Mrstickball

Hi - ran both and everything is seemingly working fine.

Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.28.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ben S :: BENS-PC [administrator] Protection: Enabled 11/28/2012 2:10:54 PM mbam-log-2012-11-28 (14-10-54).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 550190 Time elapsed: 20 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) __________________________________________ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:39:32 PM, on 11/28/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\NetWorx\networx.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Ben S\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\ProgramData\FLEXnet\Connect\11\agent.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe C:\Program Files (x86)\Pidgin\pidgin.exe E:\Steam\steam.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Ben S\AppData\Roaming\Spotify\spotify.exe C:\Users\Ben S\Downloads\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Bho - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Ben S\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Ben S\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: OpenVPN Client.lnk = C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe O4 - Global Startup: RescueTime.lnk = C:\Program Files (x86)\RescueTime\RescueTime.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SysWOW64\cryptainersrv.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing) -- End of file - 11397 bytes ________________________ Everything continues to run fine for the past 2-3 days..

Hi, I haven't had any problems since restarting. Everything seems to be fine.

It was working fine until I ran combofix. It seemingly deleted a lot of my startup programs and taskbar items, such as my web browser(s). I've had to deal with a workaround for them. As for the Combofix log: ComboFix 12-11-21.01 - Ben S 11/21/2012 23:18:01.4.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12286.9405 [GMT -5:00] Running from: c:\users\Ben S\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Ben S\AppData\Local\Temp\1.tmp\F_IN_BOX.dll c:\users\BENS~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll . . ((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 ))))))))))))))))))))))))))))))) . . 2012-11-22 04:22 . 2012-11-22 04:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-20 10:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9833258A-82EC-48BA-8733-AFFA49B968DD}\mpengine.dll 2012-11-17 08:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-17 08:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-17 08:04 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-17 08:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-17 08:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-17 08:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-17 08:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-17 08:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-17 08:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-17 08:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-17 08:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 19:44 . 2012-11-16 19:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-16 19:44 . 2012-11-16 19:44 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-16 17:23 . 2012-11-16 17:23 -------- d-----w- c:\program files\CCleaner 2012-11-16 17:08 . 2012-11-16 17:08 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-16 16:39 . 2012-11-16 16:39 -------- d-----w- c:\users\Ben S\AppData\Roaming\SUPERAntiSpyware.com 2012-11-16 16:39 . 2012-11-16 16:39 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-11-16 16:39 . 2012-11-16 16:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-11-16 14:48 . 2012-11-16 14:48 -------- d-----w- c:\users\Ben S\AppData\Roaming\Malwarebytes 2012-11-16 14:48 . 2012-11-16 14:48 -------- d-----w- c:\programdata\Malwarebytes 2012-11-16 14:48 . 2011-07-08 12:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2012-11-16 14:48 . 2012-11-16 16:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-16 14:48 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-16 13:59 . 2012-11-16 19:17 -------- d--h--w- c:\users\Ben S\AppData\Local\SysWow64 2012-11-14 21:17 . 2012-11-15 21:54 -------- d-sh--w- c:\users\Ben S\wc 2012-11-14 21:16 . 2012-11-14 21:16 -------- d-----w- c:\users\Ben S\AppData\Roaming\Molura 2012-11-14 21:16 . 2012-11-14 21:16 -------- d-----w- c:\users\Ben S\AppData\Local\Molura 2012-11-14 21:15 . 2012-11-14 21:15 -------- d-----w- c:\program files (x86)\Molura 2012-11-12 17:27 . 2012-07-26 00:31 1414144 ----a-w- c:\windows\SysWow64\spk.dll 2012-11-12 17:27 . 2011-03-02 17:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll 2012-11-08 01:26 . 2012-11-08 01:26 -------- d-----w- c:\users\Ben S\.towns 2012-11-07 01:00 . 2012-11-07 01:00 -------- d-----w- c:\programdata\ATI 2012-11-07 01:00 . 2012-11-07 01:00 -------- d-----w- c:\program files (x86)\AMD AVT 2012-11-07 01:00 . 2012-11-07 01:00 -------- d-----w- c:\program files (x86)\AMD APP 2012-11-07 00:58 . 2012-11-07 00:58 -------- d-----w- C:\AMD 2012-11-06 03:19 . 2012-11-06 03:19 -------- d-----w- c:\program files\NTCore 2012-11-06 01:39 . 2012-11-07 01:00 -------- d-----w- c:\programdata\AMD 2012-11-06 01:39 . 2012-11-06 01:39 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-11-06 01:38 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-10-29 18:23 . 2012-10-29 18:23 -------- d-----w- c:\program files (x86)\Netpeak 2012-10-25 00:49 . 2012-10-25 00:49 -------- d-----w- c:\users\Ben S\AppData\Roaming\FLEXnet 2012-10-25 00:48 . 2012-10-25 00:48 -------- d-----w- c:\users\Ben S\AppData\Roaming\Nuance 2012-10-25 00:47 . 2012-10-25 00:47 -------- d-----w- c:\program files (x86)\Common Files\IVA 2012-10-25 00:47 . 2012-10-25 00:47 -------- d-----w- c:\program files (x86)\Common Files\Nuance 2012-10-25 00:44 . 2012-10-25 00:44 -------- d-----w- c:\programdata\Nuance 2012-10-25 00:44 . 2012-10-25 00:44 -------- d-----w- c:\programdata\Macrovision 2012-10-25 00:44 . 2012-10-25 00:44 -------- d-----w- c:\programdata\FLEXnet 2012-10-25 00:44 . 2012-10-25 00:44 -------- d-----w- c:\program files (x86)\Nuance 2012-10-25 00:44 . 2012-10-25 00:44 -------- d-----w- c:\program files (x86)\Common Files\InstallShield 2012-10-25 00:42 . 2012-10-25 00:42 -------- d-----w- c:\program files (x86)\MSXML 4.0 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-17 08:00 . 2010-08-25 15:45 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-08 19:16 . 2012-09-04 08:05 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-09-28 20:37 . 2012-09-28 20:37 221696 ----a-w- c:\windows\system32\clinfo.exe 2012-09-28 20:36 . 2012-09-28 20:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-09-28 20:36 . 2012-09-28 20:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-09-28 20:36 . 2012-09-28 20:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-09-28 20:36 . 2012-09-28 20:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-09-28 20:36 . 2012-09-28 20:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll 2012-09-28 20:32 . 2012-09-28 20:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-09-28 02:23 . 2012-04-06 01:34 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll 2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll 2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll 2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-09-28 01:43 . 2012-04-06 02:21 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-09-28 01:41 . 2012-04-06 02:20 1120768 ----a-w- c:\windows\system32\aticfx64.dll 2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-09-28 01:39 . 2012-04-06 02:13 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe 2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-09-28 01:31 . 2012-09-28 01:31 3127296 ----a-w- c:\windows\system32\atiumd6a.dll 2012-09-28 01:25 . 2012-09-28 01:25 6704640 ----a-w- c:\windows\system32\atiumd64.dll 2012-09-28 01:22 . 2012-04-06 01:54 7167488 ----a-w- c:\windows\system32\atidxx64.dll 2012-09-28 01:22 . 2012-04-06 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 79360 ----a-w- c:\windows\system32\amdave64.dll 2012-09-28 01:13 . 2012-09-28 01:13 78336 ----a-w- c:\windows\SysWow64\amdave32.dll 2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-09-28 01:13 . 2012-09-28 01:13 74240 ----a-w- c:\windows\system32\atisamu64.dll 2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 71168 ----a-w- c:\windows\SysWow64\atisamu32.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-09-28 01:11 . 2012-04-06 01:09 129536 ----a-w- c:\windows\system32\atiuxp64.dll 2012-09-28 01:11 . 2012-04-06 01:09 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-09-28 01:11 . 2012-09-28 01:11 103424 ----a-w- c:\windows\system32\atiu9p64.dll 2012-09-28 01:10 . 2012-04-06 01:09 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-09-14 19:19 . 2012-10-10 05:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 05:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-12 01:28 . 2012-09-12 01:28 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-12 01:28 . 2012-07-17 16:18 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-12 01:28 . 2010-07-07 22:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-31 18:19 . 2012-10-10 05:29 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 05:29 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 05:29 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 05:29 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-10 05:28 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 05:28 172544 ----a-w- c:\windows\SysWow64\wintrust.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}] 2012-07-18 23:26 195448 ----a-w- c:\program files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] "Spotify Web Helper"="c:\users\Ben S\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576] "Facebook Update"="c:\users\Ben S\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-07 138096] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-13 2068856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-10-02 380928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-13 2068856] "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] OpenVPN Client.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe [2010-8-6 19968] RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2012-3-1 2723840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ALSysIO;ALSysIO;c:\users\BENS~1\AppData\Local\Temp\ALSysIO64.sys [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-03 1255736] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568] S1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-04-15 57016] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 ssoftnt4;ssoftnt4;c:\windows\system32\Drivers\ssoftnt4.sys [2010-02-04 101880] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616] S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-31 20968] S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2012-07-18 310232] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720] . . Contents of the 'Scheduled Tasks' folder . 2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-16 19:44] . 2012-11-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2860796573-1848591789-3297064592-1000Core.job - c:\users\Ben S\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 15:07] . 2012-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2860796573-1848591789-3297064592-1000UA.job - c:\users\Ben S\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 15:07] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 16:39] . 2012-11-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b7079cf4-71a0-4a79-9ebd-481b35eb89d7.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-11-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task cbe760a2-1c5c-436d-86a5-b529692b3d0e.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NetWorx"="c:\program files\NetWorx\networx.exe" [2011-04-15 2793472] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\ FF - prefs.js: network.proxy.ftp - 216.108.225.224 FF - prefs.js: network.proxy.ftp_port - 60099 FF - prefs.js: network.proxy.gopher - 216.108.225.224 FF - prefs.js: network.proxy.gopher_port - 60099 FF - prefs.js: network.proxy.http - 216.108.225.224 FF - prefs.js: network.proxy.http_port - 60099 FF - prefs.js: network.proxy.socks - 216.108.225.224 FF - prefs.js: network.proxy.socks_port - 60099 FF - prefs.js: network.proxy.ssl - 216.108.225.224 FF - prefs.js: network.proxy.ssl_port - 60099 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Steam App 25890 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 42910 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 47410 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 72200 - c:\program files (x86)\Steam\steam.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe c:\windows\SysWOW64\cryptainersrv.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Completion time: 2012-11-21 23:25:15 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-22 04:25 ComboFix2.txt 2012-11-16 17:37 ComboFix3.txt 2012-11-16 17:05 ComboFix4.txt 2012-11-16 16:24 . Pre-Run: 14,985,756,672 bytes free Post-Run: 14,994,870,272 bytes free . - - End Of File - - F759EAE02C83E8ADC2D28023C2766D57

RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Ben S [Admin rights] Mode : Scan -- Date : 11/16/2012 14:16:47 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [sTARTUP][sUSP PATH] msoft32.exe @Ben S : C:\Users\Ben S\AppData\Local\SysWow64\msoft32.exe -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\Windows\Installer\{2c3a99bd-56bd-eec9-972f-5e53c386c37a}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{2c3a99bd-56bd-eec9-972f-5e53c386c37a}\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: INTEL SSDSA2M080G2GN ATA Device +++++ --- User --- [MBR] 106b70108fd4665e6b282d98a407e3c1 [bSP] c14748835262190d8ef9608e754853db : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST31000528AS ATA Device +++++ --- User --- [MBR] d39a6d8d05e9b71c1a14490e961fe192 [bSP] 46a57f82f35b90a1402d5545ee9b5cf1 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11162012_02d1416.txt >> RKreport[1]_S_11162012_02d1416.txt _____________________________ # AdwCleaner v2.007 - Logfile created 11/16/2012 at 14:12:45 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Ben S - BENS-PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Ben S\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\searchplugins\Askcom.xml Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\BitTorrentBar Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Users\Ben S\AppData\Local\BitTorrentBar Folder Deleted : C:\Users\Ben S\AppData\Local\Conduit Folder Deleted : C:\Users\Ben S\AppData\Local\ConduitEngine Folder Deleted : C:\Users\Ben S\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Ben S\AppData\LocalLow\BitTorrentBar Folder Deleted : C:\Users\Ben S\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Ben S\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Ben S\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\Conduit Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\ConduitEngine Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\CT2790392 Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\extensions\engine@conduit.com Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\extensions\toolbar@ask.com Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\extensions\vshare@toolbar Folder Deleted : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\FCTB Folder Deleted : C:\Users\Ben S\AppData\Roaming\OpenCandy Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\BitTorrentBar Key Deleted : HKCU\Software\CompeteInc Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4996A6FC-F393-458B-A114-E0A9E54C4F72} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Toolbar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\Software\BitTorrentBar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4996A6FC-F393-458B-A114-E0A9E54C4F72} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4996A6FC-F393-458B-A114-E0A9E54C4F72} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02FEDDA5-33F7-4E97-8C7A-B56967D2EA6D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28290E68-B719-4D40-866D-3C0F4DAC58C3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp --> hxxp://www.google.com -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\prefs.js C:\Users\Ben S\AppData\Roaming\Mozilla\Firefox\Profiles\pwbuc1no.default\user.js ... Deleted ! Deleted : user_pref("CT2790392..clientLogIsEnabled", true); Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2790392.CTID", "CT2790392"); Deleted : user_pref("CT2790392.CurrentServerDate", "2-2-2011"); Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2790392.DownloadReferralCookieData", ""); Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Wed Feb 02 2011 16:54:00 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 491); Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Wed Feb 02 2011 15:27:22 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Wed Feb 02 2011 15:27:22 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Wed Feb 02 2011 15:27:22 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Wed Feb 02 2011 15:27:22 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Wed Feb 02 2011 15:27:27 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Wed Feb 02 2011 15:27:22 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Wed Feb 02 2011 15:27:23 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Wed Feb 02 2011 15:27:22 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Wed Feb 02 2011 15:27:23 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Wed Feb 02 2011 15:27:23 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Wed Feb 02 2011 15:27:23 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10); Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15); Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5); Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5); Deleted : user_pref("CT2790392.FirstServerDate", "1-2-2011"); Deleted : user_pref("CT2790392.FirstTime", true); Deleted : user_pref("CT2790392.FirstTimeFF3", true); Deleted : user_pref("CT2790392.FixPageNotFoundErrors", false); Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2790392.HasUserGlobalKeys", true); Deleted : user_pref("CT2790392.Initialize", true); Deleted : user_pref("CT2790392.InitializeCommonPrefs", true); Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2790392.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2790392.InstalledDate", "Tue Feb 01 2011 09:27:22 GMT-0500 (Eastern Standard Time)"); Deleted : user_pref("CT2790392.IsGrouping", false); Deleted : user_pref("CT2790392.IsMulticommunity", false); Deleted : user_pref("CT2790392.IsOpenThankYouPage", true); Deleted : user_pref("CT2790392.IsOpenUninstallPage", false); Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Fri Feb 04 2011 09:27:22 GMT-0500 (Eastern Standar[...] Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2790392.LastLogin_3.2.5.2", "Wed Feb 02 2011 13:27:21 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("CT2790392.LatestVersion", "3.2.5.2"); Deleted : user_pref("CT2790392.Locale", "en"); Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT279[...] Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true); Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Fri Feb 04 2011 09:27:22 GMT-0500 (Eastern Stand[...] Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Fri Feb 04 2011 09:27:21 GMT-0500 (Eastern Standard [...] Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Wed Feb 02 2011 14:57:57 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("CT2790392.SettingsLastUpdate", "1295945175"); Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Tue Feb 01 2011 09:27:21 GMT-0500 (Eastern Sta[...] Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1246790578"); Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Deleted : user_pref("CT2790392.UserID", "UN84527464540924312"); Deleted : user_pref("CT2790392.ValidationData_Toolbar", 2); Deleted : user_pref("CT2790392.WeatherNetwork", ""); Deleted : user_pref("CT2790392.WeatherPollDate", "Wed Feb 02 2011 16:27:35 GMT-0500 (Eastern Standard Time)"); Deleted : user_pref("CT2790392.WeatherUnit", "F"); Deleted : user_pref("CT2790392.alertChannelId", "1182482"); Deleted : user_pref("CT2790392.backendstorage.hxxp://conduit_priceblink_com/conduit.uid", "36666638656330362D6[...] Deleted : user_pref("CT2790392.myStuffEnabled", true); Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2790392.testingCtid", ""); Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Fri Feb 04 2011 16:54:00 GMT-0500 (Eastern S[...] Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Tue Feb 01 2011 09:27:22 GMT-0500 (Eastern S[...] Deleted : user_pref("CT2790392.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2790392/CT2790392[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2790392"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar"); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2790392"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4c35e7fa&[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2790392"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2790392"); Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 12 2011 14:37:37 GMT-0500 (Easte[...] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 12 2011 14:37:37 GMT-0500 (Eastern S[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "37f43710-3796-4e3a-9c38-5a4939cd0760"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Feb 04 2011 09:27:22 GMT-0500 (Eas[...] Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine"); Deleted : user_pref("ConduitEngine.FirstServerDate", "02/01/2011 17"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration"); Deleted : user_pref("ConduitEngine.InstalledDate", "Tue Feb 01 2011 09:27:03 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Feb 02 2011 09:27:24 GMT-0500 (Eastern Sta[...] Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Feb 02 2011 15:27:06 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0); Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...] Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Feb 02 2011 15:27:24 GMT-0500 (Eastern Standar[...] Deleted : user_pref("ConduitEngine.UserID", "UN54518410256740796"); Deleted : user_pref("ConduitEngine.engineLocale", "en-US"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Feb 02 2011 12:27:24 GMT-0500 (Easte[...] Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); Deleted : user_pref("browser.search.order.1", "Ask.com"); Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search"); Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp"); Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxps://isearch.avg.com/search?cid=%7B7094f01[...] Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true); Deleted : user_pref("extensions.vshare@toolbar.install-event-fired", true); Deleted : user_pref("extensions.vshare@toolbar.update.enabled", false); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.2806055.KeywordHistory", "Search%2520and%2520Ea[...] Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.AutoSearchEventData", "auto%20search"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ClearCacheDate", 30); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DisplayEULA", false); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DnsCatchEventData", "dns%20catch"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.FirstLaunchShown", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.LoadLayoutDate.62133", 30); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.NewTabSearchEventData", "tab%20search"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.RemoveAllData", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ShowRecommendedOptions", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.StateReportDate", "1325198036990"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.TopRightSearchEventData", "top%20right%20search[...] Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.comp.search.2806055.engine_img", "aHR0cDovL3NlY[...] Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.comp.search.2806055.engine_url", "aHR0cDovL3NlY[...] Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.comp.search.2806055.text", ""); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.customNewTab", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.CaptureType", 2); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.lastPrivacyRulesTime", 1297539454); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.lastPrivacyRulesUrl", "hxxp://dcs.consumeri[...] Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.lastWhitelistTime", 1297539454); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.lastWhitelistUrl", "hxxp://dcs.consumerinpu[...] Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.panelID", "freecausefox"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.userID", "FCZ3DNJ47304553"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.version", "6211"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dca.whitelistInterval", 1440); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.helpUsImprove", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hideOthers", false); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.installDate", "11022010"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.lastPingTime", 1297539457); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.processAddrBar", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.remove_search", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.restoreSearch", false); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.revision", "55"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.runcmd.", "348572137"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.searchHistory", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.session", "99BC02E6A41586A10BC8455544098007792F[...] Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.showFirstLaunchOptions", false); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tb_lang", "en"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tbver", "1.300.306"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tool_id", "62133"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_id", "47304553"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_key", "258f7fbe32bf245b8fe3d43654a206b420d[...] Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_layouts", "62133"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_lnames", "InboxDollars"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.voicebox.surveys", ""); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.voicebox.version", "1013"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.yahooSearch", true); Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={A3C3FB96-0B8C-4E9F-8B50-9541F7677E6D}&m[...] Deleted : user_pref("vshare.install.date", "1288483200000"); Deleted : user_pref("vshare.install.finished", "1.0.0"); Deleted : user_pref("vshare.install.guid", "{975c5bcf-7644-4766-bfb5-bc11b9214a33}"); Deleted : user_pref("vshare.install.isHidden", true); Deleted : user_pref("vshare.install.laststatreq", "1309305600000"); Deleted : user_pref("vshare.install.newtab", false); Deleted : user_pref("vshare.install.overlayVersion", 1); -\\ Google Chrome v [unable to get version] File : C:\Users\Ben S\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [27065 octets] - [16/11/2012 14:12:45] ########## EOF - C:\AdwCleaner[s1].txt - [27126 octets] ##########

Hi, I believe your assistance killed it! I ran all 3 programs, and RogueKiller detected two registry keys that were removed. I have to figure out how to upload the logs, but I will do so as soon as I figure it out.

Hi, This is the worst infection I've ever dealt with by a long shot. I ran MalwareBytes, which detected and removed a ton of infections, but the ransomware is still running. Here's the worst part: I was able to re-start the computer after running it, and everything looked "OK" for a few minutes. Started running MalWareBytes to ensure that there was nothing left, and the virus popped up again, causing MalWareBytes to become unresponsive once the scan completed. (I did a quick scan then full scan). I am running in networked safe mode - the virus seemingly is doing nothing from this area of my PC. Please help me. This virus is preventing me from doing any work, and is causing me to lose a lot of money. Thanks! attach.txt dds.txt