Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect, 1st Time Post (there will be more)


  • This topic is locked This topic is locked
20 replies to this topic

#1 R. Josh B.

R. Josh B.

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 19 October 2012 - 09:34 AM

Hi, I hope that I am posting at the right spot. I have been stricken by a redirect virus while using Chrome. The usual cures have not been working. I have ran Malware Bytes Pro, Norton antivirus, and they are coming up with nothing. Spybot is coming up with a few items but cannot remove them, even after multiple restarts. I hope someone can help get rid of this malware or virus. I suppose the first thing I need to do is generate a log. If someone wants to delve into this please tell me what program they'd like me to use and what to record in generating that log.Thanks

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:38 PM

Posted 19 October 2012 - 03:42 PM

what operating system do you have?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 R. Josh B.

R. Josh B.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 19 October 2012 - 07:13 PM

Vista 32 bit, windows 6.0 build 6002 service pack 2 - Is that what you are looking for?

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:38 PM

Posted 19 October 2012 - 08:03 PM

yes,

please run the following:


Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 R. Josh B.

R. Josh B.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 20 October 2012 - 10:35 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2012
Ran by SYSTEM at 20-10-2012 22:15:31
Running from I:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [] [x]
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [Retrogamer_4w Browser Plugin Loader] C:\PROGRA~1\RETROG~1\bar\1.bin\4wbrmon.exe [30096 2012-08-11] (VER_COMPANY_NAME)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [215552 2008-01-20] (Microsoft Corporation)
HKU\Josh\...\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode [5915480 2010-10-29] (Logitech Inc.)
HKU\Josh\...\Run: [PlayOn] C:\Program Files\MediaMall\PlayOn.exe [53248 2012-09-10] (MediaMall Technologies, Inc.)
HKU\Josh\...\Run: [Google Update] "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-03-11] (Google Inc.)
HKU\Josh\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Josh\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2005-02-16] (InstallShield Software Corporation)
HKU\Josh\...\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup [49664 2008-01-20] (Microsoft Corporation)
HKU\Josh\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Josh\...\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 1.1.4322; .NET CLR 3.0.30729)" -"file:///C:/Users/Josh/AppData/Local/Temp/movie.htm" [460216 2009-03-19] (Adobe Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.27.35.1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Josh\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files\Impulse\Now\GameStopNow.exe (GameStop Corp.)
Startup: C:\Users\Josh\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)

==================== Services (Whitelisted) ===================

2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] ()
4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AGCoreService; "C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe" [20480 2010-03-18] (AG Interactive)
2 AntiSpywareService; C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)
3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-07-25] (Google)
2 gupdate1c9da3fa157c2e0; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-05-21] (Google Inc.)
2 ioloSystemService; "C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe" [1028464 2012-10-03] (iolo technologies, LLC)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 MediaMall Server; "C:\Program Files\MediaMall\MediaMallServer.exe" [3057528 2012-09-10] (MediaMall Technologies, Inc.)
2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
2 N360; "C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton Security Suite\Engine\6.4.0.9\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService [155648 2008-01-15] (NVIDIA)
2 Retrogamer_4wService; C:\PROGRA~1\RETROG~1\bar\1.bin\4wbarsvc.exe [42528 2012-08-11] (COMPANYVERS_NAME)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 SpyroService; "C:\Program Files\FS\Spyro Portal\FlashPortal.exe" [48128 2012-01-31] (FS)
3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] ()
3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [x]
3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [x]
3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [x]
4 GEARSecurity; C:\Windows\System32\gearsec.exe [x]
2 MOBCleanup; "C:\Users\Josh\AppData\Local\Temp\MOBCleanup.exe" [x]

==================== Drivers (Whitelisted) ====================

3 A5AGU; C:\Windows\System32\DRIVERS\A5AGU.sys [283904 2004-10-06] (D-Link Corporation)
2 ANIO; \??\C:\Windows\system32\ANIO.SYS [28205 2004-07-27] (Alpha Networks Inc.)
3 ATHFMWDL; C:\Windows\System32\Drivers\ATHFMWDL.sys [43392 2005-03-15] (Windows ® 2000 DDK provider)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [995488 2012-08-31] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360\0604000.009\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)
3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)
3 DVXUSBKS; C:\Windows\System32\DRIVERS\DVXUSBKS.sys [46397 2003-08-29] (Pinnacle Systems)
3 DVXUSBLD; C:\Windows\System32\drivers\DVXUSBLD.SYS [65305 2003-10-13] (Pinnacle Systems)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-08] (Symantec Corporation)
1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [27080 2012-04-17] (EldoS Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-08] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121019.001\IDSvix86.sys [386720 2012-09-06] (Symantec Corporation)
2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-07-27] (Windows ® Codename Longhorn DDK provider)
3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-28] (Initio Corporation)
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)
3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [23920 2011-10-17] (MediaMall Technologies, Inc.)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121020.007\NAVENG.SYS [92704 2012-10-03] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121020.007\NAVEX15.SYS [1601184 2012-10-03] (Symantec Corporation)
3 NVR0Dev; \??\C:\Windows\nvoclock.sys [29696 2008-01-15] (NVidia Corp.)
3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-06] (Printing Communications Assoc., Inc. (PCAUSA))
2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2012-08-02] (Raxco Software, Inc.)
3 QCDonner; C:\Windows\System32\DRIVERS\LVCD.sys [474304 2004-04-26] (Logitech Inc.)
3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [9024 2009-04-30] (Microsoft Corporation)
1 SRTSP; C:\Windows\System32\Drivers\N360\0604000.009\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360\0604000.009\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360\0604000.009\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360\0604000.009\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-06-06] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360\0604000.009\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360\0604000.009\SYMTDIV.SYS [345208 2011-11-16] (Symantec Corporation)
3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-16] ()
3 Afc; C:\Windows\System32\drivers\Afc.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 LVRS; C:\Windows\System32\DRIVERS\lvrs.sys [x]
3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [x]
3 LVUVC; C:\Windows\System32\DRIVERS\lvuvc.sys [x]
3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-20 21:55 - 2012-10-20 21:55 - 00000000 ____D C:\FRST
2012-10-20 20:47 - 2012-10-20 20:47 - 00000000 __SHD C:\found.001
2012-10-20 07:30 - 2012-10-20 07:30 - 00906326 ____A (Farbar) C:\Users\Josh\Downloads\FRST.exe
2012-10-18 13:58 - 2012-10-18 13:58 - 21476536 ____A C:\Users\Josh\Downloads\SeaToolsforWindowsSetup-1206.exe
2012-10-18 13:57 - 2012-10-18 13:58 - 151264056 ____A (Seagate) C:\Users\Josh\Downloads\DiscWizardSetup-14387.en.exe
2012-10-18 13:46 - 2012-10-18 13:46 - 01001640 ____A (Solid State Networks) C:\Users\Josh\Downloads\install_reader10_en_mssa_aih.exe
2012-10-18 12:34 - 2012-10-18 12:34 - 00881724 ____A C:\Users\Josh\Downloads\SecurityCheck.exe
2012-10-18 12:31 - 2012-10-18 12:31 - 10669896 ____A (Malwarebytes Corporation ) C:\Users\Josh\Downloads\mbam-setup.exe
2012-10-17 19:36 - 2012-10-17 19:36 - 00388608 ____A (Trend Micro Inc.) C:\Users\Josh\Downloads\HijackThis.exe
2012-10-16 14:19 - 2012-10-16 14:19 - 16409960 ____A (Safer Networking Limited ) C:\Users\Josh\Downloads\spybotsd162.exe
2012-10-15 05:14 - 2012-10-15 05:14 - 00000000 ____D C:\Users\Josh\Documents\My eBooks
2012-10-11 21:12 - 2012-10-11 21:12 - 02148776 ____A C:\Users\Josh\Downloads\StarTrekOnline_ST.20.20120812b.9_EN (2).exe
2012-10-11 21:12 - 2012-10-11 21:12 - 02148776 ____A C:\Users\Josh\Downloads\StarTrekOnline_ST.20.20120812b.9_EN (1).exe
2012-10-11 21:11 - 2012-10-11 21:12 - 02148776 ____A C:\Users\Josh\Downloads\StarTrekOnline_ST.20.20120812b.9_EN.exe
2012-10-09 19:53 - 2012-10-09 19:53 - 00000000 ____D C:\Users\Josh\AppData\Roaming\IDM
2012-10-09 17:53 - 2012-09-13 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 17:53 - 2012-08-29 03:27 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-09 17:53 - 2012-08-29 03:27 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 17:53 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 17:53 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 17:53 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 17:53 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 06:40 - 2012-10-09 06:40 - 00000000 ____D C:\Users\Josh\Documents\ENVIRON
2012-10-07 11:49 - 2012-10-07 11:49 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (16).exe
2012-10-07 11:48 - 2012-10-07 11:48 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (15).exe
2012-10-07 11:47 - 2012-10-07 11:47 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (14).exe
2012-10-07 11:45 - 2012-10-07 11:45 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (13).exe
2012-10-07 11:43 - 2012-10-07 11:43 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (12).exe
2012-10-07 11:41 - 2012-10-07 11:41 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (11).exe
2012-10-07 11:40 - 2012-10-07 11:40 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (10).exe
2012-10-07 11:38 - 2012-10-07 11:38 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (9).exe
2012-10-07 11:38 - 2012-10-07 11:38 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (8).exe
2012-10-06 22:12 - 2012-10-06 22:12 - 00000000 ____D C:\New Folder
2012-10-06 22:05 - 2012-10-06 22:05 - 00000000 ____D C:\Users\Josh\Downloads\Zipped
2012-10-06 17:27 - 2012-10-06 17:27 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (7).exe
2012-10-06 17:26 - 2012-10-06 17:26 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (6).exe
2012-10-06 16:44 - 2012-10-06 17:27 - 00000000 ____D C:\Program Files\FS
2012-10-06 16:44 - 2012-10-06 16:44 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (5).exe
2012-10-06 16:44 - 2012-10-06 16:44 - 00000000 ____D C:\Users\Josh\{14f311de-49e2-4874-8b63-963043114bd3}
2012-10-06 16:43 - 2012-10-06 16:43 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (4).exe
2012-10-06 16:17 - 2012-10-06 16:17 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (3).exe
2012-10-06 04:34 - 2012-10-06 04:34 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (2).exe
2012-10-06 03:58 - 2012-10-06 03:58 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (1).exe
2012-10-06 03:51 - 2012-10-06 03:51 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver.exe
2012-10-05 13:40 - 2012-10-05 13:41 - 00000000 ____D C:\Users\Josh\Desktop\GARMIN
2012-10-05 13:32 - 2012-10-05 13:32 - 04617512 ____A (Garmin International) C:\Users\Josh\Downloads\GarminMapUpdater.exe
2012-10-05 13:32 - 2012-10-05 13:32 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Garmin
2012-10-04 18:03 - 2012-04-17 04:25 - 00027080 ____A (EldoS Corporation) C:\Windows\System32\Drivers\ElRawDsk.sys
2012-10-03 20:57 - 2012-10-03 20:57 - 01679360 ____A C:\Users\Josh\Downloads\mov03.mpg
2012-09-30 13:13 - 2012-09-30 13:24 - 110873912 ____A C:\Users\Josh\Downloads\WEaT-360x200-med-res-105MB.ram
2012-09-30 13:12 - 2012-09-30 13:14 - 176298740 ____A C:\Users\Josh\Downloads\BAF-Part-1.wmv
2012-09-30 12:34 - 2012-09-30 12:34 - 35824651 ____A C:\Users\Josh\Downloads\STNV-1701-Pennsylvania-Ave-480p.mp4
2012-09-30 06:17 - 2012-09-30 06:17 - 00023040 ____A C:\Users\Josh\Desktop\Den10Info.xls
2012-09-24 05:21 - 2012-09-24 05:21 - 00000000 ____D C:\Users\Josh\AppData\Local\Macromedia
2012-09-24 05:20 - 2012-09-24 05:20 - 00000000 ____D C:\Users\Josh\AppData\Local\Retrogamer_4w
2012-09-23 06:26 - 2012-09-23 06:26 - 00591592 ____A (Unity Technologies ApS) C:\Users\Josh\Downloads\UnityWebPlayer.exe
2012-09-22 00:00 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 00:00 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 00:00 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-22 00:00 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-22 00:00 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 00:00 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 00:00 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 00:00 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 00:00 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-22 00:00 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-22 00:00 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-22 00:00 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 00:00 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 00:00 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 00:00 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-22 00:00 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-20 07:03 - 2012-09-20 07:03 - 01000376 ____A (Solid State Networks) C:\Users\Josh\Downloads\install_flashplayer11x32_mssd_au_aih.exe
2012-09-20 06:43 - 2012-09-20 06:43 - 00000000 ____D C:\Users\Josh\AppData\Local\White_Sky,_Inc
2012-09-20 06:20 - 2012-09-20 06:20 - 00001626 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-20 06:19 - 2012-08-21 10:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-20 06:17 - 2012-09-20 06:19 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-20 05:04 - 2012-09-20 05:04 - 00001854 ____A C:\Users\Public\Desktop\Safari.lnk
2012-09-20 05:01 - 2012-09-20 05:02 - 00000000 ____D C:\Program Files\QuickTime

==================== 3 Months Modified Files ==================

2012-10-20 17:38 - 2008-09-17 18:56 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-10-20 17:38 - 2008-09-17 18:55 - 00000000 ____A C:\Windows\WindowsUpdate.log
2012-10-20 17:38 - 2006-11-02 05:01 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-20 17:38 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-20 17:38 - 2006-11-02 04:47 - 00003744 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-20 17:38 - 2006-11-02 04:47 - 00003744 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-20 15:39 - 2009-07-04 13:18 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-20 15:24 - 2012-06-16 20:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-20 15:07 - 2012-03-11 12:46 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3722254389-3469369917-588677217-1000UA.job
2012-10-20 11:39 - 2011-05-12 03:27 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-10-20 10:23 - 2009-07-04 13:18 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-20 10:22 - 2008-01-20 18:47 - 04228918 ____A C:\Windows\PFRO.log
2012-10-20 08:38 - 2006-11-02 02:33 - 00763574 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-20 08:36 - 2009-03-12 12:20 - 00222682 ____A C:\Windows\setupact.log
2012-10-20 07:30 - 2012-10-20 07:30 - 00906326 ____A (Farbar) C:\Users\Josh\Downloads\FRST.exe
2012-10-20 00:00 - 2010-05-16 08:00 - 00000512 ____A C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
2012-10-19 23:08 - 2012-03-11 12:46 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3722254389-3469369917-588677217-1000Core.job
2012-10-19 00:00 - 2010-05-16 08:00 - 00000404 ____A C:\Windows\Tasks\NatSpeak Periodic Data Collection.job
2012-10-18 13:58 - 2012-10-18 13:58 - 21476536 ____A C:\Users\Josh\Downloads\SeaToolsforWindowsSetup-1206.exe
2012-10-18 13:58 - 2012-10-18 13:57 - 151264056 ____A (Seagate) C:\Users\Josh\Downloads\DiscWizardSetup-14387.en.exe
2012-10-18 13:46 - 2012-10-18 13:46 - 01001640 ____A (Solid State Networks) C:\Users\Josh\Downloads\install_reader10_en_mssa_aih.exe
2012-10-18 12:34 - 2012-10-18 12:34 - 00881724 ____A C:\Users\Josh\Downloads\SecurityCheck.exe
2012-10-18 12:31 - 2012-10-18 12:31 - 10669896 ____A (Malwarebytes Corporation ) C:\Users\Josh\Downloads\mbam-setup.exe
2012-10-18 05:37 - 2012-05-21 06:07 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-17 19:36 - 2012-10-17 19:36 - 00388608 ____A (Trend Micro Inc.) C:\Users\Josh\Downloads\HijackThis.exe
2012-10-16 14:20 - 2010-02-25 07:18 - 00001017 ____A C:\Users\Josh\Desktop\Spybot - Search & Destroy.lnk
2012-10-16 14:19 - 2012-10-16 14:19 - 16409960 ____A (Safer Networking Limited ) C:\Users\Josh\Downloads\spybotsd162.exe
2012-10-14 23:00 - 2010-05-16 08:00 - 00000488 ____A C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
2012-10-11 21:12 - 2012-10-11 21:12 - 02148776 ____A C:\Users\Josh\Downloads\StarTrekOnline_ST.20.20120812b.9_EN (2).exe
2012-10-11 21:12 - 2012-10-11 21:12 - 02148776 ____A C:\Users\Josh\Downloads\StarTrekOnline_ST.20.20120812b.9_EN (1).exe
2012-10-11 21:12 - 2012-10-11 21:11 - 02148776 ____A C:\Users\Josh\Downloads\StarTrekOnline_ST.20.20120812b.9_EN.exe
2012-10-10 15:10 - 2012-03-11 12:47 - 00002078 ____A C:\Users\Josh\Desktop\Google Chrome.lnk
2012-10-10 00:34 - 2012-06-06 08:40 - 00002122 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2012-10-10 00:07 - 2006-11-02 02:24 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-10-09 10:24 - 2012-06-16 20:54 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-09 10:24 - 2011-05-23 03:15 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-07 11:49 - 2012-10-07 11:49 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (16).exe
2012-10-07 11:48 - 2012-10-07 11:48 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (15).exe
2012-10-07 11:47 - 2012-10-07 11:47 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (14).exe
2012-10-07 11:45 - 2012-10-07 11:45 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (13).exe
2012-10-07 11:43 - 2012-10-07 11:43 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (12).exe
2012-10-07 11:41 - 2012-10-07 11:41 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (11).exe
2012-10-07 11:40 - 2012-10-07 11:40 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (10).exe
2012-10-07 11:38 - 2012-10-07 11:38 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (9).exe
2012-10-07 11:38 - 2012-10-07 11:38 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (8).exe
2012-10-06 22:21 - 2008-10-26 08:52 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
2012-10-06 22:21 - 2008-09-25 16:44 - 00219648 ____A C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-06 17:27 - 2012-10-06 17:27 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (7).exe
2012-10-06 17:26 - 2012-10-06 17:26 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (6).exe
2012-10-06 16:44 - 2012-10-06 16:44 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (5).exe
2012-10-06 16:43 - 2012-10-06 16:43 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (4).exe
2012-10-06 16:17 - 2012-10-06 16:17 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (3).exe
2012-10-06 04:34 - 2012-10-06 04:34 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (2).exe
2012-10-06 03:58 - 2012-10-06 03:58 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver (1).exe
2012-10-06 03:51 - 2012-10-06 03:51 - 07389184 ____A (FS) C:\Users\Josh\Downloads\spyrowebworldportaldriver.exe
2012-10-05 13:32 - 2012-10-05 13:32 - 04617512 ____A (Garmin International) C:\Users\Josh\Downloads\GarminMapUpdater.exe
2012-10-04 17:57 - 2012-06-06 13:31 - 00001873 ____A C:\Users\Josh\Desktop\System Mechanic.lnk
2012-10-03 20:57 - 2012-10-03 20:57 - 01679360 ____A C:\Users\Josh\Downloads\mov03.mpg
2012-10-03 12:52 - 2012-06-06 13:29 - 00041176 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe
2012-10-03 12:51 - 2012-06-06 13:29 - 00023128 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe
2012-10-03 12:35 - 2012-06-06 13:29 - 02097032 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator32.dll
2012-09-30 13:24 - 2012-09-30 13:13 - 110873912 ____A C:\Users\Josh\Downloads\WEaT-360x200-med-res-105MB.ram
2012-09-30 13:14 - 2012-09-30 13:12 - 176298740 ____A C:\Users\Josh\Downloads\BAF-Part-1.wmv
2012-09-30 12:34 - 2012-09-30 12:34 - 35824651 ____A C:\Users\Josh\Downloads\STNV-1701-Pennsylvania-Ave-480p.mp4
2012-09-30 06:17 - 2012-09-30 06:17 - 00023040 ____A C:\Users\Josh\Desktop\Den10Info.xls
2012-09-29 16:54 - 2012-05-21 06:07 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-23 06:26 - 2012-09-23 06:26 - 00591592 ____A (Unity Technologies ApS) C:\Users\Josh\Downloads\UnityWebPlayer.exe
2012-09-20 07:03 - 2012-09-20 07:03 - 01000376 ____A (Solid State Networks) C:\Users\Josh\Downloads\install_flashplayer11x32_mssd_au_aih.exe
2012-09-20 06:20 - 2012-09-20 06:20 - 00001626 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-20 05:04 - 2012-09-20 05:04 - 00001854 ____A C:\Users\Public\Desktop\Safari.lnk
2012-09-18 20:01 - 2012-09-18 20:01 - 00894952 ____A (Oracle Corporation) C:\Users\Josh\Downloads\chromeinstall-7u7.exe
2012-09-18 19:55 - 2012-09-18 19:54 - 28250154 ____A C:\Users\Josh\Downloads\MyFiles.zip
2012-09-13 05:28 - 2012-10-09 17:53 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-11 06:04 - 2012-09-11 06:04 - 00000652 ____A C:\Users\Josh\Downloads\vcard.vcf
2012-09-05 18:10 - 2012-08-26 07:08 - 00001050 ____A C:\Windows\KB893803v2.log
2012-09-02 09:38 - 2012-09-02 09:38 - 00001218 ____A C:\Users\Josh\Desktop\XFINITY Connect.lnk
2012-09-02 09:38 - 2012-09-02 09:38 - 00001184 ____A C:\Users\Josh\Desktop\XFINITY TV.lnk
2012-09-02 09:38 - 2012-09-02 09:37 - 00005289 ____A C:\comcastrelease.log
2012-09-02 09:37 - 2012-09-02 09:37 - 00776792 ____A C:\Users\Josh\Downloads\Comcast_Desktop_Software_1203 (1).exe
2012-09-02 09:37 - 2012-09-02 09:36 - 00776792 ____A C:\Users\Josh\Downloads\Comcast_Desktop_Software_1203.exe
2012-08-29 03:27 - 2012-10-09 17:53 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-29 03:27 - 2012-10-09 17:53 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-25 23:34 - 2006-11-02 02:23 - 00000521 ____A C:\Windows\win.ini
2012-08-24 12:15 - 2012-08-24 12:15 - 00074703 ____A C:\Windows\System32\mfc45.dat
2012-08-24 07:53 - 2012-10-09 17:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-23 23:27 - 2012-09-22 00:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-23 23:03 - 2012-09-22 00:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-23 22:59 - 2012-09-22 00:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-23 22:51 - 2012-09-22 00:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-23 22:51 - 2012-09-22 00:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-23 22:51 - 2012-09-22 00:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-23 22:49 - 2012-09-22 00:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-23 22:48 - 2012-09-22 00:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-23 22:47 - 2012-09-22 00:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-23 22:47 - 2012-09-22 00:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-23 22:47 - 2012-09-22 00:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-23 22:45 - 2012-09-22 00:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-23 22:44 - 2012-09-22 00:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-23 22:44 - 2012-09-22 00:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-23 22:43 - 2012-09-22 00:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-23 22:40 - 2012-09-22 00:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-21 10:01 - 2012-09-20 06:19 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 10:01 - 2009-09-13 14:37 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
2012-08-18 16:57 - 2012-08-18 16:56 - 48540160 ____A C:\Users\Josh\Downloads\calibre-0.8.65.msi
2012-08-17 14:50 - 2012-08-17 14:45 - 00000035 ____A C:\Users\Josh\AppData\Local\installLang.ini
2012-08-17 14:45 - 2012-08-17 14:45 - 00001908 ____A C:\Users\Josh\Desktop\Hamster Lite Archiver.lnk
2012-08-17 14:36 - 2012-08-17 14:35 - 44104112 ____A (Sony Corporation ) C:\Users\Josh\Downloads\ReaderInstaller.exe
2012-08-14 23:33 - 2006-11-02 04:47 - 00746992 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-11 06:27 - 2012-08-11 06:27 - 03297688 ____A (Retrogamer) C:\Users\Josh\Downloads\RetrogamerSetup2.5.6.6.RGman000.exe
2012-08-03 12:20 - 2012-08-03 12:20 - 00000761 ____A C:\Users\Public\Desktop\Play Wizard101.lnk
2012-08-03 09:11 - 2012-08-03 09:11 - 12378192 ____A (Acresso Software Inc.) C:\Users\Josh\Downloads\InstallWizard101 (3).exe
2012-08-03 09:11 - 2012-08-03 09:10 - 12378192 ____A (Acresso Software Inc.) C:\Users\Josh\Downloads\InstallWizard101 (2).exe
2012-08-03 07:04 - 2012-08-03 07:04 - 12378192 ____A (Acresso Software Inc.) C:\Users\Josh\Downloads\InstallWizard101.exe
2012-08-03 07:04 - 2012-08-03 07:04 - 12378192 ____A (Acresso Software Inc.) C:\Users\Josh\Downloads\InstallWizard101 (1).exe
2012-08-02 07:21 - 2012-08-24 12:20 - 00068464 ____A (Raxco Software, Inc.) C:\Windows\System32\Drivers\PDFsFilter.sys


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-03 22:50:31
Restore point made on: 2012-10-04 19:06:13
Restore point made on: 2012-10-05 22:04:28
Restore point made on: 2012-10-06 16:45:53
Restore point made on: 2012-10-06 17:27:37
Restore point made on: 2012-10-07 23:36:10
Restore point made on: 2012-10-08 21:08:31
Restore point made on: 2012-10-09 23:41:07
Restore point made on: 2012-10-10 00:00:56
Restore point made on: 2012-10-14 22:54:27
Restore point made on: 2012-10-15 05:14:11
Restore point made on: 2012-10-16 12:44:03
Restore point made on: 2012-10-17 19:26:29
Restore point made on: 2012-10-18 08:03:24
Restore point made on: 2012-10-18 18:33:43
Restore point made on: 2012-10-19 07:26:14
Restore point made on: 2012-10-20 14:51:51

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4092.57 MB
Available physical RAM: 3459.8 MB
Total Pagefile: 3959.89 MB
Available Pagefile: 3685.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.31 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:37.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Local Drive (G:)) (Fixed) (Total:1863.01 GB) (Free:1134.56 GB) NTFS
6 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
7 Drive i: (BOWERS_4G) (Removable) (Total:3.74 GB) (Free:3.71 GB) FAT32
12 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.79 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 1863 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 3830 MB 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 10 GB 55 MB
Partition 3 Primary 456 GB 10 GB

=========================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 12 FAT Partition 55 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 X RECOVERY NTFS Partition 10 GB Healthy Boot

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C OS NTFS Partition 456 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

=========================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D Local Drive NTFS Partition 1863 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3828 MB 19 KB

=========================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 I BOWERS_4G FAT32 Removable 3828 MB Healthy

=========================================================

Last Boot: 2012-10-20 10:52

==================== End Of Log ============================

Farbar Recovery Scan Tool (x86) Version: 15-10-2012
Ran by SYSTEM at 2012-10-20 22:03:51
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-18 01:12] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:24] - [2008-01-20 18:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe
[2009-09-18 01:12] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

=== End Of Search ===

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:38 PM

Posted 20 October 2012 - 10:45 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 R. Josh B.

R. Josh B.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 21 October 2012 - 03:31 PM

ComboFix 12-10-21.02 - Josh 10/21/2012 13:29:53.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1625 [GMT -5:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Josh\Favorites\mxfilerelatedcache.mxc2
c:\users\Josh\GoToAssistDownloadHelper.exe
c:\users\Josh\xobglu32.dll
G:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 )))))))))))))))))))))))))))))))
.
.
2012-10-21 18:46 . 2012-10-21 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-21 05:55 . 2012-10-21 05:55 -------- d-----w- C:\FRST
2012-10-21 04:47 . 2012-10-21 04:47 -------- d-----w- C:\found.001
2012-10-10 03:53 . 2012-10-10 03:53 -------- d-----w- c:\users\Josh\AppData\Roaming\IDM
2012-10-10 01:53 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 01:53 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 01:53 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 01:53 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 01:53 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 01:53 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 01:53 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 19:53 . 2012-10-16 01:03 -------- d-----w- c:\windows\system32\drivers\N360\0604000.009
2012-10-07 06:12 . 2012-10-07 06:12 -------- d-----w- C:\New Folder
2012-10-07 00:44 . 2012-10-07 00:44 -------- d-----w- c:\users\Josh\{14f311de-49e2-4874-8b63-963043114bd3}
2012-10-07 00:44 . 2012-10-07 01:27 -------- d-----w- c:\program files\FS
2012-10-05 21:32 . 2012-10-05 21:32 -------- d-----w- c:\users\Josh\AppData\Roaming\Garmin
2012-10-05 02:03 . 2012-04-17 12:25 27080 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-09-24 13:21 . 2012-09-24 13:21 -------- d-----w- c:\users\Josh\AppData\Local\Macromedia
2012-09-24 13:20 . 2012-09-24 13:20 -------- d-----w- c:\users\Josh\AppData\Local\Retrogamer_4w
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 18:24 . 2012-06-17 04:54 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:24 . 2011-05-23 11:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 20:52 . 2012-06-06 21:29 41176 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-10-03 20:51 . 2012-06-06 21:29 23128 ----a-w- c:\windows\system32\smrgdf.exe
2012-10-03 20:35 . 2012-06-06 21:29 2097032 ----a-w- c:\windows\system32\Incinerator32.dll
2012-09-30 00:54 . 2012-05-21 14:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 20:15 . 2012-08-24 20:15 74703 ----a-w- c:\windows\system32\mfc45.dat
2012-08-21 18:01 . 2012-09-20 14:19 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2009-09-13 22:37 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-02 15:21 . 2012-08-24 20:20 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2012-03-11 20:10 . 2011-03-29 15:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-25 19:31 . 2010-03-29 22:24 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 18:01 . 2011-04-18 19:35 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-08 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-17 15:02 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-17 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-17 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"PlayOn"="c:\program files\MediaMall\PlayOn.exe" [2012-09-10 53248]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Retrogamer_4w Browser Plugin Loader"="c:\progra~1\RETROG~1\bar\1.bin\4wbrmon.exe" [2012-08-11 30096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameStop Now.lnk - c:\program files\Impulse\Now\GameStopNow.exe [2012-5-3 2039536]
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-3-10 157088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ """autocheck autochk *"""\0autocheck smrgdf c:\users\Josh\AppData\Roaming\iolo\\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Online Backup Status.lnk]
backup=c:\windows\pss\McAfee Online Backup Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
backup=c:\windows\pss\TotalMedia Backup Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
backup=c:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Impulse Now.lnk]
backup=c:\windows\pss\Impulse Now.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WJAC Desktop Alert.lnk]
backup=c:\windows\pss\WJAC Desktop Alert.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMMUNICATOR
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-03-26 13:00 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2004-10-14 14:17 45056 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 02:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atari Launcher 2]
2001-05-22 22:13 55296 ----a-w- c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Atari Icon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth HCI Monitor]
2006-12-07 23:50 9728 ------w- c:\windows\System32\HCIMNTR.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2011-08-23 20:03 50592 ----a-w- c:\users\Josh\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-08-19 17:25 1589208 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2009-04-11 06:27 69120 ----a-w- c:\windows\System32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2009-07-21 16:50 84464 ----a-w- c:\program files\Roxio 2010\5.0\CPMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-03 17:19 25600 ------w- c:\windows\System32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
2004-10-27 20:07 987136 ----a-w- c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-07-07 14:23 1779952 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-23 06:18 494064 ----a-w- c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 07:57 1025320 ----a-w- c:\program files\Common Files\supportsoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\doubleTwist]
2011-11-22 21:13 24576 ----a-w- c:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-03-17 14:30 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-25 19:31 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-11 20:46 136176 ----atw- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
2012-10-03 20:33 939896 ----a-w- c:\program files\iolo\Common\Lib\ioloLManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 20:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 09:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LockerSync]
2008-02-04 19:08 51200 ----a-w- c:\program files\MP3tunes\LockerSync3\Oboe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-08-11 10:46 13543968 ------w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-01-15 18:31 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2008-01-03 21:57 184864 ------w- c:\windows\System32\nvraidservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayOn]
2012-09-10 19:45 53248 ----a-w- c:\program files\MediaMall\PlayOn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
2006-11-08 20:01 49152 ------w- c:\windows\System32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-24 13:33 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-12-02 23:15 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-18 08:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2007-04-17 20:22 184320 ------w- c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 18:24]
.
2012-10-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-18 22:33]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 18:11]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 18:11]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3722254389-3469369917-588677217-1000Core.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11 20:46]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3722254389-3469369917-588677217-1000UA.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11 20:46]
.
2012-10-15 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:03]
.
2012-10-19 c:\windows\Tasks\NatSpeak Periodic Data Collection.job
- c:\program files\Nuance\NaturallySpeaking10\Program\datacollector.exe [2009-03-17 03:02]
.
2012-10-21 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:03]
.
2011-12-23 c:\windows\Tasks\Roxio PhotoShow Updater.job
- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2010-11-30 02:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080918
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
TCP: DhcpNameServer = 172.27.35.1
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} - hxxps://www.mesh.com/0.9.4014.3/TSWeb.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17284
FF - prefs.js: browser.search.selectedEngine - XFINITY
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=insDate09022012|http://www.comcast.net/xfinity/?cid=insdate09022012&cid=ffpintab|http://xfinitytv.comcast.net/?cid=xfactiv_tv&cid=ffpintab|http://www.comcast.net/qry/goto?app=mail&cid=xfactiv_email&cid=ffpin
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - ExtSQL: 2012-09-20 09:42; idvaultaddin@whitesky; c:\programdata\White Sky, Inc\ID Vault\XPCOM10
FF - ExtSQL: 2012-09-21 21:21; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn
FF - ExtSQL: 2012-09-22 03:26; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn
FF - ExtSQL: !HIDDEN! 2010-01-11 06:20; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2010-01-17 07:54; dxjpdlbmej@dxjpdlbmej.org; c:\users\Josh\Application Data\Mozilla\Firefox\Profiles\9g2zfvdt.default\extensions\dxjpdlbmej@dxjpdlbmej.org.xpi
FF - ExtSQL: !HIDDEN! 2010-08-23 02:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-08-11 09:28; 4wffxtbr@Retrogamer_4w.com; c:\program files\Retrogamer_4w\bar\1.bin
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=100512_4_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 72ac2464000000000000001e4ccc8936
FF - user.js: extensions.BabylonToolbar_i.hardId - 72ac2464000000000000001e4ccc8936
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15474
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:30
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{729B931B-FF75-4753-9A67-74551D1B0288} - (no file)
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
MSConfigStartUp-Akamai NetSession Interface - c:\users\Josh\AppData\Local\Akamai\netsession_win.exe
MSConfigStartUp-HFALoader - c:\program files\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe
MSConfigStartUp-MAGIXautostart - e:\install\program\setup.exe
MSConfigStartUp-MoeMonitor - (no file)
AddRemove-IntelliCAD v.6.4.23.2 - c:\progra~1\Autodsys\INTELL~1.2ST\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-21 13:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3722254389-3469369917-588677217-1000\Software\SecuROM\License information*]
"datasecu"=hex:34,12,b7,c4,c2,4a,15,d4,35,62,bf,55,d1,02,aa,32,b6,d1,45,55,f5,
4e,92,45,ed,b8,9f,da,58,7c,0c,ff,18,a2,08,ae,ad,6f,aa,4b,80,c0,e8,a2,0b,ac,\
"rkeysecu"=hex:95,ca,31,99,7c,ad,f7,34,1d,b3,70,6d,c6,fe,00,a6
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3992)
c:\program files\Retrogamer_4w\bar\1.bin\4wbrstub.dll
.
Completion time: 2012-10-21 13:56:02
ComboFix-quarantined-files.txt 2012-10-21 18:55
.
Pre-Run: 78,805,340,160 bytes free
Post-Run: 78,664,134,656 bytes free
.
- - End Of File - - DC89EFD89726EA90C56EBD273BB20183

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:38 PM

Posted 21 October 2012 - 10:33 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FireFox::
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17284
FF - ExtSQL: !HIDDEN! 2010-01-17 07:54; dxjpdlbmej@dxjpdlbmej.org; c:\users\Josh\Application Data\Mozilla\Firefox\Profiles\9g2zfvdt.default\extensions\dxjpdlbmej@dxjpdlbmej.org.xpi
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=100512_4_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 72ac2464000000000000001e4ccc8936
FF - user.js: extensions.BabylonToolbar_i.hardId - 72ac2464000000000000001e4ccc8936
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15474
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:30
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 R. Josh B.

R. Josh B.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 22 October 2012 - 10:03 PM

# AdwCleaner v2.005 - Logfile created 10/22/2012 at 21:54:14
# Updated 14/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Josh - JOSH-PC
# Boot Mode : Normal
# Running from : C:\Users\Josh\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\AGI
Deleted on reboot : C:\Program Files\Retrogamer_4w
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\searchplugins\mywebsearch.xml
File Deleted : C:\Windows\system32\Macromed\Flash\FlashPlayerTrust\UnifiedToolbar.cfg
File Deleted : C:\Windows\Uninstall.exe
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\AGI
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Users\Josh\AppData\Local\Retrogamer_4w
Folder Deleted : C:\Users\Josh\AppData\LocalLow\AGI
Folder Deleted : C:\Users\Josh\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Josh\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Josh\AppData\LocalLow\Kiwee Toolbar
Folder Deleted : C:\Users\Josh\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Josh\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Josh\AppData\LocalLow\Retrogamer_4w
Folder Deleted : C:\Users\Josh\AppData\Roaming\AGI
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\Conduit
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\ConduitCommon
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\CT1060933
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\contenthandler.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-US)

Profile name : default
File : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\prefs.js

C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\user.js ... Deleted !

Deleted : user_pref("CT1060933..clientLogIsEnabled", true);
Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1060933.AppTrackingLastCheckTime", "Tue Mar 29 2011 08:59:09 GMT-0400 (Eastern Daylight[...]
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129633202291172081", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129652058719725628", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Deleted : user_pref("CT1060933.CTID", "CT1060933");
Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Sun Mar 11 2012 16:11:16 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Deleted : user_pref("CT1060933.CommunityChanged", true);
Deleted : user_pref("CT1060933.CurrentServerDate", "11-3-2012");
Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Sun Mar 11 2012 14:14:43 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Sun Mar 11 2012 14:14:38 GMT-0400 (Eastern [...]
Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
Deleted : user_pref("CT1060933.FirstServerDate", "9-3-2010");
Deleted : user_pref("CT1060933.FirstTime", true);
Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);
Deleted : user_pref("CT1060933.HomePageProtectorEnabled", false);
Deleted : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://www.google.com/ig/dell");
Deleted : user_pref("CT1060933.Initialize", true);
Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1060933.InstalledDate", "Tue Mar 09 2010 11:51:06 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT1060933.InvalidateCache", false);
Deleted : user_pref("CT1060933.IsAlertDBUpdated", true);
Deleted : user_pref("CT1060933.IsGrouping", false);
Deleted : user_pref("CT1060933.IsMulticommunity", true);
Deleted : user_pref("CT1060933.IsOpenThankYouPage", true);
Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);
Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Sun Mar 11 2012 14:14:43 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1060933.LastLogin_2.5.6.0", "Sun Mar 06 2011 19:24:03 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT1060933.LastLogin_3.3.2.1", "Tue Mar 29 2011 08:58:54 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT1060933.LastLogin_3.3.3.2", "Fri Sep 30 2011 16:43:40 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT1060933.LastLogin_3.7.0.6", "Tue Nov 15 2011 09:29:00 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT1060933.LastLogin_3.8.0.8", "Sun Mar 11 2012 14:14:41 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT1060933.LatestVersion", "3.10.0.1");
Deleted : user_pref("CT1060933.Locale", "en-us");
Deleted : user_pref("CT1060933.LoginCache", 4);
Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1060933.MCDetectTooltipShow", false);
Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Deleted : user_pref("CT1060933.RadioLastCheckTime", "Sun Mar 11 2012 14:14:41 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Deleted : user_pref("CT1060933.RadioMediaID", "21504191");
Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Deleted : user_pref("CT1060933.RadioShrinked", "shrinked");
Deleted : user_pref("CT1060933.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT1060933.RadioStationName", "KFOG");
Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Deleted : user_pref("CT1060933.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT1060933.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT1060933.SearchEngineBeforeUnload", "Secure Search");
Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Sun Mar 11 2012 14:14:38 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT1060933.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT1060933.SearchProtectorEnabled", false);
Deleted : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Sun Mar 11 2012 14:14:38 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT1060933.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Sun Mar 11 2012 14:14:37 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT1060933.SettingsLastUpdate", "1330957254");
Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Sun Mar 11 2012 14:14:37 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT1060933.UserID", "UN75783774387779223");
Deleted : user_pref("CT1060933.ValidationData_Search", 2);
Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1060933.WeatherNetwork", "");
Deleted : user_pref("CT1060933.WeatherPollDate", "Sun Mar 11 2012 17:15:19 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT1060933.WeatherUnit", "F");
Deleted : user_pref("CT1060933.alertChannelId", "15651");
Deleted : user_pref("CT1060933.approveUntrustedApps", false);
Deleted : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "247E6F727174354379453A3D2A722C757A787D312833232[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6F6F727370767171");
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747375757879767C7777242F4B4947[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj74gh:8o=ma'rgj", "247E61393F236B25737573732A212C6E414[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj7fk;kg#8qkef)til", "247E61393F236B25737476742A212C6E4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj<28daj=$odg", "247E61393F236B256E7372782A212C6E414F44[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj=69dk<@pon'rgj", "247E61393F236B25747577722A212C6E414[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjeik4!lad", "247E61393F236B25767179732A212C6E414F444D3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjh<4 @j<", "247E61393F236B256F6F74732A212C6E414F444D32[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cji8a k@c", "247E61393F236B256F75287E2A6C3F4D424B307832[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cji;<ai\"mbe", "247E61393F236B256E7378762A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cji>g;elocm;dcqde,wlo", "247E61393F236B25717171772A212C[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g>d", "6C6B6E713D6E436D7A76757179204B797E7D254C7E7E252A22[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT1060933.backendstorage./9b/556,bi5a>g", "6E6D6F706E6B6E707578747173");
Deleted : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D464[...]
Deleted : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "666B686E7073416E7A46797776497778494E4B4E4F");
Deleted : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F727370767577727875");
Deleted : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");
Deleted : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT1060933.backendstorage.cb_user_id_000", "43423139393637363238343237305F46697265666F78")[...]
Deleted : user_pref("CT1060933.backendstorage.cbfirsttime", "4D6F6E204A616E20323320323031322031353A34343A33382[...]
Deleted : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "467269204D617220313620323031322031343A[...]
Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Deleted : user_pref("CT1060933.backendstorage.url_history0001", "68747470733A2F2F736169632E74616C656F2E6E65742[...]
Deleted : user_pref("CT1060933.clientLogIsEnabled", true);
Deleted : user_pref("CT1060933.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT1060933.components.1000234", true);
Deleted : user_pref("CT1060933.components.1003", true);
Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Sun Mar 11 2012 14:14:44 GMT-0400 (Eastern [...]
Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.initDone", true);
Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1060933.isFirstRadioInstallation", false);
Deleted : user_pref("CT1060933.myStuffEnabled", true);
Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,111,129272674122038321[...]
Deleted : user_pref("CT1060933.revertSettingsEnabled", false);
Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.testingCtid", "");
Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Sun Mar 11 2012 14:14:43 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Sun Mar 11 2012 14:14:43 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT1060933.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT1060933.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/maxi.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play_mi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Josh\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.imgag.com/?appid=kwtb&comp[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Mar 06 2011 22:19:59 GMT-05[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Aug 29 2011 07:06:09 GMT-0400 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Sep 30 2011 16:43:36 GMT-0400 (Eastern D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "364c2426-db51-403d-b14d-38c3262ea1ae");
Deleted : user_pref("CommunityToolbar.globalUserId", "f6a573ba-8bcf-48f3-8c3b-3b4a4432f88f");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Mar 11 2012 14:14:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Mar 11 2012 14:14:47 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Mar 11 2012 14:14:39 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "db5dbd39-e969-4e44-b6e3-01edab2c769d");
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.order.1", "Blekko");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935&tt=100512_4_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "72ac2464000000000000001e4ccc8936");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "72ac2464000000000000001e4ccc8936");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15474");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109935&tt=10051[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.178:30:55");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.searchHistory", "how to remove babylon toolbar")[...]
Deleted : user_pref("startup.homepage_override_url", "hxxp://www.ask.com/?o=20011&l=dis");

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [33413 octets] - [22/10/2012 21:54:14]

########## EOF - C:\AdwCleaner[S1].txt - [33474 octets] ##########

ComboFix 12-10-22.02 - Josh 10/22/2012 20:46:38.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1508 [GMT -5:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
Command switches used :: c:\users\Josh\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-23 02:05 . 2012-10-23 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-21 05:55 . 2012-10-21 05:55 -------- d-----w- C:\FRST
2012-10-21 04:47 . 2012-10-21 04:47 -------- d-----w- C:\found.001
2012-10-10 03:53 . 2012-10-10 03:53 -------- d-----w- c:\users\Josh\AppData\Roaming\IDM
2012-10-10 01:53 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 01:53 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 01:53 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 01:53 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 01:53 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 01:53 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 01:53 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 19:53 . 2012-10-16 01:03 -------- d-----w- c:\windows\system32\drivers\N360\0604000.009
2012-10-07 06:12 . 2012-10-07 06:12 -------- d-----w- C:\New Folder
2012-10-07 00:44 . 2012-10-07 00:44 -------- d-----w- c:\users\Josh\{14f311de-49e2-4874-8b63-963043114bd3}
2012-10-07 00:44 . 2012-10-07 01:27 -------- d-----w- c:\program files\FS
2012-10-05 21:32 . 2012-10-05 21:32 -------- d-----w- c:\users\Josh\AppData\Roaming\Garmin
2012-10-05 02:03 . 2012-04-17 12:25 27080 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-09-24 13:21 . 2012-09-24 13:21 -------- d-----w- c:\users\Josh\AppData\Local\Macromedia
2012-09-24 13:20 . 2012-09-24 13:20 -------- d-----w- c:\users\Josh\AppData\Local\Retrogamer_4w
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 18:24 . 2012-06-17 04:54 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:24 . 2011-05-23 11:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 20:52 . 2012-06-06 21:29 41176 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-10-03 20:51 . 2012-06-06 21:29 23128 ----a-w- c:\windows\system32\smrgdf.exe
2012-10-03 20:35 . 2012-06-06 21:29 2097032 ----a-w- c:\windows\system32\Incinerator32.dll
2012-09-30 00:54 . 2012-05-21 14:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 20:15 . 2012-08-24 20:15 74703 ----a-w- c:\windows\system32\mfc45.dat
2012-08-24 06:59 . 2012-09-22 08:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 08:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 08:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 08:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 08:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 18:01 . 2012-09-20 14:19 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2009-09-13 22:37 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-02 15:21 . 2012-08-24 20:20 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2012-03-11 20:10 . 2011-03-29 15:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-25 19:31 . 2010-03-29 22:24 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 18:01 . 2011-04-18 19:35 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-08 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-17 15:02 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-17 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-17 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"PlayOn"="c:\program files\MediaMall\PlayOn.exe" [2012-09-10 53248]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Retrogamer_4w Browser Plugin Loader"="c:\progra~1\RETROG~1\bar\1.bin\4wbrmon.exe" [2012-08-11 30096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameStop Now.lnk - c:\program files\Impulse\Now\GameStopNow.exe [2012-5-3 2039536]
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-3-10 157088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ """autocheck autochk *"""\0autocheck smrgdf c:\users\Josh\AppData\Roaming\iolo\\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Online Backup Status.lnk]
backup=c:\windows\pss\McAfee Online Backup Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
backup=c:\windows\pss\TotalMedia Backup Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
backup=c:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Impulse Now.lnk]
backup=c:\windows\pss\Impulse Now.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WJAC Desktop Alert.lnk]
backup=c:\windows\pss\WJAC Desktop Alert.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-03-26 13:00 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2004-10-14 14:17 45056 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 02:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atari Launcher 2]
2001-05-22 22:13 55296 ----a-w- c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Atari Icon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth HCI Monitor]
2006-12-07 23:50 9728 ------w- c:\windows\System32\HCIMNTR.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2011-08-23 20:03 50592 ----a-w- c:\users\Josh\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-08-19 17:25 1589208 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2009-04-11 06:27 69120 ----a-w- c:\windows\System32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2009-07-21 16:50 84464 ----a-w- c:\program files\Roxio 2010\5.0\CPMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-03 17:19 25600 ------w- c:\windows\System32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
2004-10-27 20:07 987136 ----a-w- c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-07-07 14:23 1779952 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-23 06:18 494064 ----a-w- c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 07:57 1025320 ----a-w- c:\program files\Common Files\supportsoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\doubleTwist]
2011-11-22 21:13 24576 ----a-w- c:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-03-17 14:30 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-25 19:31 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-11 20:46 136176 ----atw- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
2012-10-03 20:33 939896 ----a-w- c:\program files\iolo\Common\Lib\ioloLManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 20:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 09:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LockerSync]
2008-02-04 19:08 51200 ----a-w- c:\program files\MP3tunes\LockerSync3\Oboe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-08-11 10:46 13543968 ------w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-01-15 18:31 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2008-01-03 21:57 184864 ------w- c:\windows\System32\nvraidservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayOn]
2012-09-10 19:45 53248 ----a-w- c:\program files\MediaMall\PlayOn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
2006-11-08 20:01 49152 ------w- c:\windows\System32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-24 13:33 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-12-02 23:15 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-18 08:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2007-04-17 20:22 184320 ------w- c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 18:24]
.
2012-10-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-18 22:33]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 18:11]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 18:11]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3722254389-3469369917-588677217-1000Core.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11 20:46]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3722254389-3469369917-588677217-1000UA.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11 20:46]
.
2012-10-22 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:03]
.
2012-10-19 c:\windows\Tasks\NatSpeak Periodic Data Collection.job
- c:\program files\Nuance\NaturallySpeaking10\Program\datacollector.exe [2009-03-17 03:02]
.
2012-10-22 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:03]
.
2011-12-23 c:\windows\Tasks\Roxio PhotoShow Updater.job
- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2010-11-30 02:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080918
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
TCP: DhcpNameServer = 172.27.35.1
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} - hxxps://www.mesh.com/0.9.4014.3/TSWeb.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\9g2zfvdt.default\
FF - prefs.js: browser.search.selectedEngine - XFINITY
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=insDate09022012|http://www.comcast.net/xfinity/?cid=insdate09022012&cid=ffpintab|http://xfinitytv.comcast.net/?cid=xfactiv_tv&cid=ffpintab|http://www.comcast.net/qry/goto?app=mail&cid=xfactiv_email&cid=ffpin
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - ExtSQL: 2012-09-20 09:42; idvaultaddin@whitesky; c:\programdata\White Sky, Inc\ID Vault\XPCOM10
FF - ExtSQL: 2012-09-21 21:21; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn
FF - ExtSQL: 2012-09-22 03:26; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn
FF - ExtSQL: !HIDDEN! 2010-01-11 06:20; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2010-01-17 07:54; dxjpdlbmej@dxjpdlbmej.org; c:\users\Josh\Application Data\Mozilla\Firefox\Profiles\9g2zfvdt.default\extensions\dxjpdlbmej@dxjpdlbmej.org.xpi
FF - ExtSQL: !HIDDEN! 2010-08-23 02:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-08-11 09:28; 4wffxtbr@Retrogamer_4w.com; c:\program files\Retrogamer_4w\bar\1.bin
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=100512_4_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 72ac2464000000000000001e4ccc8936
FF - user.js: extensions.BabylonToolbar_i.hardId - 72ac2464000000000000001e4ccc8936
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15474
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:30
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-22 21:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3722254389-3469369917-588677217-1000\Software\SecuROM\License information*]
"datasecu"=hex:34,12,b7,c4,c2,4a,15,d4,35,62,bf,55,d1,02,aa,32,b6,d1,45,55,f5,
4e,92,45,ed,b8,9f,da,58,7c,0c,ff,18,a2,08,ae,ad,6f,aa,4b,80,c0,e8,a2,0b,ac,\
"rkeysecu"=hex:95,ca,31,99,7c,ad,f7,34,1d,b3,70,6d,c6,fe,00,a6
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6784)
c:\program files\Retrogamer_4w\bar\1.bin\4wbrstub.dll
.
Completion time: 2012-10-22 21:10:29
ComboFix-quarantined-files.txt 2012-10-23 02:10
ComboFix2.txt 2012-10-21 18:56
.
Pre-Run: 76,194,271,232 bytes free
Post-Run: 76,129,980,416 bytes free
.
- - End Of File - - 33B690C275EEC4AC144E23927BF2032D

Sorry the ADW log was posted before the combolog

#10 R. Josh B.

R. Josh B.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 23 October 2012 - 07:21 AM

Also, the computer tried to do a repair at startup. It did not work and it stalled. I had to hit the power button and it did restart.

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:38 PM

Posted 23 October 2012 - 05:45 PM

were you able to run MBAM and ESET?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 R. Josh B.

R. Josh B.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 24 October 2012 - 08:02 PM

MBAM ran, ESET was running for about 12 hours when the power went out. I do not know if it had finished. When I left for work this morning it had found two trojans; JSRedirector NCA trojan an WIN32/BHO OEI trojan. I have restarted the program and I will leave it run to completion.

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:38 PM

Posted 24 October 2012 - 08:39 PM

ok, thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 R. Josh B.

R. Josh B.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 24 October 2012 - 10:50 PM

ESET has finished and removed two additional threats.

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:38 PM

Posted 25 October 2012 - 05:09 PM

Please run the following

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users