Author Topic: Can't Download Malwarebyes (Read 8062 times)

rstoddard · « **on:** October 31, 2012, 09:48:09 PM »

I suspect that I have a virus. I am going through the preliminary steps. When I try to download Malwarebytes, I get the message "setup files are corrupted." I've tried a Google search for another source, but I keep being directed to the same website. Is there another source for Malwarebytes?

Symptoms: computer is extremely slow. Web sites take a long time to load.

Allan · « **Reply #1 on:** November 01, 2012, 05:09:55 AM »

Well, since we don't know from where you are trying to download it, it's hard to offer alternatives. The best place is: http://www.malwarebytes.org/

You can always download it on a different system and then copy it using a thumb drive.

SuperDave · « **Reply #2 on:** November 01, 2012, 03:53:50 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

**************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

rstoddard · « **Reply #3 on:** November 01, 2012, 06:34:54 PM »

Thank you for replying to my post.

Here's the AdWare Cleaner log:
# AdwCleaner v2.006 - Logfile created 10/31/2012 at 23:30:25
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Bob - BOB-HP
# Boot Mode : Normal
# Running from : C:\Users\Bob\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\searchplugins\Askcom.xml
File Found : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Coupons.com
Folder Found : C:\Users\Bob\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Bob\AppData\LocalLow\Conduit
Folder Found : C:\Users\Bob\AppData\LocalLow\Coupons.com
Folder Found : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\Conduit
Folder Found : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\ConduitCommon
Folder Found : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\CT2559647
Folder Found : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
Folder Found : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Folder Found : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\[email protected]
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Coupons.com
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37153479-1976-43C3-A1EE-557513977B64}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37153479-1976-43C3-A1EE-557513977B64}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58AA7FF7-2A9E-437E-BAB9-136941E21617}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Coupons.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{58AA7FF7-2A9E-437E-BAB9-136941E21617}
Key Found : HKLM\Software\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{58AA7FF7-2A9E-437E-BAB9-136941E21617}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CD98AFC-9B5B-463F-AB19-D806D2216FD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37153479-1976-43C3-A1EE-557513977B64}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupons.com Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKU\S-1-5-21-2658382727-3313834317-4073255936-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-2658382727-3313834317-4073255936-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37153479-1976-43C3-A1EE-557513977B64}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37153479-1976-43C3-A1EE-557513977B64}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\prefs.js

Found : user_pref("CT2559647..clientLogIsEnabled", false);
Found : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2559647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2559647.AppTrackingLastCheckTime", "Fri Aug 10 2012 19:28:42 GMT-0400 (Eastern Daylight[...]
Found : user_pref("CT2559647.CTID", "CT2559647");
Found : user_pref("CT2559647.CurrentServerDate", "14-9-2012");
Found : user_pref("CT2559647.DialogsAlignMode", "LTR");
Found : user_pref("CT2559647.DialogsGetterLastCheckTime", "Wed Sep 12 2012 22:17:55 GMT-0400 (Eastern Daylig[...]
Found : user_pref("CT2559647.DownloadReferralCookieData", "");
Found : user_pref("CT2559647.ExternalComponentPollDate1294 04749084494749", "Tue Jul 12 2011 22:37:49 GMT-040[...]
Found : user_pref("CT2559647.ExternalComponentPollDate1294 04791544181654", "Tue Mar 06 2012 20:04:08 GMT-050[...]
Found : user_pref("CT2559647.ExternalComponentPollDate1294 13165572169584", "Tue Mar 06 2012 20:04:08 GMT-050[...]
Found : user_pref("CT2559647.FirstServerDate", "14-6-2011");
Found : user_pref("CT2559647.FirstTime", true);
Found : user_pref("CT2559647.FirstTimeFF3", true);
Found : user_pref("CT2559647.FixPageNotFoundErrors", true);
Found : user_pref("CT2559647.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2559647.HPProtectChoice", true);
Found : user_pref("CT2559647.HPProtectCount", 1);
Found : user_pref("CT2559647.HasUserGlobalKeys", true);
Found : user_pref("CT2559647.HomePageProtectorEnabled", false);
Found : user_pref("CT2559647.HomepageBeforeUnload", "hxxp://xfinity.comcast.net/");
Found : user_pref("CT2559647.Initialize", true);
Found : user_pref("CT2559647.InitializeCommonPrefs", true);
Found : user_pref("CT2559647.InstallationAndCookieDataSent Count", 3);
Found : user_pref("CT2559647.InstallationType", "UnknownIntegration");
Found : user_pref("CT2559647.InstalledDate", "Mon Jun 13 2011 19:20:06 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT2559647.IsAlertDBUpdated", true);
Found : user_pref("CT2559647.IsGrouping", false);
Found : user_pref("CT2559647.IsMulticommunity", false);
Found : user_pref("CT2559647.IsOpenThankYouPage", false);
Found : user_pref("CT2559647.IsOpenUninstallPage", false);
Found : user_pref("CT2559647.LanguagePackLastCheckTime", "Fri Sep 14 2012 10:22:57 GMT-0400 (Eastern Dayligh[...]
Found : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2559647.LastLogin_3.10.0.1", "Tue Apr 17 2012 14:46:09 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2559647.LastLogin_3.12.0.7", "Tue Apr 24 2012 22:05:14 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2559647.LastLogin_3.12.2.3", "Wed May 30 2012 22:12:45 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2559647.LastLogin_3.13.0.6", "Sun Jul 15 2012 22:56:21 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2559647.LastLogin_3.14.1.0", "Tue Aug 21 2012 21:27:13 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2559647.LastLogin_3.15.1.0", "Fri Sep 14 2012 16:14:53 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2559647.LastLogin_3.3.3.2", "Tue Jul 12 2011 22:37:49 GMT-0400 (Eastern Daylight Time)"[...]
Found : user_pref("CT2559647.LatestVersion", "3.14.1.0");
Found : user_pref("CT2559647.Locale", "en");
Found : user_pref("CT2559647.MCDetectTooltipHeight", "83");
Found : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2559647.MCDetectTooltipWidth", "295");
Found : user_pref("CT2559647.MyStuffEnabledAtInstallation", false);
Found : user_pref("CT2559647.RadioShrinked", "shrinked");
Found : user_pref("CT2559647.SHRINK_TOOLBAR", 0);
Found : user_pref("CT2559647.SearchEngineBeforeUnload", "Coupons.com Customized Web Search");
Found : user_pref("CT2559647.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Found : user_pref("CT2559647.SearchInNewTabEnabled", true);
Found : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Fri Sep 14 2012 10:22:57 GMT-0400 (Eastern Dayli[...]
Found : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2559647.SearchProtectorEnabled", false);
Found : user_pref("CT2559647.SearchProtectorToolbarDisable d", true);
Found : user_pref("CT2559647.ServiceMapLastCheckTime", "Fri Sep 14 2012 10:22:57 GMT-0400 (Eastern Daylight [...]
Found : user_pref("CT2559647.SettingsLastCheckTime", "Fri Sep 14 2012 18:15:54 GMT-0400 (Eastern Daylight Ti[...]
Found : user_pref("CT2559647.SettingsLastUpdate", "1347202496");
Found : user_pref("CT2559647.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Mon Aug 27 2012 21:33:45 GMT-0400 (Eastern Day[...]
Found : user_pref("CT2559647.ThirdPartyComponentsLastUpdat e", "1331805997");
Found : user_pref("CT2559647.ToolbarDisabled", true);
Found : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647");
Found : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2559647.UserID", "UN67653680872834048");
Found : user_pref("CT2559647.ValidationData_Search", 2);
Found : user_pref("CT2559647.ValidationData_Toolbar", 2);
Found : user_pref("CT2559647.alertChannelId", "952537");
Found : user_pref("CT2559647.components.129404749084494749", false);
Found : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2559647.globalFirstTimeInfoLastCheckT ime", "Tue Sep 04 2012 19:41:33 GMT-0400 (Eastern [...]
Found : user_pref("CT2559647.homepageProtectorEnableByLogi n", true);
Found : user_pref("CT2559647.initDone", true);
Found : user_pref("CT2559647.isAppTrackingManagerOn", false);
Found : user_pref("CT2559647.myStuffEnabled", true);
Found : user_pref("CT2559647.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2559647.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,111,129732450647667807,100[...]
Found : user_pref("CT2559647.revertSettingsEnabled", false);
Found : user_pref("CT2559647.searchProtectorDialogDelayInS ec", 10);
Found : user_pref("CT2559647.searchProtectorEnableByLogin", true);
Found : user_pref("CT2559647.testingCtid", "");
Found : user_pref("CT2559647.toolbarAppMetaDataLastCheckTi me", "Fri Sep 14 2012 10:22:57 GMT-0400 (Eastern D[...]
Found : user_pref("CT2559647.toolbarContextMenuLastCheckTi me", "Tue Sep 11 2012 19:34:40 GMT-0400 (Eastern D[...]
Found : user_pref("CT2559647.usagesFlag", 2);
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwn er", "CT2559647");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/952537/948310/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2559647", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2559647",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"05b[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Bob\\AppData\\Roaming\\Mozilla\\Fir[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionIn stalled", "3.15.1.0");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSa vedUrl", "hxxp://dul.startnow.com/s/?src=addrbar&p[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2559647");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2559647");
Found : user_pref("CommunityToolbar.alert.alertDialogsGett erLastCheckTime", "Mon Jun 13 2011 19:20:07 GMT-04[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterva l", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastChe ckTime", "Tue Jul 12 2011 22:37:57 GMT-0400 (Easte[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTi me", "Tue Jul 12 2011 22:37:49 GMT-0400 (Eastern D[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateT ime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeS ec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUr l", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseInterva lMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "793c8670-327f-4685-9f84-71d7b0a2f5aa");
Found : user_pref("CommunityToolbar.globalUserId", "ce1241aa-2a69-49fc-92ba-12d526a4c0f7");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedI temTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFe edItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2559647");
Found : user_pref("CommunityToolbar.notifications.alertDia logsGetterLastCheckTime", "Tue Sep 11 2012 22:29:1[...]
Found : user_pref("CommunityToolbar.notifications.clientsS erverUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginInt ervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLas tCheckTime", "Fri Sep 14 2012 10:22:57 GMT-0400 (E[...]
Found : user_pref("CommunityToolbar.notifications.loginLas tUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageS howTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.services ServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTray Icon", false);
Found : user_pref("CommunityToolbar.notifications.userClos eIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "f4618369-5528-45eb-9fd0-b70097c66514");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.defaultthis.engineName", "Coupons.com Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&Sea[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=[...]
Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "dul.startnow.com");

*************************

AdwCleaner[R1].txt - [22639 octets] - [31/10/2012 23:30:25]

########## EOF - C:\AdwCleaner[R1].txt - [22700 octets] ##########

And, here's the Combofix log:

ComboFix 12-10-31.03 - Bob 11/01/2012 19:48:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4460 [GMT -4:00]
Running from: c:\users\Bob\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\searchplugins\bing-zugo.xml
c:\windows\assembly\tmp\U
c:\windows\iun6002.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-10-02 to 2012-11-02 )))))))))))))))))))))))))))))))
.
.
2012-11-02 00:01 . 2012-11-02 00:01   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-11-01 03:14 . 2012-11-01 03:14   --------   d-----w-   c:\program files\CCleaner
2012-10-30 11:42 . 2012-10-30 11:42   69000   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{A87544DB-A523-4963-8CF2-1666E201413D}\offreg.dll
2012-10-30 09:11 . 2012-10-12 07:19   9291768   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{A87544DB-A523-4963-8CF2-1666E201413D}\mpengine.dll
2012-10-29 16:14 . 2012-10-29 16:14   --------   d-----w-   c:\program files (x86)\MSECache
2012-10-10 17:49 . 2012-08-31 18:19   1659760   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2012-10-10 17:49 . 2012-08-30 18:03   5559664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-10-10 17:49 . 2012-08-30 17:12   3968880   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 17:49 . 2012-08-30 17:12   3914096   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 20:00 . 2011-04-20 19:50   637272   ----a-w-   c:\windows\system32\drivers\klif.sys
2012-10-11 07:05 . 2011-06-20 23:17   65309168   ----a-w-   c:\windows\system32\MRT.exe
2012-10-09 00:07 . 2012-04-22 02:14   696760   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 00:07 . 2011-06-17 02:44   73656   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 06:51 . 2011-11-20 21:27   737072   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-10-03 06:50 . 2012-09-08 18:22   2876528   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-10-03 06:50 . 2012-09-08 18:21   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-09-23 23:48 . 2012-09-23 23:48   96768   ----a-w-   c:\windows\system32\mshtmled.dll
2012-09-23 23:48 . 2012-09-23 23:48   91648   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2012-09-23 23:48 . 2012-09-23 23:48   89088   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2012-09-23 23:48 . 2012-09-23 23:48   89088   ----a-w-   c:\windows\system32\ie4uinit.exe
2012-09-23 23:48 . 2012-09-23 23:48   86528   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2012-09-23 23:48 . 2012-09-23 23:48   85504   ----a-w-   c:\windows\system32\jsproxy.dll
2012-09-23 23:48 . 2012-09-23 23:48   85504   ----a-w-   c:\windows\system32\iesetup.dll
2012-09-23 23:48 . 2012-09-23 23:48   82432   ----a-w-   c:\windows\system32\icardie.dll
2012-09-23 23:48 . 2012-09-23 23:48   816640   ----a-w-   c:\windows\system32\jscript.dll
2012-09-23 23:48 . 2012-09-23 23:48   76800   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-23 23:48 . 2012-09-23 23:48   76800   ----a-w-   c:\windows\system32\tdc.ocx
2012-09-23 23:48 . 2012-09-23 23:48   74752   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-23 23:48 . 2012-09-23 23:48   74752   ----a-w-   c:\windows\SysWow64\iesetup.dll
2012-09-23 23:48 . 2012-09-23 23:48   729088   ----a-w-   c:\windows\system32\msfeeds.dll
2012-09-23 23:48 . 2012-09-23 23:48   65024   ----a-w-   c:\windows\system32\pngfilt.dll
2012-09-23 23:48 . 2012-09-23 23:48   63488   ----a-w-   c:\windows\SysWow64\tdc.ocx
2012-09-23 23:48 . 2012-09-23 23:48   599040   ----a-w-   c:\windows\system32\vbscript.dll
2012-09-23 23:48 . 2012-09-23 23:48   55296   ----a-w-   c:\windows\system32\msfeedsbs.dll
2012-09-23 23:48 . 2012-09-23 23:48   534528   ----a-w-   c:\windows\system32\ieapfltr.dll
2012-09-23 23:48 . 2012-09-23 23:48   49664   ----a-w-   c:\windows\system32\imgutil.dll
2012-09-23 23:48 . 2012-09-23 23:48   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2012-09-23 23:48 . 2012-09-23 23:48   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2012-09-23 23:48 . 2012-09-23 23:48   452608   ----a-w-   c:\windows\system32\dxtmsft.dll
2012-09-23 23:48 . 2012-09-23 23:48   448512   ----a-w-   c:\windows\system32\html.iec
2012-09-23 23:48 . 2012-09-23 23:48   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2012-09-23 23:48 . 2012-09-23 23:48   403248   ----a-w-   c:\windows\system32\iedkcs32.dll
2012-09-23 23:48 . 2012-09-23 23:48   39936   ----a-w-   c:\windows\system32\iernonce.dll
2012-09-23 23:48 . 2012-09-23 23:48   3695416   ----a-w-   c:\windows\system32\ieapfltr.dat
2012-09-23 23:48 . 2012-09-23 23:48   367104   ----a-w-   c:\windows\SysWow64\html.iec
2012-09-23 23:48 . 2012-09-23 23:48   35840   ----a-w-   c:\windows\SysWow64\imgutil.dll
2012-09-23 23:48 . 2012-09-23 23:48   30720   ----a-w-   c:\windows\system32\licmgr10.dll
2012-09-23 23:48 . 2012-09-23 23:48   282112   ----a-w-   c:\windows\system32\dxtrans.dll
2012-09-23 23:48 . 2012-09-23 23:48   267776   ----a-w-   c:\windows\system32\ieaksie.dll
2012-09-23 23:48 . 2012-09-23 23:48   249344   ----a-w-   c:\windows\system32\webcheck.dll
2012-09-23 23:48 . 2012-09-23 23:48   248320   ----a-w-   c:\windows\system32\ieui.dll
2012-09-23 23:48 . 2012-09-23 23:48   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2012-09-23 23:48 . 2012-09-23 23:48   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-09-23 23:48 . 2012-09-23 23:48   237056   ----a-w-   c:\windows\system32\url.dll
2012-09-23 23:48 . 2012-09-23 23:48   23552   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2012-09-23 23:48 . 2012-09-23 23:48   2312704   ----a-w-   c:\windows\system32\jscript9.dll
2012-09-23 23:48 . 2012-09-23 23:48   222208   ----a-w-   c:\windows\system32\msls31.dll
2012-09-23 23:48 . 2012-09-23 23:48   2144768   ----a-w-   c:\windows\system32\iertutil.dll
2012-09-23 23:48 . 2012-09-23 23:48   197120   ----a-w-   c:\windows\system32\msrating.dll
2012-09-23 23:48 . 2012-09-23 23:48   1800704   ----a-w-   c:\windows\SysWow64\jscript9.dll
2012-09-23 23:48 . 2012-09-23 23:48   17810944   ----a-w-   c:\windows\system32\mshtml.dll
2012-09-23 23:48 . 2012-09-23 23:48   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-09-23 23:48 . 2012-09-23 23:48   165888   ----a-w-   c:\windows\system32\iexpress.exe
2012-09-23 23:48 . 2012-09-23 23:48   163840   ----a-w-   c:\windows\system32\ieakui.dll
2012-09-23 23:48 . 2012-09-23 23:48   161792   ----a-w-   c:\windows\SysWow64\msls31.dll
2012-09-23 23:48 . 2012-09-23 23:48   160256   ----a-w-   c:\windows\system32\wextract.exe
2012-09-23 23:48 . 2012-09-23 23:48   160256   ----a-w-   c:\windows\system32\ieakeng.dll
2012-09-23 23:48 . 2012-09-23 23:48   152064   ----a-w-   c:\windows\SysWow64\wextract.exe
2012-09-23 23:48 . 2012-09-23 23:48   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2012-09-23 23:48 . 2012-09-23 23:48   149504   ----a-w-   c:\windows\system32\occache.dll
2012-09-23 23:48 . 2012-09-23 23:48   1494528   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-09-23 23:48 . 2012-09-23 23:48   145920   ----a-w-   c:\windows\system32\iepeers.dll
2012-09-23 23:48 . 2012-09-23 23:48   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2012-09-23 23:48 . 2012-09-23 23:48   1427968   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2012-09-23 23:48 . 2012-09-23 23:48   1392128   ----a-w-   c:\windows\system32\wininet.dll
2012-09-23 23:48 . 2012-09-23 23:48   135168   ----a-w-   c:\windows\system32\IEAdvpack.dll
2012-09-23 23:48 . 2012-09-23 23:48   1346048   ----a-w-   c:\windows\system32\urlmon.dll
2012-09-23 23:48 . 2012-09-23 23:48   12288   ----a-w-   c:\windows\system32\mshta.exe
2012-09-23 23:48 . 2012-09-23 23:48   11776   ----a-w-   c:\windows\SysWow64\mshta.exe
2012-09-23 23:48 . 2012-09-23 23:48   114176   ----a-w-   c:\windows\system32\admparse.dll
2012-09-23 23:48 . 2012-09-23 23:48   1129472   ----a-w-   c:\windows\SysWow64\wininet.dll
2012-09-23 23:48 . 2012-09-23 23:48   111616   ----a-w-   c:\windows\system32\iesysprep.dll
2012-09-23 23:48 . 2012-09-23 23:48   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2012-09-23 23:48 . 2012-09-23 23:48   10925568   ----a-w-   c:\windows\system32\ieframe.dll
2012-09-23 23:48 . 2012-09-23 23:48   10752   ----a-w-   c:\windows\system32\msfeedssync.exe
2012-09-23 23:48 . 2012-09-23 23:48   103936   ----a-w-   c:\windows\system32\inseng.dll
2012-09-23 23:48 . 2012-09-23 23:48   101888   ----a-w-   c:\windows\SysWow64\admparse.dll
2012-09-21 05:54 . 2011-11-20 21:27   2876528   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 05:54 . 2011-11-20 21:27   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-08-22 18:12 . 2012-09-11 20:33   1913200   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 20:33   950128   ----a-w-   c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 20:33   376688   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 20:33   288624   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 19:40   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 17:48   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2012-08-07 15:12 . 2012-08-07 15:12   0   ----a-w-   c:\windows\SysWow64\sho87C9.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files (x86)\Coupons.com\tbCoup.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2010-12-09 16:51   3911776   ----a-w-   c:\program files (x86)\Coupons.com\tbCoup.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF}]
2012-07-09 19:07   131240   ----a-w-   c:\users\Bob\AppData\Local\ArcadeCandy\candyEX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:33   1519304   ----a-w-   c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files (x86)\Coupons.com\tbCoup.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2012-10-30 206448]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
.
c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-12 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-11 6790656]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-11 221184]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 00:07]
.
2012-11-01 c:\windows\Tasks\CandyUpdater.job
- c:\users\Bob\AppData\Local\ArcadeCandy\candyUpdater.exe [2012-07-09 19:07]
.
2012-10-15 c:\windows\Tasks\HPCeeScheduleForBOB-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-10-29 c:\windows\Tasks\HPCeeScheduleForBob.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://masslive.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.15.1
FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AutoStartNPSAgent - c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-01 20:17:11
ComboFix-quarantined-files.txt 2012-11-02 00:17
.
Pre-Run: 863,169,818,624 bytes free
Post-Run: 862,646,325,248 bytes free
.
- - End Of File - - 8D37EFEC26EBAA28486A16210EE468ED

SuperDave · « **Reply #4 on:** November 01, 2012, 07:27:02 PM »

Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*********************************************
Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

Firefox::

Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg

DDS::

Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Registry::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this script.

************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

rstoddard · « **Reply #5 on:** November 03, 2012, 06:21:44 PM »

Here's the log from Adware Cleaner:

# AdwCleaner v2.006 - Logfile created 11/02/2012 at 21:02:03
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Bob - BOB-HP
# Boot Mode : Normal
# Running from : C:\Users\Bob\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Coupons.com
Folder Deleted : C:\Users\Bob\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Bob\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bob\AppData\LocalLow\Coupons.com
Folder Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\Conduit
Folder Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\ConduitCommon
Folder Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\CT2559647
Folder Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
Folder Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\extensions\[email protected]
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37153479-1976-43C3-A1EE-557513977B64}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37153479-1976-43C3-A1EE-557513977B64}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58AA7FF7-2A9E-437E-BAB9-136941E21617}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Coupons.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{58AA7FF7-2A9E-437E-BAB9-136941E21617}
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{58AA7FF7-2A9E-437E-BAB9-136941E21617}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CD98AFC-9B5B-463F-AB19-D806D2216FD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37153479-1976-43C3-A1EE-557513977B64}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupons.com Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37153479-1976-43C3-A1EE-557513977B64}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37153479-1976-43C3-A1EE-557513977B64}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\z6fy0ike.default\prefs.js

Deleted : user_pref("CT2559647..clientLogIsEnabled", false);
Deleted : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2559647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2559647.AppTrackingLastCheckTime", "Fri Aug 10 2012 19:28:42 GMT-0400 (Eastern Daylight[...]
Deleted : user_pref("CT2559647.CTID", "CT2559647");
Deleted : user_pref("CT2559647.CurrentServerDate", "14-9-2012");
Deleted : user_pref("CT2559647.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2559647.DialogsGetterLastCheckTime", "Wed Sep 12 2012 22:17:55 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2559647.DownloadReferralCookieData", "");
Deleted : user_pref("CT2559647.ExternalComponentPollDate1294 04749084494749", "Tue Jul 12 2011 22:37:49 GMT-040[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate1294 04791544181654", "Tue Mar 06 2012 20:04:08 GMT-050[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate1294 13165572169584", "Tue Mar 06 2012 20:04:08 GMT-050[...]
Deleted : user_pref("CT2559647.FirstServerDate", "14-6-2011");
Deleted : user_pref("CT2559647.FirstTime", true);
Deleted : user_pref("CT2559647.FirstTimeFF3", true);
Deleted : user_pref("CT2559647.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2559647.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2559647.HPProtectChoice", true);
Deleted : user_pref("CT2559647.HPProtectCount", 1);
Deleted : user_pref("CT2559647.HasUserGlobalKeys", true);
Deleted : user_pref("CT2559647.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2559647.HomepageBeforeUnload", "hxxp://xfinity.comcast.net/");
Deleted : user_pref("CT2559647.Initialize", true);
Deleted : user_pref("CT2559647.InitializeCommonPrefs", true);
Deleted : user_pref("CT2559647.InstallationAndCookieDataSent Count", 3);
Deleted : user_pref("CT2559647.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2559647.InstalledDate", "Mon Jun 13 2011 19:20:06 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2559647.IsAlertDBUpdated", true);
Deleted : user_pref("CT2559647.IsGrouping", false);
Deleted : user_pref("CT2559647.IsMulticommunity", false);
Deleted : user_pref("CT2559647.IsOpenThankYouPage", false);
Deleted : user_pref("CT2559647.IsOpenUninstallPage", false);
Deleted : user_pref("CT2559647.LanguagePackLastCheckTime", "Fri Sep 14 2012 10:22:57 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2559647.LastLogin_3.10.0.1", "Tue Apr 17 2012 14:46:09 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.12.0.7", "Tue Apr 24 2012 22:05:14 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.12.2.3", "Wed May 30 2012 22:12:45 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.13.0.6", "Sun Jul 15 2012 22:56:21 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.14.1.0", "Tue Aug 21 2012 21:27:13 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.15.1.0", "Fri Sep 14 2012 16:14:53 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.3.3.2", "Tue Jul 12 2011 22:37:49 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2559647.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2559647.Locale", "en");
Deleted : user_pref("CT2559647.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2559647.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2559647.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT2559647.RadioShrinked", "shrinked");
Deleted : user_pref("CT2559647.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT2559647.SearchEngineBeforeUnload", "Coupons.com Customized Web Search");
Deleted : user_pref("CT2559647.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Deleted : user_pref("CT2559647.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Fri Sep 14 2012 10:22:57 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2559647.SearchProtectorEnabled", false);
Deleted : user_pref("CT2559647.SearchProtectorToolbarDisable d", true);
Deleted : user_pref("CT2559647.ServiceMapLastCheckTime", "Fri Sep 14 2012 10:22:57 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2559647.SettingsLastCheckTime", "Fri Sep 14 2012 18:15:54 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2559647.SettingsLastUpdate", "1347202496");
Deleted : user_pref("CT2559647.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Mon Aug 27 2012 21:33:45 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastUpdat e", "1331805997");
Deleted : user_pref("CT2559647.ToolbarDisabled", true);
Deleted : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647");
Deleted : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2559647.UserID", "UN67653680872834048");
Deleted : user_pref("CT2559647.ValidationData_Search", 2);
Deleted : user_pref("CT2559647.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2559647.alertChannelId", "952537");
Deleted : user_pref("CT2559647.components.129404749084494749", false);
Deleted : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2559647.globalFirstTimeInfoLastCheckT ime", "Tue Sep 04 2012 19:41:33 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2559647.homepageProtectorEnableByLogi n", true);
Deleted : user_pref("CT2559647.initDone", true);
Deleted : user_pref("CT2559647.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2559647.myStuffEnabled", true);
Deleted : user_pref("CT2559647.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2559647.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,111,129732450647667807,100[...]
Deleted : user_pref("CT2559647.revertSettingsEnabled", false);
Deleted : user_pref("CT2559647.searchProtectorDialogDelayInS ec", 10);
Deleted : user_pref("CT2559647.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2559647.testingCtid", "");
Deleted : user_pref("CT2559647.toolbarAppMetaDataLastCheckTi me", "Fri Sep 14 2012 10:22:57 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2559647.toolbarContextMenuLastCheckTi me", "Tue Sep 11 2012 19:34:40 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2559647.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwn er", "CT2559647");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/952537/948310/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2559647", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2559647",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"05b[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Bob\\AppData\\Roaming\\Mozilla\\Fir[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionIn stalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSa vedUrl", "hxxp://dul.startnow.com/s/?src=addrbar&p[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2559647");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2559647");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGett erLastCheckTime", "Mon Jun 13 2011 19:20:07 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterva l", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastChe ckTime", "Tue Jul 12 2011 22:37:57 GMT-0400 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTi me", "Tue Jul 12 2011 22:37:49 GMT-0400 (Eastern D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateT ime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeS ec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUr l", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseInterva lMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "793c8670-327f-4685-9f84-71d7b0a2f5aa");
Deleted : user_pref("CommunityToolbar.globalUserId", "ce1241aa-2a69-49fc-92ba-12d526a4c0f7");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedI temTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFe edItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2559647");
Deleted : user_pref("CommunityToolbar.notifications.alertDia logsGetterLastCheckTime", "Tue Sep 11 2012 22:29:1[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsS erverUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginInt ervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLas tCheckTime", "Fri Sep 14 2012 10:22:57 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLas tUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageS howTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.services ServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTray Icon", false);
Deleted : user_pref("CommunityToolbar.notifications.userClos eIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "f4618369-5528-45eb-9fd0-b70097c66514");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "Coupons.com Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=[...]
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "dul.startnow.com");

*************************

AdwCleaner[R1].txt - [22752 octets] - [31/10/2012 23:30:25]
AdwCleaner[S1].txt - [22256 octets] - [02/11/2012 21:02:03]

########## EOF - C:\AdwCleaner[S1].txt - [22317 octets] ##########

After rerunning ComboFix, I had to switch computers, as nothing now works on the infected machine

. Everytime I try to run a program, I get the message, "Illegal operation attempted on a registry key that has been marked for deletion." I cannot access the internet on the infected computer.

I downloaded Security Check using this machine and transferred it to the infected machine and tried to run it. I get the same "illegal operation" message.

Please advise.

SuperDave · « **Reply #6 on:** November 03, 2012, 07:32:59 PM »

Quote

I get the message, "Illegal operation attempted on a registry key that has been marked for deletion." I cannot access the internet on the infected computer.

A re-boot should fix that problem.

rstoddard · « **Reply #7 on:** November 03, 2012, 09:43:16 PM »

Thank you. The reboot worked.

Here's the text to the Checkup:

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java(TM) 6 Update 29
Java version out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````[/u]
Kaspersky Lab Kaspersky Anti-Virus 2012 avp.exe
Kaspersky Lab Kaspersky Anti-Virus 2012 x64 klwtblfs.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]

Now, when I try to run ASWMBR.exe, I get the message "not avalid Win32 application."

SuperDave · « **Reply #8 on:** November 04, 2012, 06:50:41 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
Don't forget to enable your AV.

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

rstoddard · « **Reply #9 on:** November 06, 2012, 05:35:56 PM »

Here's the RKReport:

RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bob [Admin rights]
Mode : Scan -- Date : 11/06/2012 19:33:31

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] CandyUpdater.job : C:\Users\Bob\AppData\Local\ArcadeCandy\candyUpdater.exe -> FOUND
[TASK][SUSP PATH] CandyUpdater : C:\Users\Bob\AppData\Local\ArcadeCandy\candyUpdater.exe -> FOUND
[TASK][SUSP PATH] {7B8DEC15-44A7-4EEE-A393-0879686FB775} : C:\Windows\system32\pcalua.exe -a C:\Users\Bob\AppData\Local\Temp\Temp2_a817.zip\Setup.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] e0a39b1e0b036dae6223eedd3d054c8b
[BSP] 4f0f708ea304aa5c8bb26954ab16b2ba : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 940554 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1926461440 | Size: 13213 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 2be32b9c3636df60e717f5fe3026ebf1
[BSP] 2b9e1169a606bebc7470e79dc0f75ad4 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

+++++ PhysicalDrive1: Canon MG5200 series USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_11062012_02d1933.txt >>
RKreport[1]_S_11062012_02d1933.txt

Computer Hope Forum

News:

Author Topic: Can't Download Malwarebyes (Read 8062 times)

rstoddard

Can't Download Malwarebyes

Allan

Re: Can't Download Malwarebyes

SuperDave

Re: Can't Download Malwarebyes

rstoddard

Re: Can't Download Malwarebyes

SuperDave

Re: Can't Download Malwarebyes

rstoddard

Re: Can't Download Malwarebyes

SuperDave

Re: Can't Download Malwarebyes

rstoddard

Re: Can't Download Malwarebyes

SuperDave

Re: Can't Download Malwarebyes

rstoddard

Re: Can't Download Malwarebyes