Annoying adware, mostly resolved

[tarnhelm]

I was looking for a way to share youtube videos with someone who does not use computers. I found a program called Freemake Video Converter that seems to meet my needs. In the process of installing I failed to notice it would install a bunch of other stuff. while the converter works well, the other stuff hijacked my browsers and starting sending annoying pop-ups for surveys claiming to be related to the sites I was visiting. I was able to clean some f this up by running a full scan with Malwarebytes, and by fixing up changes to my browser settings. the ad popups remain though. these are merely highly annoying, but I would still like to kill them off. all malware scans are negative so i assume it is either "incognito" or a residual browser hack somewhere. 

 

any ideas?

 

thanks.

mbam-log-2013-11-06 (06-23-38).txt

[Maniac]

Hello tarnhelm! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

[tarnhelm]

hi, I an a subscriber to Malwarebytes PRO.

 

please find attached dds.txt and attach.zip

 

thanks

DDS.txt

Attach.zip

[Maniac]

Please read my notes and instructions again:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here and then post the log files in your next reply.

[tarnhelm]

dds.txt 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16514  BrowserJavaVersion: 10.45.2

Run by Phil at 8:03:16 on 2013-11-13

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16338.12590 [GMT -5:00]

.

AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\System32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\APLicensing.exe

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Program Files (x86)\Sendori\sndappv2.exe

C:\Windows\SysWOW64\SAgent4.exe

C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\SAMSUNG\PC Auto Backup\WiselinkPro.exe

C:\Program Files (x86)\Sendori\SendoriSvc.exe

C:\Program Files (x86)\SAMSUNG\PC Auto Backup\http_ss_win_pro.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe

C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Users\Phil\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe

C:\Users\Phil\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\SAMSUNG\PC Auto Backup\AutoBackup.exe

C:\Program Files (x86)\WinZip\WZQKPICK.EXE

C:\Windows\SysWOW64\CTHELPER.EXE

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Users\Phil\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe

C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

C:\Users\Phil\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Sendori\SendoriTray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\GoZone\GoZone_iSync.exe

C:\Program Files (x86)\Microsoft HealthVault\Connection Center\ConnectionCenter.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\notepad.exe

C:\Program Files (x86)\Replay Music 5\ReplayMusic.exe

C:\Program Files (x86)\Rhapsody\rhapsody.exe

C:\Program Files (x86)\Rhapsody\rhaphlpr.exe

C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe

C:\Users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Sendori\Sendori.Service.exe

C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Phil\AppData\Local\Google\Update\Install\{D65D9906-A85A-416E-99C2-61C81210B0CA}\31.0.1650.48_30.0.1599.101_chrome_updater.exe

C:\Users\Phil\AppData\Local\Temp\CR_6B499.tmp\setup.exe

C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uProxyOverride = 127.0.0.1;*.local;<local>

uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"

uRun: [Google Update] "C:\Users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [sansaDispatch] C:\Users\Phil\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

uRun: [WorkForce 840(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S10B2.tmp" /EF "HKCU"

uRun: [replay_telecorder_skype] C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe /start_context sys_auto

uRun: [Amazon Cloud Player] C:\Users\Phil\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

uRunOnce: [Application Restart #2] C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session -- http://r20.rs6.net/tn.jsp?e=001XMKMADkT1nVTywCPbfp-Es99unssZXxdwLA6_LDEH-zMe4sDQVdAMxV7qZB7EiMlq4mlw91XOYGo_I56_z_4SzvA93-2Mji3GGHOp6DCLObad-dq8zrVDw==

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AsioReg] REGSVR32 /S CTASIO.DLL

mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL

mRun: [AudioDrvEmulator] "C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files (x86)\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [RCSystem] "C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

mRun: [sAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

mRun: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK - C:\Users\Phil\AppData\Local\Temp\WZSE0.TMP\Common\EpsonReg\EpsonReg.exe

StartupFolder: C:\Users\Phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exe

StartupFolder: C:\Users\Phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft HealthVault\Connection Center\ConnectionCenter.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ATHOME~1.LNK - C:\Program Files (x86)\AtHomeConnect\AtHomeConnect.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PCAUTO~1.LNK - C:\Program Files (x86)\SAMSUNG\PC Auto Backup\AutoBackup.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE

uPolicies-Explorer: NoViewOnDrive = dword:0

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: DisableLocalMachineRun = dword:0

uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

uPolicies-Explorer: DisableCurrentUserRun = dword:0

uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoFile = dword:0

uPolicies-Explorer: HideClock = dword:0

uPolicies-Explorer: NoDevMgrUpdate = dword:0

uPolicies-Explorer: NoDFSTab = dword:0

uPolicies-Explorer: NoWindowsUpdate = dword:0

uPolicies-Explorer: NoEncryptOnMove = dword:0

uPolicies-Explorer: NoRunasInstallPrompt = dword:0

uPolicies-Explorer: NoResolveTrack = dword:0

uPolicies-Explorer: NoStartMenuSubFolders = dword:0

uPolicies-System: NoDispAppearancePage = dword:0

uPolicies-System: NoDispSettingsPage = dword:0

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoViewOnDrive = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: DisableLocalMachineRun = dword:0

mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

mPolicies-Explorer: DisableCurrentUserRun = dword:0

mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoFile = dword:0

mPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: NoDevMgrUpdate = dword:0

mPolicies-Explorer: NoDFSTab = dword:0

mPolicies-Explorer: NoWindowsUpdate = dword:0

mPolicies-Explorer: NoEncryptOnMove = dword:0

mPolicies-Explorer: NoRunasInstallPrompt = dword:0

mPolicies-Explorer: NoResolveTrack = dword:0

mPolicies-Explorer: NoStartMenuSubFolders = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: NoDispAppearancePage = dword:0

mPolicies-System: NoDispSettingsPage = dword:0

mPolicies-Explorer: NoViewOnDrive = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: DisableLocalMachineRun = dword:0

mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

mPolicies-Explorer: DisableCurrentUserRun = dword:0

mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoFile = dword:0

mPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: NoDevMgrUpdate = dword:0

mPolicies-Explorer: NoDFSTab = dword:0

mPolicies-Explorer: NoWindowsUpdate = dword:0

mPolicies-Explorer: NoEncryptOnMove = dword:0

mPolicies-Explorer: NoRunasInstallPrompt = dword:0

mPolicies-Explorer: NoResolveTrack = dword:0

mPolicies-Explorer: NoStartMenuSubFolders = dword:0

mPolicies-System: NoDispAppearancePage = dword:0

mPolicies-System: NoDispSettingsPage = dword:0

IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: C:\Windows\System32\Sendori.dll

Trusted Zone: turbotax.com

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{A253051F-7A67-4D99-B018-DF33CF4B97DA} : DHCPNameServer = 192.168.1.1

AppInit_DLLs= C:\PROGRA~2\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - 

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - 

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [PocketCloud Location] "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe"

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - 

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\y0no2wyn.default\

FF - prefs.js: browser.search.selectedEngine - SweetTunes Search

FF - component: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll

FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Phil\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\y0no2wyn.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\y0no2wyn.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll

FF - plugin: C:\Users\Phil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Phil\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Phil\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

 

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-23 16152]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-10-8 63760]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-6-11 1263200]

R1 appliand;Applian LightWeight Filter;C:\Windows\System32\drivers\appliand.sys [2013-5-10 30304]

R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]

R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]

R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-4-18 3246040]

R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-10-7 120096]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-11-25 52896]

R2 Creative Audio Pack Licensing Service;Creative Audio Pack Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\APLicensing.exe [2011-5-30 72704]

R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-11-6 101888]

R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 350792]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-4-23 161560]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 701512]

R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-4-23 138768]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-7-18 762192]

R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640]

R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-10-7 22304]

R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-10-7 3623200]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-23 363800]

R2 VideoAcceleratorService;VideoAcceleratorService;C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm --> C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm [?]

R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-4-18 285280]

R3 Blackberry Device Manager;Blackberry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-1-18 577536]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-23 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-23 787736]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-1 25928]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-4-23 32344]

R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-4-23 14136]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-23 648808]

R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2012-6-13 44024]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-11-25 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-11-25 298144]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-11-25 201376]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-11-25 55456]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-11-25 154272]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-15 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-22 79360]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]

S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2011-5-29 18552]

S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]

S3 OV550I;OVT Scanner;C:\Windows\System32\drivers\ov550ivx.sys [2008-2-22 196992]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-6 19456]

S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-6 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-6 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-29 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1

FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1

FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1

ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"

.

=============== Created Last 30 ================

.

2013-11-12 12:02:12 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9B3743A-8290-4EAA-9795-44C2D4E6B5B9}\offreg.dll

2013-11-12 11:42:33 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9B3743A-8290-4EAA-9795-44C2D4E6B5B9}\mpengine.dll

2013-11-10 22:16:40 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-10 17:00:56 -------- d-----w- C:\AdwCleaner

2013-11-08 00:37:33 -------- d-----w- C:\Program Files\iPod

2013-11-08 00:37:32 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-08 00:37:32 -------- d-----w- C:\Program Files\iTunes

2013-11-08 00:37:32 -------- d-----w- C:\Program Files (x86)\iTunes

2013-11-06 10:33:23 -------- d-----w- C:\Users\Phil\AppData\Local\FreemakeVideoConverter

2013-11-06 10:31:17 -------- d-----w- C:\ProgramData\Conduit

2013-11-06 10:31:03 -------- d-----w- C:\Users\Phil\AppData\Local\NativeMessaging

2013-11-06 10:30:58 -------- d-----w- C:\Users\Phil\AppData\Local\CRE

2013-11-06 10:30:36 -------- d-----w- C:\Program Files (x86)\SearchProtect

2013-11-06 10:30:25 -------- d-----w- C:\Users\Phil\AppData\Roaming\SearchProtect

2013-11-06 10:29:08 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll

2013-11-06 10:29:05 -------- d-----w- C:\ProgramData\Freemake

2013-11-06 10:29:03 -------- d-----w- C:\ProgramData\Sendori

2013-11-06 10:29:00 -------- d-----w- C:\Program Files (x86)\Sendori

2013-11-06 10:28:55 -------- d-----w- C:\Program Files (x86)\Freemake

2013-11-06 10:03:51 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2013-11-06 09:26:29 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C7C28E50-9553-47A3-820F-3FFC06861E76}\gapaengine.dll

2013-11-03 14:08:30 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

.

==================== Find3M  ====================

.

2013-10-09 02:10:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-09 02:10:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-10-09 02:10:04 17813896 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-09-22 14:42:33 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-09-22 14:33:53 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-09-22 14:33:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-09-22 14:23:30 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-09-22 14:21:21 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-09-22 14:15:47 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-09-22 10:22:59 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-09-22 10:14:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-09-22 10:13:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-09-22 10:08:41 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-09-22 10:06:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-09-22 10:03:18 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll

2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll

2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll

2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll

2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll

2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll

2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll

.

============= FINISH:  8:05:02.10 ===============

 

 

attach.txt

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 5/14/2012 6:42:43 PM

System Uptime: 11/9/2013 9:52:58 PM (83 hours ago)

.

Motherboard: MSI |  | Z77A-G43 (MS-7758)

Processor: Intel® Core i5-2300 CPU @ 2.80GHz | SOCKET 0 | 2801/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 253.124 GiB free.

D: is CDROM ()

E: is CDROM (UDF)

F: is FIXED (NTFS) - 932 GiB total, 371.897 GiB free.

G: is FIXED (NTFS) - 932 GiB total, 186.896 GiB free.

H: is Removable

I: is Removable

J: is Removable

K: is Removable

L: is Removable

T: is NetworkDisk (NTFS) - 1832 GiB total, 924.952 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP218: 11/7/2013 5:56:50 PM - Windows Update

RP219: 11/12/2013 6:42:05 AM - Windows Update

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

ABBYY FineReader 9.0 Sprint

Acronis True Image Home 2011

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.8)

Amazon Cloud Player

Amazon Kindle

AMD Catalyst Install Manager

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applian Director

Applian Network Monitor (3.0.8.1)

ArcSoft PhotoImpression 6

ARIS EXPRESS

AtHomeConnect version 1.0.1.0

BIG-IP Edge Client Components

BIG-IP Edge Client Components (All Users)

BlackBerry Desktop Software 7.1

Bluetooth Win7 Suite (64)

Bonjour

Boris Graffiti for Corel

Cain & Abel v4.9.41

CameraHelperMsi

Catalyst Control Center InstallProxy

Cisco WebEx Meetings

Common

Compatibility Pack for the 2007 Office system

Contents

Corel PaintShop Pro X4

Corel PaintShop Pro X4 Ultimate Bonus Pack

Corel VideoStudio Pro X4 Ultimate

Creative ALchemy

Creative Audio Control Panel

Creative Audio Pack

Creative Console Launcher

Creative MediaSource 5

Creative Smart Recorder

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

Creative WaveStudio 7

DeviceIO

Epson CreativeZone

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EPSON WorkForce 840 Series Printer Uninstall

EpsonNet Print

EpsonNet Setup 3.3

erLT

Eye-Fi Center 3.4

Forté Agent

Freemake Video Converter version 4.1.0

Google Chrome

Google Talk Plugin

GoZone iSync

H&R Block Deluxe + Efile + State 2010

H&R Block Deluxe + Efile + State 2011

H&R Block Deluxe + Efile + State 2012

H&R Block Pennsylvania 2010

H&R Block Pennsylvania 2011

H&R Block Pennsylvania 2012

ICA

IHA_MessageCenter

Intel® Management Engine Components

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

IPM_PSP_COM

IPM_VS_Pro

ISCOM

iSofter DVD Ripper Platinum 1.0.2006.912

iTunes

Java 7 Update 45

Java Auto Updater

LightScribe Applications

LightScribe System Software

Logitech Harmony Remote Software 7

Logitech SetPoint 6.20

Logitech Webcam Software

LTCM Client

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Digital Image Library 10

Microsoft Digital Image Library 9 - Blocker

Microsoft Digital Image Pro 10

Microsoft Digital Image Suite 10

Microsoft Endpoint Protection Management Components

Microsoft Forefront Endpoint Protection

Microsoft Forefront Endpoint Protection 2010 Server Management

Microsoft HealthVault Connection Center

Microsoft HealthVault Connection Center Configuration

Microsoft IntelliPoint 8.2

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Edition 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Security Client

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSI Afterburner 2.1.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2758694)

Napster Download Manager

NCH Tone Generator

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero 2014

Nero 2014 Content Pack

Nero Abstract Themes

Nero Audio Pack 1

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero Blu-ray Player

Nero Blu-ray Player Help (CHM)

Nero Burning Core

Nero Burning ROM

Nero Burning ROM 10

Nero Burning ROM Help (CHM)

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Cliparts

Nero Control Center 10

Nero ControlCenter

Nero ControlCenter 10 Help (CHM)

Nero ControlCenter Help (CHM)

Nero Core Components

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero Disc Menus 1

Nero Disc Menus 2

Nero Disc Menus 3

Nero Disc Menus Basic

Nero Disc to Device

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Effects Basic

Nero Express

Nero Express 10

Nero Express 10 Help (CHM)

Nero Express Help (CHM)

Nero Family and Events Themes

Nero Football (Soccer) Themes

Nero Holiday and Sports Themes

Nero Image Samples

Nero Info

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero Kwik Themes Basic

Nero Launcher

Nero MediaHome

Nero MediaHome Help (CHM)

Nero Multimedia Suite 10

Nero PiP Effects 1

Nero PiP Effects Basic

Nero Platinum Effects 12

Nero Recode

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero Recode Help (CHM)

Nero RescueAgent

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero RescueAgent Help (CHM)

Nero Retro Film Themes

Nero SharedVideoCodecs

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Nero Video

Nero Video Help (CHM)

Nero Video Samples

Nero Video Transitions 1

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

NVIDIA 3D Vision Controller Driver 310.70

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

Octoshape add-in for Adobe Flash Player

Omron Drivers for HealthVault

OpenAL

Opera 11.62

Opera 12.00

Opera Stable 16.0.1196.73

OVT Scanner

PC Auto Backup

PC Shower 2011 6.7

Pdf995 (installed by H&R Block)

PdfEdit995 (installed by H&R Block)

PocketCloud Windows Companion

Prerequisite installer

proDAD Mercalli 2.0

PSPPContent

PSPPHelp

PSPPro64

PureHD

QuickTime

Radmin Viewer 3.4

Rapport

RAR Password Recovery 5.0

RealNetworks - Microsoft Visual C++ 2005 Runtime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

Remote Control USB Driver

Replay Converter 4

Replay Media Catcher 5 (5.0.0.89)

Replay Media Splitter 2.2.1302.21

Replay Music 5

Replay Telecorder for Skype 1.3.0.18

Replay Video Capture 6

Rhapsody

SAMSUNG Intelli-studio

Sansa Updater

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 

Sendori

Setup

Share

Share64

SmartSound Common Data

SmartSound Quicktracks 5

Sound Blaster X-Fi

SoundFont Bank Manager

SpeedFan (remove only)

StartNow Toolbar

Stellarium 0.11.0

Super-Charger

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Video Padlock

VIO

VSClassic

VSUltimate

Vz In-Home Agent

WavePad Sound Editor

Windows Driver Package - Acer, Inc (androidusb) USB  (04/07/2011 1.0.0010.00000)

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

Winki

WinPcap 4.1.2

WinZip 15.5

.

==== Event Viewer Messages From Past Week ========

.

11/9/2013 9:57:15 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/9/2013 9:57:15 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.

11/9/2013 9:55:13 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ASPI32 WRkrn

11/9/2013 9:55:12 PM, Error: Service Control Manager [7022]  - The Service Sendori service hung on starting.

11/9/2013 9:53:26 PM, Error: Service Control Manager [7000]  - The WRSVC service failed to start due to the following error:  The system cannot find the file specified.

11/9/2013 9:53:05 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

11/6/2013 9:49:37 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Service Sendori service, but this action failed with the following error:  An instance of the service is already running.

11/6/2013 9:29:37 AM, Error: Service Control Manager [7031]  - The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1200000 milliseconds: Restart the service.

11/13/2013 7:50:46 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.

11/13/2013 7:49:57 AM, Error: Service Control Manager [7031]  - The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/12/2013 7:11:30 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

11/12/2013 7:11:30 AM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

11/12/2013 7:11:30 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

11/10/2013 3:51:34 PM, Error: Service Control Manager [7000]  - The MCSTRM service failed to start due to the following error:  The system cannot find the file specified.

.

==== End Of File ===========================

 

[tarnhelm]

btw MS forefront is NOT disabled. I turned it off in case it interfered with the diagnostic. 

[Maniac]

Thanks!

Step 1

Please uninstall this application: StartNow Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
• Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

  In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log

[tarnhelm]

all done

 

Adware log:

 

# AdwCleaner v3.012 - Report created 16/11/2013 at 20:17:14

# Updated 11/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Phil - ARDEVUI

# Running from : C:\Users\Phil\Downloads\AdwCleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

[x] Not Deleted : C:\ProgramData\NCH Software

[x] Not Deleted : C:\Program Files (x86)\NCH Software

Folder Deleted : C:\Users\Phil\AppData\Local\Temp\Conduit

[x] Not Deleted : C:\Users\Phil\AppData\Roaming\NCH Software

Folder Deleted : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\y0no2wyn.default\CT3311875

Folder Deleted : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\y0no2wyn.default\Extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage

File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\NCH Software

Key Deleted : HKLM\Software\NCH Software

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16520

 

 

-\\ Mozilla Firefox v14.0.1 (en-US)

 

[ File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\y0no2wyn.default\prefs.js ]

 

Line Deleted : user_pref("CT3311875.FF19Solved", "true");

Line Deleted : user_pref("CT3311875.UserID", "UN42666354611558516");

Line Deleted : user_pref("CT3311875.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3311875.fullUserID", "UN42666354611558516.IN.20131106053020");

Line Deleted : user_pref("CT3311875.installDate", "06/11/2013 05:30:23");

Line Deleted : user_pref("CT3311875.installSessionId", "{0CED9BD8-54E8-4BA5-8BDD-F392FBB59209}");

Line Deleted : user_pref("CT3311875.installSp", "TRUE");

Line Deleted : user_pref("CT3311875.installerVersion", "1.8.0.14");

Line Deleted : user_pref("CT3311875.keyword", "true");

Line Deleted : user_pref("CT3311875.originalSearchEngine", "Google");

Line Deleted : user_pref("CT3311875.searchRevert", "false");

Line Deleted : user_pref("CT3311875.searchUserMode", "2");

Line Deleted : user_pref("CT3311875.toolbarInstallDate", "06-11-2013 05:30:20");

Line Deleted : user_pref("CT3311875.versionFromInstaller", "10.21.1.7");

Line Deleted : user_pref("CT3311875.xpeMode", "0");

Line Deleted : user_pref("browser.search.defaultenginename", "SweetTunes Search");

Line Deleted : user_pref("browser.search.selectedEngine", "SweetTunes Search");

Line Deleted : user_pref("extensions.snipit.askTbInstalled", true);

Line Deleted : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");

 

-\\ Google Chrome v

 

[ File : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [10011 octets] - [10/11/2013 12:01:00]

AdwCleaner[R1].txt - [4467 octets] - [16/11/2013 20:15:27]

AdwCleaner[s0].txt - [4324 octets] - [16/11/2013 20:17:14]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4384 octets] ##########

 

junkware removal log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Home Premium x64

Ran by Phil on Sat 11/16/2013 at 16:51:15.78

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2790392

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3311875

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9A70C0A6-ECFE-472D-8251-384980749251}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F6066676-1EEB-BD50-8DCD-39409136EB4C}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Users\Phil\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"

Successfully deleted: [File] "C:\Users\Phil\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"

Successfully deleted: [File] "C:\Users\Phil\appdata\local\google\chrome\user data\default\local storage\http_storage.conduit.com_0.localstorage"

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\nsprotector.js"

Successfully deleted: [File] "C:\end"

Successfully deleted: [File] "C:\Windows\syswow64\conduitengine.tmp"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"

Successfully deleted: [Folder] "C:\ProgramData\conduit"

Successfully deleted: [Folder] "C:\Users\Phil\AppData\Roaming\searchprotect"

Successfully deleted: [Folder] "C:\Users\Phil\appdata\local\blekkotb_031"

Successfully deleted: [Folder] "C:\Users\Phil\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Phil\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\Phil\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Phil\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"

Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer"

 

 

 

~~~ FireFox

 

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml"

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml"

Successfully deleted: [File] C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\y0no2wyn.default\user.js

Successfully deleted: [File] C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\y0no2wyn.default\searchplugins\bing-zugo.xml

Successfully deleted: [File] C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\y0no2wyn.default\searchplugins\conduit.xml

Successfully deleted the following from C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\y0no2wyn.default\prefs.js

 

user_pref("CT3311875.originalSearchEngineName", "Blekko");

user_pref("CT3311875.smartbar.homepage", "true");

user_pref("browser.search.defaultthis.engineName", "SweetTunes Customized Web Search");

user_pref("browser.search.order.1", "Blekko");

user_pref("extensions.searchtoolbar@zugo.com.install-event-fired", true);

user_pref("smartbar.addressBarOwnerCTID", "CT3311875");

user_pref("smartbar.defaultSearchOwnerCTID", "CT3311875");

user_pref("smartbar.homePageOwnerCTID", "CT3311875");

user_pref("smartbar.machineId", "QPJYDPGLJVVO/RQFEGGVJQB0E4KO9UT+ANZUNGGLDYRGEDGWIRN01KJ+GFEFSU9ELBL2OHAJMVG/SQ4KFPORNQ");

Emptied folder: C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\y0no2wyn.default\minidumps [27 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 11/16/2013 at 17:01:27.44

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes quick scan:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.16.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Phil :: ARDEVUI [administrator]

 

Protection: Enabled

 

11/16/2013 8:23:38 PM

mbam-log-2013-11-16 (20-23-38).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 249807

Time elapsed: 18 minute(s), 12 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

I will monitor behavior for a couple of days. thanks for the suggestions.

 

 

[Maniac]

How are things now?

[tarnhelm]

ok i think. your suggestions found more residual stuff than I was able to do manually. I'll see if the fake survey pop-ups return. maybe those were happening before I turned off pop-up blockers though.

 

thanks again.

[Maniac]

Come back tomorrow to inform me.

[tarnhelm]

still getting popups in new tabs asking to take surveys for the merchant i am visiting I will try to get a screen snap next time. I also got this pop-up today:

 

 

  Attention Amazon Visitor,

Data Security Breach Information

We want to make you aware of a significant incident that has occurred. There was a massive system breach at Global Payments, a company that processes credit card transactions for a number of companies, including Visa, Mastercard, American express, Discover and other major credit card brands. Files containing personal credit card information were compromised. We are urging you to check your credit card details immediately for any activity that you did not authorize.

To help protect you , we have made your 3 Bureau Credit Check available today at no charge. Please be aware that your free credit check include free credit score and all detailed credit information.

 

 

I didn't go there...

[tarnhelm]

that's interesting. looks like the links might still work. just a warning to the curious.

[tarnhelm]

the new tab disappears after a short time but the sound effects are highly annoying I'll see if I can block the site

 

http://officialsurvey.zoompanel.org/survey25/step-1.php?sid=c3fca071ce68816891849bd1d2578e48&t202kw=Amazon.co

[tarnhelm]

I think I blocked this one but I am now getting other pop-ups in a new tab. I typically use Chrome, so i will see if IE has the same problem.

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[tarnhelm]

hmmm, I will wait. I found something else installed that was offering me coupons no matter where I went, so I uninstalled it and rebooted. that was called SENDORI. since then the annoying behavior has abated. I monitor for the next day or so. thanks for all the advice. 

[Maniac]

Good work!

Please let me know how are things.

[tarnhelm]

I think that sendori was the major culprit. case closed. conduit did hijack my browser though.

 

see link below for other symptoms.

 

https://helpdesk.nwciowa.edu/index.php?/News/NewsItem/View/10

[Maniac]

Thanks for letting me know!

Step 1

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

• Double click on AdwCleaner.exe to run the tool.
• Click on Uninstall
• Confirm with Yes

Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!