Jump to content

Trojan Infection?


Recommended Posts

Hi. When I run the malware scan I get a bunch of infection detections. The seem to include trojan in the names and dont seem consistant. I am also noticing i am locked out of various system tools like system restore and firewall settings. I am having plenty of trouble with other things too. Anyway, here are some logs!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_35

Run by Christine at 20:10:33 on 2013-01-01

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2181 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

C:\Windows\system32\msiexec.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\Browny02\BrYNSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\consent.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

mWinlogon: Userinit = userinit.exe,

BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [AdobeBridge] <no file>

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [updatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{13A4A21A-A744-4877-BE1F-D44BDBDBED54} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\14355535 : DHCPNameServer = 192.168.1.1 209.18.47.62

TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\25E20205E2027596D26496 : DHCPNameServer = 192.168.254.254

TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\54E414027457563747 : DHCPNameServer = 216.171.180.243 151.202.0.85 216.171.184.243

TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\A62727279607 : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\C696E6B6379737 : DHCPNameServer = 213.109.65.28 213.109.72.203 1.1.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054

x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

FF - component: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Christine\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]

R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-2-13 401920]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-26 203264]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-26 844320]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-1 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-1 682344]

R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]

R2 UsbService;Eltima Usb to Ethernet Connector;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2010-6-2 326656]

R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-10-1 245760]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-10-26 292864]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-1 24176]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-26 34872]

R3 vuhub;Virtual Usb Hub;C:\Windows\System32\drivers\vuhub.sys [2010-6-2 47616]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate1ca7e43895d74bb;Google Update Service (gupdate1ca7e43895d74bb);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 133104]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-26 225280]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]

.

=============== File Associations ===============

.

ShellExec: PortraitProfessional.exe: open="C:\Program Files (x86)\Portrait Professional Studio 9\PortraitProfessionalStudio.exe" /P "%1"

.

=============== Created Last 30 ================

.

2013-01-01 23:20:54 -------- d-----w- C:\Users\Christine\AppData\Roaming\Malwarebytes

2013-01-01 23:20:44 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-01 23:20:43 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-01 23:20:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-30 13:34:23 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\612ae5ed1cde69222\MeshBetaRemover.exe

2012-12-30 13:33:10 -------- d-----w- C:\Users\Christine\AppData\Local\Windows Live

2012-12-30 13:03:08 -------- d-----w- C:\Windows\System32\SPReview

2012-12-30 13:00:03 -------- d-----w- C:\Windows\System32\EventProviders

2012-12-30 12:59:56 -------- d-----w- C:\c64f695e382cea0e1608554a9e787d

2012-12-30 12:58:33 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-12-30 12:58:29 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe

2012-12-30 12:58:29 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe

2012-12-28 10:20:57 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA649C17-5065-4EC3-9110-97987310ECE2}\mpengine.dll

2012-12-28 08:28:25 325032 ----a-w- C:\Users\Christine\501607876.exe

2012-12-21 21:11:20 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-21 21:11:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-21 21:11:18 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-21 21:11:18 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-13 00:45:57 425984 ----a-w- C:\Windows\System32\KernelBase.dll

2012-12-13 00:37:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-13 00:37:37 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-13 00:31:47 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-12-13 00:30:56 295792 ----a-w- C:\Windows\System32\drivers\volsnap.sys

2012-12-13 00:03:05 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-12-13 00:03:05 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

.

==================== Find3M ====================

.

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-11 01:24:09 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-10-11 01:24:09 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-04 17:38:56 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:38:56 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:38:56 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:38:24 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:35:22 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 16:54:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:54:17 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:19:57 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:49:27 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:49:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:49:22 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:49:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:44:29 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:44:29 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:44:29 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:44:29 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 20:14:14.30 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/15/2009 8:27:51 PM

System Uptime: 1/1/2013 8:04:32 PM (0 hours ago)

.

Motherboard: Acer | | JV50PU

Processor: AMD Athlon X2 Dual-Core QL-65 | Socket S1G2 | 2100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 286 GiB total, 157.162 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 466 GiB total, 120.792 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

Acer Arcade Deluxe

Acer Assist

Acer Backup Manager

Acer Crystal Eye webcam Ver:1.1.74.216

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer GridVista

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin 64-bit

Adobe Media Player

Adobe Photoshop 7.0

Adobe Photoshop CS5

Adobe Reader 9.3

Amazon Games & Software Downloader

AMD USB Filter Driver

Apple Software Update

ArcSoft MediaImpression for Kodak

ATI Catalyst Install Manager

Backup Manager Basic

Bejeweled 2 Deluxe

BitTorrent

Braid

Broadcom Gigabit NetLink Controller

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MOV Decoder

Canon Utilities Digital Photo Professional 3.8

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities WFT Utility

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cogs

Compatibility Pack for the 2007 Office system

Conduit Engine

Coupon Printer for Windows

CutePDF Writer 2.8

CyberLink PhotoNow

CyberLink PowerDirector

Darkspore™

Digital Photo Software FotoMix 8.0

DVDFab 8.1.5.9 (20/01/2012) Qt

eBay Worldwide

Freecorder

Freecorder Toolbar

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

H&R Block New York 2010

H&R Block New York 2011

H&R Block Premium + Efile + State 2010

H&R Block Premium + Efile + State 2011

HDAUDIO Soft Data Fax Modem with SmartCP

HL-2270DW

Identity Card

Java Auto Updater

Java 6 Update 35

Junk Mail filter update

Malwarebytes Anti-Malware version 1.70.0.1100

McAfee Security Scan Plus

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2000 Professional

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Suite Activation Assistant

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Move Media Player

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

Norton Online Backup

NTI Media Maker 8

PDF Settings CS5

Pocket RAR documentation

Portrait Professional Studio 9.0

QuickTime

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Skype Click to Call

Skype™ 6.0

Steam

Synaptics Pointing Device Driver

System Requirements Lab

Torchlight

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

uTorrentBar Toolbar

VLC media player 1.1.8

Welcome Center

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinRAR archiver

Wondershare Scrapbook Studio(Build 2.0.0.36)

World of Goo

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

12/31/2012 1:03:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

12/30/2012 5:42:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

12/30/2012 5:42:45 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/30/2012 4:42:59 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB976422).

12/30/2012 4:30:43 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243

12/25/2012 1:49:09 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

1/1/2013 8:06:03 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1/1/2013 8:06:00 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

1/1/2013 8:05:56 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

1/1/2013 8:05:06 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The specified module could not be found.

1/1/2013 7:56:17 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/1/2013 7:55:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

1/1/2013 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/1/2013 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/1/2013 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

1/1/2013 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/1/2013 7:54:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/1/2013 7:54:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/1/2013 7:54:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf

1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent, BitTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

http://forums.malwar...showtopic=97700

Also please uninstall all of these:

Conduit Engine

Coupon Printer for Windows

uTorrentBar Toolbar

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Then.............

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

Link to post
Share on other sites

Ok, i did all those steps.

Here is the "report" from roguekiller

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Christine [Admin rights]

Mode : Scan -- Date : 01/02/2013 19:41:38

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 adobe.activate.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 125.252.224.90

127.0.0.1 125.252.224.91

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++

--- User ---

[MBR] d61bfa0b1c2e4d00e6142a2880d72b36

[bSP] 7102643fe513f193f096c3432feaadf3 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01022013_02d1941.txt >>

RKreport[1]_S_01022013_02d1941.txt

Link to post
Share on other sites

Here you go......

Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

I got 0 detections after the 3rd scan........

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2013.01.04.01

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Christine :: CHRISTINE-PC [administrator]

1/4/2013 7:11:04 AM

mbar-log-2013-01-04 (07-11-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 31812

Time elapsed: 32 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 2.100000 GHz

Memory total: 4024811520, free: 2763059200

------------ Kernel report ------------

01/03/2013 21:03:25

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\WMILIB.SYS

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\atapi.sys

\SystemRoot\system32\DRIVERS\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\AtiPcie.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys

\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\k57nd60a.sys

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\SysWOW64\drivers\Afc.sys

\??\C:\Windows\system32\drivers\UBHelper.sys

\??\C:\Windows\system32\drivers\NTIDrvr.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\vuhub.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtiHdmi.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\CAXHWAZL.sys

\SystemRoot\system32\DRIVERS\CAX_DPV.sys

\SystemRoot\system32\DRIVERS\CAX_CNXT.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\XAudio64.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\wdcsam64.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\usp10.dll

\Windows\System32\advapi32.dll

\Windows\System32\msctf.dll

\Windows\System32\urlmon.dll

\Windows\System32\gdi32.dll

\Windows\System32\ole32.dll

\Windows\System32\imm32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\user32.dll

\Windows\System32\iertutil.dll

\Windows\System32\Wldap32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\psapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\shell32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\nsi.dll

\Windows\System32\difxapi.dll

\Windows\System32\msvcrt.dll

\Windows\System32\comdlg32.dll

\Windows\System32\lpk.dll

\Windows\System32\kernel32.dll

\Windows\System32\setupapi.dll

\Windows\System32\wininet.dll

\Windows\System32\shlwapi.dll

\Windows\System32\sechost.dll

\Windows\System32\normaliz.dll

\Windows\System32\crypt32.dll

\Windows\System32\wintrust.dll

\Windows\System32\KernelBase.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\devobj.dll

\Windows\System32\comctl32.dll

\Windows\System32\msasn1.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR3

Upper Device Object: 0xfffffa8005b86570

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008c\

Lower Device Object: 0xfffffa8005dd7b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80049f1060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa800494a060

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

No address found

Downloaded database version: v2013.01.04.01

Downloaded database version: v2012.12.27.02

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80049f1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80049f04f0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80049f1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800494a060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xfffff8a00d5ec070, 0xfffffa80049f1060, 0xfffffa800717e150

Lower DeviceData: 0xfffff8a01235bd40, 0xfffffa800494a060, 0xfffffa8004f34850

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 2EB82EB7

Partition information:

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 24576000

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 24578048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 24782848 Numsec = 600357552

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8005b86570, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80063f33a0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005b86570, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007752c00, DeviceName: Unknown, DriverName: \Driver\usbfilter\

DevicePointer: 0xfffffa8005dd7b60, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\

------------ End ----------

Upper DeviceData: 0xfffff8a00fbf6c20, 0xfffffa8005b86570, 0xfffffa8003d3e340

Lower DeviceData: 0xfffff8a00cbf85d0, 0xfffffa8005dd7b60, 0xfffffa8003fc2cc0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 521AB

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 976705536

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500074283008 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\@ --> [Trojan.Siredef.C]

Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]

Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\U --> [Trojan.Siredef.C]

Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\U\00000008.@ --> [Trojan.Siredef.C]

Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\L --> [Trojan.Siredef.C]

Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\L\00000004.@ --> [Trojan.Siredef.C]

Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4 --> [Trojan.Siredef.C]

Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.0Access]

Done!

Scan finished

Creating System Restore point...

Could not create restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.100000 GHz

Memory total: 4024811520, free: 3094081536

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.100000 GHz

Memory total: 4024811520, free: 2777108480

------------ Kernel report ------------

01/03/2013 21:41:04

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\WMILIB.SYS

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\atapi.sys

\SystemRoot\system32\DRIVERS\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\AtiPcie.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys

\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\k57nd60a.sys

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\SysWOW64\drivers\Afc.sys

\??\C:\Windows\system32\drivers\UBHelper.sys

\??\C:\Windows\system32\drivers\NTIDrvr.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\vuhub.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtiHdmi.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\CAXHWAZL.sys

\SystemRoot\system32\DRIVERS\CAX_DPV.sys

\SystemRoot\system32\DRIVERS\CAX_CNXT.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\XAudio64.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\urlmon.dll

\Windows\System32\usp10.dll

\Windows\System32\ole32.dll

\Windows\System32\msctf.dll

\Windows\System32\comdlg32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\lpk.dll

\Windows\System32\user32.dll

\Windows\System32\gdi32.dll

\Windows\System32\shell32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\psapi.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\kernel32.dll

\Windows\System32\sechost.dll

\Windows\System32\imagehlp.dll

\Windows\System32\imm32.dll

\Windows\System32\setupapi.dll

\Windows\System32\normaliz.dll

\Windows\System32\advapi32.dll

\Windows\System32\nsi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\iertutil.dll

\Windows\System32\difxapi.dll

\Windows\System32\wininet.dll

\Windows\System32\KernelBase.dll

\Windows\System32\devobj.dll

\Windows\System32\wintrust.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\comctl32.dll

\Windows\System32\crypt32.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004af2060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa8004a60060

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004af2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004af2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004af2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004a60060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xfffff8a00cd47a70, 0xfffffa8004af2060, 0xfffffa80040ac790

Lower DeviceData: 0xfffff8a00cd0a0a0, 0xfffffa8004a60060, 0xfffffa80040a6a40

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 2EB82EB7

Partition information:

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 24576000

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 24578048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 24782848 Numsec = 600357552

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...

Done!

Performing system, memory and registry scan...

Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} --> [Hijack.Trojan.Siredef.C]

Done!

Scan finished

Creating System Restore point...

Could not create restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal successful. No system shutdown is required.

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.100000 GHz

Memory total: 4024811520, free: 3082440704

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.100000 GHz

Memory total: 4024811520, free: 2811183104

------------ Kernel report ------------

01/04/2013 06:38:24

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\WMILIB.SYS

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\atapi.sys

\SystemRoot\system32\DRIVERS\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\AtiPcie.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys

\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\k57nd60a.sys

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\SysWOW64\drivers\Afc.sys

\??\C:\Windows\system32\drivers\UBHelper.sys

\??\C:\Windows\system32\drivers\NTIDrvr.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\vuhub.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtiHdmi.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\CAXHWAZL.sys

\SystemRoot\system32\DRIVERS\CAX_DPV.sys

\SystemRoot\system32\DRIVERS\CAX_CNXT.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\XAudio64.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\usp10.dll

\Windows\System32\imm32.dll

\Windows\System32\setupapi.dll

\Windows\System32\difxapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\normaliz.dll

\Windows\System32\kernel32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\ole32.dll

\Windows\System32\psapi.dll

\Windows\System32\shell32.dll

\Windows\System32\lpk.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\msctf.dll

\Windows\System32\sechost.dll

\Windows\System32\iertutil.dll

\Windows\System32\nsi.dll

\Windows\System32\urlmon.dll

\Windows\System32\user32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\advapi32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\gdi32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\comdlg32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\wininet.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80046a4060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa80045b9060

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80046a4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80046a34b0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80046a4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80045b9060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xfffff8a00b263e40, 0xfffffa80046a4060, 0xfffffa8003f4a090

Lower DeviceData: 0xfffff8a00b23f7c0, 0xfffffa80045b9060, 0xfffffa80060c1bf0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 2EB82EB7

Partition information:

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 24576000

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 24578048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 24782848 Numsec = 600357552

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Ok, here is the next log...

ComboFix 13-01-05.01 - Christine 01/06/2013 8:22.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2581 [GMT -5:00]

Running from: c:\users\Christine\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Christine\501607876.exe

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))

.

.

2013-01-06 13:36 . 2013-01-06 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-01 23:20 . 2013-01-01 23:20 -------- d-----w- c:\users\Christine\AppData\Roaming\Malwarebytes

2013-01-01 23:20 . 2013-01-01 23:20 -------- d-----w- c:\programdata\Malwarebytes

2013-01-01 23:20 . 2013-01-01 23:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-01 23:20 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-30 13:34 . 2012-12-30 13:34 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\612ae5ed1cde69222\MeshBetaRemover.exe

2012-12-30 13:33 . 2012-12-30 13:33 -------- d-----w- c:\users\Christine\AppData\Local\Windows Live

2012-12-30 13:03 . 2012-12-30 22:33 -------- d-----w- c:\windows\system32\SPReview

2012-12-30 13:00 . 2012-12-30 13:00 -------- d-----w- c:\windows\system32\EventProviders

2012-12-30 12:59 . 2012-12-30 22:33 -------- d-----w- C:\c64f695e382cea0e1608554a9e787d

2012-12-30 12:58 . 2012-12-30 12:58 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-12-30 12:58 . 2012-12-30 12:58 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe

2012-12-30 12:58 . 2012-12-30 12:58 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe

2012-12-28 10:20 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA649C17-5065-4EC3-9110-97987310ECE2}\mpengine.dll

2012-12-21 21:11 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 21:11 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 21:11 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 21:11 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-14 21:32 . 2012-12-14 21:32 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-12-13 00:45 . 2012-10-04 17:32 425984 ----a-w- c:\windows\system32\KernelBase.dll

2012-12-13 00:37 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-13 00:37 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-13 00:31 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-12-13 00:30 . 2012-09-06 17:38 295792 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-13 00:03 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-13 00:03 . 2012-11-02 04:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-13 23:50 . 2009-12-27 00:45 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-30 11:56 . 2012-11-30 11:56 489712 ----a-w- c:\users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe

2012-10-16 21:20 . 2012-11-28 12:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20 . 2012-11-28 12:18 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34 . 2012-11-28 12:18 559104 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-11 01:24 . 2012-10-11 01:24 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-10-11 01:24 . 2010-10-21 01:37 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\tbFree.dll" [2010-10-18 3908192]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

2010-10-18 16:26 3908192 ----a-w- c:\program files (x86)\Freecorder\tbFree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\tbFree.dll" [2010-10-18 3908192]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-14 1354736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]

"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]

"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-05-27 413696]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2010-06-26 167936]

"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-27 113664]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate1ca7e43895d74bb;Google Update Service (gupdate1ca7e43895d74bb);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 133104]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]

S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S2 UsbService;Eltima Usb to Ethernet Connector;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2009-05-05 326656]

S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]

S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-12-17 47616]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 11:32]

.

2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 11:32]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe

.

**************************************************************************

.

Completion time: 2013-01-06 08:57:32 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-06 13:57

.

Pre-Run: 165,295,280,128 bytes free

Post-Run: 168,034,500,608 bytes free

.

- - End Of File - - 3BEC27F20B355BFB40A455644BA47099

Link to post
Share on other sites

Looks Good.....

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now.

~~~~~~~~~~~~~~~~~~

Then lets check the system for any adware:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for adware, toolbar and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

ok, here is the next log....

# AdwCleaner v2.105 - Logfile created 01/08/2013 at 21:08:28

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Christine - CHRISTINE-PC

# Boot Mode : Normal

# Running from : C:\Users\Christine\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\searchplugins\Askcom.xml

File Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\searchplugins\Conduit.xml

Folder Found : C:\Program Files (x86)\AppGraffiti

Folder Found : C:\Program Files (x86)\Ask.com

Folder Found : C:\Program Files (x86)\Freecorder

Folder Found : C:\Program Files (x86)\Inbox Toolbar

Folder Found : C:\Program Files (x86)\RebateInformer

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer

Folder Found : C:\ProgramData\Partner

Folder Found : C:\Users\Christine\AppData\Local\OpenCandy

Folder Found : C:\Users\Christine\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Christine\AppData\LocalLow\Conduit

Folder Found : C:\Users\Christine\AppData\LocalLow\Freecorder

Folder Found : C:\Users\Christine\AppData\LocalLow\Inbox Toolbar

Folder Found : C:\Users\Christine\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder

Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\Conduit

Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\ConduitCommon

Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\CT1060933

Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\CT2786678

Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\AppGraffiti@AppGraffiti.com

Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\inboxcomtoolbar@inbox.com

Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\toolbar@ask.com

Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\Inbox Toolbar

Folder Found : C:\Users\Christine\AppData\Roaming\OpenCandy

Folder Found : C:\Windows\Freecorder

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Freecorder

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\Toolbar

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Ask&Record

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C723818-7C90-4B95-AC60-30CAC92FAD51}

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Freecorder

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C723818-7C90-4B95-AC60-30CAC92FAD51}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7C723818-7C90-4B95-AC60-30CAC92FAD51}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0DFA453-9F4D-41EC-8E43-518A8FD7C749}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\prefs.js

Found : user_pref("CT1060933..clientLogIsEnabled", false);

Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT1060933.BrowserCompStateIsOpen_1000515", true);

Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);

Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);

Found : user_pref("CT1060933.CTID", "CT1060933");

Found : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern S[...]

Found : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]

Found : user_pref("CT1060933.CommunityChanged", true);

Found : user_pref("CT1060933.CurrentServerDate", "6-1-2013");

Found : user_pref("CT1060933.DialogsAlignMode", "LTR");

Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Sat Jan 05 2013 23:36:34 GMT-0500 (Eastern Standa[...]

Found : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");

Found : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern [...]

Found : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");

Found : user_pref("CT1060933.DownloadReferralCookieData", "");

Found : user_pref("CT1060933.FirstServerDate", "5-10-2011");

Found : user_pref("CT1060933.FirstTime", true);

Found : user_pref("CT1060933.FirstTimeFF3", true);

Found : user_pref("CT1060933.FixPageNotFoundErrors", true);

Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);

Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT1060933.HasUserGlobalKeys", true);

Found : user_pref("CT1060933.Initialize", true);

Found : user_pref("CT1060933.InitializeCommonPrefs", true);

Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT1060933.InstalledDate", "Tue Oct 04 2011 19:26:00 GMT-0400 (Eastern Daylight Time)");

Found : user_pref("CT1060933.InvalidateCache", false);

Found : user_pref("CT1060933.IsGrouping", false);

Found : user_pref("CT1060933.IsMulticommunity", true);

Found : user_pref("CT1060933.IsOpenThankYouPage", true);

Found : user_pref("CT1060933.IsOpenUninstallPage", true);

Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Sat Jan 05 2013 23:36:34 GMT-0500 (Eastern Standar[...]

Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT1060933.LastLogin_3.12.0.7", "Thu Apr 26 2012 21:25:07 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT1060933.LastLogin_3.12.2.3", "Wed May 16 2012 10:36:40 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:12:28 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT1060933.LastLogin_3.14.1.0", "Sat Sep 22 2012 11:37:16 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT1060933.LastLogin_3.15.1.0", "Fri Nov 02 2012 16:23:14 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT1060933.LastLogin_3.16.0.100", "Sun Jan 06 2013 08:59:20 GMT-0500 (Eastern Standard Tim[...]

Found : user_pref("CT1060933.LastLogin_3.16.0.3", "Mon Dec 31 2012 18:15:36 GMT-0500 (Eastern Standard Time)[...]

Found : user_pref("CT1060933.LastLogin_3.3.3.2", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern Daylight Time)"[...]

Found : user_pref("CT1060933.LatestVersion", "3.16.0.100");

Found : user_pref("CT1060933.Locale", "en-us");

Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");

Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");

Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT1060933.RadioIsPodcast", false);

Found : user_pref("CT1060933.RadioLastCheckTime", "Sat Oct 08 2011 07:45:47 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");

Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");

Found : user_pref("CT1060933.RadioMediaID", "21504191");

Found : user_pref("CT1060933.RadioMediaType", "Media Player");

Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");

Found : user_pref("CT1060933.RadioStationName", "KFOG");

Found : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");

Found : user_pref("CT1060933.SHRINK_TOOLBAR", 1);

Found : user_pref("CT1060933.SavedHomepage", "resource:/browserconfig.properties");

Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);

Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]

Found : user_pref("CT1060933.SearchInNewTabEnabled", true);

Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Sat Jan 05 2013 23:36:32 GMT-0500 (Eastern Stand[...]

Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Sat Jan 05 2013 23:36:33 GMT-0500 (Eastern Standard [...]

Found : user_pref("CT1060933.SettingsLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern Standard Ti[...]

Found : user_pref("CT1060933.SettingsLastUpdate", "1357414822");

Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Tue Oct 04 2011 19:25:43 GMT-0400 (Eastern Day[...]

Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1312887586");

Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");

Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT1060933.UserID", "UN90270965459433799");

Found : user_pref("CT1060933.ValidationData_Toolbar", 2);

Found : user_pref("CT1060933.alertChannelId", "15651");

Found : user_pref("CT1060933.backendstorage.cbfirsttime", "53756E204A616E20303620323031332030383A35393A34372[...]

Found : user_pref("CT1060933.components.1000515", true);

Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Oct 10 2011 08:09:15 GMT-0400 (Eastern [...]

Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);

Found : user_pref("CT1060933.initDone", true);

Found : user_pref("CT1060933.isAppTrackingManagerOn", true);

Found : user_pref("CT1060933.myStuffEnabled", true);

Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);

Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT1060933.revertSettingsEnabled", false);

Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);

Found : user_pref("CT1060933.testingCtid", "");

Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Sat Jan 05 2013 23:36:34 GMT-0500 (Eastern S[...]

Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Tue Oct 04 2011 19:25:46 GMT-0400 (Eastern D[...]

Found : user_pref("CT1060933.usagesFlag", 2);

Found : user_pref("CT2786678..clientLogIsEnabled", false);

Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Oct 10 2011 00:29:54 GMT-0400 (Eastern Daylight[...]

Found : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);

Found : user_pref("CT2786678.CTID", "CT2786678");

Found : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");

Found : user_pref("CT2786678.CurrentServerDate", "6-1-2013");

Found : user_pref("CT2786678.DialogsAlignMode", "LTR");

Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sat Jan 05 2013 23:36:41 GMT-0500 (Eastern Standa[...]

Found : user_pref("CT2786678.DownloadReferralCookieData", "");

Found : user_pref("CT2786678.EMailNotifierPollDate", "Fri Oct 07 2011 17:36:00 GMT-0400 (Eastern Daylight Ti[...]

Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);

Found : user_pref("CT2786678.FeedPollDate129301619375443753", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Found : user_pref("CT2786678.FeedPollDate129301619375443759", "Sun May 15 2011 06:30:20 GMT-0400 (Eastern Da[...]

Found : user_pref("CT2786678.FeedPollDate129301619375444699", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Found : user_pref("CT2786678.FeedPollDate129301619375444705", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Found : user_pref("CT2786678.FeedPollDate129301619375444711", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Found : user_pref("CT2786678.FeedPollDate129301619375444717", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Found : user_pref("CT2786678.FeedPollDate129301619375444723", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Found : user_pref("CT2786678.FeedPollDate129301619375444729", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Found : user_pref("CT2786678.FeedPollDate129301619375444735", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Found : user_pref("CT2786678.FeedPollDate129301619375444741", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Found : user_pref("CT2786678.FeedPollDate129301619375444747", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Oct 07 2011 16:38:46 GMT-0400 (Eastern D[...]

Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]

Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...]

Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...]

Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]

Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]

Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...]

Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Oct 07 2011 16:38:46 GMT-0400 (Eastern D[...]

Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]

Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]

Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]

Found : user_pref("CT2786678.FeedTTL129301619375444699", 10);

Found : user_pref("CT2786678.FeedTTL129301619375444723", 15);

Found : user_pref("CT2786678.FeedTTL129301619375444735", 5);

Found : user_pref("CT2786678.FeedTTL129301619375444747", 5);

Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);

Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);

Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);

Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);

Found : user_pref("CT2786678.FirstServerDate", "28-4-2011");

Found : user_pref("CT2786678.FirstTime", true);

Found : user_pref("CT2786678.FirstTimeFF3", true);

Found : user_pref("CT2786678.FixPageNotFoundErrors", false);

Found : user_pref("CT2786678.GroupingInvalidateCache", false);

Found : user_pref("CT2786678.GroupingLastCheckTime", "0");

Found : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");

Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);

Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT2786678.HasUserGlobalKeys", true);

Found : user_pref("CT2786678.Initialize", true);

Found : user_pref("CT2786678.InitializeCommonPrefs", true);

Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT2786678.InstallationType", "UnknownIntegration");

Found : user_pref("CT2786678.InstalledDate", "Wed Apr 27 2011 18:17:11 GMT-0400 (Eastern Daylight Time)");

Found : user_pref("CT2786678.InvalidateCache", false);

Found : user_pref("CT2786678.IsGrouping", false);

Found : user_pref("CT2786678.IsMulticommunity", false);

Found : user_pref("CT2786678.IsOpenThankYouPage", true);

Found : user_pref("CT2786678.IsOpenUninstallPage", false);

Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Jan 05 2013 23:36:41 GMT-0500 (Eastern Standar[...]

Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT2786678.LastLogin_3.12.0.7", "Thu Apr 26 2012 21:25:06 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT2786678.LastLogin_3.12.2.3", "Wed May 16 2012 16:57:34 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT2786678.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:12:29 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT2786678.LastLogin_3.14.1.0", "Fri Sep 21 2012 23:26:10 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT2786678.LastLogin_3.15.1.0", "Fri Nov 02 2012 16:23:15 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT2786678.LastLogin_3.16.0.3", "Sun Jan 06 2013 08:59:22 GMT-0500 (Eastern Standard Time)[...]

Found : user_pref("CT2786678.LastLogin_3.3.3.2", "Fri Oct 07 2011 16:38:43 GMT-0400 (Eastern Daylight Time)"[...]

Found : user_pref("CT2786678.LatestVersion", "3.16.0.3");

Found : user_pref("CT2786678.Locale", "en");

Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");

Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");

Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT2786678.RadioLastCheckTime", "0");

Found : user_pref("CT2786678.RadioLastUpdateIPServer", "0");

Found : user_pref("CT2786678.RadioLastUpdateServer", "0");

Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);

Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]

Found : user_pref("CT2786678.SearchInNewTabEnabled", true);

Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Jan 05 2013 23:36:36 GMT-0500 (Eastern Stand[...]

Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Sat Jan 05 2013 23:36:33 GMT-0500 (Eastern Standard [...]

Found : user_pref("CT2786678.SettingsLastCheckTime", "Sun Jan 06 2013 08:59:20 GMT-0500 (Eastern Standard Ti[...]

Found : user_pref("CT2786678.SettingsLastUpdate", "1357395074");

Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Sep 25 2011 11:04:19 GMT-0400 (Eastern Day[...]

Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");

Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");

Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT2786678.UserID", "UN86584854537217434");

Found : user_pref("CT2786678.ValidationData_Search", 2);

Found : user_pref("CT2786678.ValidationData_Toolbar", 2);

Found : user_pref("CT2786678.WeatherNetwork", "");

Found : user_pref("CT2786678.WeatherPollDate", "Fri Oct 07 2011 17:36:00 GMT-0400 (Eastern Daylight Time)");

Found : user_pref("CT2786678.WeatherUnit", "F");

Found : user_pref("CT2786678.alertChannelId", "1178763");

Found : user_pref("CT2786678.backendstorage.cbfirsttime", "5468752053657020323920323031312031393A31363A31362[...]

Found : user_pref("CT2786678.backendstorage.cbopenmamsettings", "30");

Found : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]

Found : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E676F6F676C652E636F6D2F75726[...]

Found : user_pref("CT2786678.backendstorage.url_history_time", "31333137393530313138393031");

Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Mon Oct 10 2011 20:39:49 GMT-0400 (Eastern [...]

Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);

Found : user_pref("CT2786678.initDone", true);

Found : user_pref("CT2786678.isAppTrackingManagerOn", true);

Found : user_pref("CT2786678.myStuffEnabled", true);

Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);

Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]

Found : user_pref("CT2786678.revertSettingsEnabled", false);

Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);

Found : user_pref("CT2786678.testingCtid", "");

Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sat Jan 05 2013 23:36:41 GMT-0500 (Eastern S[...]

Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Wed Apr 27 2011 18:17:11 GMT-0400 (Eastern D[...]

Found : user_pref("CT2786678.usagesFlag", 2);

Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT1060933");

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"1-20877[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.2.1[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63453159798933[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"52a[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]

Found : user_pref("CommunityToolbar.EngineOwner", "");

Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");

Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");

Found : user_pref("CommunityToolbar.IsEngineShown", true);

Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://freecorder.com/gadget/video.html", "833x232")[...]

Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");

Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");

Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");

Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Found : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,CT1060933");

Found : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678,CT1060933");

Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 27 2011 18:17:10 GMT-04[...]

Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Dec 03 2011 14:36:20 GMT-0500 (Easte[...]

Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);

Found : user_pref("CommunityToolbar.alert.locale", "en");

Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Dec 03 2011 14:36:12 GMT-0500 (Eastern S[...]

Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");

Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.alert.userId", "6fb688c5-3ebb-4f62-b5f4-c4753dffedc3");

Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 09 2011 10:01:20 GMT-0400 (Eas[...]

Found : user_pref("CommunityToolbar.globalUserId", "1d9a9ef2-3b0a-49c6-866f-f82eb0a529bb");

Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");

Found : user_pref("CommunityToolbar.killedEngine", true);

Found : user_pref("CommunityToolbar.undefined", "");

Found : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");

Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea[...]

Found : user_pref("browser.search.selectedEngine", "Freecorder Customized Web Search");

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [32166 octets] - [08/01/2013 21:08:28]

########## EOF - C:\AdwCleaner[R1].txt - [32227 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

Deleted:

# AdwCleaner v2.105 - Logfile created 01/12/2013 at 08:25:59

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Christine - CHRISTINE-PC

# Boot Mode : Normal

# Running from : C:\Users\Christine\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\searchplugins\Conduit.xml

Folder Deleted : C:\Program Files (x86)\AppGraffiti

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\Program Files (x86)\Freecorder

Folder Deleted : C:\Program Files (x86)\Inbox Toolbar

Folder Deleted : C:\Program Files (x86)\RebateInformer

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\Users\Christine\AppData\Local\OpenCandy

Folder Deleted : C:\Users\Christine\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Christine\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Christine\AppData\LocalLow\Freecorder

Folder Deleted : C:\Users\Christine\AppData\LocalLow\Inbox Toolbar

Folder Deleted : C:\Users\Christine\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder

Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\Conduit

Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\ConduitCommon

Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\CT1060933

Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\CT2786678

Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\AppGraffiti@AppGraffiti.com

Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\inboxcomtoolbar@inbox.com

Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\toolbar@ask.com

Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\Inbox Toolbar

Folder Deleted : C:\Users\Christine\AppData\Roaming\OpenCandy

Folder Deleted : C:\Windows\Freecorder

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Ask&Record

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C723818-7C90-4B95-AC60-30CAC92FAD51}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Freecorder

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C723818-7C90-4B95-AC60-30CAC92FAD51}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7C723818-7C90-4B95-AC60-30CAC92FAD51}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0DFA453-9F4D-41EC-8E43-518A8FD7C749}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\prefs.js

Deleted : user_pref("CT1060933..clientLogIsEnabled", false);

Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_1000515", true);

Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);

Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);

Deleted : user_pref("CT1060933.CTID", "CT1060933");

Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern S[...]

Deleted : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]

Deleted : user_pref("CT1060933.CommunityChanged", true);

Deleted : user_pref("CT1060933.CurrentServerDate", "6-1-2013");

Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");

Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Sat Jan 05 2013 23:36:34 GMT-0500 (Eastern Standa[...]

Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");

Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern [...]

Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");

Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");

Deleted : user_pref("CT1060933.FirstServerDate", "5-10-2011");

Deleted : user_pref("CT1060933.FirstTime", true);

Deleted : user_pref("CT1060933.FirstTimeFF3", true);

Deleted : user_pref("CT1060933.FixPageNotFoundErrors", true);

Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);

Deleted : user_pref("CT1060933.Initialize", true);

Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);

Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT1060933.InstalledDate", "Tue Oct 04 2011 19:26:00 GMT-0400 (Eastern Daylight Time)");

Deleted : user_pref("CT1060933.InvalidateCache", false);

Deleted : user_pref("CT1060933.IsGrouping", false);

Deleted : user_pref("CT1060933.IsMulticommunity", true);

Deleted : user_pref("CT1060933.IsOpenThankYouPage", true);

Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);

Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern Standar[...]

Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT1060933.LastLogin_3.12.0.7", "Thu Apr 26 2012 21:25:07 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT1060933.LastLogin_3.12.2.3", "Wed May 16 2012 10:36:40 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT1060933.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:12:28 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT1060933.LastLogin_3.14.1.0", "Sat Sep 22 2012 11:37:16 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT1060933.LastLogin_3.15.1.0", "Fri Nov 02 2012 16:23:14 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT1060933.LastLogin_3.16.0.100", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern Standard Tim[...]

Deleted : user_pref("CT1060933.LastLogin_3.16.0.3", "Mon Dec 31 2012 18:15:36 GMT-0500 (Eastern Standard Time)[...]

Deleted : user_pref("CT1060933.LastLogin_3.3.3.2", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern Daylight Time)"[...]

Deleted : user_pref("CT1060933.LatestVersion", "3.16.0.100");

Deleted : user_pref("CT1060933.Locale", "en-us");

Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT1060933.RadioIsPodcast", false);

Deleted : user_pref("CT1060933.RadioLastCheckTime", "Sat Oct 08 2011 07:45:47 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");

Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");

Deleted : user_pref("CT1060933.RadioMediaID", "21504191");

Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");

Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");

Deleted : user_pref("CT1060933.RadioStationName", "KFOG");

Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");

Deleted : user_pref("CT1060933.SHRINK_TOOLBAR", 1);

Deleted : user_pref("CT1060933.SavedHomepage", "resource:/browserconfig.properties");

Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]

Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);

Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Wed Jan 09 2013 11:51:25 GMT-0500 (Eastern Stand[...]

Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Sat Jan 05 2013 23:36:33 GMT-0500 (Eastern Standard [...]

Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern Standard Ti[...]

Deleted : user_pref("CT1060933.SettingsLastUpdate", "1357414822");

Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Tue Oct 04 2011 19:25:43 GMT-0400 (Eastern Day[...]

Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1312887586");

Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");

Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT1060933.UserID", "UN90270965459433799");

Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);

Deleted : user_pref("CT1060933.alertChannelId", "15651");

Deleted : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "2423");

Deleted : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6C6B6F6C756F6F6F");

Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473727175727B757575242F4B4947[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Deleted : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]

Deleted : user_pref("CT1060933.backendstorage./9b-0?3g>d", "6A3F703E706B716D7A4448794A207779767B254D5221222A21[...]

Deleted : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");

Deleted : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]

Deleted : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");

Deleted : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]

Deleted : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "6E673E3C734072747A777644477A7D764E7E212152");

Deleted : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C6B6F6C756F6F6F777775");

Deleted : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");

Deleted : user_pref("CT1060933.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");

Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");

Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<l8daj", "6D70706F7674747977722A7978727875757C78");

Deleted : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");

Deleted : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Deleted : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");

Deleted : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Deleted : user_pref("CT1060933.backendstorage.cbcountry_001", "5553");

Deleted : user_pref("CT1060933.backendstorage.cbfirsttime", "53756E204A616E20303620323031332030383A35393A34372[...]

Deleted : user_pref("CT1060933.backendstorage.cbopenmamsettings", "30");

Deleted : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F67656E6572616C2D6368616E67656C6[...]

Deleted : user_pref("CT1060933.components.1000515", true);

Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Oct 10 2011 08:09:15 GMT-0400 (Eastern [...]

Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT1060933.initDone", true);

Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true);

Deleted : user_pref("CT1060933.myStuffEnabled", true);

Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT1060933.revertSettingsEnabled", false);

Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT1060933.testingCtid", "");

Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern S[...]

Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Tue Oct 04 2011 19:25:46 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT1060933.usagesFlag", 2);

Deleted : user_pref("CT2786678..clientLogIsEnabled", false);

Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Oct 10 2011 00:29:54 GMT-0400 (Eastern Daylight[...]

Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);

Deleted : user_pref("CT2786678.CTID", "CT2786678");

Deleted : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");

Deleted : user_pref("CT2786678.CurrentServerDate", "6-1-2013");

Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sat Jan 05 2013 23:36:41 GMT-0500 (Eastern Standa[...]

Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");

Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Fri Oct 07 2011 17:36:00 GMT-0400 (Eastern Daylight Ti[...]

Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);

Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sun May 15 2011 06:30:20 GMT-0400 (Eastern Da[...]

Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Oct 07 2011 16:38:46 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Oct 07 2011 16:38:46 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);

Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);

Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);

Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);

Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);

Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);

Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);

Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);

Deleted : user_pref("CT2786678.FirstServerDate", "28-4-2011");

Deleted : user_pref("CT2786678.FirstTime", true);

Deleted : user_pref("CT2786678.FirstTimeFF3", true);

Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);

Deleted : user_pref("CT2786678.GroupingInvalidateCache", false);

Deleted : user_pref("CT2786678.GroupingLastCheckTime", "0");

Deleted : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");

Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);

Deleted : user_pref("CT2786678.Initialize", true);

Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);

Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");

Deleted : user_pref("CT2786678.InstalledDate", "Wed Apr 27 2011 18:17:11 GMT-0400 (Eastern Daylight Time)");

Deleted : user_pref("CT2786678.InvalidateCache", false);

Deleted : user_pref("CT2786678.IsGrouping", false);

Deleted : user_pref("CT2786678.IsMulticommunity", false);

Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);

Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);

Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern Standar[...]

Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2786678.LastLogin_3.12.0.7", "Thu Apr 26 2012 21:25:06 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT2786678.LastLogin_3.12.2.3", "Wed May 16 2012 16:57:34 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:12:29 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT2786678.LastLogin_3.14.1.0", "Fri Sep 21 2012 23:26:10 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT2786678.LastLogin_3.15.1.0", "Fri Nov 02 2012 16:23:15 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT2786678.LastLogin_3.16.0.3", "Wed Jan 09 2013 11:51:25 GMT-0500 (Eastern Standard Time)[...]

Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Fri Oct 07 2011 16:38:43 GMT-0400 (Eastern Daylight Time)"[...]

Deleted : user_pref("CT2786678.LatestVersion", "3.16.0.3");

Deleted : user_pref("CT2786678.Locale", "en");

Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2786678.RadioLastCheckTime", "0");

Deleted : user_pref("CT2786678.RadioLastUpdateIPServer", "0");

Deleted : user_pref("CT2786678.RadioLastUpdateServer", "0");

Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]

Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Fri Jan 11 2013 18:25:20 GMT-0500 (Eastern Stand[...]

Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Wed Jan 09 2013 11:51:25 GMT-0500 (Eastern Standard [...]

Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sun Jan 06 2013 08:59:20 GMT-0500 (Eastern Standard Ti[...]

Deleted : user_pref("CT2786678.SettingsLastUpdate", "1357395074");

Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Sep 25 2011 11:04:19 GMT-0400 (Eastern Day[...]

Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");

Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");

Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2786678.UserID", "UN86584854537217434");

Deleted : user_pref("CT2786678.ValidationData_Search", 2);

Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);

Deleted : user_pref("CT2786678.WeatherNetwork", "");

Deleted : user_pref("CT2786678.WeatherPollDate", "Fri Oct 07 2011 17:36:00 GMT-0400 (Eastern Daylight Time)");

Deleted : user_pref("CT2786678.WeatherUnit", "F");

Deleted : user_pref("CT2786678.alertChannelId", "1178763");

Deleted : user_pref("CT2786678.backendstorage.cbcountry_001", "5553");

Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "5468752053657020323920323031312031393A31363A31362[...]

Deleted : user_pref("CT2786678.backendstorage.cbopenmamsettings", "30");

Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]

Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E676F6F676C652E636F6D2F75726[...]

Deleted : user_pref("CT2786678.backendstorage.url_history0001", "687474703A2F2F67656E6572616C2D6368616E67656C6[...]

Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333137393530313138393031");

Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Mon Oct 10 2011 20:39:49 GMT-0400 (Eastern [...]

Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2786678.initDone", true);

Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);

Deleted : user_pref("CT2786678.myStuffEnabled", true);

Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]

Deleted : user_pref("CT2786678.revertSettingsEnabled", false);

Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2786678.testingCtid", "");

Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern S[...]

Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Wed Apr 27 2011 18:17:11 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2786678.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT1060933");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"1-20877[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.2.1[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63453159798933[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"52a[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]

Deleted : user_pref("CommunityToolbar.EngineOwner", "");

Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");

Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");

Deleted : user_pref("CommunityToolbar.IsEngineShown", true);

Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://freecorder.com/gadget/video.html", "833x232")[...]

Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,CT1060933");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678,CT1060933");

Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 27 2011 18:17:10 GMT-04[...]

Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Dec 03 2011 14:36:20 GMT-0500 (Easte[...]

Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);

Deleted : user_pref("CommunityToolbar.alert.locale", "en");

Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Dec 03 2011 14:36:12 GMT-0500 (Eastern S[...]

Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.alert.userId", "6fb688c5-3ebb-4f62-b5f4-c4753dffedc3");

Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 09 2011 10:01:20 GMT-0400 (Eas[...]

Deleted : user_pref("CommunityToolbar.globalUserId", "1d9a9ef2-3b0a-49c6-866f-f82eb0a529bb");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");

Deleted : user_pref("CommunityToolbar.killedEngine", true);

Deleted : user_pref("CommunityToolbar.undefined", "");

Deleted : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea[...]

Deleted : user_pref("browser.search.selectedEngine", "Freecorder Customized Web Search");

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [32297 octets] - [08/01/2013 21:08:28]

AdwCleaner[s1].txt - [38361 octets] - [12/01/2013 08:25:59]

########## EOF - C:\AdwCleaner[s1].txt - [38422 octets] ##########

Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.