Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 - won't run DDS, multiple probs


  • This topic is locked This topic is locked
23 replies to this topic

#1 Red315

Red315

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 23 February 2014 - 03:39 PM

Gentlemen (or ladies):

Laptop is an HP Pavilion dv6 running Win7.  Owner was running as admin w/o password.  I uninstalled a load of bad stuff, but couldn't get rid of a few things, eg Keybar 1.12, AVG Safeguard Toolbar, ShopAtHomeHelper, and an unnamed program.  In Mike Lin's StartupCtlrPnl, under HKLM /RUN, there is a program with no name or location info.  When I check it to disable start upon boot, it recreates a new iteration of itself (same for ShopAtHomeWatcher).

Bad thing - DDS won't run (running as admin).  When DDS is invoked, Notepad comes up with the DDS code displayed, as if the DDS.SCR were a text file.  Rebooted into safe mode, same thing (although I left the computer for a short time, and when I came back, DDS was running.  Saved the two files as *-safemode.txt.

Thanks in advance for your help!

Jon

 

======================================================================================================

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 11.0.9600.16518
Run by wadmin at 9:05:13 on 2014-02-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.5407 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://aartemis.com/?type=hp&ts=1384713366&from=tugs&uid=HitachiXHTS547575A9E384_J2540054HGWDEEHGWDEEX
mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384713366&from=tugs&uid=HitachiXHTS547575A9E384_J2540054HGWDEEHGWDEEX&q={searchTerms}
mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384713366&from=tugs&uid=HitachiXHTS547575A9E384_J2540054HGWDEEHGWDEEX
mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384713366&from=tugs&uid=HitachiXHTS547575A9E384_J2540054HGWDEEHGWDEEX&q={searchTerms}
mURLSearchHooks: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [USBestCR] C:\Program Files (x86)\cardicon\iconcs170368.exe RunFromReg
mRun: [ShopAtHomeWatcher] C:\Users\Meta\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: Interfaces\{333526D9-31D4-4337-837A-5DC5C9189808} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{333526D9-31D4-4337-837A-5DC5C9189808}\1425155554454554A5D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{333526D9-31D4-4337-837A-5DC5C9189808}\14271757564747560284F6573756 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{333526D9-31D4-4337-837A-5DC5C9189808}\8434250253 : DHCPNameServer = 192.168.5.254
TCP: Interfaces\{333526D9-31D4-4337-837A-5DC5C9189808}\84342513 : DHCPNameServer = 192.168.5.1 192.168.5.1
TCP: Interfaces\{7FE7F1DD-70A5-4249-AA9A-7B1686828EED} : DHCPNameServer = 172.26.69.100
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://aartemis.com/?type=hp&ts=1384713366&from=tugs&uid=HitachiXHTS547575A9E384_J2540054HGWDEEHGWDEEX
x64-mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384713366&from=tugs&uid=HitachiXHTS547575A9E384_J2540054HGWDEEHGWDEEX&q={searchTerms}
x64-mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384713366&from=tugs&uid=HitachiXHTS547575A9E384_J2540054HGWDEEHGWDEEX
x64-mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384713366&from=tugs&uid=HitachiXHTS547575A9E384_J2540054HGWDEEHGWDEEX&q={searchTerms}
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 343696]
R0 pxscan;pxscan;C:\Windows\System32\drivers\pxscan.sys [2014-2-13 36384]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-7 46368]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-14 328928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-1-10 97792]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-1-10 217600]
R3 pxkbf;pxkbf;C:\Windows\System32\drivers\pxkbf.sys [2014-2-13 24024]
S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 782360]
S1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2013-11-28 66040]
S1 pxrts;pxrts;C:\Windows\System32\drivers\pxrts.sys [2014-2-13 65736]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2014-2-15 89600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2014-2-13 6746280]
S2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-14 328928]
S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-12 13336]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-2-15 2151744]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-17 201304]
S2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-11-28 178048]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-14 328928]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-14 328928]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-14 328928]
S2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-11-28 1017016]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-1-14 219272]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-1-14 182752]
S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-12 2656280]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-12 1771544]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 70112]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-13 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-1-25 197704]
S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-1-31 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-14 111616]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 311120]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 519576]
S3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-1-10 343696]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-12 428136]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssmirrdr;ssmirrdr;C:\Windows\System32\drivers\ssmirrdr.sys [2011-7-20 10112]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-26 1255736]
S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
S4 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
S4 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
S4 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-17 201304]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .bat: batfile=NOTEPAD.EXE %1
FileExt: .cmd: cmdfile=NOTEPAD.EXE %1
FileExt: .com: comfile=NOTEPAD.EXE %1
FileExt: .pif: piffile=NOTEPAD.EXE %1
FileExt: .scr: scrfile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .js: JSFile=NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2014-02-17 15:13:35    --------    d-----w-    C:\disinfect
2014-02-16 21:00:21    --------    d-----w-    C:\Users\wadmin\AppData\Local\Hewlett-Packard
2014-02-15 22:22:48    --------    d-----w-    C:\Users\wadmin\AppData\Roaming\IObit
2014-02-15 22:22:44    --------    d-----w-    C:\ProgramData\IObit
2014-02-15 22:22:42    --------    d-----w-    C:\ProgramData\ProductData
2014-02-15 22:22:39    --------    d-----w-    C:\Program Files (x86)\IObit
2014-02-15 21:54:30    --------    d-----w-    C:\Users\wadmin\AppData\Local\CrashDumps
2014-02-15 14:42:33    --------    d-----w-    C:\Users\wadmin\AppData\Local\AVG SafeGuard toolbar
2014-02-15 14:42:19    --------    d-----w-    C:\Users\wadmin\AppData\Roaming\hpqLog
2014-02-15 14:42:17    --------    d-----w-    C:\Users\wadmin\AppData\Roaming\Synaptics
2014-02-14 14:05:12    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-14 14:05:12    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-13 17:34:52    0    ----a-w-    C:\Windows\SysWow64\mfevtps.exe
2014-02-13 16:23:40    65736    ----a-w-    C:\Windows\System32\drivers\pxrts.sys
2014-02-13 16:23:40    62976    ----a-w-    C:\Windows\SysWow64\PxSecure.dll
2014-02-13 16:23:40    36384    ----a-w-    C:\Windows\System32\drivers\pxscan.sys
2014-02-13 16:23:40    24024    ----a-w-    C:\Windows\System32\drivers\pxkbf.sys
2014-02-13 16:23:40    --------    d-----w-    C:\Program Files\Prevx
2014-02-13 16:21:38    --------    d-----w-    C:\ProgramData\PrevxCSI
2014-02-13 15:41:12    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2014-02-13 15:30:35    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-13 15:17:28    --------    d-----w-    C:\Program Files\McAfee Security Scan
2014-02-07 20:35:59    --------    d-----w-    C:\Program Files\iPod
2014-02-07 20:35:55    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 20:35:55    --------    d-----w-    C:\Program Files\iTunes
2014-01-25 15:53:12    197704    ----a-w-    C:\Windows\System32\drivers\HipShieldK.sys
.
==================== Find3M  ====================
.
2014-02-07 02:06:29    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-07 02:06:29    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-06 02:30:08    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16    488448    ----a-w-    C:\Windows\System32\secproc.dll
2013-12-04 02:26:32    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2013-11-26 08:16:50    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
.
============= FINISH:  9:06:27.88 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 24 February 2014 - 06:06 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Red315

Red315
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 27 February 2014 - 10:40 AM

Hi, Marius --

 

The lady who owns the computer has been out of town for a few days.  I hope to be able to reacquire the computer and run your instructions today (2/27) or tomorrow and get back to you.

 

Please hold this thread open for a bit longer.

 

Thanks

 

Jon



#4 Red315

Red315
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 27 February 2014 - 05:52 PM

Hi, Marius --

 

Attached is the MBAR log file.

 

Thanks again for your help.

 

Jon

Attached Files



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 28 February 2014 - 06:35 AM

Fix with Malwarebytes Anti-Rootkit

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.

 

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 Red315

Red315
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 02 March 2014 - 12:52 PM

Good Morning, Marius -

 

Attached are the logs from MBAR/clean and ComboFix (ComboFix said that it was expired, and running  in reduced functionality mode)

 

So far, nothing bad found in the machine's behavior.

 

Thanks again for all your help  --  give me an ok if everything passes your evaluation.

 

Jon[

attachment=147591:ComboLog&mbar-log-2014-03-01 (09-16-23).zip]Attached File  ComboLog&mbar-log-2014-03-01 (09-16-23).zip   8.03KB   2 downloads

 



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 05 March 2014 - 02:29 AM

Combofix´s Add-Remove PRograms.txt

  • Hit the Windows- and the R-key simultanously..
  • Copy the following command into the text field:
  • C:\Qoobox\Add-Remove Programs.txt
  • Hit OK.
  • A textfile will open, please post up its content.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Red315

Red315
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 05 March 2014 - 11:28 AM

Hi, Marius -

 

Here is the Add-Remove Programs.txt file:

 

ActiveCheck component for HP Active Support Library
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
AVG SafeGuard toolbar
Bing Bar
BufferChm
C309g-m
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Google Chrome
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP MovieStore
HP On Screen Display
HP Photo Creations
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
HP Update
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Wireless Display
IObit Uninstaller
Junk Mail filter update
KeyBar 1.12 Toolbar for IE
MarketResearch
McAfee Internet Security
McAfee Online Backup
Mesh Runtime
Messenger Companion
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PlayReady PC Runtime x86
PS_AIO_06_C309g-m_SW_Min
QuickTime
QuickTransfer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Renesas Electronics USB 3.0 Host Controller Driver
RoxioNow Player
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VLC media player 2.1.3
VoiceOver Kit
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
 

Jon



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 06 March 2014 - 01:48 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Bing Bar
IObit Uninstaller
KeyBar 1.12 Toolbar for IE
MarketResearch


Close the window.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Red315

Red315
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 07 March 2014 - 11:05 AM

Good Morning -

Progress report:

1.  Bing Bar uninstalled

2.  Iobit Uninstaller uninstalled  --  is this considered a dark program?  It has uninstalled some prgms that otherwise would not uninstall.

3.  Keybar 1.12 would not uninstall  --  the uninstall window comes up with buttons and check boxes, but no text anywhere.  Clicking on any and everything does nothing.  The window will not go away until a reboot.

4.  Marketresearch does not show up in the Control Panel > Programs list, even tho it does in the ComboFix Add-Remove Programs listing.

5.  Malware Bytes scan log posted here.

6.  Eset link in your instruction here is broken.  I found the online scanner at  

    www.eset.com/us/online-scanner-popup/

 

Thanks again for all your help ...

 

Jon

 

=================================================================================================================

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.06.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
wadmin :: META-HP [administrator]

Protection: Enabled

3/6/2014 9:49:37 AM
mbam-log-2014-03-06 (09-49-37).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 427625
Time elapsed: 1 hour(s), 19 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\aartemisSoftware\aartemishp (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3291325 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 4
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.Aartemis) -> Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com/?type=sc&ts=1384713366&from=tugs&uid=HitachiXHTS547575A9E384_J2540054HGWDEEHGWDEEX) Good: (iexplore.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Aartemis) -> Bad: (http://aartemis.com/?type=hp&ts=1384713366&from=tugs&uid=HitachiXHTS547575A9E384_J2540054HGWDEEHGWDEEX) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Quarantined and repaired successfully.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Aartemis.A) -> Bad: (http://aartemis.com/?type=hp&ts=1384713366&from=tugs&uid=HitachiXHTS547575A9E384_J2540054HGWDEEHGWDEEX) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 9
C:\ProgramData\eSafe\log (PUP.Optional.eSafe.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\css (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\images (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml (PUP.Optional.Lightning.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0 (PUP.Optional.Lightning.A) -> Quarantined and deleted successfully.

Files Detected: 38
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\KeyBar_1.12\KeyBar_1.12ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PDFReader\Uninstall\Uninstall.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Conduit\CT3291325\KeyBar_1.12AutoUpdateHelper.exe.bad (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\LocalLow\KeyBar_1.12\hk64tbKey0.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\LocalLow\KeyBar_1.12\ldrtbKey0.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\LocalLow\KeyBar_1.12\tbKey0.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> Quarantined and deleted successfully.
C:\Users\Meta\Downloads\java.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Users\Meta\Downloads\PDFReaderSetup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Meta\Downloads\Updater_Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\ProgramData\eSafe\log\eGdpSvc.LOG (PUP.Optional.eSafe.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx (PUP.Optional.NewTab.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\configutaion.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\SetupIcon.ico (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\UninstallDialog.html (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\css\UninstallDialog.css (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\images\2.0--spec--kicker.png (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\images\content-pattern.png (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\images\content-sep.png (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\images\OK-Button-Default.gif (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\images\OK-Button-MouseOver.gif (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\images\OK-Button-OnClick.gif (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\images\x.gif (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\js\jquery.min.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\js\nsUI.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3291325\UninstallDialog\js\UninstallDialogLogic.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html (PUP.Optional.Lightning.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js (PUP.Optional.Lightning.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json (PUP.Optional.Lightning.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png (PUP.Optional.Lightning.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\inject.js (PUP.Optional.Lightning.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js (PUP.Optional.Lightning.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json (PUP.Optional.Lightning.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js (PUP.Optional.Lightning.A) -> Quarantined and deleted successfully.
C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js (PUP.Optional.Lightning.A) -> Quarantined and deleted successfully.

(end)

===========================================================================================================================

 

eset:

 

C:\Program Files (x86)\KeyBar_1.12\hk64tbKeyB.dll    a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\Program Files (x86)\KeyBar_1.12\hktbKeyB.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Program Files (x86)\KeyBar_1.12\ldrtbKeyB.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll    Win32/Toolbar.Conduit.X potentially unwanted application
C:\Program Files (x86)\KeyBar_1.12\tbKeyB.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js    Win32/Conduit.SearchProtect.A potentially unwanted application
C:\Users\Meta\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Meta\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Meta\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Meta\AppData\LocalLow\KeyBar_1.12\hk64tbKeyB.dll    a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\Users\Meta\AppData\LocalLow\KeyBar_1.12\hktbKeyB.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Meta\AppData\LocalLow\KeyBar_1.12\ldrtbKeyB.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Meta\AppData\LocalLow\KeyBar_1.12\tbKey1.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Meta\AppData\LocalLow\KeyBar_1.12\tbKeyB.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Meta\AppData\LocalLow\KeyBar_1.12\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll    a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Meta\AppData\Roaming\PDF Reader Packages\uninstaller.exe    Win32/InstallCore.AZ potentially unwanted application
C:\Users\Meta\Downloads\AnyProtectSetup.exe    a variant of Win32/InstallCore.CH potentially unwanted application
C:\Users\Meta\Downloads\MSN Messenger.exe    MSIL/Solimba.N potentially unwanted application
C:\Users\Meta\Downloads\Windows Messenger.exe    MSIL/Solimba.N potentially unwanted application
Operating memory    Win32/Toolbar.Conduit.Y potentially unwanted application

======================================================================================================================
 



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 07 March 2014 - 11:10 AM

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Red315

Red315
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 09 March 2014 - 11:42 AM

After running AwdCleaner and rebooting, received the error msg:

 

C:\users\Meta\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.cll

error starting

 

So I then ran AwdCleaner a second time - same result.  I am enclosing both the S0 and S1 logs

 

Ran JRT, and posted the log.

 

Thanks again ...

 

Jon

 

===============================================================================================================

 

# AdwCleaner v3.020 - Report created 09/03/2014 at 10:45:49
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : wadmin - META-HP
# Running from : C:\disinfect\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : \SearchProtect
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\KeyBar_1.12
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\Meta\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Meta\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Meta\AppData\Local\Conduit
Folder Deleted : C:\Users\Meta\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Meta\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Meta\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Meta\AppData\LocalLow\KeyBar_1.12
Folder Deleted : C:\Users\Meta\AppData\Roaming\DSite
Folder Deleted : C:\Users\Meta\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Meta\Documents\Optimizer Pro
Folder Deleted : C:\Users\Meta\Documents\Systweak
Folder Deleted : C:\Users\wadmin\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\wadmin\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Paul\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Paul\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Folder Deleted : C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
File Deleted : C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.saltarsmart.biz_0.localstorage
File Deleted : C:\Users\Meta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.saltarsmart.biz_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\DSite

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\wadmin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291325
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0A51D53C-6F3C-426E-B789-2A21526E6546}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A51D53C-6F3C-426E-B789-2A21526E6546}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{569BAB4F-6F5D-4F56-862A-923BA1A23D35}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14B576E1-7053-4E13-B1B2-9E2E4B7AB84E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\aartemisSoftware
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\KeyBar_1.12
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Meta\AppData\Roaming\Mozilla\Firefox\Profiles\zlyrd5cd.default-1392305535889\prefs.js ]


[ File : C:\Users\wadmin\AppData\Roaming\Mozilla\Firefox\Profiles\xsx2pap6.default\prefs.js ]


[ File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ffm5rkea.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [13603 octets] - [09/03/2014 10:42:37]
AdwCleaner[S0].txt - [12871 octets] - [09/03/2014 10:45:49]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [12932 octets] ##########
 

=====================================================================================================================

 

# AdwCleaner v3.020 - Report created 09/03/2014 at 10:56:54
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : wadmin - META-HP
# Running from : C:\disinfect\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Meta\AppData\Local\AVG SafeGuard toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Meta\AppData\Roaming\Mozilla\Firefox\Profiles\zlyrd5cd.default-1392305535889\prefs.js ]


[ File : C:\Users\wadmin\AppData\Roaming\Mozilla\Firefox\Profiles\xsx2pap6.default\prefs.js ]


[ File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ffm5rkea.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [13603 octets] - [09/03/2014 10:42:37]
AdwCleaner[R1].txt - [1157 octets] - [09/03/2014 10:55:26]
AdwCleaner[S0].txt - [13055 octets] - [09/03/2014 10:45:49]
AdwCleaner[S1].txt - [1085 octets] - [09/03/2014 10:56:54]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [1145 octets] ##########
 

 

=====================================================================================================================

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by wadmin on Sun 03/09/2014 at 11:09:14.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A195C577-4E26-4327-AEA3-CE76B29C425C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A195C577-4E26-4327-AEA3-CE76B29C425C}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/09/2014 at 11:17:43.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 10 March 2014 - 07:51 AM

Scan with SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regfind
    conduit
    :filefind
    *conduit*
    :folderfind
    *conduit*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 Red315

Red315
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 11 March 2014 - 08:18 AM

Here is the SystemLook listing:

 

Thanks again ...

 

Jon

 

===================================================================================================================

 

SystemLook 30.07.11 by jpshortstuff
Log created at 08:10 on 11/03/2014 by wadmin
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "conduit"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Meta\AppData\Local\Conduit\CT3291325\KeyBar_1.12AutoUpdateHelper.exe"="Conduit Toolbar Automatic Update"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\BackgroundContainer\LogicFileManager]
"LogicFilePath"="C:\Users\Meta\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1766901]
"Url"="http://alerts.conduit-services.com/root/1776360/1766901/US"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="http://alert.storage.conduit.com"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="http://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="http://alerts.conduit-services.com/translation/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\Conduit\RevertSettings]
"ConduitLatestHomePage"="http://search.conduit.com?SearchSource=10&CUI=UN33123936572933720&UM=2&ctid=CT3291325"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/default.aspx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325]
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ClientLog]
"ServiceUrl"="http://clientlog.conduit-services.com/log/putlog"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\Configuration]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/?ctid=EB_TOOLBAR_ID&ver=EB_TOOLBAR_VERSION&client=ToolbarConfiguration"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\SearchApiByCountry]
"ServiceUrl"="http://c.api.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID&c=EB_COUNTRY_CODE"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\SPStubConditionalDownload]
"ServiceUrl"="http://sp-download.conduit-services.com/ConditionalDownload?CTID=EB_TOOLBAR_ID&ToolbarRunMode=EB_TOOLBAR_RUN_MODE&ToolbarType=EB_PLATFORM&UAC=EB_UAC_MODE&IntegrityLevel=EB_INTEGRITY_LEVEL&WindowsVersion=EB_WINDOWS_VERSION"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID&UM=UM_UNINSTALL_ID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarHiddenLoginJson]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarInstallationUsage]
"ServiceUrl"="http://installationusage.conduit-services.com/api/InstallationUsage"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarLoginJson]
"ServiceUrl"="http://login.toolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarSetupAPI]
"ServiceUrl"="http://setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarSetupAPIByCountry]
"ServiceUrl"="http://c.setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID/CC/EB_COUNTRY_CODE"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325_CT3291325]
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\conduit_CT3291325_en]
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\MetaData\1282514927]
"dbname"="conduit_CT3291325_CT3291325"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\MetaData\1571494013]
"dbname"="conduit_CT3291325_CT3291325"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\MetaData\2418177400]
"dbname"="conduit_CT3291325_en"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\MetaData\3182907764]
"dbname"="conduit_CT3291325_CT3291325"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\MetaData\3559920069]
"dbname"="conduit_CT3291325_CT3291325"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\MetaData\3961140775]
"dbname"="conduit_CT3291325_CT3291325"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\MetaData\739090813]
"dbname"="conduit_CT3291325_CT3291325"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Repository\MetaData\914861859]
"dbname"="conduit_CT3291325_CT3291325"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=SB_CUI&UM=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings]
"HomePageUrl"="http://search.conduit.com/?ctid=CT3223559"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,trovi.com,seccint.com,cpccint.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com;social.tbccint.com;apps.tbccint.com;services.apps.tbccint.com;apps.cpccint.com"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\BackHandStorage\https___facebook_conduitapps_com_component_html_mode=2]
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\BackHandStorage\http___app_mam_conduit_com_getapp_CT3291325_mam_html_ctid=CT3291325&smv=EB_SMV]
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com?SearchSource=10&amp;ctid=CT3291325"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&amp;SearchSource=4&amp;ctid=CT3291325"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\Search\Settings]
"NotFoundUrl"="http://search.conduit.com/corse/?ctid=CT3291325&octid=EB_ORIGINAL_CTID&SearchSource=11&CUI=SB_CUI&SSPV=EB_SSPV&Lay=LAY_ID&UM=2&fq=FQ_TERM&SAT=SAT_ID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\SearchInNewTab]
"AboutTabsPageUrl"="http://search.conduit.com/?ctid=CT3291325&octid=EB_ORIGINAL_CTID&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=2"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.17.2.8/tbedrs.dll"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.13.3.505/tbedrs.dll"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\AppDataLow\Software\KeyBar_1.12\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>USTX0474</LOCATION_ID><DAYS><DAY1><DATE>20140213</DATE><DAY>Thursday</DAY><F_MIN>42</F_MIN><F_MAX>64</F_MAX><C_MIN>6</C_MIN><C_MAX>18</C_MAX><UV_DESCRIPTION>Moderate</UV_DESCRIPTION><UV_INDEX>5</UV_INDEX><SUNSET>6:13 pm</SUNSET><SUNRISE>7:14 am</SUNRISE><MOONRISE>5:23 pm</MOONRISE><MOONSET>6:08 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20140214</DATE><DAY>Friday</DAY><F_MIN>39</F_MIN><F_MAX>68</F_MAX><C_MIN>4</C_MIN><C_MAX>20</C_MAX><UV_DESCRIPTION>Moderate</UV_DESCRIPTION><UV_INDEX>5</UV_INDEX><SUNSET>6:14 pm</SUNSET><SUNRISE>7:13 am</SUNRISE><MOONRISE>6:16 pm</MOONRISE><MOONSET>6:43 am</MOONSET><MOON_PHASE>Full</MOON_PHASE><CONDITION_DESCRIPTION>Partly Cloudy</CONDITION_DES
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\Conduit]
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\app.mam.conduit.com]
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com]
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com]
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fastcontent.conduit.com]
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com?SearchSource=10&CUI=UN33123936572933720&UM=2&ctid=CT3291325"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8623305A-FB64-4B68-869B-FB8A433408A6}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291325&CUI=UN33123936572933720&UM=2"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8623305A-FB64-4B68-869B-FB8A433408A6}]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8623305A-FB64-4B68-869B-FB8A433408A6}]
"FaviconURL"="http://search.conduit.com/favicon.ico"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"BackgroundContainer"=""C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Meta\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Meta\AppData\Local\Conduit\CT3291325\KeyBar_1.12AutoUpdateHelper.exe"="Conduit Toolbar Automatic Update"
[HKEY_USERS\S-1-5-21-3292782509-3051606982-375635321-1003_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Meta\AppData\Local\Conduit\CT3291325\KeyBar_1.12AutoUpdateHelper.exe"="Conduit Toolbar Automatic Update"

========== filefind ==========

Searching for "*conduit*"
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1776360_1766901_US.xml.vir    --a---- 190 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 99157430F3991192FA3027AF183CC6DD
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_59_322_CT3223559_Images_634738032225076964_png.png.vir    --a---- 1838 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 087465F21ADE1E1D84E0C0B382861A0E
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_59_322_CT3223559_Skins_634738004698613115_28px_png.png.vir    --a---- 220 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 63621A4596DCFF2D99A70A44BF0EE7CC
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_83_326_CT3269083_Images_Email_xml-0-Classic-634919735716951488_png.png.vir    --a---- 946 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 6763741964D65CCD6F6FA3482ED53FC7
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png.vir    --a---- 821 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 99D5F75C338F2A877CBF891E0F18746E
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png.vir    --a---- 729 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png.vir    --a---- 531 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] A847C5F6CE2C700048749892DD2E0619
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png.vir    --a---- 669 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] FED9E00C76F647EE6A0B7CC684C89F0C
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png.vir    --a---- 263 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 36BD416D16391EFAAAFB2C3C54EAE986
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png.vir    --a---- 734 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 943ADFD9E0DF1507F7BC419802BF4303
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png.vir    --a---- 562 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png.vir    --a---- 493 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 275C9DA2D536F18F528C80E050C3D705
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png.vir    --a---- 706 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png.vir    --a---- 674 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 650731EEF807C292E699779B12CBE552
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png.vir    --a---- 607 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 9B4D914888BCFFCBAE6757A0E450551C
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif.vir    --a---- 419 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 01B83C91554738F6AFFB7895BBBA73FB
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_eula_png.png.vir    --a---- 513 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] F43944209A64CCD0C9B5A92743F0F787
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif.vir    --a---- 403 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif.vir    --a---- 414 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] A9E001CBC00B06B121DFBC80707F5298
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif.vir    --a---- 278 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif.vir    --a---- 405 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 995595D4C685D659E8F03CD0A287EDDF
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif.vir    --a---- 405 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] AA39D8A6B65E208901EBA9F3D4728D3E
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif.vir    --a---- 361 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 464E244E7E2F27FB85E0C3AB69D72104
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif.vir    --a---- 425 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 6427565C7105DC497287866100F260BB
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif.vir    --a---- 381 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] AE7C9F67594A84B096D225601ACB0B2A
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif.vir    --a---- 351 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] C3EBA0237D68F665AF6D663906221092
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif.vir    --a---- 399 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png.vir    --a---- 617 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 80648ABDB2DEB2D53DBFD77D57A9C886
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif.vir    --a---- 405 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 66018EAE0906C9831A821CAE5D1089BB
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif.vir    --a---- 371 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif.vir    --a---- 322 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 948781E4B6478290050ECA4423B89B1E
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif.vir    --a---- 240 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] AE5A39669C623937C0839E079E1088D5
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif.vir    --a---- 335 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 766433EF38BDA83C4FD4932027A4B9D5
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_MarketPlace_0d_43a_0d06b9d6-1454-46ba-ae97-b9ddc7e7943a_Appearance_634611189382074641_png.png.vir    --a---- 1796 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] A23E49DD2927E7480EA43F04CD37836A
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_MarketPlace_81_28e_816147d9-d2b0-4dc7-b220-fb7ea1b1228e_Appearance_634726106907093173_png.png.vir    --a---- 1272 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 44C7C895240CF21A12C681666B7C547B
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634726116365249321_png.png.vir    --a---- 1666 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 672D1DFF2B0796954BCFA8C6A395C163
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___weather_conduit_com_images_weather_Default_cloudy_gif.gif.vir    --a---- 406 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] 61A76264B50BF0E425D6BD7DB73F40B4
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif.vir    --a---- 259 bytes    [17:18 13/02/2014]    [17:18 13/02/2014] 110EC9BCA8470D6488B626EA28914A6C
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3291325.xml.vir    --a---- 7038 bytes    [16:20 28/01/2014]    [17:18 13/02/2014] 792CC42EDA0237A5500988AFD6D3C8FA
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3291325.xml.vir    --a---- 5515 bytes    [16:20 28/01/2014]    [17:18 13/02/2014] 1D8A2018152FBFDD085AED8DC5E2D8BC
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3291325.xml.vir    --a---- 6582 bytes    [16:20 28/01/2014]    [17:18 13/02/2014] 69773956CC6ABBF85BCB35BFE50E0DEB
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3291325&UM=UM_UNINSTALL_ID.xml.vir    --a---- 5514 bytes    [16:20 28/01/2014]    [17:18 13/02/2014] F6D3F46BDB4B43B2D8A544AB8C7C7DC4
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll    --a---- 1323336 bytes    [08:32 07/01/2014]    [08:32 07/01/2014] 3F20CCDAC6969CBB898D88BB4F5CC22E
C:\Users\Meta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ER1ZOZLO\sf_conduit_loader[1].htm    --a---- 7757 bytes    [17:19 13/02/2014]    [17:19 13/02/2014] D515D54078E48B8D510EEAEFE950B2F8
C:\Users\Meta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ER1ZOZLO\sf_conduit_mam_app[1].htm    --a---- 4950 bytes    [17:19 13/02/2014]    [17:19 13/02/2014] F426A53481C12A908DCFC14846084EB1
C:\Users\Meta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R37C1SIQ\Conduit[1].htm    --a---- 287 bytes    [17:19 13/02/2014]    [17:19 13/02/2014] 47B33CAB108EDBC412A7AF64D48CF2E1
C:\Users\Meta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R37C1SIQ\sf_conduit_loader[1].htm    --a---- 7757 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] D515D54078E48B8D510EEAEFE950B2F8
C:\Users\Meta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R37C1SIQ\SlimwareCPC-US-Conduit3761-All-300-lp1-Test36d-21656_fc[1].gif    --a---- 41255 bytes    [17:19 13/02/2014]    [17:19 13/02/2014] A78C311F50BF4DA6348E02BD9F8038B4
C:\Users\Meta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VG1KD7SW\sf_conduit_mam_app[1].htm    --a---- 4939 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] A6073A95F8B6107216F90C4C03CFFEAB
C:\Users\Meta\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2RN3IKNE\app.mam.conduit[1].xml    --a---- 100454 bytes    [16:20 28/01/2014]    [17:22 13/02/2014] B7F885EF3E0F12A4B13488431AD51EBA
C:\Users\Meta\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\C191E6SJ\storage.conduit[1].xml    --a---- 13 bytes    [16:20 28/01/2014]    [16:20 28/01/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Meta\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\F1D0R4R3\fastcontent.conduit[1].xml    --a---- 470 bytes    [16:20 28/01/2014]    [17:22 13/02/2014] 7EC7215C8366DE6282CB6122146CF638
C:\Users\Meta\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ROF0654J\facebook.conduitapps[1].xml    --a---- 13 bytes    [17:18 13/02/2014]    [17:18 13/02/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

========== folderfind ==========

Searching for "*conduit*"
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\Local\Conduit    d------    [15:46 09/03/2014]
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\Conduit    d------    [15:46 09/03/2014]
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\Repository\conduit_CT3291325_CT3291325    d------    [15:46 09/03/2014]
C:\AdwCleaner\Quarantine\C\Users\Meta\AppData\LocalLow\KeyBar_1.12\Repository\conduit_CT3291325_en    d------    [15:46 09/03/2014]

-= EOF =-



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 11 March 2014 - 08:23 AM

this is odd...please delete your existing copy of adwcleaner.

 

 

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users