Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having virus troubles


  • This topic is locked This topic is locked
4 replies to this topic

#1 chris.gatti

chris.gatti

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jackson, TN
  • Local time:10:16 PM

Posted 20 July 2013 - 09:37 AM

Here is a copy of my most recent chat:

 

[09:16] <chrisgatti1> My computer is running extremely slow after uninstalling and sending viruses to quarantine. I am having to do this chat in safe mode it is so slow. I NEED HELP Please.
[09:18] <+GLaDOS_CORE> Well there could still be some viruses left over
[09:18] <+GLaDOS_CORE> Once a computer is infected it is never fully clean once again

[09:19] <+GLaDOS_CORE> What antivirus software have you scanned with?
[09:20] <chrisgatti1> I have run Malwarebytes, Spybot, Avast (also a boot scan), I defragged, and performed a registry clean and defrag.
[09:20] <chrisgatti1> I use Avast.
[09:20] <+GLaDOS_CORE> hmm
[09:21] <+GLaDOS_CORE> Perhaps you have some stuff on the system that you could uninstall that would speed it up, such as programs you don't use also check msconfig for startup programs that could be slowing it down
[09:22] <chrisgatti1> I am currently running a scan on Microsoft safety Scanner
[09:22] <+GLaDOS_CORE> Microsoft safety scanner?
[09:22] <chrisgatti1> yes
[09:22] <&w00t> http://www.bleepingcomputer.com/forums/forum103.html - start a new post in the Am I Infected forum and someone will help you there chrisgatti1

[09:24] <chrisgatti1> I did remove several items from the start menu and it helped some but when I open programs for work it takes hours to do simple tasks.
[09:24] <+GLaDOS_CORE> Hmm
[09:24] <+GLaDOS_CORE> What OS?
[09:25] <chrisgatti1> Windows 7 Home Premium
[09:26] <+GLaDOS_CORE> How much RAM and is your processer a 32 or 64 bit?
[09:27] * Joins: Jim[Mac]
[09:27] <chrisgatti1> one moment...
[09:27] * w00t sets mode: +v Jim[Mac]
[09:27] <chrisgatti1> how do I get that info.?
[09:27] <+GLaDOS_CORE> start button > right click my computer > left click properties
[09:29] <chrisgatti1> 4 GB (3.8 useable) and 64 bit
[09:29] <+GLaDOS_CORE> When in normal mode does the CPU usuage appear to be high (or do you not monitor it in task manger?)
[09:30] <+GLaDOS_CORE> Also how many antiviruses are you running?

[09:30] <chrisgatti1> 1 Avast
[09:31] <chrisgatti1> it seems to be normal from what I have checked yesterday
[09:32] <chrisgatti1> I don't use a monitor regularly
[09:32] <+GLaDOS_CORE> Hmm I recommend taking w00t's advice and posting in the "Am I infected?" forum, as there still could be a virus lingering The forum can be found here: http://www.bleepingcomputer.com/forums/forum103.html
[09:34] <chrisgatti1> OK will do.
[09:34] <chrisgatti1> Thanks for the help.
[09:34] <+GLaDOS_CORE> You're welcome
[09:34] <+GLaDOS_CORE> Have a nice day
 

 



BC AdBot (Login to Remove)

 


#2 chris.gatti

chris.gatti
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jackson, TN
  • Local time:10:16 PM

Posted 20 July 2013 - 09:40 AM

I really need help with this as this is the laptop I use for work.



#3 chris.gatti

chris.gatti
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jackson, TN
  • Local time:10:16 PM

Posted 20 July 2013 - 10:06 AM

Here is the Malwarebytes scan log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.09.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
ICU Automotive :: ICU [administrator]

7/10/2013 11:22:13 AM
mbam-log-2013-07-10 (11-22-13).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 448935
Time elapsed: 1 hour(s), 58 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#4 chris.gatti

chris.gatti
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jackson, TN
  • Local time:10:16 PM

Posted 20 July 2013 - 10:24 AM

C:\Program files(x86)\Retrogamer_4w\bar\1.bin\4wsknlcr.dll is the file path

and

PUP:Win32:FunWeb-K[PUP]

is the infection

 

Here is the log from the AdwCleaner:

 

# AdwCleaner v2.306 - Logfile created 07/20/2013 at 10:29:25
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : ICU Automotive - ICU
# Boot Mode : Safe mode with networking
# Running from : C:\Users\ICU Automotive\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\windows\SysWOW64\conduitEngine.tmp
Folder Found : C:\Program Files (x86)\GameTap Web Player
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\GameTapPlayer@gametap.com
Folder Found : C:\Program Files (x86)\Retrogamer_4w
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\GameTap Web Player
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\ICU Automotive\AppData\Local\iWin
Folder Found : C:\Users\ICU Automotive\AppData\Local\Max Secure Software
Folder Found : C:\Users\ICU Automotive\AppData\Local\Retrogamer_4w
Folder Found : C:\Users\ICU Automotive\AppData\Local\searchcom_001
Folder Found : C:\Users\ICU Automotive\AppData\LocalLow\Retrogamer_4w
Folder Found : C:\Users\ICU Automotive\AppData\Roaming\iWin
Folder Found : C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\CT1678857
Folder Found : C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\extensions\{ce0c2586-da36-452b-acdb-320d9bcb19bf}
Folder Found : C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\extensions\4wffxtbr@Retrogamer_4w.com
Folder Found : C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\Smartbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A13CC898-9CA9-4578-9629-B328422FF014}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A13CC898-9CA9-4578-9629-B328422FF014}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@Retrogamer_4w.com/Plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AE3EE8-05D3-4DAF-8A0B-2530394FD8CB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2FCFC6FD-409C-43AD-88C4-1F7610125B87}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C1C2024-BE02-4011-92CA-B6E1E333C010}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DF0ADF8-A019-48E9-A1A9-5FC523A3B4D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE17D239-0B9D-425C-AA3A-E402C42C015A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{70AE3EE8-05D3-4DAF-8A0B-2530394FD8CB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A7C43421-AB2B-4373-AADD-F4B7AE15FDBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-2086656365-2167340116-2053524354-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4wffxtbr@Retrogamer_4w.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\prefs.js

Found : user_pref("CT1678857.1000082.isPlayDisplay", "true");
Found : user_pref("CT1678857.1000082.state", "{\"state\":\"stopped\",\"text\":\"Ultimate ...\",\"description[...]
Found : user_pref("CT1678857.1000234.TWC_TMP_city", "MEMPHIS");
Found : user_pref("CT1678857.1000234.TWC_TMP_country", "US");
Found : user_pref("CT1678857.1000234.TWC_country", "UNITED STATES");
Found : user_pref("CT1678857.1000234.TWC_locId", "USTN0325");
Found : user_pref("CT1678857.1000234.TWC_location", "Memphis, TN");
Found : user_pref("CT1678857.1000234.TWC_region", "US");
Found : user_pref("CT1678857.1000234.TWC_temp_dis", "f");
Found : user_pref("CT1678857.1000234.TWC_wind_dis", "mph");
Found : user_pref("CT1678857.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"82°F\",\"temperat[...]
Found : user_pref("CT1678857.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1678857.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT1678857.FirstTime", "true");
Found : user_pref("CT1678857.FirstTimeFF3", "true");
Found : user_pref("CT1678857.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3MjE5OTc1Ng==");
Found : user_pref("CT1678857.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3MzQ4MTU4MA==");
Found : user_pref("CT1678857.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MQ==");
Found : user_pref("CT1678857.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.e[...]
Found : user_pref("CT1678857.PG_ENABLE", "dHJ1ZQ==");
Found : user_pref("CT1678857.PG_ENABLE.enc", "dHJ1ZQ==");
Found : user_pref("CT1678857.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Found : user_pref("CT1678857.SF_STATUS.enc", "RU5BQkxFRA==");
Found : user_pref("CT1678857.SF_USER_ID.enc", "Y2lkXzMwNDIwMTM4NDczMDI4MzMwMzM=");
Found : user_pref("CT1678857.UserID", "UN46216675011478714");
Found : user_pref("CT1678857.acp_personal.appstate.enc", "ZW5hYmxl");
Found : user_pref("CT1678857.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT1678857.cbfirsttime.enc", "U2F0IE1heSAyNSAyMDEzIDE3OjM3OjM0IEdNVC0wNTAwIChDZW50cmFsIFN0[...]
Found : user_pref("CT1678857.countryCode", "US");
Found : user_pref("CT1678857.defaultSearch", "FALSE");
Found : user_pref("CT1678857.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3AzIiwidmVyc2lvbiI6NX[...]
Found : user_pref("CT1678857.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzczNDE4NzQyMzcyLDE0NDAwMDAwXX[...]
Found : user_pref("CT1678857.discover-user-id.enc", "ImJmZjEzN2JhLWM2OGYtNDYyMS1iYjdlLTExMjZkZmJjMmZjOSI=");
Found : user_pref("CT1678857.embeddedsData", "[{\"appId\":\"128562694409044020\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT1678857.enableAlerts", "never");
Found : user_pref("CT1678857.enableFix404ByUser", "FALSE");
Found : user_pref("CT1678857.firstTimeDialogOpened", "true");
Found : user_pref("CT1678857.fixPageNotFoundErrorByUser", "TRUE");
Found : user_pref("CT1678857.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT1678857.fixUrls", true);
Found : user_pref("CT1678857.fullUserID", "UN46216675011478714.UP.20130628102936");
Found : user_pref("CT1678857.ground-country-code.enc", "IlVTIg==");
Found : user_pref("CT1678857.hxxp___www_iwin_com_corp_toolbar.APP_WIN_FEATURES.enc", "c2F2ZWxvY2F0aW9uPW5vLH[...]
Found : user_pref("CT1678857.installType", "Unknown");
Found : user_pref("CT1678857.isCheckedStartAsHidden", true);
Found : user_pref("CT1678857.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1678857.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT1678857.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT1678857.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Found : user_pref("CT1678857.lastVersion", "10.16.4.519");
Found : user_pref("CT1678857.mam_gk_appStateReportTime.enc", "MTM3NDMyNjMyNjU1MQ==");
Found : user_pref("CT1678857.mam_gk_appState_JobsMiner.enc", "b24=");
Found : user_pref("CT1678857.mam_gk_appState_PriceGong.enc", "b24=");
Found : user_pref("CT1678857.mam_gk_appState_PriceGrabber.enc", "b24=");
Found : user_pref("CT1678857.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT1678857.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Found : user_pref("CT1678857.mam_gk_calledSetupService.enc", "MQ==");
Found : user_pref("CT1678857.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJ[...]
Found : user_pref("CT1678857.mam_gk_currentBadgeValue.enc", "MQ==");
Found : user_pref("CT1678857.mam_gk_currentVersion.enc", "MS45LjAuNA==");
Found : user_pref("CT1678857.mam_gk_eventsCache.enc", "eyIyZmU2Y2E3Zi0zZTI0LTQ0ODUtODg2ZS1kMzgyM2U0NDNmMjIiO[...]
Found : user_pref("CT1678857.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Found : user_pref("CT1678857.mam_gk_first_time.enc", "MQ==");
Found : user_pref("CT1678857.mam_gk_gadgetOpen.enc", "MA==");
Found : user_pref("CT1678857.mam_gk_installer_preapproved.enc", "RkFMU0U=");
Found : user_pref("CT1678857.mam_gk_lastLoginTime.enc", "MTM3NDMyNjMyMzYzNA==");
Found : user_pref("CT1678857.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Found : user_pref("CT1678857.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Found : user_pref("CT1678857.mam_gk_newApps.enc", "W10=");
Found : user_pref("CT1678857.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT1678857.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT1678857.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT1678857.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT1678857.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT1678857.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Found : user_pref("CT1678857.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Found : user_pref("CT1678857.mam_gk_userId.enc", "ZGY0NTcyMDktNmNmYy00N2QyLThhOTUtYzNkM2NmMmU4MTRh");
Found : user_pref("CT1678857.migrateAppsAndComponents", true);
Found : user_pref("CT1678857.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"hxxp://tinyurl.com/5uwger8\",\"E[...]
Found : user_pref("CT1678857.openThankYouPage", "FALSE");
Found : user_pref("CT1678857.price-gong.isManagedApp", "true");
Found : user_pref("CT1678857.revertSettingsEnabled", "false");
Found : user_pref("CT1678857.search.searchAppId", "128562694409044020");
Found : user_pref("CT1678857.search.searchCount", "0");
Found : user_pref("CT1678857.searchInNewTabEnabledByUser", "false");
Found : user_pref("CT1678857.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT1678857.searchSuggestEnabledByUser", "false");
Found : user_pref("CT1678857.searchUserMode", "1");
Found : user_pref("CT1678857.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1678857.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT1678857.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT1678857.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT1678857.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT1678857.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT1678857.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT1678857.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT1678857.serviceLayer_services_Configuration_lastUpdate", "1374326428156");
Found : user_pref("CT1678857.serviceLayer_services_app.twitter.user-iwingames_lastUpdate", "1374329438619");
Found : user_pref("CT1678857.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1374326427337");
Found : user_pref("CT1678857.serviceLayer_services_appsMetadata_lastUpdate", "1374326315170");
Found : user_pref("CT1678857.serviceLayer_services_getTwitterExtraInfo_lastUpdate", "1374326438037");
Found : user_pref("CT1678857.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1373418743040");
Found : user_pref("CT1678857.serviceLayer_services_location_lastUpdate", "1372199801841");
Found : user_pref("CT1678857.serviceLayer_services_login_10.15.0.562_lastUpdate", "1372199801945");
Found : user_pref("CT1678857.serviceLayer_services_login_10.15.0.62_lastUpdate", "1365196817511");
Found : user_pref("CT1678857.serviceLayer_services_login_10.15.2.523_lastUpdate", "1369421437428");
Found : user_pref("CT1678857.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374326428373");
Found : user_pref("CT1678857.serviceLayer_services_menu_77ffe86b48cc40e130952ac2b020f5f9_lastUpdate", "13743[...]
Found : user_pref("CT1678857.serviceLayer_services_menu_9233b75e364a31c44b766fd51324f4ff_lastUpdate", "13743[...]
Found : user_pref("CT1678857.serviceLayer_services_menu_d0333ed672c833e02dae4b882de5cac6_lastUpdate", "13743[...]
Found : user_pref("CT1678857.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1373418743379");
Found : user_pref("CT1678857.serviceLayer_services_searchAPI_lastUpdate", "1374326427210");
Found : user_pref("CT1678857.serviceLayer_services_serviceMap_lastUpdate", "1374326426994");
Found : user_pref("CT1678857.serviceLayer_services_setupAPI_lastUpdate", "1365118289689");
Found : user_pref("CT1678857.serviceLayer_services_toolbarContextMenu_lastUpdate", "1373418743122");
Found : user_pref("CT1678857.serviceLayer_services_toolbarSettings_lastUpdate", "1374326315766");
Found : user_pref("CT1678857.serviceLayer_services_translation_lastUpdate", "1372433501662");
Found : user_pref("CT1678857.settingsINI", true);
Found : user_pref("CT1678857.showToolbarPermission", "false");
Found : user_pref("CT1678857.smartbar.CTID", "CT1678857");
Found : user_pref("CT1678857.smartbar.Uninstall", "0");
Found : user_pref("CT1678857.smartbar.toolbarName", "iWin ");
Found : user_pref("CT1678857.startPage", "FALSE");
Found : user_pref("CT1678857.toolbarBornServerTime", "5-4-2013");
Found : user_pref("CT1678857.toolbarCurrentServerTime", "20-7-2013");
Found : user_pref("CT1678857.toolbarLoginClientTime", "Thu Apr 04 2013 18:32:45 GMT-0500 (Central Daylight T[...]
Found : user_pref("CT1678857.url_history0001.enc", "aHR0cDovL2R2ZC5uZXRmbGl4LmNvbS9Nb3ZpZS9NZXJsaW4vNzAxNDI0[...]
Found : user_pref("CT1678857_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("extensions.toolbar.mindspark._4wMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Found : user_pref("smartbar.machineId", "MIHLRXYKENQV6R0CXEI2JDTC7SCNK1WOBHM16U9WZTQCDWHQTHCWGGYNZ4ONH0BFCX6[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Users\ICU Automotive\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.29] : search_url = "hxxps://search.blekko.com/ws/?source=12fe24cf&tbp=rbox&toolbarid=searchcom_004&u=20120411352948A5AD1421ED2DD684C6&q={searchTerms}",

-\\ Opera v11.1.1190.0

File : C:\Users\ICU Automotive\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17290 octets] - [20/07/2013 10:29:25]

########## EOF - C:\AdwCleaner[R1].txt - [17351 octets] ##########

 

here is the log from the delete:

 

# AdwCleaner v2.306 - Logfile created 07/20/2013 at 10:44:05
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : ICU Automotive - ICU
# Boot Mode : Safe mode with networking
# Running from : C:\Users\ICU Automotive\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\windows\SysWOW64\conduitEngine.tmp
Folder Deleted : C:\Program Files (x86)\GameTap Web Player
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\GameTapPlayer@gametap.com
Folder Deleted : C:\Program Files (x86)\Retrogamer_4w
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\GameTap Web Player
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\ICU Automotive\AppData\Local\iWin
Folder Deleted : C:\Users\ICU Automotive\AppData\Local\Max Secure Software
Folder Deleted : C:\Users\ICU Automotive\AppData\Local\Retrogamer_4w
Folder Deleted : C:\Users\ICU Automotive\AppData\Local\searchcom_001
Folder Deleted : C:\Users\ICU Automotive\AppData\LocalLow\Retrogamer_4w
Folder Deleted : C:\Users\ICU Automotive\AppData\Roaming\iWin
Folder Deleted : C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\CT1678857
Folder Deleted : C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\extensions\{ce0c2586-da36-452b-acdb-320d9bcb19bf}
Folder Deleted : C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\extensions\4wffxtbr@Retrogamer_4w.com
Folder Deleted : C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A13CC898-9CA9-4578-9629-B328422FF014}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A13CC898-9CA9-4578-9629-B328422FF014}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@Retrogamer_4w.com/Plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AE3EE8-05D3-4DAF-8A0B-2530394FD8CB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2FCFC6FD-409C-43AD-88C4-1F7610125B87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C1C2024-BE02-4011-92CA-B6E1E333C010}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DF0ADF8-A019-48E9-A1A9-5FC523A3B4D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE17D239-0B9D-425C-AA3A-E402C42C015A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AE3EE8-05D3-4DAF-8A0B-2530394FD8CB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A7C43421-AB2B-4373-AADD-F4B7AE15FDBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4wffxtbr@Retrogamer_4w.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\prefs.js

Deleted : user_pref("CT1678857.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT1678857.1000082.state", "{\"state\":\"stopped\",\"text\":\"Ultimate ...\",\"description[...]
Deleted : user_pref("CT1678857.1000234.TWC_TMP_city", "MEMPHIS");
Deleted : user_pref("CT1678857.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT1678857.1000234.TWC_country", "UNITED STATES");
Deleted : user_pref("CT1678857.1000234.TWC_locId", "USTN0325");
Deleted : user_pref("CT1678857.1000234.TWC_location", "Memphis, TN");
Deleted : user_pref("CT1678857.1000234.TWC_region", "US");
Deleted : user_pref("CT1678857.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT1678857.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT1678857.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"82°F\",\"temperat[...]
Deleted : user_pref("CT1678857.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1678857.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT1678857.FirstTime", "true");
Deleted : user_pref("CT1678857.FirstTimeFF3", "true");
Deleted : user_pref("CT1678857.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3MjE5OTc1Ng==");
Deleted : user_pref("CT1678857.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3MzQ4MTU4MA==");
Deleted : user_pref("CT1678857.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MQ==");
Deleted : user_pref("CT1678857.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.e[...]
Deleted : user_pref("CT1678857.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT1678857.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT1678857.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT1678857.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT1678857.SF_USER_ID.enc", "Y2lkXzMwNDIwMTM4NDczMDI4MzMwMzM=");
Deleted : user_pref("CT1678857.UserID", "UN46216675011478714");
Deleted : user_pref("CT1678857.acp_personal.appstate.enc", "ZW5hYmxl");
Deleted : user_pref("CT1678857.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT1678857.cbfirsttime.enc", "U2F0IE1heSAyNSAyMDEzIDE3OjM3OjM0IEdNVC0wNTAwIChDZW50cmFsIFN0[...]
Deleted : user_pref("CT1678857.countryCode", "US");
Deleted : user_pref("CT1678857.defaultSearch", "FALSE");
Deleted : user_pref("CT1678857.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3AzIiwidmVyc2lvbiI6NX[...]
Deleted : user_pref("CT1678857.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzczNDE4NzQyMzcyLDE0NDAwMDAwXX[...]
Deleted : user_pref("CT1678857.discover-user-id.enc", "ImJmZjEzN2JhLWM2OGYtNDYyMS1iYjdlLTExMjZkZmJjMmZjOSI=");
Deleted : user_pref("CT1678857.embeddedsData", "[{\"appId\":\"128562694409044020\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT1678857.enableAlerts", "never");
Deleted : user_pref("CT1678857.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT1678857.firstTimeDialogOpened", "true");
Deleted : user_pref("CT1678857.fixPageNotFoundErrorByUser", "TRUE");
Deleted : user_pref("CT1678857.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT1678857.fixUrls", true);
Deleted : user_pref("CT1678857.fullUserID", "UN46216675011478714.UP.20130628102936");
Deleted : user_pref("CT1678857.ground-country-code.enc", "IlVTIg==");
Deleted : user_pref("CT1678857.hxxp___www_iwin_com_corp_toolbar.APP_WIN_FEATURES.enc", "c2F2ZWxvY2F0aW9uPW5vLH[...]
Deleted : user_pref("CT1678857.installType", "Unknown");
Deleted : user_pref("CT1678857.isCheckedStartAsHidden", true);
Deleted : user_pref("CT1678857.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1678857.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT1678857.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT1678857.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Deleted : user_pref("CT1678857.lastVersion", "10.16.4.519");
Deleted : user_pref("CT1678857.mam_gk_appStateReportTime.enc", "MTM3NDMyNjMyNjU1MQ==");
Deleted : user_pref("CT1678857.mam_gk_appState_JobsMiner.enc", "b24=");
Deleted : user_pref("CT1678857.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT1678857.mam_gk_appState_PriceGrabber.enc", "b24=");
Deleted : user_pref("CT1678857.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT1678857.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT1678857.mam_gk_calledSetupService.enc", "MQ==");
Deleted : user_pref("CT1678857.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJ[...]
Deleted : user_pref("CT1678857.mam_gk_currentBadgeValue.enc", "MQ==");
Deleted : user_pref("CT1678857.mam_gk_currentVersion.enc", "MS45LjAuNA==");
Deleted : user_pref("CT1678857.mam_gk_eventsCache.enc", "eyIyZmU2Y2E3Zi0zZTI0LTQ0ODUtODg2ZS1kMzgyM2U0NDNmMjIiO[...]
Deleted : user_pref("CT1678857.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Deleted : user_pref("CT1678857.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT1678857.mam_gk_gadgetOpen.enc", "MA==");
Deleted : user_pref("CT1678857.mam_gk_installer_preapproved.enc", "RkFMU0U=");
Deleted : user_pref("CT1678857.mam_gk_lastLoginTime.enc", "MTM3NDMyNjMyMzYzNA==");
Deleted : user_pref("CT1678857.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT1678857.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Deleted : user_pref("CT1678857.mam_gk_newApps.enc", "W10=");
Deleted : user_pref("CT1678857.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT1678857.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT1678857.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT1678857.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT1678857.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT1678857.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT1678857.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT1678857.mam_gk_userId.enc", "ZGY0NTcyMDktNmNmYy00N2QyLThhOTUtYzNkM2NmMmU4MTRh");
Deleted : user_pref("CT1678857.migrateAppsAndComponents", true);
Deleted : user_pref("CT1678857.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"hxxp://tinyurl.com/5uwger8\",\"E[...]
Deleted : user_pref("CT1678857.openThankYouPage", "FALSE");
Deleted : user_pref("CT1678857.price-gong.isManagedApp", "true");
Deleted : user_pref("CT1678857.revertSettingsEnabled", "false");
Deleted : user_pref("CT1678857.search.searchAppId", "128562694409044020");
Deleted : user_pref("CT1678857.search.searchCount", "0");
Deleted : user_pref("CT1678857.searchInNewTabEnabledByUser", "false");
Deleted : user_pref("CT1678857.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT1678857.searchSuggestEnabledByUser", "false");
Deleted : user_pref("CT1678857.searchUserMode", "1");
Deleted : user_pref("CT1678857.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1678857.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT1678857.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT1678857.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT1678857.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT1678857.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT1678857.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT1678857.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT1678857.serviceLayer_services_Configuration_lastUpdate", "1374326428156");
Deleted : user_pref("CT1678857.serviceLayer_services_app.twitter.user-iwingames_lastUpdate", "1374329438619");
Deleted : user_pref("CT1678857.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1374326427337");
Deleted : user_pref("CT1678857.serviceLayer_services_appsMetadata_lastUpdate", "1374326315170");
Deleted : user_pref("CT1678857.serviceLayer_services_getTwitterExtraInfo_lastUpdate", "1374326438037");
Deleted : user_pref("CT1678857.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1373418743040");
Deleted : user_pref("CT1678857.serviceLayer_services_location_lastUpdate", "1372199801841");
Deleted : user_pref("CT1678857.serviceLayer_services_login_10.15.0.562_lastUpdate", "1372199801945");
Deleted : user_pref("CT1678857.serviceLayer_services_login_10.15.0.62_lastUpdate", "1365196817511");
Deleted : user_pref("CT1678857.serviceLayer_services_login_10.15.2.523_lastUpdate", "1369421437428");
Deleted : user_pref("CT1678857.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374326428373");
Deleted : user_pref("CT1678857.serviceLayer_services_menu_77ffe86b48cc40e130952ac2b020f5f9_lastUpdate", "13743[...]
Deleted : user_pref("CT1678857.serviceLayer_services_menu_9233b75e364a31c44b766fd51324f4ff_lastUpdate", "13743[...]
Deleted : user_pref("CT1678857.serviceLayer_services_menu_d0333ed672c833e02dae4b882de5cac6_lastUpdate", "13743[...]
Deleted : user_pref("CT1678857.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1373418743379");
Deleted : user_pref("CT1678857.serviceLayer_services_searchAPI_lastUpdate", "1374326427210");
Deleted : user_pref("CT1678857.serviceLayer_services_serviceMap_lastUpdate", "1374326426994");
Deleted : user_pref("CT1678857.serviceLayer_services_setupAPI_lastUpdate", "1365118289689");
Deleted : user_pref("CT1678857.serviceLayer_services_toolbarContextMenu_lastUpdate", "1373418743122");
Deleted : user_pref("CT1678857.serviceLayer_services_toolbarSettings_lastUpdate", "1374326315766");
Deleted : user_pref("CT1678857.serviceLayer_services_translation_lastUpdate", "1372433501662");
Deleted : user_pref("CT1678857.settingsINI", true);
Deleted : user_pref("CT1678857.showToolbarPermission", "false");
Deleted : user_pref("CT1678857.smartbar.CTID", "CT1678857");
Deleted : user_pref("CT1678857.smartbar.Uninstall", "0");
Deleted : user_pref("CT1678857.smartbar.toolbarName", "iWin ");
Deleted : user_pref("CT1678857.startPage", "FALSE");
Deleted : user_pref("CT1678857.toolbarBornServerTime", "5-4-2013");
Deleted : user_pref("CT1678857.toolbarCurrentServerTime", "20-7-2013");
Deleted : user_pref("CT1678857.toolbarLoginClientTime", "Thu Apr 04 2013 18:32:45 GMT-0500 (Central Daylight T[...]
Deleted : user_pref("CT1678857.url_history0001.enc", "aHR0cDovL2R2ZC5uZXRmbGl4LmNvbS9Nb3ZpZS9NZXJsaW4vNzAxNDI0[...]
Deleted : user_pref("CT1678857_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("smartbar.machineId", "MIHLRXYKENQV6R0CXEI2JDTC7SCNK1WOBHM16U9WZTQCDWHQTHCWGGYNZ4ONH0BFCX6[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Users\ICU Automotive\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.29] : search_url = "hxxps://search.blekko.com/ws/?source=12fe24cf&tbp=rbox&toolbarid=searchcom_00[...]

-\\ Opera v11.1.1190.0

File : C:\Users\ICU Automotive\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17407 octets] - [20/07/2013 10:29:25]
AdwCleaner[S1].txt - [17402 octets] - [20/07/2013 10:44:05]

########## EOF - C:\AdwCleaner[S1].txt - [17463 octets] ##########
 

DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.25.2
Run by ICU Automotive at 11:54:31 on 2013-07-20
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.2818 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://lenovo.msn.com
dURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
dURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [Google Update] "C:\Users\ICU Automotive\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [googletalk] C:\Users\ICU Automotive\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [MaxDownloadMgr] "C:\Users\ICUAUT~1\AppData\Local\Temp\Stp9B07_TMP.EXE"
uRunOnce: [Report] C:\AdwCleaner[S1].txt
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [boincmgr] "C:\Program Files (x86)\Progress Thru Processors\gridrepublic.exe" /a /s
mRun: [boinctray] "C:\Program Files (x86)\Progress Thru Processors\boinctray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\ICUAUT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BROTHE~1.LNK - C:\windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001017-0002-0017-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{BA91CDCC-9825-46CC-BD95-42BD9E494C40} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BA91CDCC-9825-46CC-BD95-42BD9E494C40}\348627963747F607865627027416474796 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{BA91CDCC-9825-46CC-BD95-42BD9E494C40}\34C65726D27457563747 : DHCPNameServer = 8.8.8.8 69.167.192.10
TCP: Interfaces\{BA91CDCC-9825-46CC-BD95-42BD9E494C40}\75169707F62747F5143636563737 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{BA91CDCC-9825-46CC-BD95-42BD9E494C40}\76F6370756C6C696768647 : DHCPNameServer = 24.159.64.23 24.178.162.3
TCP: Interfaces\{BA91CDCC-9825-46CC-BD95-42BD9E494C40}\A4340514D2055524C49434 : DHCPNameServer = 69.167.192.10 69.167.192.20
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mStart Page = hxxp://lenovo.msn.com
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [Windows Mobile Device Center] C:\windows\WindowsMobile\wmdc.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\
FF - prefs.js: browser.search.selectedEngine - GoodSearch
FF - prefs.js: browser.startup.homepage - hxxp://goodsearch.com?id=goodsearchtb&v=2_1
FF - prefs.js: keyword.URL - hxxp://www.goodsearch.com/search.aspx?toolbarcharity=___toolbarcharity___&id=goodsearchtb&v=2_0&keywords=
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ICU Automotive\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\ICU Automotive\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\ICU Automotive\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\ICU Automotive\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-31 14:44; {9D6218B8-03C7-4b91-AA43-680B305DD35C}; C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi
FF - ExtSQL: 2013-05-31 14:44; felix@fjeyar.com; C:\Users\ICU Automotive\AppData\Roaming\Mozilla\Firefox\Profiles\jem8svqv.default\extensions\felix@fjeyar.com.xpi
FF - ExtSQL: !HIDDEN! 2011-03-12 11:08; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2010-12-22 39008]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2013-2-1 21136]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-12-22 28176]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-12-22 56344]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-3-18 65336]
S0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-3-18 189936]
S0 RapportKE64;RapportKE64;C:\windows\System32\drivers\RapportKE64.sys [2011-9-29 63760]
S1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2011-3-11 1030952]
S1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2011-3-11 378944]
S1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-1-25 55056]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-1-25 61712]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2011-3-11 33400]
S2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2011-3-11 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-28 46808]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2013-7-20 67584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-22 13336]
S2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-22 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 701512]
S2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-23 46080]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]
S2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-9-17 1251840]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2320920]
S3 Bridge0;Bridge0;C:\windows\System32\drivers\WDBridge.sys [2010-12-22 79376]
S3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
S3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-12-22 158976]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-12-22 271872]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-12-22 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-12-22 579400]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-3-30 25928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NMgamingmsFltr;USB Optical Mouse;C:\windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-12-22 242720]
S3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\windows\System32\drivers\taphss6.sys [2013-2-21 42184]
S3 vm331avs;Digital Camera 1;C:\windows\System32\drivers\vm331avs.sys [2010-12-22 215168]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-3-13 1255736]
S3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2010-12-22 11280]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-20 16:49:26    --------    d-----w-    C:\Program Files (x86)\Cobian Backup 11
2013-07-20 13:55:17    --------    d-----w-    C:\Users\ICU Automotive\AppData\Roaming\GetRightToGo
2013-07-20 13:32:52    --------    d-----w-    C:\Users\ICU Automotive\AppData\Roaming\SUPERAntiSpyware.com
2013-07-20 13:32:45    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-07-20 13:32:45    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-07-19 20:39:20    --------    d-----r-    C:\Users\ICU Automotive\AppData\Roaming\Brother
2013-07-19 17:27:08    --------    d-----w-    C:\windows\pss
2013-07-17 01:29:07    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B3A0D7C-9763-42AB-A528-129A27D728F9}\mpengine.dll
2013-07-10 20:51:36    --------    d-----w-    C:\Program Files (x86)\ESET
2013-07-10 20:36:01    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-06-24 13:57:16    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-06-28 15:21:34    189936    ----a-w-    C:\windows\System32\drivers\aswVmm.sys
2013-06-28 15:21:34    1030952    ----a-w-    C:\windows\System32\drivers\aswSnx.sys
2013-06-24 13:56:52    867240    ----a-w-    C:\windows\SysWow64\npdeployJava1.dll
2013-06-24 13:56:52    789416    ----a-w-    C:\windows\SysWow64\deployJava1.dll
2013-06-13 03:30:52    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 03:30:52    692104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59:07    72016    ----a-w-    C:\windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07    65336    ----a-w-    C:\windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06    80816    ----a-w-    C:\windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37    41664    ----a-w-    C:\windows\avastSS.scr
2013-05-02 07:06:08    278800    ------w-    C:\windows\System32\MpSigStub.exe
.
============= FINISH: 11:55:40.65 ===============
 

 

 


Edited by chris.gatti, 20 July 2013 - 12:07 PM.


#5 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:08:16 PM

Posted 20 July 2013 - 12:35 PM

This user is now receiving help in the Malware Logs forum: http://www.bleepingcomputer.com/forums/t/501677/pupwin32funweb-kpup-infection/

 

This topic is closed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users