbell\Desktop\New.rns
[2013/01/07 10:17:24 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/12/27 08:54:52 | 000,268,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/26 11:40:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2013/01/21 11:30:01 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/01/21 11:29:56 | 000,001,107 | ---- | C] () -- C:\Users\Dr Corbell\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2013/01/16 19:58:15 | 000,881,914 | ---- | C] () -- C:\Users\Dr Corbell\Desktop\SecurityCheck.exe
[2013/01/15 09:30:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/14 19:29:24 | 000,002,283 | ---- | C] () -- C:\Users\Dr Corbell\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 19:28:24 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/14 19:28:23 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/11 11:17:21 | 000,123,380 | ---- | C] () -- C:\Users\Dr Corbell\Desktop\New.rns
[2013/01/07 10:17:24 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2012/12/30 14:29:21 | 000,016,543 | ---- | C] () -- C:\Users\Dr Corbell\Desktop\hmmmmm.aup
[2012/12/26 12:00:13 | 000,702,976 | ---- | C] () -- C:\Windows\SysNative\cohelper.dll
[2012/12/26 12:00:13 | 000,005,940 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2012/12/26 11:40:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/15 20:44:06 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\Audacity
[2013/01/19 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\DAEMON Tools Lite
[2013/01/22 11:33:00 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\FreeFileViewer
[2013/01/17 16:49:10 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\MediaMonkey
[2013/01/11 10:44:25 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\Propellerhead Software
[2013/01/14 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\qBittorrent

========== Purity Check ==========



< End of report >
  • 0

#22
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
The Conduit is still showing in the OTL log, which leads me to believe that it's coming from Chrome sync.

Step 1 Resetting Chrome Sync
1. Go to your Google Dashboard here.
2. Scroll down to the area Chrome Sync and click "Stop sync and delete data from Google". Be advised that this will deleted ALL of your synced data.
3. Do not re-sync until we are sure the Conduit is gone.

Step 2 adwCleaner
  • AdwCleaner has a new update so please delete the copy you have and download a new copy from here or here and save it to your desktop.
  • Run AdwCleaner and select Delete

    Posted Image
  • Once it has completed it will ask to reboot the computer, please allow it to so.
  • After the computer reboots, a log will be produced. Please attach that log to your next post.

Step 3 Fresh OTL Scan
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad file, OTL.Txt. It will be saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post them in your topic.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. adwCleaner log
2. New OTL log

Edited by Jasmyne, 24 January 2013 - 05:07 PM.

  • 0

#23
sac270

sac270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
# AdwCleaner v2.108 - Logfile created 01/26/2013 at 01:47:46
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Dr Corbell - MOTHER
# Boot Mode : Normal
# Running from : C:\Users\Dr Corbell\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\Users\Dr Corbell\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Freeze.com

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Dr Corbell\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1324 octets] - [19/01/2013 17:07:23]
AdwCleaner[S3].txt - [986 octets] - [26/01/2013 01:47:46]

########## EOF - C:\AdwCleaner[S3].txt - [1045 octets] ##########



























OTL logfile created on: 1/26/2013 1:52:14 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dr Corbell\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 66.93% Memory free
8.00 Gb Paging File | 6.51 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.73 Gb Total Space | 85.89 Gb Free Space | 36.91% Space Free | Partition Type: NTFS
Drive E: | 2.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOTHER | User Name: Dr Corbell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/01/14 19:56:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dr Corbell\Desktop\OTL.exe
PRC - [2013/01/14 19:28:19 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/03 10:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Dr Corbell\AppData\Local\Akamai\netsession_win.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/18 03:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013/01/18 03:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013/01/18 03:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013/01/18 03:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013/01/18 03:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/19 08:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 08:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2013/01/15 09:30:24 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/03 10:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/19 09:03:48 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/30 13:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{5E735A10-371F-421F-BFC0-06F21E5959D4}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/01/05 17:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Corbell\AppData\Roaming\Mozilla\Extensions
[2013/01/05 17:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Corbell\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/16 19:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Corbell\AppData\Roaming\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Dr Corbell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Dr Corbell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: avast! WebRep = C:\Users\Dr Corbell\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dr Corbell\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60BC403C-2D9A-4D04-A844-C9BCE73516E0}: DhcpNameServer = 10.0.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/07 10:17:24 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/29 12:34:26 | 000,231,823 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/10/28 01:20:41 | 000,000,080 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3f9631fa-61b3-11e2-b87d-0023548501d6}\Shell - "" = AutoRun
O33 - MountPoints2\{3f9631fa-61b3-11e2-b87d-0023548501d6}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2012/02/20 08:05:04 | 001,145,907 | R--- | M] (Firaxis )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 11:30:00 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\FreeFileViewer
[2013/01/21 11:31:40 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\FreeFileViewer
[2013/01/21 11:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
[2013/01/21 11:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeFileViewer
[2013/01/19 09:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\3DMGAME
[2013/01/19 09:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meier's Civilization V
[2013/01/19 09:07:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2013/01/19 09:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013/01/19 09:03:48 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/01/19 09:03:42 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\DAEMON Tools Lite
[2013/01/19 09:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/01/19 09:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013/01/17 14:35:24 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Documents\Downloads
[2013/01/17 14:07:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/16 19:45:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/15 20:49:38 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\My Games
[2013/01/15 20:49:27 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Documents\My Games
[2013/01/15 20:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[2013/01/15 20:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2013/01/15 20:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2013/01/15 09:30:38 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Macromedia
[2013/01/15 09:30:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/01/15 09:30:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/01/14 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\qBittorrent
[2013/01/14 21:53:35 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\qBittorrent
[2013/01/14 19:56:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dr Corbell\Desktop\OTL.exe
[2013/01/14 19:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/14 19:28:19 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\Google
[2013/01/14 19:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/14 15:57:48 | 000,000,000 | R--D | C] -- C:\Users\Dr Corbell\Searches
[2013/01/14 15:40:48 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/01/14 15:40:46 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/01/14 15:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/01/14 15:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/01/14 15:36:39 | 000,406,528 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2013/01/14 15:36:39 | 000,338,432 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2013/01/14 14:55:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/14 14:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/14 14:54:32 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/14 12:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qBittorrent
[2013/01/14 11:49:05 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Technical Documents
[2013/01/14 11:45:12 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Documents\School
[2013/01/14 11:44:28 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Torrents
[2013/01/14 10:35:21 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\Programs
[2013/01/14 10:33:51 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Malwarebytes
[2013/01/14 10:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/14 10:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/11 11:38:16 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Adobe
[2013/01/11 11:38:16 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\Adobe
[2013/01/11 10:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software
[2013/01/11 10:40:34 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Propellerhead Software
[2013/01/05 17:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{F0489EF2-D393-4114-85BA-A94D71D89543}
[2013/01/05 14:44:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/01/05 10:59:44 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\CRE
[2013/01/05 10:59:40 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Mozilla
[2013/01/04 10:59:59 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\NVIDIA
[2013/01/04 10:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/01/04 10:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/12/30 14:29:21 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Desktop\hmmmmm_data
[2012/12/30 13:13:42 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Audacity
[2012/12/29 12:43:49 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\MediaMonkey
[2012/12/29 12:43:42 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\MediaMonkey
[2012/12/29 12:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2012/12/29 12:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2012/12/29 12:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2012/12/28 11:59:19 | 000,000,000 | R--D | C] -- C:\Users\Dr Corbell\Favorites
[2012/12/27 11:41:47 | 000,000,000 | ---D | C] -- C:\Funcom

========== Files - Modified Within 30 Days ==========

[2013/01/26 01:49:54 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/26 01:49:54 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/01/26 01:49:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/26 01:49:27 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/26 01:33:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/26 01:28:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/25 14:40:57 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/25 14:40:57 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/25 14:38:21 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/25 14:38:21 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/25 14:38:21 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/21 11:29:56 | 000,001,107 | ---- | M] () -- C:\Users\Dr Corbell\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2013/01/19 09:03:48 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/01/16 19:58:20 | 000,881,914 | ---- | M] () -- C:\Users\Dr Corbell\Desktop\SecurityCheck.exe
[2013/01/15 09:17:16 | 000,002,283 | ---- | M] () -- C:\Users\Dr Corbell\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 19:56:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dr Corbell\Desktop\OTL.exe
[2013/01/14 15:36:39 | 000,406,528 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2013/01/14 15:36:39 | 000,338,432 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2013/01/14 14:50:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/11 11:25:59 | 000,016,543 | ---- | M] () -- C:\Users\Dr Corbell\Desktop\hmmmmm.aup
[2013/01/11 11:17:10 | 000,123,380 | ---- | M] () -- C:\Users\Dr Corbell\Desktop\New.rns
[2013/01/07 10:17:24 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/12/27 08:54:52 | 000,268,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/01/21 11:30:01 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/01/21 11:29:56 | 000,001,107 | ---- | C] () -- C:\Users\Dr Corbell\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2013/01/16 19:58:15 | 000,881,914 | ---- | C] () -- C:\Users\Dr Corbell\Desktop\SecurityCheck.exe
[2013/01/15 09:30:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/14 19:29:24 | 000,002,283 | ---- | C] () -- C:\Users\Dr Corbell\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 19:28:24 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/14 19:28:23 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/11 11:17:21 | 000,123,380 | ---- | C] () -- C:\Users\Dr Corbell\Desktop\New.rns
[2013/01/07 10:17:24 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2012/12/30 14:29:21 | 000,016,543 | ---- | C] () -- C:\Users\Dr Corbell\Desktop\hmmmmm.aup

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/15 20:44:06 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\Audacity
[2013/01/24 00:38:11 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\DAEMON Tools Lite
[2013/01/22 11:33:00 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\FreeFileViewer
[2013/01/24 00:30:25 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\MediaMonkey
[2013/01/11 10:44:25 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\Propellerhead Software
[2013/01/14 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\qBittorrent

========== Purity Check ==========



< End of report >
  • 0

#24
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • 0

#25
sac270

sac270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.2 (01.26.2013:2)
OS: Windows 7 Professional x64
Ran by Dr Corbell on Mon 01/28/2013 at 9:27:59.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/28/2013 at 9:37:05.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

Advertisements


#26
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
It looks like that may have gotten it, but let's make sure.

Step 1 OTL Quick Scan
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad file, OTL.Txt. It will be saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post them in your topic.

Step 2 ESET Online Scan
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

  • You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. OTL Log
2. ESET Scan Results
  • 0

#27
sac270

sac270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 1/31/2013 9:12:39 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dr Corbell\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 64.99% Memory free
8.00 Gb Paging File | 6.41 Gb Available in Paging File | 80.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.73 Gb Total Space | 86.35 Gb Free Space | 37.10% Space Free | Partition Type: NTFS
Drive E: | 2.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOTHER | User Name: Dr Corbell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/01/14 19:56:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dr Corbell\Desktop\OTL.exe
PRC - [2013/01/14 19:28:19 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/03 10:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/13 11:16:38 | 001,545,592 | ---- | M] (Bitberry Software) -- C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Dr Corbell\AppData\Local\Akamai\netsession_win.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/18 03:07:02 | 012,459,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
MOD - [2013/01/18 03:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013/01/18 03:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013/01/18 03:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013/01/18 03:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013/01/18 03:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/19 08:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 08:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2013/01/15 09:30:24 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/03 10:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/19 09:03:48 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/30 13:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{5E735A10-371F-421F-BFC0-06F21E5959D4}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/01/05 17:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Corbell\AppData\Roaming\Mozilla\Extensions
[2013/01/05 17:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Corbell\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/16 19:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Corbell\AppData\Roaming\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Dr Corbell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Dr Corbell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: avast! WebRep = C:\Users\Dr Corbell\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dr Corbell\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60BC403C-2D9A-4D04-A844-C9BCE73516E0}: DhcpNameServer = 10.0.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/07 10:17:24 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/29 12:34:26 | 000,231,823 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/10/28 01:20:41 | 000,000,080 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3f9631fa-61b3-11e2-b87d-0023548501d6}\Shell - "" = AutoRun
O33 - MountPoints2\{3f9631fa-61b3-11e2-b87d-0023548501d6}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2012/02/20 08:05:04 | 001,145,907 | R--- | M] (Firaxis )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/28 09:27:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/28 09:27:44 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/26 14:14:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
[2013/01/26 14:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2013/01/26 14:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2013/01/26 14:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2013/01/26 14:06:29 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Philipp Winterberg
[2013/01/26 14:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free RAR Extract Frog
[2013/01/26 14:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free RAR Extract Frog
[2013/01/26 02:00:01 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Documents\Native Instruments
[2013/01/22 11:30:00 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\FreeFileViewer
[2013/01/21 11:31:40 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\FreeFileViewer
[2013/01/21 11:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
[2013/01/21 11:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeFileViewer
[2013/01/19 09:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\3DMGAME
[2013/01/19 09:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meier's Civilization V
[2013/01/19 09:07:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2013/01/19 09:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013/01/19 09:03:48 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/01/19 09:03:42 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\DAEMON Tools Lite
[2013/01/19 09:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/01/19 09:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013/01/17 14:35:24 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Documents\Downloads
[2013/01/17 14:07:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/16 19:45:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/15 20:49:38 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\My Games
[2013/01/15 20:49:27 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Documents\My Games
[2013/01/15 20:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[2013/01/15 20:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2013/01/15 20:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2013/01/15 09:30:38 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Macromedia
[2013/01/15 09:30:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/01/15 09:30:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/01/14 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\qBittorrent
[2013/01/14 21:53:35 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\qBittorrent
[2013/01/14 19:56:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dr Corbell\Desktop\OTL.exe
[2013/01/14 19:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/14 19:28:19 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\Google
[2013/01/14 19:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/14 15:57:48 | 000,000,000 | R--D | C] -- C:\Users\Dr Corbell\Searches
[2013/01/14 15:40:48 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/01/14 15:40:46 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/01/14 15:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/01/14 15:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/01/14 15:36:39 | 000,406,528 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2013/01/14 15:36:39 | 000,338,432 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2013/01/14 14:55:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/14 14:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/14 14:54:32 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/14 12:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qBittorrent
[2013/01/14 11:49:05 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Technical Documents
[2013/01/14 11:45:12 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Documents\School
[2013/01/14 11:44:28 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\Torrents
[2013/01/14 10:35:21 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\Programs
[2013/01/14 10:33:51 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Malwarebytes
[2013/01/14 10:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/14 10:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/11 11:38:16 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Adobe
[2013/01/11 11:38:16 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\Adobe
[2013/01/11 10:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software
[2013/01/11 10:40:34 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Propellerhead Software
[2013/01/05 17:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{F0489EF2-D393-4114-85BA-A94D71D89543}
[2013/01/05 14:44:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/01/05 10:59:44 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Local\CRE
[2013/01/05 10:59:40 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\Mozilla
[2013/01/04 10:59:59 | 000,000,000 | ---D | C] -- C:\Users\Dr Corbell\AppData\Roaming\NVIDIA
[2013/01/04 10:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/01/04 10:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy

========== Files - Modified Within 30 Days ==========

[2013/01/31 09:13:26 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/01/31 09:11:51 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 09:11:51 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 09:10:33 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/31 09:08:50 | 000,268,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/31 09:08:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/31 09:08:12 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/31 08:33:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/31 08:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/30 23:37:24 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/30 23:37:24 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/30 23:37:24 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/26 14:13:59 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013/01/21 11:29:56 | 000,001,107 | ---- | M] () -- C:\Users\Dr Corbell\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2013/01/19 09:03:48 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/01/16 19:58:20 | 000,881,914 | ---- | M] () -- C:\Users\Dr Corbell\Desktop\SecurityCheck.exe
[2013/01/15 09:17:16 | 000,002,283 | ---- | M] () -- C:\Users\Dr Corbell\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 19:56:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dr Corbell\Desktop\OTL.exe
[2013/01/14 15:36:39 | 000,406,528 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2013/01/14 15:36:39 | 000,338,432 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2013/01/14 14:50:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/11 11:25:59 | 000,016,543 | ---- | M] () -- C:\Users\Dr Corbell\Desktop\hmmmmm.aup
[2013/01/11 11:17:10 | 000,123,380 | ---- | M] () -- C:\Users\Dr Corbell\Desktop\New.rns
[2013/01/07 10:17:24 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

========== Files Created - No Company Name ==========

[2013/01/26 14:13:59 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013/01/21 11:30:01 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/01/21 11:29:56 | 000,001,107 | ---- | C] () -- C:\Users\Dr Corbell\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2013/01/16 19:58:15 | 000,881,914 | ---- | C] () -- C:\Users\Dr Corbell\Desktop\SecurityCheck.exe
[2013/01/15 09:30:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/14 19:29:24 | 000,002,283 | ---- | C] () -- C:\Users\Dr Corbell\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 19:28:24 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/14 19:28:23 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/11 11:17:21 | 000,123,380 | ---- | C] () -- C:\Users\Dr Corbell\Desktop\New.rns
[2013/01/07 10:17:24 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/15 20:44:06 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\Audacity
[2013/01/24 00:38:11 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\DAEMON Tools Lite
[2013/01/22 11:33:00 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\FreeFileViewer
[2013/01/30 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\MediaMonkey
[2013/01/26 14:06:29 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\Philipp Winterberg
[2013/01/11 10:44:25 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\Propellerhead Software
[2013/01/14 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\Dr Corbell\AppData\Roaming\qBittorrent

========== Purity Check ==========



< End of report >





ESET:

C:\$Recycle.Bin\S-1-5-21-1360156533-2964206946-1967846499-1000\$RF9D9EI.exe multiple threats
C:\_OTL\MovedFiles\01232013_204533\C_Users\Dr Corbell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZOQGH39\bi_downloader[1].exe a variant of Win32/Somoto.A application
C:\_OTL\MovedFiles\01232013_204533\C_Users\Dr Corbell\AppData\Local\Temp\nsk4689.tmp a variant of Win32/Somoto.A application
C:\_OTL\MovedFiles\01232013_204533\C_Users\Dr Corbell\Downloads\DTLite4461-0328.exe Win32/OpenCandy application
C:\_OTL\MovedFiles\01232013_204533\C_Users\Dr Corbell\Downloads\FreeFileViewer2012Setup.exe a variant of Win32/InstallIQ application
  • 0

#28
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
This little guy is being stubborn. I'm working with my instructor on the next plan of action and will post it as soon as I have it. :)
  • 0

#29
sac270

sac270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
No worries. Thank you again for helping!
  • 0

#30
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

No worries.

Just wanted to touch base and let you know I was working on it. :)

Thank you again for helping!

You're welcome!!

Okay, now let's see what we can do to rid Chrome of this pest....Some of this may sound redundant but we need to make sure all these steps are taken to effectively remove the Conduit from your Chrome browser.

Step 1 Make sure you have deleted your Google Sync and are NOT logged in.
  • Click on the icon with three bars on the right side of the Google browser.
  • In the drop down menu it will say 1 of 2 things, Signed in as your email address or Sign in to Chrome...
    • If it shows you are signed in please click "Signed in as your email address"
    • In the next Window Click Disconnect your Google Account...
  • Next go to your Google Dashboard here. After logging in scroll down to the area Chrome Sync and click "Stop sync and delete data from Google". Be advised that this will deleted ALL of your synced data but this necessary to remove the Conduit, otherwise the next time your re-sync it will add the Conduit back.

Step 2 Create a New Restore Point
  • Right click on Computer and select Properties >> System protection >> Create....
  • Give this restore point a descriptive name(say gtg-backup) and click on Create.
  • When the new restore point is created click on Close >> OK >> close the System Properties window then the System protection one.

Step 3 Delete the Conduit
Now I will be asking you to boot into Safe Mode for the next part of the fix. It may prove beneficial if you print of the following instructions or save them to notepad as you will not have Internet access whilst in the aforementioned safe mode.

How to boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key until the Advanced Boot Options menu is loaded...

Use the arrow keys to highlight/select the Safe Mode menu item >> depress the Enter/return key.

If any problems refer to this tutorial.

Once your machine has booted into Safe Mode carry out the following:

Disable Chrome Plug-ins:
  • Open Chrome
  • In the address bar type "about:plugins" (without the quotations)
  • On the Plug-ins page that appears >> click on the Disable button for the following(if present):
    • Conduit Chrome
      Conduit Radio
  • Close the Chrome browser.

Step 4 Delete folders manually and reset default
  • In the Windows Explorer window that appears enter the following in the address bar.
    C:\Users\Dr Corbell\AppData\Local\Google\Chrome\User Data\Default\Extensions
  • Find the folder named ejpbbhjlbipncjklfjjaedaieimbmdda and delete it.
  • Then enter the keyboard shortcut Windows key +E to open Windows Explorer again.
  • In the Windows Explorer window that appears enter the following in the address bar.
    %LOCALAPPDATA%\Google\Chrome\User Data\
  • Locate the folder called "Default" in the directory window that opens and rename it as "Backup default."
  • Try opening Google Chrome again. A new "Default" folder is automatically created as you start using the browser.If you wish, you can transfer information from your old user profile to your new one. However, this action is not recommended, since a part of your old profile was corrupt. With that in mind, to transfer your old bookmarks, copy the "Bookmarks.bak" file from the "Backup default" folder to your new "Default" folder. Once moved, rename the file from "Bookmarks.bak" to "Bookmarks" to complete the migration.
  • Restart your computer in Normal Mode.
Step 5 Another look with OTL
Delete all OTL logs from the desktop if still present >> then empty the Recycle Bin.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
  • Now click on Run Scan at the top left hand corner.
  • Post the new OTL log in your next reply.
Next:

When completed the instructions above, post the new OTL log and we will go from there, thank you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP