Announcement

Announcement Module
Collapse
No announcement yet.

Spyhunter 4 won't Uninstall / Live Security Platinum / Help!

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spyhunter 4 won't Uninstall / Live Security Platinum / Help!

    Very very very new. Um.

    Trying to get rid of the Live Security Platinum virus, and downloaded Spyhunter 4. I think I have the virus gone, but now spyhunter 4 won't go away. I ran TFC, and DDS - I have the logs from DDS saved, but now I have no idea what to do.

    To give you an idea, I am near to being a complete novice at this -- I just would like not to have to take my laptop somewhere and pay an arm and a leg to get it fixed.

  • #2
    Welcome

    Welcome to the forum :smile:
    Originally posted by xelhaspixiestix View Post
    ....I have the logs from DDS saved, but now I have no idea what to do.....
    From the thread Guidelines for requesting malware removal assistance
    Step 3 - DDS by sUBs

    Download DDS from |HERE| or |HERE| and save it to your desktop.

    Vista & 7 users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    * XP users Double click on dds to run it.
    * If your antivirus or firewall try to block DDS then please allow it to run.
    * When finished DDS will open two (2) logs.

    1) DDS.txt
    2) Attach.txt

    * Save both logs to your desktop.
    * Please copy and paste the entire contents of both logs in your next reply in 2 seperate posts.

    Note: DDS will instruct you to post the Attach.txt log as an attachment.
    Please just post it as you would any other log by copy and pasting it into the reply.
    Then wait for Malware Fighter Superdave to respond.

    All the best, woz of oz
    FORUM USAGE GUIDELINES - Read this first
    Description of IObit Forum features and requirements - Reading this is compulsory
    The thread also includes Handy Links

    NEW USER PUBLIC PROFILE POLICY effective on February 01, 2013 !
    It is compulsory to add your OS + Computer Details to your Profile

    Usage of IObit Products
    Information about using IObit software
    Also contains a wealth of diverse information on many different related subjects

    Comment


    • #3
      Hi xelhaspixiestix... welcome to the Iobit forums!

      All you have to do is Copy/Paste the log files here! The two DDS files are most important!:grin:

      Sincerely,
      -Mel
      Live long and prosper!


      Comment


      • #4
        Haha, thank you. Copying and pasting below.

        .
        DDS (Ver_2011-08-26.01) - NTFSAMD64
        Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
        Run by best buy at 1:18:41 on 2012-09-23
        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1568 [GMT -4:00]
        .
        SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        .
        ============== Running Processes ===============
        .
        C:\Windows\system32\wininit.exe
        C:\Windows\system32\lsm.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch
        C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
        C:\Windows\system32\svchost.exe -k RPCSS
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        C:\Windows\system32\svchost.exe -k netsvcs
        C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\svchost.exe -k LocalService
        C:\Windows\system32\svchost.exe -k NetworkService
        C:\Windows\system32\FBAgent.exe
        C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
        C:\Program Files\ATKGFNEX\GFNEXSrv.exe
        C:\Windows\System32\spoolsv.exe
        C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
        C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
        C:\Windows\System32\Drivers\WTSRV.EXE
        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        C:\Program Files\Windows Media Player\wmpnetwk.exe
        C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Windows\system32\taskhost.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\SysWOW64\WTClient.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\Explorer.EXE
        C:\Windows\system32\taskeng.exe
        C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
        C:\Program Files\P4G\BatteryLife.exe
        C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
        C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
        C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
        C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
        C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
        C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
        C:\Program Files\Elantech\ETDCtrl.exe
        C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
        C:\Windows\System32\igfxtray.exe
        C:\Windows\System32\hkcmd.exe
        C:\Windows\System32\igfxpers.exe
        C:\Program Files (x86)\BitLord\BitLord.exe
        C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
        C:\Users\best buy\AppData\Local\GetBooks\GetBooks.exe
        C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
        C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
        C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
        C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
        C:\Users\best buy\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
        C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
        C:\Users\best buy\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
        C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
        C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
        C:\Program Files (x86)\Digsby\lib\digsby-app.exe
        C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
        C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
        C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
        C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
        C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        C:\Program Files (x86)\iTunes\iTunesHelper.exe
        C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
        C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
        C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
        C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
        C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
        C:\Program Files (x86)\Browny02\BrYNSvc.exe
        C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
        C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        C:\Windows\System32\svchost.exe -k WerSvcGroup
        C:\Windows\SysWOW64\ACEngSvr.exe
        C:\Windows\system32\taskeng.exe
        C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
        C:\Windows\system32\conhost.exe
        C:\Windows\system32\SearchProtocolHost.exe
        C:\Windows\system32\SearchFilterHost.exe
        C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
        C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
        C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
        C:\Windows\AsScrPro.exe
        C:\Windows\system32\DllHost.exe
        C:\Windows\system32\DllHost.exe
        C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\conhost.exe
        C:\Windows\SysWOW64\cscript.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2830765
        uDefault_Page_URL = hxxp://asus.msn.com
        uInternet Settings,ProxyOverride = *.local
        uURLSearchHooks: H - No File
        mWinlogon: Userinit=userinit.exe,
        BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
        BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
        BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
        BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
        BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
        TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
        TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
        TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
        TB: {8C5878D0-6106-423B-AAA8-144C143DBF44} - No File
        uRun: [Google Update] "C:\Users\best buy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
        uRun: [BitComet] "C:\Program Files (x86)\BitLord\BitLord.exe"
        uRun: [Best Buy pc app] C:\Users\best buy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
        uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
        uRun: [GetBooks] "C:\Users\best buy\AppData\Local\GetBooks\GetBooks.exe" be99d4471e1b945b25d9b947573db534
        uRun: [WideSearch] C:\Users\best buy\AppData\Local\WideSearch\wsearch.exe
        mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
        mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
        mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
        mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
        mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
        mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
        mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
        mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        mRun: [WTClient] WTClient.exe
        mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
        mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
        mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
        mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
        mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
        mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
        mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
        mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
        mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
        mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
        mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
        StartupFolder: C:\Users\BESTBU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
        StartupFolder: C:\Users\BESTBU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
        StartupFolder: C:\Users\BESTBU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
        StartupFolder: C:\Users\BESTBU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
        StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
        StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
        mPolicies-explorer: NoActiveDesktop = 1 (0x1)
        mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
        mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
        mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
        mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
        IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
        IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
        IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
        IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
        IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
        IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
        LSP: mswsock.dll
        DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
        DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
        DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
        TCP: DhcpNameServer = 192.168.2.1
        TCP: Interfaces\{E47D5C36-6783-4B0F-A96D-EE63E3761114} : DhcpNameServer = 192.168.2.1
        TCP: Interfaces\{E47D5C36-6783-4B0F-A96D-EE63E3761114}\7523237364D4 : DhcpNameServer = 192.168.1.1
        TCP: Interfaces\{E47D5C36-6783-4B0F-A96D-EE63E3761114}\84F6C6964616970294E6E6 : DhcpNameServer = 205.171.3.65 4.2.2.2 8.8.8.8
        TCP: Interfaces\{E47D5C36-6783-4B0F-A96D-EE63E3761114}\9516E6B6565637 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
        TCP: Interfaces\{E47D5C36-6783-4B0F-A96D-EE63E3761114}\D4A43502433313 : DhcpNameServer = 10.0.1.1
        Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
        Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
        BHO-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
        BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        BHO-X64: AcroIEHelperStub - No File
        BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
        BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
        BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
        BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
        BHO-X64: SkypeIEPluginBHO - No File
        BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
        TB-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
        TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
        TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
        TB-X64: {8C5878D0-6106-423B-AAA8-144C143DBF44} - No File
        mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
        mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
        mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
        mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
        mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
        mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
        mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
        mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        mRun-x64: [WTClient] WTClient.exe
        mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
        mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
        mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
        mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
        mRun-x64: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
        mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
        mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
        mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
        mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
        mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
        mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
        .
        ================= FIREFOX ===================
        .
        FF - ProfilePath - C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\
        FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&SearchSource=3&q={searchTerms}
        FF - prefs.js: browser.search.selectedEngine - Google
        FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
        FF - prefs.js: network.proxy.type - 0
        FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
        FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
        FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
        FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
        FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
        FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
        FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
        FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
        FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
        FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
        FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
        FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
        FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
        FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
        FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
        FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
        FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
        FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
        FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
        FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
        FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
        FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
        FF - plugin: C:\Users\best buy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
        FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
        FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
        .
        ============= SERVICES / DRIVERS ===============
        .
        R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
        R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
        R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
        R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
        R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-4-5 14904]
        R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
        R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-8-21 1019328]
        R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-8-20 245760]
        R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
        R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
        R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
        R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\system32\DRIVERS\PTSimBus.sys --> C:\Windows\system32\DRIVERS\PTSimBus.sys [?]
        R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
        R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
        S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
        S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-15 136176]
        S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 250288]
        S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
        S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
        S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
        S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-15 136176]
        S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
        S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
        S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
        S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\system32\DRIVERS\PTSimHid.sys --> C:\Windows\system32\DRIVERS\PTSimHid.sys [?]
        S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
        S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
        S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
        S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
        S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
        .
        =============== Created Last 30 ================
        .
        2012-09-22 17:41:13 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
        2012-09-22 17:00:30 110080 ----a-r- C:\Users\best buy\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
        2012-09-22 17:00:30 110080 ----a-r- C:\Users\best buy\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
        2012-09-22 17:00:30 110080 ----a-r- C:\Users\best buy\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
        2012-09-22 17:00:28 -------- d-----w- C:\sh4ldr
        2012-09-22 17:00:28 -------- d-----w- C:\Program Files\Enigma Software Group
        2012-09-22 16:52:10 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
        2012-09-22 16:31:55 -------- d-----w- C:\ProgramData\0C1CFB131C4F23EEBFB5356EF875F002
        2012-09-22 04:40:56 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
        2012-09-22 04:29:31 -------- d-----w- C:\Users\best buy\AppData\Local\WideSearch
        2012-09-22 04:28:56 -------- d-----w- C:\Users\best buy\AppData\Local\GetBooks
        2012-09-19 16:45:03 -------- d-----r- C:\Users\best buy\AppData\Roaming\Brother
        2012-09-16 01:19:49 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
        2012-09-12 11:40:41 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
        2012-09-12 11:40:40 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
        2012-09-12 11:40:39 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
        2012-09-12 11:40:39 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
        2012-09-12 11:40:39 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
        2012-09-12 11:40:39 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
        2012-09-12 11:40:39 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
        .
        ==================== Find3M ====================
        .
        2012-09-22 04:05:47 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
        2012-09-22 04:05:46 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
        2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
        2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
        2012-07-06 18:33:55 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
        2012-07-06 18:33:55 839096 ----a-w- C:\Windows\System32\deployJava1.dll
        2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
        2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
        2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
        2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
        2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
        2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
        2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
        2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
        2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
        2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
        .
        ============= FINISH: 1:20:04.04 ===============

        Comment


        • #5
          .
          UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
          IF REQUESTED, ZIP IT UP & ATTACH IT
          .
          DDS (Ver_2011-08-26.01)
          .
          Microsoft Windows 7 Home Premium
          Boot Device: \Device\HarddiskVolume2
          Install Date: 9/7/2010 3:45:38 AM
          System Uptime: 9/23/2012 1:10:11 AM (0 hours ago)
          .
          Motherboard: ASUSTeK Computer Inc. | | K50IJ
          Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | Socket 478 | 2200/200mhz
          .
          ==== Disk Partitions =========================
          .
          C: is FIXED (NTFS) - 283 GiB total, 200.924 GiB free.
          E: is CDROM ()
          .
          ==== Disabled Device Manager Items =============
          .
          ==== System Restore Points ===================
          .
          RP160: 8/21/2012 3:00:13 AM - Windows Update
          RP161: 9/10/2012 4:11:54 PM - Scheduled Checkpoint
          RP162: 9/14/2012 1:33:14 PM - Windows Update
          RP163: 9/22/2012 12:57:07 PM - Installed SpyHunter
          RP164: 9/22/2012 1:47:40 PM - Removed SpyHunter
          RP165: 9/22/2012 1:49:10 PM - Removed SpyHunter
          RP166: 9/22/2012 1:50:29 PM - Removed SpyHunter
          RP167: 9/22/2012 11:28:59 PM - Removed SpyHunter
          RP168: 9/22/2012 11:34:08 PM - Removed SpyHunter
          RP169: 9/22/2012 11:38:40 PM - Removed SpyHunter
          RP170: 9/23/2012 12:05:04 AM - Removed SpyHunter
          .
          ==== Installed Programs ======================
          .
          Update for Microsoft Office 2007 (KB2508958)
          Acrobat.com
          Adobe AIR
          Adobe Anchor Service CS3
          Adobe Asset Services CS3
          Adobe Bridge CS3
          Adobe Bridge Start Meeting
          Adobe Camera Raw 4.0
          Adobe CMaps
          Adobe Color - Photoshop Specific
          Adobe Color Common Settings
          Adobe Color EU Extra Settings
          Adobe Color JA Extra Settings
          Adobe Color NA Recommended Settings
          Adobe Default Language CS3
          Adobe Device Central CS3
          Adobe ExtendScript Toolkit 2
          Adobe Flash Player 11 ActiveX
          Adobe Flash Player 11 Plugin
          Adobe Fonts All
          Adobe Help Viewer CS3
          Adobe Linguistics CS3
          Adobe PDF Library Files
          Adobe Photoshop CS3
          Adobe Reader 9.5.2 MUI
          Adobe Setup
          Adobe Shockwave Player 11.6
          Adobe Stock Photos CS3
          Adobe Type Support
          Adobe Update Manager CS3
          Adobe Version Cue CS3 Client
          Adobe WinSoft Linguistics Plugin
          Adobe XMP Panels CS3
          Alcor Micro USB Card Reader
          Apple Application Support
          Apple Software Update
          ASUS AI Recovery
          ASUS CopyProtect
          ASUS Data Security Manager
          ASUS FancyStart
          ASUS LifeFrame3
          ASUS Live Update
          ASUS MultiFrame
          ASUS SmartLogon
          ASUS Splendid Video Enhancement Technology
          ASUS Virtual Camera
          ASUS_Screensaver
          ATK Generic Function Service
          ATK Hotkey
          ATK Media
          ATKOSD2
          AVS Update Manager 1.0
          Best Buy pc app
          BitLord 2.0
          Brother MFL-Pro Suite MFC-J430W
          calibre
          Choice Guard
          Compatibility Pack for the 2007 Office system
          ControlDeck
          Digital Media Converter 3.1
          Digsby
          Google Chrome
          Google Earth Plug-in
          Google Update Helper
          Intel(R) Control Center
          Intel(R) Graphics Media Accelerator Driver
          Java Auto Updater
          Java(TM) 6 Update 20
          Java(TM) 6 Update 31
          Junk Mail filter update
          Malwarebytes Anti-Malware version 1.65.0.1400
          Microsoft Office 2007 Service Pack 3 (SP3)
          Microsoft Office Excel MUI (English) 2007
          Microsoft Office File Validation Add-In
          Microsoft Office Home and Student 2007
          Microsoft Office Live Add-in 1.5
          Microsoft Office OneNote MUI (English) 2007
          Microsoft Office PowerPoint MUI (English) 2007
          Microsoft Office PowerPoint Viewer 2007 (English)
          Microsoft Office Proof (English) 2007
          Microsoft Office Proof (French) 2007
          Microsoft Office Proof (Spanish) 2007
          Microsoft Office Proofing (English) 2007
          Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
          Microsoft Office Shared MUI (English) 2007
          Microsoft Office Shared Setup Metadata MUI (English) 2007
          Microsoft Office Word MUI (English) 2007
          Microsoft Reader
          Microsoft SQL Server 2005 Compact Edition [ENU]
          Microsoft Sync Framework Runtime Native v1.0 (x86)
          Microsoft Sync Framework Services Native v1.0 (x86)
          Microsoft Visual C++ 2005 Redistributable
          Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
          Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
          Microsoft Works
          Movavi Video Converter 11
          Mozilla Firefox 15.0.1 (x86 en-US)
          Mozilla Maintenance Service
          MP4 MP3 Converter v4.2 build 1425
          MSVCRT
          MSXML 4.0 SP3 Parser
          MSXML 4.0 SP3 Parser (KB2721691)
          MSXML 4.0 SP3 Parser (KB973685)
          Nuance PaperPort 12
          Nuance PDF Viewer Plus
          OpenOffice.org 3.3
          PdaNet for Android 3.02
          PDF Settings
          Platform
          QuickTime
          Roxio Burn
          Roxio Roxio Burn
          Roxio Update Manager
          Scansoft PDF Professional
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
          Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
          Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
          Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
          Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
          Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
          Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
          Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
          Skype Toolbars
          swMSM
          Trillian
          Update for 2007 Microsoft Office System (KB967642)
          Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
          Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
          Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
          Update for Microsoft Office 2007 Help for Common Features (KB963673)
          Update for Microsoft Office Excel 2007 Help (KB963678)
          Update for Microsoft Office OneNote 2007 Help (KB963670)
          Update for Microsoft Office Powerpoint 2007 Help (KB963669)
          Update for Microsoft Office Script Editor Help (KB963671)
          Update for Microsoft Office Word 2007 Help (KB963665)
          Veetle TV 0.9.17
          VIA Platform Device Manager
          vShare Plugin
          Windows Live Call
          Windows Live Communications Platform
          Windows Live Essentials
          Windows Live Mail
          Windows Live Messenger
          Windows Live Photo Gallery
          Windows Live Sign-in Assistant
          Windows Live Sync
          Windows Live Upload Tool
          Windows Live Writer
          WinFlash
          Wireless Console 3
          Xvid 1.2.1 final uninstall
          .
          ==== Event Viewer Messages From Past Week ========
          .
          9/23/2012 12:57:20 AM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).
          9/23/2012 1:15:50 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
          9/23/2012 1:15:50 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
          9/23/2012 1:10:44 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
          9/23/2012 1:10:43 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
          9/23/2012 1:10:43 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
          9/22/2012 12:37:16 PM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).
          .
          ==== End Of File ===========================

          Comment


          • #6
            IObit Malware Fighter Quick Scan said it found nothing, but I am running the full scan just to be on the safe side-- my usual malware bytes keeps turning up the same three problem files, and I just want to be a hundred hundred hundred percent sure.

            Comment


            • #7
              Hi xelhaspixiestix... thanks for the copy/paste!

              Your machine definitely needs Superdave's attention! I see multiple issues.:shock:

              Please be patiient xelhaspixiestix and wait for Dave. Your machine is seriously compromised. Please don't try to surf around and find software to try to fix it. Please pay attention to this and wait for Superdave to respond to your post and then follow his instructions exactly.

              Sincerely,
              -Mel
              Live long and prosper!


              Comment


              • #8
                Mel, IObit says I'm okay? I wish there was a beginner's thing for all of this.

                Comment


                • #9
                  Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

                  1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
                  2. The fixes are specific to your problem and should only be used for this issue on this machine.
                  3. If you don't know or understand something, please don't hesitate to ask.
                  4. Please DO NOT run any other tools or scans while I am helping you.
                  5. It is important that you reply to this thread. Do not start a new topic.
                  6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
                  7. Absence of symptoms does not mean that everything is clear.

                  If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
                  *************************************************************
                  Please download AdwCleaner by Xplode onto your Desktop.
                  • Double click on AdwCleaner.exe to run the tool.
                  • Click on Search.
                  • A logfile will automatically open after the scan has finished.
                  • Please post the content of that logfile in your reply.
                  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
                  *****************************************************
                  Download Security Check by screen317 from one of the following links and save it to your desktop.

                  Link 1
                  Link 2

                  * Double-click Security Check.bat
                  * Follow the on-screen instructions inside of the black box.
                  * A Notepad document should open automatically called checkup.txt
                  * Post the contents of that document in your next reply.

                  Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
                  *****************************************************
                  Re-run MBAM:

                  Code:
                  Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..

                  Comment


                  • #10
                    AdwCleaner Log:

                    # AdwCleaner v2.003 - Logfile created 09/23/2012 at 21:55:52
                    # Updated 23/09/2012 by Xplode
                    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
                    # User : best buy - BESTBUY-PC
                    # Boot Mode : Normal
                    # Running from : C:\Users\best buy\Downloads\adwcleaner.exe
                    # Option [Search]


                    ***** [Services] *****


                    ***** [Files / Folders] *****

                    File Found : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\searchplugins\Askcom.xml
                    File Found : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\searchplugins\Conduit.xml
                    Folder Found : C:\Program Files (x86)\Conduit
                    Folder Found : C:\Program Files (x86)\vShare
                    Folder Found : C:\Users\best buy\AppData\Local\Conduit
                    Folder Found : C:\Users\best buy\AppData\LocalLow\Conduit
                    Folder Found : C:\Users\best buy\AppData\LocalLow\vShare
                    Folder Found : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\ConduitCommon
                    Folder Found : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\CT2830765
                    Folder Found : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}
                    Folder Found : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\extensions\vshare@toolbar

                    ***** [Registry] *****

                    Key Found : HKCU\Software\AppDataLow\Software\Conduit
                    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
                    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
                    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
                    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
                    Key Found : HKCU\Software\vShare
                    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
                    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
                    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2830765
                    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
                    Key Found : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
                    Key Found : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
                    Key Found : HKLM\SOFTWARE\Classes\vShare.PugiObj
                    Key Found : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
                    Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
                    Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
                    Key Found : HKLM\Software\Conduit
                    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
                    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
                    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
                    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
                    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
                    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
                    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare
                    Key Found : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
                    Key Found : HKU\S-1-5-21-2692702394-3717547501-365279644-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                    Key Found : HKU\S-1-5-21-2692702394-3717547501-365279644-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
                    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
                    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
                    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

                    ***** [Internet Browsers] *****

                    -\\ Internet Explorer v8.0.7601.17514

                    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2830765

                    -\\ Mozilla Firefox v15.0.1 (en-US)

                    Profile name : default
                    File : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\prefs.js

                    Found : user_pref("CT2830765..clientLogIsEnabled", true);
                    Found : user_pref("CT2830765..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
                    Found : user_pref("CT2830765..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
                    Found : user_pref("CT2830765.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
                    Found : user_pref("CT2830765.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
                    Found : user_pref("CT2830765.AppTrackingLastCheckTime", "Tue Apr 03 2012 01:19:23 GMT-0400 (Eastern Daylight[...]
                    Found : user_pref("CT2830765.BrowserCompStateIsOpen_8321965553382844501", true);
                    Found : user_pref("CT2830765.CTID", "CT2830765");
                    Found : user_pref("CT2830765.CurrentServerDate", "6-4-2012");
                    Found : user_pref("CT2830765.DSChangedManually", true);
                    Found : user_pref("CT2830765.DSInstall", true);
                    Found : user_pref("CT2830765.DialogsAlignMode", "LTR");
                    Found : user_pref("CT2830765.DialogsGetterLastCheckTime", "Thu Mar 29 2012 13:21:07 GMT-0400 (Eastern Daylig[...]
                    Found : user_pref("CT2830765.DownloadReferralCookieData", "");
                    Found : user_pref("CT2830765.EnableClickToSearchBox", false);
                    Found : user_pref("CT2830765.EnableSearchHistory", false);
                    Found : user_pref("CT2830765.EnableSearchSuggest", false);
                    Found : user_pref("CT2830765.FirstServerDate", "8-3-2012");
                    Found : user_pref("CT2830765.FirstTime", true);
                    Found : user_pref("CT2830765.FirstTimeFF3", true);
                    Found : user_pref("CT2830765.FixPageNotFoundErrors", false);
                    Found : user_pref("CT2830765.GroupingServerCheckInterval", 1440);
                    Found : user_pref("CT2830765.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
                    Found : user_pref("CT2830765.HPInstall", true);
                    Found : user_pref("CT2830765.HasUserGlobalKeys", true);
                    Found : user_pref("CT2830765.HomePageProtectorEnabled", true);
                    Found : user_pref("CT2830765.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=[...]
                    Found : user_pref("CT2830765.Initialize", true);
                    Found : user_pref("CT2830765.InitializeCommonPrefs", true);
                    Found : user_pref("CT2830765.InstallationAndCookieDataSentCount", 3);
                    Found : user_pref("CT2830765.InstallationId", "ConduitNSISIntegration");
                    Found : user_pref("CT2830765.InstallationType", "ConduitXPEIntegration");
                    Found : user_pref("CT2830765.InstalledDate", "Thu Mar 08 2012 02:43:23 GMT-0500 (Eastern Standard Time)");
                    Found : user_pref("CT2830765.IsAlertDBUpdated", true);
                    Found : user_pref("CT2830765.IsGrouping", false);
                    Found : user_pref("CT2830765.IsInitSetupIni", true);
                    Found : user_pref("CT2830765.IsMulticommunity", false);
                    Found : user_pref("CT2830765.IsOpenThankYouPage", false);
                    Found : user_pref("CT2830765.IsOpenUninstallPage", true);
                    Found : user_pref("CT2830765.IsProtectorsInit", true);
                    Found : user_pref("CT2830765.LanguagePackLastCheckTime", "Wed Apr 04 2012 22:06:51 GMT-0400 (Eastern Dayligh[...]
                    Found : user_pref("CT2830765.LanguagePackReloadIntervalMM", 1440);
                    Found : user_pref("CT2830765.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
                    Found : user_pref("CT2830765.LastLogin_3.10.0.1", "Thu Apr 05 2012 18:06:46 GMT-0400 (Eastern Daylight Time)[...]
                    Found : user_pref("CT2830765.LatestVersion", "3.10.0.1");
                    Found : user_pref("CT2830765.Locale", "en-us");
                    Found : user_pref("CT2830765.MCDetectTooltipHeight", "83");
                    Found : user_pref("CT2830765.MCDetectTooltipShow", false);
                    Found : user_pref("CT2830765.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
                    Found : user_pref("CT2830765.MCDetectTooltipWidth", "295");
                    Found : user_pref("CT2830765.MyStuffEnabledAtInstallation", true);
                    Found : user_pref("CT2830765.OriginalFirstVersion", "3.10.0.1");
                    Found : user_pref("CT2830765.SavedHomepage", "hxxp://www.google.com/");
                    Found : user_pref("CT2830765.SearchBackToDefaultEngine", false);
                    Found : user_pref("CT2830765.SearchCaption", "Bitlord 1.2 Customized Web Search");
                    Found : user_pref("CT2830765.SearchEngineBeforeUnload", "Bitlord 1.2 Customized Web Search");
                    Found : user_pref("CT2830765.SearchFromAddressBarIsInit", true);
                    Found : user_pref("CT2830765.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT283[...]
                    Found : user_pref("CT2830765.SearchInNewTabEnabled", true);
                    Found : user_pref("CT2830765.SearchInNewTabIntervalMM", 1440);
                    Found : user_pref("CT2830765.SearchInNewTabLastCheckTime", "Wed Apr 04 2012 22:06:45 GMT-0400 (Eastern Dayli[...]
                    Found : user_pref("CT2830765.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
                    Found : user_pref("CT2830765.SearchInNewTabUserEnabled", false);
                    Found : user_pref("CT2830765.SearchProtectorEnabled", false);
                    Found : user_pref("CT2830765.SearchProtectorToolbarDisabled", false);
                    Found : user_pref("CT2830765.SendProtectorDataViaLogin", true);
                    Found : user_pref("CT2830765.ServiceMapLastCheckTime", "Tue Apr 03 2012 01:19:22 GMT-0400 (Eastern Daylight [...]
                    Found : user_pref("CT2830765.SettingsLastCheckTime", "Thu Apr 05 2012 13:11:18 GMT-0400 (Eastern Daylight Ti[...]
                    Found : user_pref("CT2830765.SettingsLastUpdate", "1332164605");
                    Found : user_pref("CT2830765.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=13");
                    Found : user_pref("CT2830765.ThirdPartyComponentsInterval", 504);
                    Found : user_pref("CT2830765.ThirdPartyComponentsLastCheck", "Thu Mar 29 2012 13:20:51 GMT-0400 (Eastern Day[...]
                    Found : user_pref("CT2830765.ThirdPartyComponentsLastUpdate", "1312887586");
                    Found : user_pref("CT2830765.ToolbarShrinkedFromSetup", false);
                    Found : user_pref("CT2830765.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2830765");
                    Found : user_pref("CT2830765.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
                    Found : user_pref("CT2830765.UserID", "UN26384125765688526");
                    Found : user_pref("CT2830765.ValidationData_Toolbar", 0);
                    Found : user_pref("CT2830765.alertChannelId", "1222832");
                    Found : user_pref("CT2830765.approveUntrustedApps", false);
                    Found : user_pref("CT2830765.autoDisableScopes", -1);
                    Found : user_pref("CT2830765.components.129360156979906390", false);
                    Found : user_pref("CT2830765.components.129360157920531315", false);
                    Found : user_pref("CT2830765.components.129373346914725908", false);
                    Found : user_pref("CT2830765.components.129382176415350348", false);
                    Found : user_pref("CT2830765.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
                    Found : user_pref("CT2830765.globalFirstTimeInfoLastCheckTime", "Thu Mar 29 2012 13:21:06 GMT-0400 (Eastern [...]
                    Found : user_pref("CT2830765.homepageProtectorEnableByLogin", true);
                    Found : user_pref("CT2830765.initDone", true);
                    Found : user_pref("CT2830765.isAppTrackingManagerOn", true);
                    Found : user_pref("CT2830765.isSearchProtectorNotifyChanges", false);
                    Found : user_pref("CT2830765.myStuffEnabled", true);
                    Found : user_pref("CT2830765.myStuffPublihserMinWidth", 400);
                    Found : user_pref("CT2830765.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
                    Found : user_pref("CT2830765.myStuffServiceIntervalMM", 1440);
                    Found : user_pref("CT2830765.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
                    Found : user_pref("CT2830765.navigateToUrlOnSearch", false);
                    Found : user_pref("CT2830765.oldAppsList", "129331842495825790,129331842496294546,111,129360156979906390,129[...]
                    Found : user_pref("CT2830765.revertSettingsEnabled", false);
                    Found : user_pref("CT2830765.searchProtectorDialogDelayInSec", 10);
                    Found : user_pref("CT2830765.searchProtectorEnableByLogin", true);
                    Found : user_pref("CT2830765.testingCtid", "");
                    Found : user_pref("CT2830765.toolbarAppMetaDataLastCheckTime", "Thu Apr 05 2012 16:15:39 GMT-0400 (Eastern D[...]
                    Found : user_pref("CT2830765.toolbarContextMenuLastCheckTime", "Thu Mar 29 2012 13:21:08 GMT-0400 (Eastern D[...]
                    Found : user_pref("CT2830765.usageEnabled", false);
                    Found : user_pref("CT2830765.usagesFlag", 2);
                    Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2830765&Search[...]
                    Found : user_pref("CommunityToolbar.ConduitSearchList", "Bitlord 1.2 Customized Web Search");
                    Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2830765/CT2830765[...]
                    Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1222832/1218505/US", "\"0\"[...]
                    Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2830765", [...]
                    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
                    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
                    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
                    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
                    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
                    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
                    Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2830765",[...]
                    Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
                    Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\best buy\\AppData\\Roaming\\Mozilla[...]
                    Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
                    Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
                    Found : user_pref("CommunityToolbar.ToolbarsList", "CT2830765");
                    Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2830765");
                    Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2830765");
                    Found : user_pref("CommunityToolbar.globalUserId", "3fd88372-6096-4a2c-a0e4-506a53d1d834");
                    Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
                    Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
                    Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Mar 29 2012 13:21:0[...]
                    Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
                    Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Apr 03 2012 21:17:44 GMT-040[...]
                    Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
                    Found : user_pref("CommunityToolbar.notifications.locale", "en");
                    Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
                    Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Apr 05 2012 16:15:32 GMT-0400 (E[...]
                    Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
                    Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
                    Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
                    Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
                    Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
                    Found : user_pref("CommunityToolbar.notifications.userId", "2a4933c2-4f9a-4add-8da4-b3812b20cfa6");
                    Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
                    Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");
                    Found : user_pref("browser.search.defaultengine", "Ask.com");
                    Found : user_pref("browser.search.defaultenginename", "Ask.com");
                    Found : user_pref("browser.search.defaultthis.engineName", "Bitlord 1.2 Customized Web Search");
                    Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&Sea[...]
                    Found : user_pref("browser.search.order.1", "Ask.com");
                    Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
                    Found : user_pref("extensions.vshare@toolbar.install-event-fired", true);
                    Found : user_pref("vshare.install.date", "1287100800000");
                    Found : user_pref("vshare.install.finished", "1.0.0");
                    Found : user_pref("vshare.install.guid", "{238c7d42-0e66-4298-aa0a-f2d06150015f}");
                    Found : user_pref("vshare.install.isDisabled", true);
                    Found : user_pref("vshare.install.isHidden", true);
                    Found : user_pref("vshare.install.laststatreq", "1287360000000");
                    Found : user_pref("vshare.install.newtab", false);

                    -\\ Google Chrome v21.0.1180.89

                    File : C:\Users\best buy\AppData\Local\Google\Chrome\User Data\Default\Preferences

                    Found [l.12] : homepage = "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48",
                    Found [l.16] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48" ]
                    Found [l.58] : icon_url = "hxxp://search.conduit.com/fav.ico",
                    Found [l.61] : keyword = "search.conduit.com",
                    Found [l.64] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2830765",
                    Found [l.65] : suggest_url = "hxxp://search.conduit.com/"
                    Found [l.1178] : homepage = "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48",
                    Found [l.1603] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48" ]

                    *************************

                    AdwCleaner[R1].txt - [18437 octets] - [23/09/2012 21:55:52]

                    ########## EOF - C:\AdwCleaner[R1].txt - [18498 octets] ##########

                    Comment


                    • #11
                      Remove the Adware:
                      • Please close all open programs and internet browsers.
                      • Double click on adwcleaner.exe to run the tool.
                      • Click on Delete.
                      • Confirm each time with OK
                      • Your computer will be rebooted automatically. A text file will open after the restart.
                      • Please post the content of that logfile in your reply.
                      • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

                      Comment


                      • #12
                        Security Check Log:

                        Results of screen317's Security Check version 0.99.51
                        Windows 7 Service Pack 1 x64 (UAC is enabled)
                        Internet Explorer 8 Out of date!
                        ``````````````Antivirus/Firewall Check:``````````````
                        Windows Security Center service is not running! This report may not be accurate!
                        WMI entry may not exist for antivirus; attempting automatic update.
                        `````````Anti-malware/Other Utilities Check:`````````
                        Malwarebytes Anti-Malware version 1.65.0.1400
                        Java(TM) 6 Update 20
                        Java(TM) 6 Update 31
                        Java version out of Date!
                        Adobe Flash Player 11.4.402.265
                        Adobe Reader 9 Adobe Reader out of Date!
                        Mozilla Firefox (15.0.1)
                        Google Chrome 21.0.1180.83
                        Google Chrome 21.0.1180.89
                        ````````Process Check: objlist.exe by Laurent````````
                        IObit IObit Malware Fighter IMFsrv.exe
                        IObit IObit Malware Fighter IMF.exe
                        `````````````````System Health check`````````````````
                        Total Fragmentation on Drive C: 5%
                        ````````````````````End of Log``````````````````````

                        Comment


                        • #13
                          MBAM Log:

                          Malwarebytes Anti-Malware 1.65.0.1400
                          www.malwarebytes.org

                          Database version: v2012.09.24.01

                          Windows 7 Service Pack 1 x64 NTFS
                          Internet Explorer 8.0.7601.17514
                          best buy :: BESTBUY-PC [administrator]

                          9/23/2012 10:01:03 PM
                          mbam-log-2012-09-23 (22-01-03).txt

                          Scan type: Quick scan
                          Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
                          Scan options disabled: P2P
                          Objects scanned: 221260
                          Time elapsed: 4 minute(s), 5 second(s)

                          Memory Processes Detected: 0
                          (No malicious items detected)

                          Memory Modules Detected: 0
                          (No malicious items detected)

                          Registry Keys Detected: 0
                          (No malicious items detected)

                          Registry Values Detected: 0
                          (No malicious items detected)

                          Registry Data Items Detected: 0
                          (No malicious items detected)

                          Folders Detected: 0
                          (No malicious items detected)

                          Files Detected: 3
                          C:\Windows\Installer\{59c4009a-bb79-5557-0cb6-c69f36201538}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
                          C:\Windows\Installer\{59c4009a-bb79-5557-0cb6-c69f36201538}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
                          C:\Windows\Installer\{59c4009a-bb79-5557-0cb6-c69f36201538}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.

                          (end)


                          And restarting, since MBAM demands it

                          Comment


                          • #14
                            Remove the Adware log:

                            # AdwCleaner v2.003 - Logfile created 09/23/2012 at 22:22:52
                            # Updated 23/09/2012 by Xplode
                            # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
                            # User : best buy - BESTBUY-PC
                            # Boot Mode : Normal
                            # Running from : C:\Users\best buy\Downloads\adwcleaner.exe
                            # Option [Delete]


                            ***** [Services] *****


                            ***** [Files / Folders] *****

                            File Deleted : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\searchplugins\Askcom.xml
                            File Deleted : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\searchplugins\Conduit.xml
                            Folder Deleted : C:\Program Files (x86)\Conduit
                            Folder Deleted : C:\Program Files (x86)\vShare
                            Folder Deleted : C:\Users\best buy\AppData\Local\Conduit
                            Folder Deleted : C:\Users\best buy\AppData\LocalLow\Conduit
                            Folder Deleted : C:\Users\best buy\AppData\LocalLow\vShare
                            Folder Deleted : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\ConduitCommon
                            Folder Deleted : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\CT2830765
                            Folder Deleted : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}
                            Folder Deleted : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\extensions\vshare@toolbar

                            ***** [Registry] *****

                            Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
                            Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
                            Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                            Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
                            Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                            Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
                            Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
                            Key Deleted : HKCU\Software\vShare
                            Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                            Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
                            Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
                            Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2830765
                            Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
                            Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
                            Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
                            Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj
                            Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
                            Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
                            Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
                            Key Deleted : HKLM\Software\Conduit
                            Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
                            Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                            Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
                            Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
                            Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
                            Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                            Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
                            Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
                            Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
                            Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare
                            Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
                            Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
                            Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
                            Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

                            ***** [Internet Browsers] *****

                            -\\ Internet Explorer v8.0.7601.17514

                            Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
                            Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
                            Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
                            Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
                            Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
                            Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
                            Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2830765 --> hxxp://www.google.com

                            -\\ Mozilla Firefox v15.0.1 (en-US)

                            Profile name : default
                            File : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\prefs.js

                            Deleted : user_pref("CT2830765..clientLogIsEnabled", true);
                            Deleted : user_pref("CT2830765..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
                            Deleted : user_pref("CT2830765..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
                            Deleted : user_pref("CT2830765.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
                            Deleted : user_pref("CT2830765.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
                            Deleted : user_pref("CT2830765.AppTrackingLastCheckTime", "Tue Apr 03 2012 01:19:23 GMT-0400 (Eastern Daylight[...]
                            Deleted : user_pref("CT2830765.BrowserCompStateIsOpen_8321965553382844501", true);
                            Deleted : user_pref("CT2830765.CTID", "CT2830765");
                            Deleted : user_pref("CT2830765.CurrentServerDate", "6-4-2012");
                            Deleted : user_pref("CT2830765.DSChangedManually", true);
                            Deleted : user_pref("CT2830765.DSInstall", true);
                            Deleted : user_pref("CT2830765.DialogsAlignMode", "LTR");
                            Deleted : user_pref("CT2830765.DialogsGetterLastCheckTime", "Thu Mar 29 2012 13:21:07 GMT-0400 (Eastern Daylig[...]
                            Deleted : user_pref("CT2830765.DownloadReferralCookieData", "");
                            Deleted : user_pref("CT2830765.EnableClickToSearchBox", false);
                            Deleted : user_pref("CT2830765.EnableSearchHistory", false);
                            Deleted : user_pref("CT2830765.EnableSearchSuggest", false);
                            Deleted : user_pref("CT2830765.FirstServerDate", "8-3-2012");
                            Deleted : user_pref("CT2830765.FirstTime", true);
                            Deleted : user_pref("CT2830765.FirstTimeFF3", true);
                            Deleted : user_pref("CT2830765.FixPageNotFoundErrors", false);
                            Deleted : user_pref("CT2830765.GroupingServerCheckInterval", 1440);
                            Deleted : user_pref("CT2830765.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
                            Deleted : user_pref("CT2830765.HPInstall", true);
                            Deleted : user_pref("CT2830765.HasUserGlobalKeys", true);
                            Deleted : user_pref("CT2830765.HomePageProtectorEnabled", true);
                            Deleted : user_pref("CT2830765.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=[...]
                            Deleted : user_pref("CT2830765.Initialize", true);
                            Deleted : user_pref("CT2830765.InitializeCommonPrefs", true);
                            Deleted : user_pref("CT2830765.InstallationAndCookieDataSentCount", 3);
                            Deleted : user_pref("CT2830765.InstallationId", "ConduitNSISIntegration");
                            Deleted : user_pref("CT2830765.InstallationType", "ConduitXPEIntegration");
                            Deleted : user_pref("CT2830765.InstalledDate", "Thu Mar 08 2012 02:43:23 GMT-0500 (Eastern Standard Time)");
                            Deleted : user_pref("CT2830765.IsAlertDBUpdated", true);
                            Deleted : user_pref("CT2830765.IsGrouping", false);
                            Deleted : user_pref("CT2830765.IsInitSetupIni", true);
                            Deleted : user_pref("CT2830765.IsMulticommunity", false);
                            Deleted : user_pref("CT2830765.IsOpenThankYouPage", false);
                            Deleted : user_pref("CT2830765.IsOpenUninstallPage", true);
                            Deleted : user_pref("CT2830765.IsProtectorsInit", true);
                            Deleted : user_pref("CT2830765.LanguagePackLastCheckTime", "Wed Apr 04 2012 22:06:51 GMT-0400 (Eastern Dayligh[...]
                            Deleted : user_pref("CT2830765.LanguagePackReloadIntervalMM", 1440);
                            Deleted : user_pref("CT2830765.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
                            Deleted : user_pref("CT2830765.LastLogin_3.10.0.1", "Thu Apr 05 2012 18:06:46 GMT-0400 (Eastern Daylight Time)[...]
                            Deleted : user_pref("CT2830765.LatestVersion", "3.10.0.1");
                            Deleted : user_pref("CT2830765.Locale", "en-us");
                            Deleted : user_pref("CT2830765.MCDetectTooltipHeight", "83");
                            Deleted : user_pref("CT2830765.MCDetectTooltipShow", false);
                            Deleted : user_pref("CT2830765.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
                            Deleted : user_pref("CT2830765.MCDetectTooltipWidth", "295");
                            Deleted : user_pref("CT2830765.MyStuffEnabledAtInstallation", true);
                            Deleted : user_pref("CT2830765.OriginalFirstVersion", "3.10.0.1");
                            Deleted : user_pref("CT2830765.SavedHomepage", "hxxp://www.google.com/");
                            Deleted : user_pref("CT2830765.SearchBackToDefaultEngine", false);
                            Deleted : user_pref("CT2830765.SearchCaption", "Bitlord 1.2 Customized Web Search");
                            Deleted : user_pref("CT2830765.SearchEngineBeforeUnload", "Bitlord 1.2 Customized Web Search");
                            Deleted : user_pref("CT2830765.SearchFromAddressBarIsInit", true);
                            Deleted : user_pref("CT2830765.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT283[...]
                            Deleted : user_pref("CT2830765.SearchInNewTabEnabled", true);
                            Deleted : user_pref("CT2830765.SearchInNewTabIntervalMM", 1440);
                            Deleted : user_pref("CT2830765.SearchInNewTabLastCheckTime", "Wed Apr 04 2012 22:06:45 GMT-0400 (Eastern Dayli[...]
                            Deleted : user_pref("CT2830765.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
                            Deleted : user_pref("CT2830765.SearchInNewTabUserEnabled", false);
                            Deleted : user_pref("CT2830765.SearchProtectorEnabled", false);
                            Deleted : user_pref("CT2830765.SearchProtectorToolbarDisabled", false);
                            Deleted : user_pref("CT2830765.SendProtectorDataViaLogin", true);
                            Deleted : user_pref("CT2830765.ServiceMapLastCheckTime", "Tue Apr 03 2012 01:19:22 GMT-0400 (Eastern Daylight [...]
                            Deleted : user_pref("CT2830765.SettingsLastCheckTime", "Thu Apr 05 2012 13:11:18 GMT-0400 (Eastern Daylight Ti[...]
                            Deleted : user_pref("CT2830765.SettingsLastUpdate", "1332164605");
                            Deleted : user_pref("CT2830765.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=13");
                            Deleted : user_pref("CT2830765.ThirdPartyComponentsInterval", 504);
                            Deleted : user_pref("CT2830765.ThirdPartyComponentsLastCheck", "Thu Mar 29 2012 13:20:51 GMT-0400 (Eastern Day[...]
                            Deleted : user_pref("CT2830765.ThirdPartyComponentsLastUpdate", "1312887586");
                            Deleted : user_pref("CT2830765.ToolbarShrinkedFromSetup", false);
                            Deleted : user_pref("CT2830765.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2830765");
                            Deleted : user_pref("CT2830765.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
                            Deleted : user_pref("CT2830765.UserID", "UN26384125765688526");
                            Deleted : user_pref("CT2830765.ValidationData_Toolbar", 0);
                            Deleted : user_pref("CT2830765.alertChannelId", "1222832");
                            Deleted : user_pref("CT2830765.approveUntrustedApps", false);
                            Deleted : user_pref("CT2830765.autoDisableScopes", -1);
                            Deleted : user_pref("CT2830765.components.129360156979906390", false);
                            Deleted : user_pref("CT2830765.components.129360157920531315", false);
                            Deleted : user_pref("CT2830765.components.129373346914725908", false);
                            Deleted : user_pref("CT2830765.components.129382176415350348", false);
                            Deleted : user_pref("CT2830765.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
                            Deleted : user_pref("CT2830765.globalFirstTimeInfoLastCheckTime", "Thu Mar 29 2012 13:21:06 GMT-0400 (Eastern [...]
                            Deleted : user_pref("CT2830765.homepageProtectorEnableByLogin", true);
                            Deleted : user_pref("CT2830765.initDone", true);
                            Deleted : user_pref("CT2830765.isAppTrackingManagerOn", true);
                            Deleted : user_pref("CT2830765.isSearchProtectorNotifyChanges", false);
                            Deleted : user_pref("CT2830765.myStuffEnabled", true);
                            Deleted : user_pref("CT2830765.myStuffPublihserMinWidth", 400);
                            Deleted : user_pref("CT2830765.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
                            Deleted : user_pref("CT2830765.myStuffServiceIntervalMM", 1440);
                            Deleted : user_pref("CT2830765.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
                            Deleted : user_pref("CT2830765.navigateToUrlOnSearch", false);
                            Deleted : user_pref("CT2830765.oldAppsList", "129331842495825790,129331842496294546,111,129360156979906390,129[...]
                            Deleted : user_pref("CT2830765.revertSettingsEnabled", false);
                            Deleted : user_pref("CT2830765.searchProtectorDialogDelayInSec", 10);
                            Deleted : user_pref("CT2830765.searchProtectorEnableByLogin", true);
                            Deleted : user_pref("CT2830765.testingCtid", "");
                            Deleted : user_pref("CT2830765.toolbarAppMetaDataLastCheckTime", "Thu Apr 05 2012 16:15:39 GMT-0400 (Eastern D[...]
                            Deleted : user_pref("CT2830765.toolbarContextMenuLastCheckTime", "Thu Mar 29 2012 13:21:08 GMT-0400 (Eastern D[...]
                            Deleted : user_pref("CT2830765.usageEnabled", false);
                            Deleted : user_pref("CT2830765.usagesFlag", 2);
                            Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2830765&Search[...]
                            Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Bitlord 1.2 Customized Web Search");
                            Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2830765/CT2830765[...]
                            Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1222832/1218505/US", "\"0\"[...]
                            Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2830765", [...]
                            Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
                            Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
                            Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
                            Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
                            Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
                            Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
                            Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2830765",[...]
                            Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
                            Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\best buy\\AppData\\Roaming\\Mozilla[...]
                            Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
                            Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
                            Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2830765");
                            Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2830765");
                            Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2830765");
                            Deleted : user_pref("CommunityToolbar.globalUserId", "3fd88372-6096-4a2c-a0e4-506a53d1d834");
                            Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
                            Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
                            Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Mar 29 2012 13:21:0[...]
                            Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
                            Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Apr 03 2012 21:17:44 GMT-040[...]
                            Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
                            Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
                            Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
                            Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Apr 05 2012 16:15:32 GMT-0400 (E[...]
                            Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
                            Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
                            Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
                            Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
                            Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
                            Deleted : user_pref("CommunityToolbar.notifications.userId", "2a4933c2-4f9a-4add-8da4-b3812b20cfa6");
                            Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
                            Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
                            Deleted : user_pref("browser.search.defaultengine", "Ask.com");
                            Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
                            Deleted : user_pref("browser.search.defaultthis.engineName", "Bitlord 1.2 Customized Web Search");
                            Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&Sea[...]
                            Deleted : user_pref("browser.search.order.1", "Ask.com");
                            Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
                            Deleted : user_pref("extensions.vshare@toolbar.install-event-fired", true);
                            Deleted : user_pref("vshare.install.date", "1287100800000");
                            Deleted : user_pref("vshare.install.finished", "1.0.0");
                            Deleted : user_pref("vshare.install.guid", "{238c7d42-0e66-4298-aa0a-f2d06150015f}");
                            Deleted : user_pref("vshare.install.isDisabled", true);
                            Deleted : user_pref("vshare.install.isHidden", true);
                            Deleted : user_pref("vshare.install.laststatreq", "1287360000000");
                            Deleted : user_pref("vshare.install.newtab", false);

                            -\\ Google Chrome v21.0.1180.89

                            File : C:\Users\best buy\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Deleted [l.12] : homepage = "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48",
                            Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48" ]
                            Deleted [l.58] : icon_url = "hxxp://search.conduit.com/fav.ico",
                            Deleted [l.61] : keyword = "search.conduit.com",
                            Deleted [l.64] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2830765",
                            Deleted [l.65] : suggest_url = "hxxp://search.conduit.com/"
                            Deleted [l.1178] : homepage = "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48",
                            Deleted [l.1603] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48" ]

                            *************************

                            AdwCleaner[R1].txt - [18562 octets] - [23/09/2012 21:55:52]
                            AdwCleaner[R2].txt - [18623 octets] - [23/09/2012 22:22:27]
                            AdwCleaner[S1].txt - [19266 octets] - [23/09/2012 22:22:52]

                            ########## EOF - C:\AdwCleaner[S1].txt - [19327 octets] ##########

                            Comment


                            • #15
                              Update Your Java (JRE)

                              Old versions of Java have vulnerabilities that malware can use to infect your system.


                              First Verify your Java Version

                              If there are any other version(s) installed then update now.

                              Get the new version (if needed)

                              If your version is out of date install the newest version of the Sun Java Runtime Environment.

                              Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

                              Be sure to close ALL open web browsers before starting the installation.

                              Remove any old versions

                              1. Download JavaRa and unzip the file to your Desktop.
                              2. Open JavaRA.exe and choose Remove Older Versions
                              3. Once complete exit JavaRA.

                              Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
                              **************************************************
                              I'm required to give you this warning.

                              It appears your system is infected with a rootkit. A rootkit is a powerful piece of malware, that allows hackers full control over your computer for means of sending attacks over the Internet, or using your computer to generate revenue.

                              Malware experts have recommended that we make it clear that with the system under control of a hacker, your computer might become impossible to clean 100%.

                              Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is sent back to the hacker. To learn more about these types of infections, you can refer to:

                              What danger is presented by rootkits?
                              Rootkits and how to combat them
                              r00tkit Analysis: What Is A Rootkit

                              If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:
                              How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
                              What Should I Do If I've Become A Victim Of Identity Theft?
                              Identity Theft Victims Guide - What to do
                              It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot
                              be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
                              When should I re-format? How should I reinstall?
                              Help: I Got Hacked. Now What Do I Do?
                              Help: I Got Hacked. Now What Do I Do? Part II
                              Where to draw the line? When to recommend a format and reinstall?

                              Guides for format and reinstall:

                              how-to-reformat-and-reinstall-your-operating-system-the-easy-way

                              However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
                              If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

                              Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

                              Comment

                              Working...
                              X