[A] Trojan svchost.exe picked up by Avast

insound · Oct 29, 2012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{33174C6A-9C4C-4A39-81FB-E26F5015191B}_is1" = TEncoder version 17
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{829E7CC4-A239-40a8-9332-F247D5366D01}_is1" = DAVID-LASERSCANNER 3.4.0.3008
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
"{BC64CEDA-74F9-4007-B9DE-09EDE0A35A67}" = Autodesk 123D Catch
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0529F5A-C45C-40C0-8457-6A5AF24ABC6E}" = GIZMO
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Aspire" = Aspire 3.0
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Cut2D" = Cut2D 1.1
"Cut3D" = Cut3D 1.025
"DAEMON Tools Lite" = DAEMON Tools Lite
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.2
"HandBrake" = HandBrake 0.9.6
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Logitech Vid" = Logitech Vid HD
"Mach3 Mach3VersionR1.83.027" = Mach3 Mach3VersionR1.83.027
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = Vtune 7.16
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"pepakura_designer3en" = Pepakura Designer 3
"pepakura_viewer3en" = Pepakura Viewer 3
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PhotoVCarve" = PhotoVCarve 1.1
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 104310" = Red Orchestra 2 SDK
"Steam App 104320" = Red Orchestra 2: Heroes of Stalingrad Beta
"Steam App 10500" = Empire: Total War
"Steam App 113200" = The Binding of Isaac
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 1230" = Mare Nostrum
"Steam App 1250" = Killing Floor
"Steam App 1260" = Killing Floor SDK
"Steam App 1280" = Darkest Hour: Europe '44-'45
"Steam App 1290" = Darkest Hour Server
"Steam App 130" = Half-Life: Blue Shift
"Steam App 1500" = Darwinia
"Steam App 1510" = Uplink
"Steam App 1520" = DEFCON
"Steam App 1530" = Multiwinia
"Steam App 20" = Team Fortress Classic
"Steam App 200010" = Quantum Conundrum
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
"Steam App 211600" = Thief Gold
"Steam App 211740" = Thief 2
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 30" = Day of Defeat
"Steam App 34030" = Napoleon: Total War
"Steam App 35130" = Lara Croft and the Guardian of Light
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 35460" = The Ball
"Steam App 35480" = Dwarfs!?
"Steam App 3830" = Psychonauts
"Steam App 40" = Deathmatch Classic
"Steam App 43110" = Metro 2033
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War Gold Edition
"Steam App 4770" = Rome: Total War - Alexander
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 50" = Half-Life: Opposing Force
"Steam App 50620" = Darksiders
"Steam App 55100" = Homefront
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 55230" = Saints Row: The Third
"Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
"Steam App 60" = Ricochet
"Steam App 6850" = Hitman 2: Silent Assassin
"Steam App 6860" = Hitman: Blood Money
"Steam App 6900" = Hitman: Codename 47
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 6920" = Deus Ex: Invisible War
"Steam App 6980" = Thief: Deadly Shadows
"Steam App 70" = Half-Life
"Steam App 7000" = Tomb Raider: Legend
"Steam App 8000" = Tomb Raider: Anniversary
"Steam App 8140" = Tomb Raider: Underworld
"Steam App 8190" = Just Cause 2
"Steam App 96800" = Nexuiz
"VCarve Pro" = VCarve Pro 6.0
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XviD4PSP5_is1" = XviD4PSP 5.10.271.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2531639372-1648162139-2993820186-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2012 1:17:02 PM | Computer Name = MainPC-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary kl2. System Error: The system cannot find the file specified. .

Error - 10/23/2012 1:17:02 PM | Computer Name = MainPC-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Kaspersky Lab Driver. System Error: The system cannot find the file specified.
.

Error - 10/23/2012 1:17:02 PM | Computer Name = MainPC-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Zone Alarm Firewall Driver. System Error: The system cannot find the file
specified. .

Error - 10/24/2012 1:05:34 PM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/24/2012 2:27:20 PM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/25/2012 9:45:16 AM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/26/2012 3:21:37 PM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/26/2012 7:41:43 PM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/27/2012 7:30:20 PM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/29/2012 9:30:45 AM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 5/20/2012 2:35:44 PM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
Description = 7:35:44 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 7:40:24 AM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
Description = 12:40:24 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 2:47:46 PM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
Description = 7:47:46 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 7:03:02 AM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
Description = 12:02:54 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/26/2012 2:33:05 PM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
Description = 7:33:05 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/27/2012 6:31:46 AM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
Description = 11:31:37 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/27/2012 2:03:29 PM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
Description = 7:03:29 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/28/2012 2:51:57 AM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
Description = 7:51:49 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/28/2012 2:58:31 PM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
Description = 7:58:31 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/29/2012 2:08:15 PM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
Description = 7:08:15 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

[ System Events ]
Error - 10/23/2012 1:31:11 PM | Computer Name = MainPC-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 10/23/2012 1:32:14 PM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/23/2012 1:32:24 PM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/23/2012 2:30:01 PM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Apple
Mobile Device service to connect.

Error - 10/23/2012 2:30:01 PM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 10/23/2012 6:37:42 PM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 10/24/2012 10:57:36 AM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Apple
Mobile Device service to connect.

Error - 10/24/2012 10:57:36 AM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 10/25/2012 8:31:00 AM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 10/25/2012 8:31:00 AM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

< End of report >

Broni · Oct 29, 2012

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKU\S-1-5-21-2531639372-1648162139-2993820186-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
@Alternate Data Stream - 1134 bytes -> C:\Users\Main PC\AppData\Local\lzxDwiC2XxoyU:87jqMGYrks9rUBOt77Z

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=====================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.

Click on Uninstall.

Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

insound · Oct 29, 2012

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2531639372-1648162139-2993820186-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
ADS C:\Users\Main PC\AppData\Local\lzxDwiC2XxoyU:87jqMGYrks9rUBOt77Z deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Main PC
->Temp folder emptied: 14015248 bytes
->Temporary Internet Files folder emptied: 228745271 bytes
->FireFox cache emptied: 154193724 bytes
->Flash cache emptied: 9953 bytes

User: Mcx1-MAINPC-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 773194 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46378758 bytes
RecycleBin emptied: 9372828 bytes

Total Files Cleaned = 433.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Main PC

User: Mcx1-MAINPC-PC

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Main PC
->Flash cache emptied: 0 bytes

User: Mcx1-MAINPC-PC

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10292012_173659

Files\Folders moved on Reboot...
C:\Users\Main PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

insound · Oct 29, 2012

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

insound · Oct 29, 2012

Farbar Service Scanner Version: 27-10-2012
Ran by Main PC (administrator) on 29-10-2012 at 18:48:15
Running from "C:\Users\Main PC\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

insound · Oct 29, 2012

# AdwCleaner v2.005 - Logfile created 10/29/2012 at 18:49:54
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Main PC - MAINPC-PC
# Boot Mode : Normal
# Running from : C:\Users\Main PC\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Main PC\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Main PC\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Main PC\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\ConduitCommon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7365E26-7900-412E-BB34-8B64454C26A4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1C8539A-6F13-476E-93F7-1BC1F21BC206}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\prefs.js

Deleted : user_pref("CT2504091..clientLogIsEnabled", false);
Deleted : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Deleted : user_pref("CT2504091.CTID", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "3-4-2012");
Deleted : user_pref("CT2504091.DSInstall", false);
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.DialogsGetterLastCheckTime", "Tue Apr 03 2012 14:43:53 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Tue Apr 03 2012 14:43:52 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Apr 03 2012 14:43:53 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Apr 03 2012 14:43:53 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Deleted : user_pref("CT2504091.FirstServerDate", "3-4-2012");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.HPInstall", false);
Deleted : user_pref("CT2504091.HasUserGlobalKeys", true);
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2504091.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT2504091.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT2504091.InstalledDate", "Tue Apr 03 2012 14:43:52 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsInitSetupIni", true);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Apr 03 2012 14:43:53 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_3.10.0.1", "Tue Apr 03 2012 14:43:53 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2504091.LatestVersion", "3.10.0.1");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2504091.OriginalFirstVersion", "3.10.0.1");
Deleted : user_pref("CT2504091.SearchCaption", "Web Search");
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Tue Apr 03 2012 14:43:53 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2504091.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2504091.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2504091.ServiceMapLastCheckTime", "Tue Apr 03 2012 14:43:51 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Tue Apr 03 2012 14:43:51 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1331729343");
Deleted : user_pref("CT2504091.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Tue Apr 03 2012 14:43:51 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2504091.ToolbarDisabled", true);
Deleted : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Deleted : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2504091.UserID", "UN49179006037103534");
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.autoDisableScopes", -1);
Deleted : user_pref("CT2504091.backendstorage.cbfirsttime", "5475652041707220303320323031322031343A34333A35362[...]
Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.exipres", "53756E2041707220303820323031322031343A[...]
Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.geolocation", "756E69746564206B696E67646F6D");
Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Tue Apr 03 2012 14:43:52 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.initDone", true);
Deleted : user_pref("CT2504091.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2504091.revertSettingsEnabled", true);
Deleted : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.testingCtid", "");
Deleted : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Tue Apr 03 2012 14:43:52 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Tue Apr 03 2012 14:43:53 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/UK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Main PC\\AppData\\Roaming\\Mozilla\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");
Deleted : user_pref("CommunityToolbar.globalUserId", "5de30a69-ead7-4702-abb3-6dfe4a94c387");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Apr 03 2012 14:43:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Apr 03 2012 14:44:01 GMT+010[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Apr 03 2012 14:43:51 GMT+0100 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "936cc0e6-6958-4e8f-8fff-5f8291a28547");
Deleted : user_pref("CommunityToolbar.originalHomepage", "www.google.co.uk");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]

*************************

AdwCleaner[S1].txt - [13978 octets] - [29/10/2012 18:49:54]

########## EOF - C:\AdwCleaner[S1].txt - [14039 octets] ##########

insound · Oct 29, 2012

I can't get to the last site, the ESET online scanner. I think the site may be down or at least having difficulties (the frontpage loaded the first time, but the scanning tool didn't. Now neither load).

Or maybe it is just me. I'll try again in a little while.

Broni · Oct 29, 2012

Works for me. Try different browser.

Broni · Nov 3, 2012

Still with me?

Broni · Nov 8, 2012

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.

TechSpot

Welcome to TechSpot

[A] Trojan svchost.exe picked up by Avast

insound Newcomer, in training Posts: 21

Broni Malware Annihilator Posts: 39,384 +177

insound Newcomer, in training Posts: 21

insound Newcomer, in training Posts: 21

insound Newcomer, in training Posts: 21

insound Newcomer, in training Posts: 21

insound Newcomer, in training Posts: 21

Broni Malware Annihilator Posts: 39,384 +177

Broni Malware Annihilator Posts: 39,384 +177

Broni Malware Annihilator Posts: 39,384 +177

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.