Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CT3306061\plugins\TBVerifier.dll error received on start up. conduit


  • Please log in to reply
16 replies to this topic

#1 giraffasus

giraffasus

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 01 December 2013 - 05:54 AM

This morning when I booted up my computer I received the following message

 

there is a problem starting C:\User\STUDIO1\AppData\Local\Temp\CT3306061\plugins\TBVerifier.dll

the specified module could not be found.

 

Before this appeared I had somehow, I believe with my audacity install, an extra search page whenever I opened chrome. I disabled the extension within the browser and uninstalled anything that I don't remember installing through the control panel. I also used CCleaner to empty out any temporary files that were downloaded onto my computer from the internet. I also did a registry clean, made a back up of my registry before I did. This was all last night. I haven't been home all day, but it seems as though the computer has been functioning alright with my wife. I had her run a scan using Microsoft Security Essentials to check for anything. Nothing suspicious through that, same with McAfee.  So I am not sure what the problem is. I hope I have been clear enough. I am not the most literate with computers, but I can follow instructions. Any help would be much appreciated. Thanks.

 

I am running windows 7.

 

 

 

 



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Toffee Monster


  • Malware Response Team
  • 2,528 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Somewhere in BleepingComputer
  • Local time:10:03 PM

Posted 01 December 2013 - 06:46 AM

Hi giraffasus,
 
It's not unusual to receive such an error(s) when "booting up" after using anti-virus and other security scanning tools to remove a malware infection.
A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to a malware file that was set to run at startup in the registry but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry still remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.
 
Lets get a log from autoruns in order to find where the value is running from and disable it:
 
Please download Autoruns.
 
Open Downloads in your browser and click on the Autoruns download.
 
Click on Run to initiate the installation.
 
When Autoruns loads you will see an image similar to the one below.
 
autorunsscreen_zps2ac55e2e.png
 
Click on File, then click on Save.
 
You will see an image similar to the one below.
 
autorunsscreen1_zps8a35cb1a.png
 
Choose Desktop as the destination, then click on the down arrow in the Save as type: box and click on Text (*.txt), then click on Save.
 
There will be a Text icon on the desktop titled AutoRuns, click on it to open the log.
 
Copy the log and paste it in your next post.
 
xXToffeeXx~

If I am helping you and you have not had a reply from me in two days, please send me a PM.

 

~Open a window, eat an apple, chrome some metal, watch an opera, make a safari, hunt a fire fox, be an explorer~


#3 giraffasus

giraffasus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 01 December 2013 - 07:41 AM

Here is the log from autorun.

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "11/17/2012 10:13 PM"
+ "EvtMgr6" "Logitech SetPoint Event Manager (UNICODE)" "Logitech, Inc." "c:\program files\logitech\setpointp\setpoint.exe" "2/21/2013 11:20 AM"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe" "1/11/2012 6:19 AM"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe" "1/11/2012 6:20 AM"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe" "10/24/2013 9:12 AM"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe" "1/11/2012 6:19 AM"
+ "TC2Tray" "TurboPC EX2 FileCopy Resident Program" "BUFFALO INC." "c:\windows\system32\tc2tray.exe" "3/27/2013 11:20 AM"
+ "tpcexTray" "TurboPC EX Notify Program" "BUFFALO INC." "c:\program files (x86)\buffalo\turbopc_ex\diskcache\tpcextray.exe" "9/25/2013 3:12 PM"
+ "TurboPC EX2" "" "" "File not found: C:\Program Files (x86)\BUFFALO\%PROG_FOLDER_NAME_FILECOPY_x86%\TC2Tray.exe" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "12/1/2013 8:24 AM"
+ "Microsoft Default Manager" "Microsoft Default Manager" "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\default manager\defmgr.exe" "5/11/2010 6:06 AM"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Oracle Corporation" "c:\program files (x86)\common files\java\java update\jusched.exe" "7/3/2013 1:16 AM"
+ "vProt" "VProtect Application" "" "c:\program files (x86)\avg secure search\vprot.exe" "11/4/2013 11:41 PM"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "11/6/2013 9:30 AM"
+ "McAfee Security Scan Plus.lnk" "McAfee Security Scanner Scheduler" "McAfee, Inc." "c:\program files (x86)\mcafee security scan\2.1.121\ssscheduler.exe" "3/8/2010 9:53 PM"
"C:\Users\Studio Something\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "12/1/2013 7:44 PM"
+ "らくらくアップデートツール.lnk" "" "" "File not found: C:\Program Files (x86)\Buffalo\RakUpdate\RakUpdate.exe" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "4/6/2011 6:06 AM"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/14/2009 8:58 AM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "12/6/2011 9:17 AM"
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files (x86)\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" "11/14/2013 7:21 PM"
+ "Internet Explorer" "" "" "File not found: C:\Windows\system32\ie4uinit.exe" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "7/14/2009 8:42 AM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "8/18/2013 6:51 AM"
+ "ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil" "" "" "File not found: C:\Users\STUDIO~1\AppData\Local\Temp\CT3306061\plugins\TBVerifier.dll" ""
+ "DAEMON Tools Pro Agent" "DAEMON Tools Pro Agent" "DT Soft Ltd" "c:\program files (x86)\daemon tools pro\dtagent.exe" "10/23/2012 5:25 PM"
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe" "11/20/2010 7:24 PM"
+ "TBHostSupport" "TBHostSupport" "Conduit Ltd." "c:\users\studio something\appdata\local\tbhostsupport\tbhostsupport.dll" "11/13/2013 10:02 PM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "7/14/2009 1:53 PM"
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat elements\contextmenu64.dll" "6/12/2008 3:34 PM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "10/24/2013 9:12 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "3/2/2011 4:40 PM"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "7/14/2009 1:53 PM"
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat elements\contextmenu.dll" "6/12/2008 3:33 PM"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "3/2/2011 4:40 PM"
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "4/6/2011 10:34 AM"
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll" "8/14/2008 11:47 PM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "10/24/2013 9:12 AM"
"HKLM\Software\Wow6432Node\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "4/6/2011 10:34 AM"
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe drive cs4\adfsmenu.dll" "8/14/2008 11:32 PM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "7/14/2009 1:53 PM"
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll" "8/14/2008 11:47 PM"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "7/14/2009 1:53 PM"
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe drive cs4\adfsmenu.dll" "8/14/2008 11:32 PM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "4/6/2011 10:34 AM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "10/24/2013 9:12 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "3/2/2011 4:40 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "4/6/2011 10:34 AM"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "3/2/2011 4:40 PM"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "4/6/2011 10:34 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "3/2/2011 4:40 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "4/6/2011 10:34 AM"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "3/2/2011 4:40 PM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "7/14/2009 1:53 PM"
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll" "8/14/2008 11:47 PM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" "7/14/2009 10:32 AM"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll" "1/11/2012 6:19 AM"
+ "NvCplDesktopContext" "NVIDIA Display Shell Extension" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll" "10/23/2013 5:05 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "7/14/2009 1:53 PM"
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe drive cs4\adfsmenu.dll" "8/14/2008 11:32 PM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll" "7/14/2009 10:09 AM"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "4/14/2011 2:53 AM"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "The Document Foundation" "c:\program files (x86)\libreoffice 4.0\program\shlxthdl\shlxthdl_x64.dll" "5/3/2013 3:15 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "4/14/2011 2:53 AM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll" "5/10/2013 3:33 PM"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "The Document Foundation" "c:\program files (x86)\libreoffice 4.0\program\shlxthdl\shlxthdl.dll" "5/3/2013 3:14 PM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "4/14/2011 2:53 AM"
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat elements\contextmenu64.dll" "6/12/2008 3:34 PM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "3/2/2011 4:40 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "4/14/2011 2:53 AM"
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat elements\contextmenu.dll" "6/12/2008 3:33 PM"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "3/2/2011 4:40 PM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "4/14/2011 2:53 AM"
+ "TurboCopy shell extension" "TurboPC EX2 FileCopy Shell extension" "BUFFALO INC." "c:\windows\system32\tc2shellex.dll" "7/17/2012 11:44 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "3/2/2011 4:40 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "4/14/2011 2:53 AM"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "3/2/2011 4:40 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "12/1/2013 7:44 PM"
+ "Logitech SetPoint" "Logitech SetPoint" "Logitech, Inc." "c:\program files\logitech\setpointp\setpointsmooth.dll" "2/21/2013 10:58 AM"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll" "3/29/2011 1:12 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "12/1/2013 7:44 PM"
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll" "6/12/2008 2:42 PM"
+ "AVG Security Toolbar" "toolbar.dll" "AVG Secure Search" "c:\program files (x86)\avg secure search\17.1.2.1\avg secure search_toolbar.dll" "8/27/2013 8:46 PM"
+ "ContributeBHO Class" "Contribute IE Plugin" "Adobe Systems Incorporated." "c:\program files (x86)\adobe\/adobe contribute cs4/contributeieplugin.dll" "9/10/2008 4:35 AM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll" "10/8/2013 11:43 PM"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll" "10/8/2013 11:43 PM"
+ "Logitech SetPoint" "Logitech SetPoint" "Logitech, Inc." "c:\program files\logitech\setpointp\32-bit\setpointsmooth.dll" "2/21/2013 10:57 AM"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll" "6/12/2008 2:42 PM"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll" "3/29/2011 12:32 PM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "11/15/2013 7:20 AM"
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll" "6/12/2008 2:42 PM"
+ "AVG Security Toolbar" "toolbar.dll" "AVG Secure Search" "c:\program files (x86)\avg secure search\17.1.2.1\avg secure search_toolbar.dll" "8/27/2013 8:46 PM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "11/15/2013 7:20 AM"
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll" "5/14/2011 7:31 AM"
"Task Scheduler" "" "" "" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "6/19/2013 4:20 AM"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll" "5/14/2011 7:21 AM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "6/11/2009 5:36 AM"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/14/2009 9:24 AM"
+ "\RealUpgradeLogonTaskS-1-5-21-1825262932-235039727-2198786113-1001" "" "" "File not found: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe" ""
+ "\RealUpgradeScheduledTaskS-1-5-21-1825262932-235039727-2198786113-1001" "" "" "File not found: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe" ""
+ "\{ED27203F-A857-4153-8D34-97562C03511C}" "" "" "File not found: C:\Program Files (x86)\uTorrent\uTorrent.exe" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "11/13/2013 11:47 PM"
+ "Adobe Version Cue CS4" "Adobe Version Cue CS4" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe" "6/3/2008 5:56 PM"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe" "4/5/2013 6:05 AM"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" "5/7/2008 12:26 AM"
+ "FLEXnet Licensing Service 64" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe" "5/7/2008 12:17 AM"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "2/16/2012 11:43 AM"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "2/16/2012 11:43 AM"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe" "4/4/2005 2:41 PM"
+ "LBTServ" "Logitech Bluetooth Service" "Logitech, Inc." "c:\program files\common files\logishrd\bluetooth\lbtserv.exe" "2/9/2013 3:24 AM"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files (x86)\mcafee security scan\2.1.121\mcchsvc.exe" "3/8/2010 9:52 PM"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe" "10/24/2013 9:11 AM"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll" "8/6/2010 2:45 PM"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe" "10/24/2013 9:11 AM"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe" "10/23/2013 5:05 PM"
+ "nvUpdatusService" "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server." "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe" "10/23/2013 3:17 PM"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll" "8/6/2010 2:45 PM"
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe" "10/23/2013 4:38 PM"
+ "TC2Service" "TurboPC EX2 FileCopy Service" "BUFFALO INC." "c:\windows\system32\tc2service.exe" "7/12/2012 2:59 PM"
+ "tpcexdccs" "TurboPC EX DiskCache Control Service" "BUFFALO INC." "c:\program files (x86)\buffalo\turbopc_ex\diskcache\tpcexservice.exe" "9/25/2013 3:12 PM"
+ "vToolbarUpdater17.1.2" "ToolbarU Application" "AVG Secure Search" "c:\program files (x86)\common files\avg secure search\vtoolbarupdater\17.1.2\toolbarupdater.exe" "8/27/2013 8:48 PM"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" "5/27/2013 2:51 PM"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe" "3/29/2011 1:11 PM"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "11/20/2010 8:18 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "11/13/2013 11:47 PM"
+ "adfs" "Adobe Drive File System Driver" "Adobe Systems, Inc." "c:\windows\system32\drivers\adfs.sys" "6/27/2008 5:52 AM"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "12/6/2008 8:54 AM"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "5/2/2007 2:30 AM"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "2/28/2007 9:04 AM"
+ "ahn88ipc" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\ahn88ipc.sys" "3/20/2010 1:18 AM"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "7/14/2009 8:19 AM"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "3/19/2010 9:45 AM"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "3/21/2009 3:36 AM"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "3/20/2010 1:18 AM"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "5/25/2007 6:27 AM"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "1/15/2009 4:27 AM"
+ "avgtp" "" "AVG Technologies" "c:\windows\system32\drivers\avgtpx64.sys" "8/29/2013 4:25 PM"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" "2/14/2009 7:18 AM"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys" "4/26/2009 8:14 PM"
+ "bftpdskc" "TurboPC DiskCache Driver" "BUFFALO INC." "c:\windows\system32\drivers\bftpdskc64.sys" "7/7/2011 10:34 AM"
+ "bftpusbx" "TurboPC USB Driver" "BUFFALO INC." "c:\windows\system32\drivers\bftpusbx64.sys" "12/14/2012 5:10 PM"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "8/7/2006 10:51 AM"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "8/7/2006 10:51 AM"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "8/7/2006 10:51 AM"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "8/7/2006 10:51 AM"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "8/7/2006 10:51 AM"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "8/9/2006 9:11 PM"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "7/14/2009 8:19 AM"
+ "dtsoftbus01" "DAEMON Tools Virtual Bus Driver" "DT Soft Ltd" "c:\windows\system32\drivers\dtsoftbus01.sys" "1/13/2012 10:45 PM"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys" "1/1/2009 1:29 AM"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "2/4/2009 7:52 AM"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "5/11/2009 5:26 PM"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys" "9/18/2009 4:54 AM"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "4/21/2010 3:32 AM"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "6/11/2010 9:46 AM"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys" "1/11/2012 7:28 AM"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "12/14/2005 6:47 AM"
+ "LEqdUsb" "Logitech Equad USB Driver." "Logitech, Inc." "c:\windows\system32\drivers\leqdusb.sys" "1/3/2013 5:12 PM"
+ "LHidEqd" "Logitech HID Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lhideqd.sys" "1/3/2013 5:12 PM"
+ "LHidFilt" "Logitech HID Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lhidfilt.sys" "1/3/2013 5:13 PM"
+ "LMouFilt" "Logitech Mouse Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lmoufilt.sys" "1/3/2013 5:13 PM"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "12/10/2008 7:46 AM"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "5/19/2009 9:20 AM"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "5/19/2009 9:31 AM"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "4/17/2009 7:13 AM"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "5/19/2009 10:09 AM"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "5/19/2009 10:25 AM"
+ "MpKslab3ff3fb" "KSLDriver" "Microsoft Corporation" "c:\programdata\microsoft\microsoft antimalware\definition updates\{f1ca0e60-243c-488f-9ead-49c6b11d3d4e}\mpkslab3ff3fb.sys" "8/22/2013 7:51 AM"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "6/7/2006 6:11 AM"
+ "NVHDA" "NVIDIA HDMI Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvhda64v.sys" "6/16/2013 9:38 PM"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 331.65 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys" "10/23/2013 3:21 PM"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "3/20/2010 5:59 AM"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "3/20/2010 5:45 AM"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Sonic Solutions" "c:\windows\system32\drivers\pxhlpa64.sys" "10/21/2009 3:08 AM"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "1/23/2009 8:05 AM"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "5/19/2009 10:18 AM"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt64win7.sys" "6/10/2011 3:33 PM"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "9/13/2006 10:18 PM"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/25/2008 3:28 AM"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/2/2008 6:56 AM"
+ "sptd" "SCSI Pass Through Direct Host" "Duplex Secure Ltd." "c:\windows\system32\drivers\sptd.sys" "8/19/2012 6:05 AM"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "2/18/2009 8:03 AM"
+ "ucgnsta" "Ralink 802.11n Wireless Adapter Driver" "Ralink Technology Corp." "c:\windows\system32\drivers\ucgnstax.sys" "8/5/2009 10:59 PM"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "7/14/2009 8:19 AM"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "1/31/2009 10:18 AM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "11/15/2013 11:51 AM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/14/2009 10:28 AM"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "12/1/2013 8:24 AM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "7/14/2009 10:06 AM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "11/20/2010 8:59 PM"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "7/14/2009 1:53 PM"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax" "4/3/2010 5:21 AM"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "7/14/2009 1:53 PM"
+ ""MainConcept (Adobe2) AAC Decoder"" "AAC audio decoder filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2daac.ax" "6/24/2008 7:30 PM"
+ ""MainConcept (Adobe2) AAC Encoder"" "AAC audio encoder filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2eaac.ax" "6/24/2008 7:32 PM"
+ ""MainConcept (Adobe2) H.264 Encoder"" "DirectShow H.264/AVC Encoder Filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2esh264.ax" "10/16/2007 6:07 AM"
+ ""MainConcept (Adobe2) H.264/AVC Decoder"" "DirectShow H.264/AVC Decoder Filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2dsh264.ax" "10/16/2007 6:06 AM"
+ ""MainConcept (Adobe2) H.264/AVC Video Encoder"" "DirectShow H.264/AVC Video Encoder Filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2evh264.ax" "10/16/2007 6:06 AM"
+ ""MainConcept (Adobe2) MPEG Audio Decoder"" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mcdsmpeg.ax" "8/30/2005 10:10 PM"
+ ""MainConcept (Adobe2) MPEG Audio Encoder"" "MPEG Audio Encoder" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mceampeg.ax" "8/30/2005 10:10 PM"
+ ""MainConcept (Adobe2) MPEG Encoder"" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mcesmpeg.ax" "8/30/2005 10:11 PM"
+ ""MainConcept (Adobe2) MPEG Multiplexer"" "MPEG Multiplexer" "" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mcmuxmpeg.ax" "8/30/2005 10:11 PM"
+ ""MainConcept (Adobe2) MPEG Splitter"" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mcspmpeg.ax" "8/30/2005 10:09 PM"
+ ""MainConcept (Adobe2) MPEG Video Decoder"" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mcdsmpeg.ax" "8/30/2005 10:10 PM"
+ ""MainConcept (Adobe2) MPEG Video Encoder"" "MPEG Video Encoder" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mcevmpeg.ax" "8/30/2005 10:11 PM"
+ "AC3Filter" "ac3filter" "" "c:\windows\syswow64\ac3filter.ax" "7/9/2008 5:06 PM"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/14/2011 7:39 AM"
+ "FunUnify Async Filter_p4" "4460" "Mobileleader" "c:\program files (x86)\iriver\iriver plus 4\funcodecfilter.ax" "2/22/2013 5:24 PM"
+ "FunUnify Audio Trnas Filter_p4" "4460" "Mobileleader" "c:\program files (x86)\iriver\iriver plus 4\funcodecfilter.ax" "2/22/2013 5:24 PM"
+ "FunUnify Codec Filter_p4" "4460" "Mobileleader" "c:\program files (x86)\iriver\iriver plus 4\funcodecfilter.ax" "2/22/2013 5:24 PM"
+ "FunUnify Encoder Filter_p4" "4460" "Mobileleader" "c:\program files (x86)\iriver\iriver plus 4\funcodecfilter.ax" "2/22/2013 5:24 PM"
+ "FunUnify Video Trans Filter_p4" "4460" "Mobileleader" "c:\program files (x86)\iriver\iriver plus 4\funcodecfilter.ax" "2/22/2013 5:24 PM"
+ "NeowizBugs IRiver AEffect" "P3AudioEffect Filter" "Neowiz Bugs Corporation." "c:\windows\syswow64\nbirv4aef.dll" "4/22/2009 5:53 PM"
+ "NeowizBugsIRiver" "p3einsf1" "Neowiz Bugs Corporation." "c:\windows\syswow64\nbirv4src.dll" "4/22/2009 5:42 PM"
+ "NeowizBugsIRiver OGG" "nbirv4ogf" "Neowiz Bugs Corporation." "c:\windows\syswow64\nbirv4ogf.dll" "4/22/2009 5:44 PM"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/14/2011 7:39 AM"
+ "Spectrum Analyzer" "" "" "c:\program files (x86)\iriver\iriver plus 4\spectrumanlayzerfilter.ax" "9/17/2009 4:01 PM"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/14/2011 7:39 AM"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/14/2011 7:39 AM"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/14/2011 7:39 AM"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/14/2011 7:39 AM"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/14/2011 7:39 AM"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/14/2011 7:39 AM"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\syswow64\xvid.ax" "9/26/2008 12:23 PM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "7/14/2009 1:53 PM"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll" "3/29/2011 1:12 PM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" "" "12/1/2013 8:25 AM"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll" "1/11/2012 6:19 AM"
+ "LBTWlgn" "Logitech Bluetooth Service" "Logitech, Inc." "c:\program files\common files\logishrd\bluetooth\lbtwlgn.dll" "2/9/2013 3:24 AM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "1/17/2012 9:51 AM"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "3/29/2011 12:31 PM"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "3/29/2011 12:31 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "1/17/2012 9:51 AM"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "3/29/2011 1:10 PM"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "3/29/2011 1:10 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "12/1/2013 8:25 AM"
+ "Adobe PDF Port Monitor" "Adobe PDF Port  Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll" "4/7/2008 2:38 PM"
+ "hpf3l101.dll" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3l101.dll" "10/21/2009 7:09 PM"
+ "PCL hpf3lw73" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3lw73.dll" "7/14/2009 10:27 AM"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" "" "7/14/2009 1:49 PM"
+ "AdobeDriveCS4_NP" "Adobe Drive CS4 Network" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adobedrivecs4_np.dll" "8/14/2008 11:54 PM"
"C:\Users\Studio Something\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" "" "11/30/2013 10:14 PM"
+ "Calendar" "Browse the days of the calendar." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\Gadget.xml" "7/14/2009 11:25 AM"
 
Thanks.


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Toffee Monster


  • Malware Response Team
  • 2,528 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Somewhere in BleepingComputer
  • Local time:10:03 PM

Posted 01 December 2013 - 07:45 AM

Hi giraffasus,

 

Open up AutoRuns again and press ctrl and f. Then type ConduitFloatingPlugin and press enter, an entry called ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil should be highlighted. Remove the tick in the box by clicking on it.

Reboot and tell me if any errors occur upon startup.

 

xXToffeeXx~


If I am helping you and you have not had a reply from me in two days, please send me a PM.

 

~Open a window, eat an apple, chrome some metal, watch an opera, make a safari, hunt a fire fox, be an explorer~


#5 giraffasus

giraffasus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 01 December 2013 - 08:02 AM

I rebooted. No notification of any such error. But, not sure if this constitutes as a different problem or question, when autorun was open I noticed a few other files that were highlighted as well that were located in my program file(x86) directory. While there to look into these I saw a folder labelled conduit. with the TBVerifier.dll inside. Should I delete this folder and file as well?


Edited by giraffasus, 01 December 2013 - 08:03 AM.


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Toffee Monster


  • Malware Response Team
  • 2,528 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Somewhere in BleepingComputer
  • Local time:10:03 PM

Posted 01 December 2013 - 08:24 AM

Hi giraffasus,
 
Good to hear, and we will deal with Conduit by running adwcleaner and JRT since there are registry keys which will not get removed with removing the folder.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

------------


thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

xXToffeeXx~


Edited by xXToffeeXx, 01 December 2013 - 08:25 AM.

If I am helping you and you have not had a reply from me in two days, please send me a PM.

 

~Open a window, eat an apple, chrome some metal, watch an opera, make a safari, hunt a fire fox, be an explorer~


#7 giraffasus

giraffasus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 01 December 2013 - 09:21 AM

Here is the ADW log file

 

# AdwCleaner v3.013 - Report created 01/12/2013 at 22:59:40
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Studio Something - GIRAFFASUS
# Running from : C:\Users\Studio Something\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Windows\SysWOW64\conduitEngine.tmp
Folder Found : C:\Users\Studio Something\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Folder Found : C:\Users\Studio Something\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Folder Found C:\Program Files (x86)\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Studio Something\AppData\Local\AVG Secure Search
Folder Found C:\Users\Studio Something\AppData\Local\Conduit
Folder Found C:\Users\Studio Something\AppData\Local\TBHostSupport
Folder Found C:\Users\Studio Something\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Studio Something\AppData\LocalLow\Conduit
Folder Found C:\Users\Studio Something\AppData\Roaming\OpenCandy
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Key Found : HKCU\Software\Google\Chrome\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16736
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com?SearchSource=10&CUI=UN37150242302977932&UM=2&ctid=CT3306061
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Studio Something\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : homepage
Found : homepage
Found : homepage
 
*************************
 
AdwCleaner[R0].txt - [7516 octets] - [01/12/2013 22:59:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7576 octets] ##########
 
And the other log file from ADW
 
# AdwCleaner v3.013 - Report created 01/12/2013 at 23:01:01
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Studio Something - GIRAFFASUS
# Running from : C:\Users\Studio Something\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Studio Something\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Studio Something\AppData\Local\Conduit
Folder Deleted : C:\Users\Studio Something\AppData\Local\TBHostSupport
Folder Deleted : C:\Users\Studio Something\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Studio Something\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Studio Something\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Studio Something\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
[!] Folder Deleted : C:\Users\Studio Something\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
File Deleted : C:\END
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16736
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Studio Something\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [7688 octets] - [01/12/2013 22:59:40]
AdwCleaner[S0].txt - [7347 octets] - [01/12/2013 23:01:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7407 octets] ##########
 
And the log file from JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Studio Something on Sun 12/01/2013 at 23:11:35.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
 
    Value Name          Type                             Value Data                     
========================================================================================
    TBHostSupport    REG_SZ    "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Studio Something\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{20E48A37-AD1A-4F08-9DB0-26296FEB5D5C}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Studio Something\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Studio Something\appdata\local\{377D310F-7B6B-4CA2-9030-D998ECACC09E}
Successfully deleted: [Empty Folder] C:\Users\Studio Something\appdata\local\{504FDD62-CFA3-4892-9599-DD4E55A4FFA6}
Successfully deleted: [Empty Folder] C:\Users\Studio Something\appdata\local\{59C7EFD2-BE2C-45DF-8265-6F0ED2840D72}
Successfully deleted: [Empty Folder] C:\Users\Studio Something\appdata\local\{7C04BBBA-C95E-4274-AD4F-017A0EF5B7B6}
Successfully deleted: [Empty Folder] C:\Users\Studio Something\appdata\local\{9313B5DD-EDE6-435B-B230-6EE60080354B}
Successfully deleted: [Empty Folder] C:\Users\Studio Something\appdata\local\{D15C6FB6-4897-4778-B150-FDB34F804270}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/01/2013 at 23:15:36.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Thanks.
 


#8 giraffasus

giraffasus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 01 December 2013 - 09:49 AM

I am curious what kept the ADWcleaner from deleting two of the files it found.



#9 giraffasus

giraffasus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 01 December 2013 - 10:20 AM

Well, I am in japan and need to go to work tomorrow, so i will try to get this done tomorrow i need be.



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Toffee Monster


  • Malware Response Team
  • 2,528 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Somewhere in BleepingComputer
  • Local time:10:03 PM

Posted 01 December 2013 - 10:30 AM

I am curious what kept the ADWcleaner from deleting two of the files it found.

What two files? I don't see that. If you mean the exclamation marked one then it is gone, don't worry.
 
Open up AutoRuns again and press ctrl and f. Then type TBHostSupport and press enter, an entry called TBHostSupport should be highlighted. Remove the tick in the box by clicking on it. If the entry doesn't appear then don't worry.
 
Just one more scan and possible housing keeping:
 
Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

xXToffeeXx~


If I am helping you and you have not had a reply from me in two days, please send me a PM.

 

~Open a window, eat an apple, chrome some metal, watch an opera, make a safari, hunt a fire fox, be an explorer~


#11 giraffasus

giraffasus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 01 December 2013 - 06:47 PM

Sorry for the late reply. Here is the log for SecurityCheck.

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java™ 6 Update 31  
 Java 7 Update 45  
 Adobe Flash Player 11.6.602.171  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 30.0.1599.101  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
I won't be able to do anything until tonight about around 9:30 (Japan Time) as I have to go to work now. Please let me know what to do next and I will do so once home. Thanks.


#12 giraffasus

giraffasus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 02 December 2013 - 04:17 AM

I had some time at work and looked back through the logs. I misread one of the listings actually, so only the following,  Key Found : [x64] HKCU\Software\Conduit, I couldn't find in the log as being deleted. Perhaps I am missing something.


Edited by giraffasus, 02 December 2013 - 04:25 AM.


#13 giraffasus

giraffasus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 02 December 2013 - 08:47 AM

I assume that everything with my computer is fine and that the files are deleted as it is functioning fine and that the security check seemed okay by my reading and I haven't received any notification of anything else to do... so... I will check this thread later and see if anything shows up, if not, then thanks. 



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Toffee Monster


  • Malware Response Team
  • 2,528 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Somewhere in BleepingComputer
  • Local time:10:03 PM

Posted 02 December 2013 - 11:52 AM

Hi giraffasus,

 

Ah, I think the key is fine and is gone, but we can check if you want?

 

You seem to be lacking some Windows Updates. Please follow these steps to get all updates:

  • Click on the Windows logo near the bottom of the screen.
  • Click on "All Programs" and look for Windows Update, click on it and a window will open like this.
  • Click on the "install updates" button and the updates will start installing.
  • A window like this may ask you to reboot after a little while, click restart now.

 

----------

 

Uninstall these program:

Java 6 Update 31  

Adobe Reader 10.1.7 - Update here: http://get.adobe.com/uk/reader/

 

Is there any problem with your computer?

 

xXToffeeXx~


If I am helping you and you have not had a reply from me in two days, please send me a PM.

 

~Open a window, eat an apple, chrome some metal, watch an opera, make a safari, hunt a fire fox, be an explorer~


#15 giraffasus

giraffasus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 02 December 2013 - 08:19 PM

If I wanted to check for the Key, would I simply run one of the previous scans again?

 

There is nothing wrong as far as I can tell. I uninstalled Java 6 Update 31 and already updated my Reader, as well as the Microsoft Updates. So I think I am golden. Thanks for your help. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users