caewe12
-
Posts
96 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by caewe12
-
-
Hi,
Oddly enough my sound and printer are both working now. Here is log. Thank you. CAE
# AdwCleaner v2.101 - Logfile created 12/22/2012 at 13:38:57
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ekenbarger's - JAM1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ekenbarger's\Desktop\adwcleaner.exe
# Option [Delete]
`
***** [Files / Folders] *****
Deleted on reboot : C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpi
File Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\CouponAlert_2p.xml
File Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\search-here.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\CT2559647
Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\CT3106777
Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}
Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\staged
Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\Viewpoint
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106777
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\Software\iWon
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v10.0.2 (en-US)
Profile name : default
File : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\prefs.js
Deleted : user_pref("CT2559647..clientLogIsEnabled", false);
Deleted : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2559647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2559647.AppTrackingLastCheckTime", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard[...]
Deleted : user_pref("CT2559647.CTID", "CT2559647");
Deleted : user_pref("CT2559647.CurrentServerDate", "12-11-2012");
Deleted : user_pref("CT2559647.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2559647.DialogsGetterLastCheckTime", "Sun Nov 11 2012 19:41:04 GMT-0500 (Eastern Standa[...]
Deleted : user_pref("CT2559647.DownloadReferralCookieData", "");
Deleted : user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Sun Mar 11 2012 21:39:34 GMT-040[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Sun Mar 11 2012 21:39:34 GMT-040[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Sun Mar 11 2012 21:39:34 GMT-040[...]
Deleted : user_pref("CT2559647.FirstServerDate", "27-12-2011");
Deleted : user_pref("CT2559647.FirstTime", true);
Deleted : user_pref("CT2559647.FirstTimeFF3", true);
Deleted : user_pref("CT2559647.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2559647.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2559647.HasUserGlobalKeys", true);
Deleted : user_pref("CT2559647.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2559647.Initialize", true);
Deleted : user_pref("CT2559647.InitializeCommonPrefs", true);
Deleted : user_pref("CT2559647.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2559647.InstalledDate", "Mon Dec 26 2011 17:02:21 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2559647.IsAlertDBUpdated", true);
Deleted : user_pref("CT2559647.IsGrouping", false);
Deleted : user_pref("CT2559647.IsInitSetupIni", true);
Deleted : user_pref("CT2559647.IsMulticommunity", false);
Deleted : user_pref("CT2559647.IsOpenThankYouPage", false);
Deleted : user_pref("CT2559647.IsOpenUninstallPage", true);
Deleted : user_pref("CT2559647.IsProtectorsInit", true);
Deleted : user_pref("CT2559647.LanguagePackLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2559647.LastLogin_3.10.0.1", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.5.1.1", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2559647.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT2559647.Locale", "en");
Deleted : user_pref("CT2559647.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2559647.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2559647.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2559647.OriginalFirstVersion", "3.5.1.1");
Deleted : user_pref("CT2559647.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2559647.SearchEngineBeforeUnload", "WinZipBar Customized Web Search");
Deleted : user_pref("CT2559647.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Deleted : user_pref("CT2559647.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Sun Nov 11 2012 19:40:46 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2559647.SearchProtectorEnabled", false);
Deleted : user_pref("CT2559647.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2559647.ServiceMapLastCheckTime", "Sun Nov 11 2012 19:40:53 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT2559647.SettingsLastCheckTime", "Sun Nov 11 2012 19:40:45 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2559647.SettingsLastUpdate", "1352141592");
Deleted : user_pref("CT2559647.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Thu Nov 08 2012 14:30:16 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2559647.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647");
Deleted : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2559647.UserID", "UN50370298334422665");
Deleted : user_pref("CT2559647.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2559647.alertChannelId", "952537");
Deleted : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Thu Nov 08 2012 14:30:42 GMT-0500 (Eastern [...]
Deleted : user_pref("CT2559647.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2559647.initDone", true);
Deleted : user_pref("CT2559647.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2559647.myStuffEnabled", true);
Deleted : user_pref("CT2559647.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2559647.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,111,129732450647667807,100[...]
Deleted : user_pref("CT2559647.revertSettingsEnabled", false);
Deleted : user_pref("CT2559647.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2559647.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2559647.testingCtid", "");
Deleted : user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Thu Nov 08 2012 14:31:01 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2559647.usagesFlag", 1);
Deleted : user_pref("CT3106777..clientLogIsEnabled", false);
Deleted : user_pref("CT3106777..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3106777..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3106777.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3106777.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3106777.AppTrackingLastCheckTime", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard[...]
Deleted : user_pref("CT3106777.BrowserCompStateIsOpen_129724975549181030", true);
Deleted : user_pref("CT3106777.CTID", "CT3106777");
Deleted : user_pref("CT3106777.CurrentServerDate", "12-11-2012");
Deleted : user_pref("CT3106777.DSChangedManually", false);
Deleted : user_pref("CT3106777.DSInstall", true);
Deleted : user_pref("CT3106777.DSProtectChoice", true);
Deleted : user_pref("CT3106777.DSProtectCount", 1);
Deleted : user_pref("CT3106777.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3106777.DialogsGetterLastCheckTime", "Sun Nov 11 2012 19:41:11 GMT-0500 (Eastern Standa[...]
Deleted : user_pref("CT3106777.DownloadReferralCookieData", "");
Deleted : user_pref("CT3106777.EMailNotifierPollDate", "Sun Nov 11 2012 19:40:47 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT3106777.FirstServerDate", "27-12-2011");
Deleted : user_pref("CT3106777.FirstTime", true);
Deleted : user_pref("CT3106777.FirstTimeFF3", true);
Deleted : user_pref("CT3106777.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3106777.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3106777.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3106777.HPInstall", true);
Deleted : user_pref("CT3106777.HPProtectChoice", true);
Deleted : user_pref("CT3106777.HPProtectCount", 1);
Deleted : user_pref("CT3106777.HasUserGlobalKeys", true);
Deleted : user_pref("CT3106777.HomePageProtectorEnabled", true);
Deleted : user_pref("CT3106777.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=[...]
Deleted : user_pref("CT3106777.Initialize", true);
Deleted : user_pref("CT3106777.InitializeCommonPrefs", true);
Deleted : user_pref("CT3106777.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3106777.InstallationId", "ConduitStubGeneric");
Deleted : user_pref("CT3106777.InstallationType", "ConduitStubIntegration");
Deleted : user_pref("CT3106777.InstalledDate", "Mon Dec 26 2011 17:02:26 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT3106777.IsAlertDBUpdated", true);
Deleted : user_pref("CT3106777.IsGrouping", false);
Deleted : user_pref("CT3106777.IsInitSetupIni", true);
Deleted : user_pref("CT3106777.IsMulticommunity", false);
Deleted : user_pref("CT3106777.IsOpenThankYouPage", false);
Deleted : user_pref("CT3106777.IsOpenUninstallPage", false);
Deleted : user_pref("CT3106777.IsProtectorsInit", true);
Deleted : user_pref("CT3106777.LanguagePackLastCheckTime", "Sun Nov 11 2012 19:41:07 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT3106777.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3106777.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3106777.LastLogin_3.10.0.1", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT3106777.LastLogin_3.8.1.0", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT3106777.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT3106777.Locale", "en");
Deleted : user_pref("CT3106777.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3106777.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3106777.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3106777.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3106777.OriginalFirstVersion", "3.8.1.0");
Deleted : user_pref("CT3106777.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT3106777.SearchCaption", "WinZipBar Customized Web Search");
Deleted : user_pref("CT3106777.SearchEngineBeforeUnload", "WinZipBar Customized Web Search");
Deleted : user_pref("CT3106777.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3106777.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT310[...]
Deleted : user_pref("CT3106777.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3106777.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3106777.SearchInNewTabLastCheckTime", "Sun Nov 11 2012 19:40:47 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT3106777.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3106777.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT3106777.SearchProtectorEnabled", false);
Deleted : user_pref("CT3106777.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3106777.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3106777.ServiceMapLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT3106777.SettingsLastCheckTime", "Sun Nov 11 2012 19:40:47 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT3106777.SettingsLastUpdate", "1352141592");
Deleted : user_pref("CT3106777.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13");
Deleted : user_pref("CT3106777.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3106777.ThirdPartyComponentsLastCheck", "Thu Nov 08 2012 14:30:17 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("CT3106777.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3106777.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3106777.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3106777");
Deleted : user_pref("CT3106777.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3106777.UserID", "UN74595731307242543");
Deleted : user_pref("CT3106777.alertChannelId", "1500748");
Deleted : user_pref("CT3106777.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3106777.globalFirstTimeInfoLastCheckTime", "Thu Nov 08 2012 14:31:01 GMT-0500 (Eastern [...]
Deleted : user_pref("CT3106777.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3106777.initDone", true);
Deleted : user_pref("CT3106777.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3106777.myStuffEnabled", true);
Deleted : user_pref("CT3106777.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3106777.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3106777.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3106777.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3106777.oldAppsList", "10000001,10000002,111,129683596535774919,129652080527700719,1297[...]
Deleted : user_pref("CT3106777.revertSettingsEnabled", false);
Deleted : user_pref("CT3106777.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3106777.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3106777.testingCtid", "");
Deleted : user_pref("CT3106777.toolbarAppMetaDataLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT3106777.toolbarContextMenuLastCheckTime", "Thu Nov 08 2012 14:30:57 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT3106777.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3106777&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Coupons.com Customized Web Search,WinZipBar Customi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3106777/CT3106777[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1500748/1496227/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/952537/948310/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2559647", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3106777", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2559647",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3106777",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2559647&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5cd[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Ekenbarger's\\Appl[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearc[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2559647,CT3106777");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2559647,CT3106777");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2559647,CT3106777");
Deleted : user_pref("CommunityToolbar.globalUserId", "3ff5892e-6a75-4600-bf03-019d53c1e9ad");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3106777");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 08 2012 14:30:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Nov 11 2012 19:40:54 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Nov 11 2012 19:40:46 GMT-0500 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "02a76db2-248d-4068-96c7-dd4f02e487b1");
Deleted : user_pref("CommunityToolbar.originalHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Coupons.com Customized Web Search");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "WinZipBar Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13");
Deleted : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...]
Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb[...]
-\\ Google Chrome v23.0.1271.97
File : C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [26812 octets] - [22/12/2012 08:18:12]
AdwCleaner[R2].txt - [26873 octets] - [22/12/2012 13:35:12]
AdwCleaner[s1].txt - [27259 octets] - [22/12/2012 13:38:57]
########## EOF - C:\AdwCleaner[s1].txt - [27320 octets] ##########
-
I haven't used it much. We had a brief power outtage last night and I was able to boot it up without issues. I think some of my drivers are messed up...no sound or printer. I ran AdwCleaner. Here is the log. Thanks. Cheryl
# AdwCleaner v2.101 - Logfile created 12/22/2012 at 08:18:12
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ekenbarger's - JAM1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ekenbarger's\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
File Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpi
File Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\Conduit.xml
File Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\CouponAlert_2p.xml
File Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\search-here.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\DefaultTab
Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\ConduitCommon
Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\CT2559647
Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\CT3106777
Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}
Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\staged
Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\DefaultTab
Folder Found : C:\Program Files\Viewpoint
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3106777
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\Software\iWon
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-1946173170-350803515-410004273-1006\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v10.0.2 (en-US)
Profile name : default
File : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\prefs.js
Found : user_pref("CT2559647..clientLogIsEnabled", false);
Found : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2559647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2559647.AppTrackingLastCheckTime", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard[...]
Found : user_pref("CT2559647.CTID", "CT2559647");
Found : user_pref("CT2559647.CurrentServerDate", "12-11-2012");
Found : user_pref("CT2559647.DialogsAlignMode", "LTR");
Found : user_pref("CT2559647.DialogsGetterLastCheckTime", "Sun Nov 11 2012 19:41:04 GMT-0500 (Eastern Standa[...]
Found : user_pref("CT2559647.DownloadReferralCookieData", "");
Found : user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Sun Mar 11 2012 21:39:34 GMT-040[...]
Found : user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Sun Mar 11 2012 21:39:34 GMT-040[...]
Found : user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Sun Mar 11 2012 21:39:34 GMT-040[...]
Found : user_pref("CT2559647.FirstServerDate", "27-12-2011");
Found : user_pref("CT2559647.FirstTime", true);
Found : user_pref("CT2559647.FirstTimeFF3", true);
Found : user_pref("CT2559647.FixPageNotFoundErrors", true);
Found : user_pref("CT2559647.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2559647.HasUserGlobalKeys", true);
Found : user_pref("CT2559647.HomePageProtectorEnabled", false);
Found : user_pref("CT2559647.Initialize", true);
Found : user_pref("CT2559647.InitializeCommonPrefs", true);
Found : user_pref("CT2559647.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2559647.InstalledDate", "Mon Dec 26 2011 17:02:21 GMT-0500 (Eastern Standard Time)");
Found : user_pref("CT2559647.IsAlertDBUpdated", true);
Found : user_pref("CT2559647.IsGrouping", false);
Found : user_pref("CT2559647.IsInitSetupIni", true);
Found : user_pref("CT2559647.IsMulticommunity", false);
Found : user_pref("CT2559647.IsOpenThankYouPage", false);
Found : user_pref("CT2559647.IsOpenUninstallPage", true);
Found : user_pref("CT2559647.IsProtectorsInit", true);
Found : user_pref("CT2559647.LanguagePackLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standar[...]
Found : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2559647.LastLogin_3.10.0.1", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standard Time)[...]
Found : user_pref("CT2559647.LastLogin_3.5.1.1", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard Time)"[...]
Found : user_pref("CT2559647.LatestVersion", "3.16.0.3");
Found : user_pref("CT2559647.Locale", "en");
Found : user_pref("CT2559647.MCDetectTooltipHeight", "83");
Found : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2559647.MCDetectTooltipWidth", "295");
Found : user_pref("CT2559647.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2559647.OriginalFirstVersion", "3.5.1.1");
Found : user_pref("CT2559647.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2559647.SearchEngineBeforeUnload", "WinZipBar Customized Web Search");
Found : user_pref("CT2559647.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Found : user_pref("CT2559647.SearchInNewTabEnabled", true);
Found : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Sun Nov 11 2012 19:40:46 GMT-0500 (Eastern Stand[...]
Found : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2559647.SearchProtectorEnabled", false);
Found : user_pref("CT2559647.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2559647.ServiceMapLastCheckTime", "Sun Nov 11 2012 19:40:53 GMT-0500 (Eastern Standard [...]
Found : user_pref("CT2559647.SettingsLastCheckTime", "Sun Nov 11 2012 19:40:45 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("CT2559647.SettingsLastUpdate", "1352141592");
Found : user_pref("CT2559647.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Thu Nov 08 2012 14:30:16 GMT-0500 (Eastern Sta[...]
Found : user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT2559647.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647");
Found : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2559647.UserID", "UN50370298334422665");
Found : user_pref("CT2559647.ValidationData_Toolbar", 0);
Found : user_pref("CT2559647.alertChannelId", "952537");
Found : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Thu Nov 08 2012 14:30:42 GMT-0500 (Eastern [...]
Found : user_pref("CT2559647.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2559647.initDone", true);
Found : user_pref("CT2559647.isAppTrackingManagerOn", false);
Found : user_pref("CT2559647.myStuffEnabled", true);
Found : user_pref("CT2559647.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2559647.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,111,129732450647667807,100[...]
Found : user_pref("CT2559647.revertSettingsEnabled", false);
Found : user_pref("CT2559647.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2559647.searchProtectorEnableByLogin", true);
Found : user_pref("CT2559647.testingCtid", "");
Found : user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern S[...]
Found : user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Thu Nov 08 2012 14:31:01 GMT-0500 (Eastern S[...]
Found : user_pref("CT2559647.usagesFlag", 1);
Found : user_pref("CT3106777..clientLogIsEnabled", false);
Found : user_pref("CT3106777..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3106777..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3106777.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3106777.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3106777.AppTrackingLastCheckTime", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard[...]
Found : user_pref("CT3106777.BrowserCompStateIsOpen_129724975549181030", true);
Found : user_pref("CT3106777.CTID", "CT3106777");
Found : user_pref("CT3106777.CurrentServerDate", "12-11-2012");
Found : user_pref("CT3106777.DSChangedManually", false);
Found : user_pref("CT3106777.DSInstall", true);
Found : user_pref("CT3106777.DSProtectChoice", true);
Found : user_pref("CT3106777.DSProtectCount", 1);
Found : user_pref("CT3106777.DialogsAlignMode", "LTR");
Found : user_pref("CT3106777.DialogsGetterLastCheckTime", "Sun Nov 11 2012 19:41:11 GMT-0500 (Eastern Standa[...]
Found : user_pref("CT3106777.DownloadReferralCookieData", "");
Found : user_pref("CT3106777.EMailNotifierPollDate", "Sun Nov 11 2012 19:40:47 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("CT3106777.FirstServerDate", "27-12-2011");
Found : user_pref("CT3106777.FirstTime", true);
Found : user_pref("CT3106777.FirstTimeFF3", true);
Found : user_pref("CT3106777.FixPageNotFoundErrors", true);
Found : user_pref("CT3106777.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3106777.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3106777.HPInstall", true);
Found : user_pref("CT3106777.HPProtectChoice", true);
Found : user_pref("CT3106777.HPProtectCount", 1);
Found : user_pref("CT3106777.HasUserGlobalKeys", true);
Found : user_pref("CT3106777.HomePageProtectorEnabled", true);
Found : user_pref("CT3106777.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=[...]
Found : user_pref("CT3106777.Initialize", true);
Found : user_pref("CT3106777.InitializeCommonPrefs", true);
Found : user_pref("CT3106777.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3106777.InstallationId", "ConduitStubGeneric");
Found : user_pref("CT3106777.InstallationType", "ConduitStubIntegration");
Found : user_pref("CT3106777.InstalledDate", "Mon Dec 26 2011 17:02:26 GMT-0500 (Eastern Standard Time)");
Found : user_pref("CT3106777.IsAlertDBUpdated", true);
Found : user_pref("CT3106777.IsGrouping", false);
Found : user_pref("CT3106777.IsInitSetupIni", true);
Found : user_pref("CT3106777.IsMulticommunity", false);
Found : user_pref("CT3106777.IsOpenThankYouPage", false);
Found : user_pref("CT3106777.IsOpenUninstallPage", false);
Found : user_pref("CT3106777.IsProtectorsInit", true);
Found : user_pref("CT3106777.LanguagePackLastCheckTime", "Sun Nov 11 2012 19:41:07 GMT-0500 (Eastern Standar[...]
Found : user_pref("CT3106777.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3106777.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3106777.LastLogin_3.10.0.1", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standard Time)[...]
Found : user_pref("CT3106777.LastLogin_3.8.1.0", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard Time)"[...]
Found : user_pref("CT3106777.LatestVersion", "3.16.0.3");
Found : user_pref("CT3106777.Locale", "en");
Found : user_pref("CT3106777.MCDetectTooltipHeight", "83");
Found : user_pref("CT3106777.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3106777.MCDetectTooltipWidth", "295");
Found : user_pref("CT3106777.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3106777.OriginalFirstVersion", "3.8.1.0");
Found : user_pref("CT3106777.SavedHomepage", "resource:/browserconfig.properties");
Found : user_pref("CT3106777.SearchCaption", "WinZipBar Customized Web Search");
Found : user_pref("CT3106777.SearchEngineBeforeUnload", "WinZipBar Customized Web Search");
Found : user_pref("CT3106777.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3106777.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT310[...]
Found : user_pref("CT3106777.SearchInNewTabEnabled", true);
Found : user_pref("CT3106777.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3106777.SearchInNewTabLastCheckTime", "Sun Nov 11 2012 19:40:47 GMT-0500 (Eastern Stand[...]
Found : user_pref("CT3106777.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3106777.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT3106777.SearchProtectorEnabled", false);
Found : user_pref("CT3106777.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3106777.SendProtectorDataViaLogin", true);
Found : user_pref("CT3106777.ServiceMapLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standard [...]
Found : user_pref("CT3106777.SettingsLastCheckTime", "Sun Nov 11 2012 19:40:47 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("CT3106777.SettingsLastUpdate", "1352141592");
Found : user_pref("CT3106777.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13");
Found : user_pref("CT3106777.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3106777.ThirdPartyComponentsLastCheck", "Thu Nov 08 2012 14:30:17 GMT-0500 (Eastern Sta[...]
Found : user_pref("CT3106777.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT3106777.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3106777.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3106777");
Found : user_pref("CT3106777.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3106777.UserID", "UN74595731307242543");
Found : user_pref("CT3106777.alertChannelId", "1500748");
Found : user_pref("CT3106777.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3106777.globalFirstTimeInfoLastCheckTime", "Thu Nov 08 2012 14:31:01 GMT-0500 (Eastern [...]
Found : user_pref("CT3106777.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3106777.initDone", true);
Found : user_pref("CT3106777.isAppTrackingManagerOn", true);
Found : user_pref("CT3106777.myStuffEnabled", true);
Found : user_pref("CT3106777.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3106777.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3106777.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3106777.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3106777.oldAppsList", "10000001,10000002,111,129683596535774919,129652080527700719,1297[...]
Found : user_pref("CT3106777.revertSettingsEnabled", false);
Found : user_pref("CT3106777.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3106777.searchProtectorEnableByLogin", true);
Found : user_pref("CT3106777.testingCtid", "");
Found : user_pref("CT3106777.toolbarAppMetaDataLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern S[...]
Found : user_pref("CT3106777.toolbarContextMenuLastCheckTime", "Thu Nov 08 2012 14:30:57 GMT-0500 (Eastern S[...]
Found : user_pref("CT3106777.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3106777&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "Coupons.com Customized Web Search,WinZipBar Customi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3106777/CT3106777[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1500748/1496227/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/952537/948310/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2559647", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3106777", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2559647",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3106777",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2559647&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5cd[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Ekenbarger's\\Appl[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearc[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2559647,CT3106777");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2559647,CT3106777");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2559647,CT3106777");
Found : user_pref("CommunityToolbar.globalUserId", "3ff5892e-6a75-4600-bf03-019d53c1e9ad");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3106777");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 08 2012 14:30:4[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Nov 11 2012 19:40:54 GMT-050[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Nov 11 2012 19:40:46 GMT-0500 (E[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "02a76db2-248d-4068-96c7-dd4f02e487b1");
Found : user_pref("CommunityToolbar.originalHomepage", "resource:/browserconfig.properties");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Coupons.com Customized Web Search");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.defaultthis.engineName", "WinZipBar Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&Sea[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13");
Found : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...]
Found : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Found : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb[...]
-\\ Google Chrome v23.0.1271.97
File : C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [26681 octets] - [22/12/2012 08:18:12]
########## EOF - C:\AdwCleaner[R1].txt - [26742 octets] ##########
-
Ran SystemLook. Here is log. Thank you. Cheryl
SystemLook 30.07.11 by jpshortstuff
Log created at 21:48 on 21/12/2012 by Ekenbarger's
Administrator - Elevation successful
========== filefind ==========
Searching for "cIdshrGq.sys "
No files found.
Searching for "tYMsoVkA.sys "
No files found.
Searching for "ArmUI.ini"
No files found.
-= EOF =-
-
Hi,
I can't find the first three files. Can you offer any ideas? I ran a search but nothing came up. I think I deleted the first three. I looked up the other two and I don't recognize them at all. Thanks. Cheryl
-
Thank you!!! Ran Combo-fix. Here is log. Cheryl
ComboFix 12-11-19.02 - Ekenbarger's 11/19/2012 18:42:53.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2034 [GMT -5:00]
Running from: c:\documents and settings\Ekenbarger's\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\ebay_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\imdb_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\youtube_ie.ico
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DEFAULTTABSEARCH
-------\Service_DefaultTabSearch
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))
.
.
2012-11-19 02:10 . 2012-11-19 02:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-17 21:17 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\cIdshrGq.sys
2012-11-17 16:41 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\tYMsoVkA.sys
2012-11-17 13:23 . 2012-11-17 13:23 150712 ----a-w- c:\windows\system32\WRusr.dll
2012-11-17 13:23 . 2012-11-17 13:23 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-11-17 13:23 . 2012-11-17 13:23 -------- d-----w- c:\program files\Webroot
2012-11-17 13:21 . 2012-11-19 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WRData
2012-11-17 12:58 . 2012-11-17 12:59 -------- d-----w- C:\CCE_Quarantine
2012-11-17 09:33 . 2012-11-17 13:31 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Utduu
2012-11-17 09:33 . 2012-11-17 13:06 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Bykegy
2012-11-11 12:08 . 2012-11-17 13:24 -------- d-----w- c:\program files\DefaultTab
2012-11-11 12:08 . 2012-11-19 23:50 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\DefaultTab
2012-11-06 22:50 . 2012-11-12 00:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-06 00:54 . 2012-11-06 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-10-30 22:48 . 2012-10-30 22:48 696760 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:48 . 2011-08-22 17:27 73656 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 22:56 . 2012-09-24 22:55 417792 ------w- c:\windows\Setup1.exe
2012-09-24 22:56 . 2012-09-24 22:55 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-08-28 15:14 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-10 17:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-10 17:51 385024 ---ha-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-10 17:51 177664 ---ha-w- c:\windows\system32\wintrust.dll
2012-03-12 01:37 . 2012-03-12 01:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-30 273544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"HostManager"="c:\program files\Common Files\AOL\1178326658\ee\AOLSoftware.exe" [2006-09-26 50736]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-11-17 729544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1178326658\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [11/17/2012 8:23 AM 112656]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [5/21/2006 8:02 AM 34916]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [11/17/2012 8:23 AM 729544]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 12:51 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 22:48]
.
2012-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-11-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 19:26]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]
.
2012-11-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-11-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-11-19 c:\windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cox.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=
FF - ExtSQL: 2012-11-11 19:40; addon@defaulttab.com; c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: !HIDDEN! 2010-01-25 20:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
SafeBoot-35727893.sys
SafeBoot-90234348.sys
AddRemove-DefaultTab - c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-19 18:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
.
c:\docume~1\EKENBA~1\LOCALS~1\Temp\ArmUI.ini 170356 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sy@"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1946173170-350803515-410004273-1006\Software\SecuROM\License information*]
"datasecu"=hex:b8,87,05,22,55,50,53,a9,ec,08,ab,ed,c9,96,3f,46,66,fb,36,1a,02,
51,fe,f6,ea,e2,e1,69,b8,f4,0e,d2,dc,90,61,e7,71,97,13,16,55,fa,93,dd,2e,43,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1252)
c:\windows\system32\WRusr.dll
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msdtc.exe
c:\windows\stsystra.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-11-19 18:59:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-19 23:59
ComboFix2.txt 2012-03-03 23:09
ComboFix3.txt 2012-02-21 20:37
ComboFix4.txt 2012-02-16 02:12
.
Pre-Run: 91,982,397,440 bytes free
Post-Run: 92,117,921,792 bytes free
.
- - End Of File - - BABBD38B7E78B2D02FE4EAE844CAF779
-
Hi,
I can't remember where I downloaded Combo-Fix from...sorry. CAE
-
OMG!!!!!! You're wonderful!!!! I thought I'd never see that desktop again. Yes...it rebooted. A bit slow but I have my desktop back. I haven't done anything else with the computer though. Here is the log. Thank you. Cheryl
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-12-2012
Ran by SYSTEM at 2012-12-11 17:30:45 Run:1
Running from D:\
==============================================
========= reg add hklm\SYSTEM\ControlSet006\services\iastor /v ImagePath /t REG_EXPAND_SZ /d system32\DRIVERS\iastor.sys /f =========
The operation completed successfully
========= End of Reg: =========
==== End of Fixlog ====
-
Hi,
Not sure if I did that correctly. I wasn't suppose to download everything again or create another CD, right? I rebooted the computer with the CD ,put the flashdrive in and opened FRST then continued from there. I didn't see anyway to save the iastor.sys file. Sorry. I don't think it found anything. Thanks. Cheryl
Farbar Recovery Scan Tool (x86) Version: 06-12-2012
Ran by SYSTEM at 2012-12-09 17:03:28
Running from D:\
================== Search: "iastor.sys" ===================
C:\WINDOWS\system32\drivers\iaStor.sys
[2005-09-16 00:26] - [2005-07-08 22:02] - 0871040 ____A (Intel Corporation) d593517879e65167df35f6015814ac59
C:\i386\iaStor.sys
[2005-09-25 07:07] - [2005-07-08 22:02] - 0871040 ____A (Intel Corporation) d593517879e65167df35f6015814ac59
C:\drivers\STORAGE\SATA\ONBOARD\iaStor.sys
[2005-09-16 00:26] - [2005-07-08 22:02] - 0871040 ____A (Intel Corporation) d593517879e65167df35f6015814ac59
=== End Of Search ===
-
Hi,
That went fairly well except for the 2nd log wouldn't save to the flashdrive so I copied it into the 1st log. Here it is. Thanks. CAE
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-12-2012
Ran by SYSTEM at 08-12-2012 20:57:20
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet006
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-04-14] (ATI Technologies, Inc.)
HKLM\...\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 [69632 2005-06-07] ()
HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [273544 2011-06-30] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe [50736 2006-09-25] (America Online, Inc.)
HKLM\...\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe [86016 2005-01-27] ()
HKLM\...\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)
HKLM\...\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [71216 2006-10-23] (AOL LLC)
HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [sigmatelSysTrayApp] stsystra.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [729544 2012-11-17] (Webroot)
HKU\Administrator\...\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [395776 2006-08-28] (Gteko Ltd.)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Administrator\...\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe [28739 2000-08-08] (Microsoft® Corporation)
HKU\Administrator\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Default User\...\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [395776 2006-08-28] (Gteko Ltd.)
HKU\Ekenbarger's\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2007-07-28] (Google Inc.)
HKU\LocalService\...\Policies\system: [DisableCMD] 0
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [DisableCMD] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
==================== Services (Whitelisted) ===================
2 AOL ACS; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [46640 2006-10-23] (AOL LLC)
2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
3 dlcc_device; C:\WINDOWS\system32\dlcccoms.exe -service [491520 2005-06-21] ()
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation)
2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4388192 2008-01-19] (Symantec Corporation)
2 Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe /Processid:{3C74D569-4FFA-47BE-84F0-71B4FCE0AA52} [5120 2008-04-13] (Microsoft Corporation)
3 SymSnapService; "C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe" [1553896 2007-12-20] (Symantec)
2 WANMiniportService; "C:\WINDOWS\wanmpsvc.exe" [65536 2003-08-27] (America Online, Inc.)
2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [729544 2012-11-17] (Webroot)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [x]
==================== Drivers (Whitelisted) ====================
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1130496 2005-04-15] (ATI Technologies Inc.)
3 bvrp_pci; C:\Windows\System32\Drivers\bvrp_pci.sys [4272 2004-03-24] ()
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
3 DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-06] (Intel Corporation)
3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-06] (Intel Corporation)
3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-16] (Intel Corporation)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)
3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-06] (Intel Corporation)
2 mrtRate; C:\Windows\System32\Drivers\mrtRate.sys [34916 1999-09-27] (Marimba, Inc.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NAL; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys [19456 2004-11-02] (Intel Corporation )
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 P17; C:\Windows\System32\drivers\P17.sys [840960 2004-06-09] (Creative Technology Ltd.)
3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.)
2 PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-05] (Creative Technology Ltd.)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sy@ [4224 2004-08-04] (Microsoft Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [34686 2006-01-26] (Service & Quality Technology.)
1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
3 STHDA; C:\Windows\System32\drivers\sthda.sys [180096 2005-03-31] (SigmaTel, Inc.)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [12800 2008-04-13] (Microsoft Corporation)
2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation)
3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15088 2008-01-19] (Symantec Corporation)
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [194362 2007-04-16] (Jungo)
0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [112656 2012-11-17] (Webroot)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 Atdisk; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
1 Changer; [x]
0 iastor; C:\Windows\System32\drivers\cIdshrGq.sys [x]
1 lbrtfdc; [x]
3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 Simbad; [x]
3 TlntSvr; [x]
3 WDICA; [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2012-12-08 20:56 - 2012-12-08 20:56 - 00000000 ____D C:\FRST
2012-11-23 08:37 - 2012-11-23 08:37 - 00013388 ____A C:\ComboFix.txt
2012-11-19 18:40 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-19 18:40 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-19 18:40 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-19 18:40 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-19 18:40 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-19 18:40 - 2000-08-30 19:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-11-19 18:40 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-19 18:40 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-19 18:40 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-19 18:34 - 2012-11-23 08:17 - 05005176 ____R (Swearware) C:\Documents and Settings\Ekenbarger's\Desktop\ComboFix.exe
2012-11-18 21:10 - 2012-11-18 21:10 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-18 21:00 - 2012-11-18 21:00 - 02192309 ____A C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller_undetectablew7.zip
2012-11-18 18:40 - 2012-11-18 18:40 - 00090112 ____A C:\Windows\Minidump\Mini111812-01.dmp
2012-11-18 18:37 - 2012-11-18 18:37 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\mbar-1.01.0.1009
2012-11-18 18:36 - 2012-11-18 18:36 - 12961620 ____A C:\Documents and Settings\Ekenbarger's\Desktop\mbar-1.01.0.1009.zip
2012-11-18 08:19 - 2012-11-18 08:19 - 00002720 ____A C:\Documents and Settings\Ekenbarger's\Desktop\RKreport[1]_S_11182012_02d0819.txt
2012-11-18 08:18 - 2012-11-18 08:19 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\RK_Quarantine
2012-11-18 08:18 - 2012-11-18 08:18 - 00724992 ____A C:\Documents and Settings\Ekenbarger's\Desktop\RogueKiller.exe
2012-11-18 08:10 - 2012-11-18 08:33 - 00025667 ____A C:\Documents and Settings\Ekenbarger's\Desktop\attach.txt
2012-11-18 08:10 - 2012-11-18 08:33 - 00014250 ____A C:\Documents and Settings\Ekenbarger's\Desktop\dds.txt
2012-11-18 08:03 - 2012-11-18 08:03 - 00688901 ____R (Swearware) C:\Documents and Settings\Ekenbarger's\Desktop\dds.scr
2012-11-17 20:26 - 2012-11-17 20:26 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller
2012-11-17 20:19 - 2012-11-17 20:19 - 02195061 ____A C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.zip
2012-11-17 20:04 - 2012-11-17 20:04 - 02213976 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.exe
2012-11-17 09:19 - 2012-11-18 08:05 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\virus stuff
2012-11-17 08:23 - 2012-11-17 08:23 - 00150712 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-11-17 08:23 - 2012-11-17 08:23 - 00112656 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-11-17 08:23 - 2012-11-17 08:23 - 00000000 ____D C:\Program Files\Webroot
2012-11-17 08:21 - 2012-11-24 10:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-11-17 08:20 - 2012-11-17 08:20 - 00729544 ____A (Webroot) C:\Documents and Settings\Ekenbarger's\Desktop\wsainstall.exe
2012-11-17 07:58 - 2012-11-17 07:59 - 00000000 ____D C:\CCE_Quarantine
2012-11-17 04:33 - 2012-11-17 08:31 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\Utduu
2012-11-17 04:33 - 2012-11-17 08:06 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\Bykegy
2012-11-11 07:22 - 2012-11-11 07:22 - 00090112 ____A C:\Windows\Minidump\Mini111112-01.dmp
2012-11-11 07:08 - 2012-11-19 18:50 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\DefaultTab
2012-11-11 07:08 - 2012-11-17 08:24 - 00000000 ____D C:\Program Files\DefaultTab
==================== One Month Modified Files and Folders ========
2012-12-08 20:56 - 2012-12-08 20:56 - 00000000 ____D C:\FRST
2012-11-26 17:21 - 2012-06-29 13:42 - 00000292 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job
2012-11-26 17:21 - 2011-06-30 16:22 - 00000300 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job
2012-11-26 17:21 - 2011-02-15 17:31 - 00000327 ____A C:\Windows\wiadebug.log
2012-11-26 17:21 - 2011-02-15 17:31 - 00000050 ____A C:\Windows\wiaservc.log
2012-11-26 17:21 - 2011-02-15 17:30 - 00032386 ___AH C:\Windows\SchedLgU.Txt
2012-11-26 17:21 - 2011-02-15 17:29 - 01211254 ____A C:\Windows\WindowsUpdate.log
2012-11-26 17:21 - 2005-09-20 18:59 - 00000178 __ASH C:\Documents and Settings\Ekenbarger's\ntuser.ini
2012-11-26 17:21 - 2004-08-10 13:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-26 17:04 - 2012-10-30 17:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-26 16:30 - 2010-01-06 07:17 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-26 14:54 - 2009-04-03 05:16 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-11-26 13:08 - 2010-06-10 16:01 - 00000436 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job
2012-11-26 06:30 - 2010-01-06 07:17 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-25 20:46 - 2012-02-25 09:27 - 00002307 ____A C:\Documents and Settings\Ekenbarger's\Desktop\Microsoft Word.lnk
2012-11-24 22:17 - 2011-12-26 12:58 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-11-24 10:23 - 2012-11-17 08:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-11-24 09:40 - 2009-01-09 08:50 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\My Documents\recipes
2012-11-23 14:30 - 2010-01-22 14:30 - 00000000 ___HD C:\Windows\System32\NtmsData
2012-11-23 08:37 - 2012-11-23 08:37 - 00013388 ____A C:\ComboFix.txt
2012-11-23 08:37 - 2012-02-15 19:59 - 00000000 ____D C:\Qoobox
2012-11-23 08:34 - 2004-08-10 12:51 - 00000227 ____A C:\Windows\system.ini
2012-11-23 08:17 - 2012-11-19 18:34 - 05005176 ____R (Swearware) C:\Documents and Settings\Ekenbarger's\Desktop\ComboFix.exe
2012-11-22 21:16 - 2005-09-27 09:22 - 00000000 ____D C:\Program Files\Dl_cats
2012-11-19 18:52 - 2005-09-20 18:59 - 00000062 __ASH C:\Documents and Settings\Ekenbarger's\Local Settings\desktop.ini
2012-11-19 18:52 - 2004-08-10 13:08 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-11-19 18:52 - 2004-08-10 13:08 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-11-19 18:52 - 2004-08-10 13:02 - 00000000 ____D C:\Windows\Registration
2012-11-19 18:51 - 2012-02-15 20:53 - 00008192 ____A C:\Windows\System32\config\SECURITY.tmp.LOG
2012-11-19 18:51 - 2012-02-09 19:42 - 00000000 ____D C:\Windows\ERDNT
2012-11-19 18:51 - 2005-09-16 07:31 - 43253760 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-11-19 18:51 - 2005-09-16 07:26 - 11010048 ____A C:\Windows\System32\config\SYSTEM.bak
2012-11-19 18:51 - 2004-08-10 07:57 - 00159744 ____A C:\Windows\System32\config\SECURITY.bak
2012-11-19 18:51 - 2004-08-10 07:57 - 00020480 ____A C:\Windows\System32\config\SAM.bak
2012-11-19 18:51 - 2004-08-10 07:56 - 05242880 ___AH C:\Windows\System32\config\DEFAULT.bak
2012-11-19 18:50 - 2012-11-11 07:08 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\DefaultTab
2012-11-18 21:10 - 2012-11-18 21:10 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-18 21:00 - 2012-11-18 21:00 - 02192309 ____A C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller_undetectablew7.zip
2012-11-18 18:40 - 2012-11-18 18:40 - 00090112 ____A C:\Windows\Minidump\Mini111812-01.dmp
2012-11-18 18:37 - 2012-11-18 18:37 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\mbar-1.01.0.1009
2012-11-18 18:36 - 2012-11-18 18:36 - 12961620 ____A C:\Documents and Settings\Ekenbarger's\Desktop\mbar-1.01.0.1009.zip
2012-11-18 11:15 - 2011-02-15 19:12 - 00338289 ____A C:\Windows\setupapi.log
2012-11-18 08:36 - 2012-02-06 18:27 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-11-18 08:33 - 2012-11-18 08:10 - 00025667 ____A C:\Documents and Settings\Ekenbarger's\Desktop\attach.txt
2012-11-18 08:33 - 2012-11-18 08:10 - 00014250 ____A C:\Documents and Settings\Ekenbarger's\Desktop\dds.txt
2012-11-18 08:19 - 2012-11-18 08:19 - 00002720 ____A C:\Documents and Settings\Ekenbarger's\Desktop\RKreport[1]_S_11182012_02d0819.txt
2012-11-18 08:19 - 2012-11-18 08:18 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\RK_Quarantine
2012-11-18 08:18 - 2012-11-18 08:18 - 00724992 ____A C:\Documents and Settings\Ekenbarger's\Desktop\RogueKiller.exe
2012-11-18 08:05 - 2012-11-17 09:19 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\virus stuff
2012-11-18 08:03 - 2012-11-18 08:03 - 00688901 ____R (Swearware) C:\Documents and Settings\Ekenbarger's\Desktop\dds.scr
2012-11-17 20:26 - 2012-11-17 20:26 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller
2012-11-17 20:19 - 2012-11-17 20:19 - 02195061 ____A C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.zip
2012-11-17 20:04 - 2012-11-17 20:04 - 02213976 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.exe
2012-11-17 11:31 - 2012-05-18 18:31 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\tools
2012-11-17 09:31 - 2012-07-24 20:13 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2012-11-17 09:22 - 2012-01-11 19:16 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\Cheryl's
2012-11-17 09:11 - 2008-12-28 16:56 - 00000000 ____D C:\Program Files\Yahoo!
2012-11-17 09:10 - 2008-01-04 21:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Napster
2012-11-17 09:10 - 2005-09-16 00:42 - 00000000 ____D C:\Program Files\InstallShield Installation Information
2012-11-17 09:07 - 2011-08-11 19:00 - 00000000 ____D C:\Program Files\Coupons
2012-11-17 08:31 - 2012-11-17 04:33 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\Utduu
2012-11-17 08:24 - 2012-11-11 07:08 - 00000000 ____D C:\Program Files\DefaultTab
2012-11-17 08:23 - 2012-11-17 08:23 - 00150712 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-11-17 08:23 - 2012-11-17 08:23 - 00112656 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-11-17 08:23 - 2012-11-17 08:23 - 00000000 ____D C:\Program Files\Webroot
2012-11-17 08:20 - 2012-11-17 08:20 - 00729544 ____A (Webroot) C:\Documents and Settings\Ekenbarger's\Desktop\wsainstall.exe
2012-11-17 08:06 - 2012-11-17 04:33 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\Bykegy
2012-11-17 07:59 - 2012-11-17 07:58 - 00000000 ____D C:\CCE_Quarantine
2012-11-11 21:28 - 2010-02-13 13:23 - 00000000 ___DC C:\Windows\$NtUninstallKB955069$
2012-11-11 19:28 - 2012-11-06 17:50 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-11-11 19:27 - 2011-05-21 09:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-11-11 18:20 - 2009-10-16 19:03 - 00000000 __HDC C:\Windows\$NtUninstallKB975025_0$
2012-11-11 16:05 - 2010-02-21 21:02 - 00000000 ___DC C:\Windows\$NtUninstallWudf01000$
2012-11-11 15:53 - 2005-09-24 20:38 - 00000000 __HDC C:\Windows\$NtUninstallKB898458$
2012-11-11 15:39 - 2006-04-16 02:01 - 00000000 ___DC C:\Windows\$NtUninstallKB908531$
2012-11-11 11:59 - 2011-12-26 12:45 - 00000000 __HDC C:\Windows\$NtUninstallKB942288-v3$
2012-11-11 10:59 - 2006-08-15 02:00 - 00000000 __HDC C:\Windows\$NtUninstallKB917422$
2012-11-11 10:59 - 2005-09-16 00:51 - 00000000 ___HD C:\Windows\occache
2012-11-11 07:22 - 2012-11-11 07:22 - 00090112 ____A C:\Windows\Minidump\Mini111112-01.dmp
2012-11-11 07:22 - 2009-01-14 21:13 - 00000000 ___HD C:\Windows\Minidump
2012-11-11 07:18 - 2010-12-15 20:03 - 00000000 ___DC C:\Windows\$NtUninstallKB2436673$
2012-11-10 10:31 - 2008-08-26 09:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2012-11-08 14:26 - 2012-10-14 06:41 - 00002187 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-11-04 13:55 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1419
RP: -> 2012-11-03 10:43 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1418
RP: -> 2012-11-02 09:37 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1417
RP: -> 2012-11-01 08:41 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1416
RP: -> 2012-10-31 07:47 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1415
RP: -> 2012-10-30 07:29 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1414
RP: -> 2012-10-29 07:21 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1413
RP: -> 2012-10-28 06:11 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1412
RP: -> 2012-10-27 05:17 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1411
RP: -> 2012-10-26 04:22 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1410
RP: -> 2012-10-25 03:46 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1409
RP: -> 2012-10-24 02:59 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1408
RP: -> 2012-10-23 02:11 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1407
RP: -> 2012-10-22 01:14 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1406
RP: -> 2012-10-21 00:19 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1405
RP: -> 2012-10-19 23:25 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1404
RP: -> 2012-10-18 23:03 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1403
RP: -> 2012-10-17 22:57 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1402
RP: -> 2012-10-16 22:03 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1401
RP: -> 2012-10-15 21:09 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1400
RP: -> 2012-10-14 20:54 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1399
RP: -> 2012-10-13 20:17 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1398
RP: -> 2012-10-12 19:21 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1397
RP: -> 2012-10-11 19:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1396
RP: -> 2012-10-11 05:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1395
RP: -> 2012-10-10 04:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1394
RP: -> 2012-10-09 03:25 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1393
RP: -> 2012-10-08 02:32 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1392
RP: -> 2012-10-07 01:38 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1391
RP: -> 2012-10-06 00:43 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1390
RP: -> 2012-10-04 23:49 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1389
RP: -> 2012-10-03 22:53 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1388
RP: -> 2012-10-02 22:08 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1387
RP: -> 2012-10-01 22:03 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1386
RP: -> 2012-09-30 21:11 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1385
RP: -> 2012-09-29 20:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1384
RP: -> 2012-09-28 19:48 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1383
RP: -> 2012-09-27 19:46 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1382
RP: -> 2012-09-26 19:31 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1381
RP: -> 2012-09-25 18:37 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1380
RP: -> 2012-09-24 18:01 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1379
RP: -> 2012-09-23 19:59 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1378
RP: -> 2012-09-22 19:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1377
RP: -> 2012-09-21 19:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1376
RP: -> 2012-09-21 11:06 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1375
RP: -> 2012-09-20 10:12 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1374
RP: -> 2012-09-19 09:17 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1373
RP: -> 2012-09-18 08:23 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1372
RP: -> 2012-09-17 07:31 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1371
RP: -> 2012-09-16 06:58 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1370
RP: -> 2012-09-14 20:45 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1369
RP: -> 2012-09-13 19:50 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1368
RP: -> 2012-09-12 19:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1367
RP: -> 2012-09-12 17:56 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1366
RP: -> 2012-09-11 17:02 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1365
RP: -> 2012-09-10 16:19 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1364
RP: -> 2012-09-09 15:10 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1363
RP: -> 2012-09-08 14:51 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1362
RP: -> 2012-09-07 13:34 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1361
RP: -> 2012-09-06 13:27 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1360
RP: -> 2012-09-05 12:53 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1359
RP: -> 2012-09-04 12:48 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1358
RP: -> 2012-09-03 11:56 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1357
RP: -> 2012-09-02 10:53 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1356
RP: -> 2012-09-01 10:07 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1355
RP: -> 2012-08-31 07:04 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1354
RP: -> 2012-08-30 06:25 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1353
RP: -> 2012-08-29 05:16 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1352
RP: -> 2012-08-28 04:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1351
RP: -> 2012-08-27 03:25 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1350
RP: -> 2012-08-26 02:30 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1349
RP: -> 2012-08-25 01:35 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1348
RP: -> 2012-08-24 00:41 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1347
RP: -> 2012-08-23 00:14 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1346
RP: -> 2012-08-21 23:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1345
RP: -> 2012-08-20 22:26 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1344
RP: -> 2012-08-19 21:55 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1343
RP: -> 2012-08-18 20:33 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1342
RP: -> 2012-08-17 20:14 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1341
RP: -> 2012-08-16 19:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1340
RP: -> 2012-08-15 19:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1339
RP: -> 2012-08-15 10:15 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1338
RP: -> 2012-08-14 09:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1337
RP: -> 2012-08-13 08:26 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1336
RP: -> 2012-08-12 07:49 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1335
RP: -> 2012-08-11 06:54 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1334
RP: -> 2012-08-10 06:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1333
RP: -> 2012-08-09 05:05 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1332
RP: -> 2012-08-08 04:11 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1331
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 2558.09 MB
Available physical RAM: 2283.9 MB
Total Pagefile: 2385.72 MB
Available Pagefile: 2324.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.18 MB
==================== Partitions =============================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:145.58 GB) (Free:86.19 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive e: () (Removable) (Total:3.74 GB) (Free:3.72 GB) FAT32
5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 466 GB 466 GB
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 146 GB 55 MB
Partition 3 Unknown 3459 MB 146 GB
=========================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 FAT Partition 55 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 146 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT32 Partition 3459 MB Healthy
=========================================================
Partitions of Disk 1:
===============
There are no partitions on this disk to show.
=========================================================
Disk: 1
The specified partition is not valid.
Please select a valid partition.
=========================================================
==================== End Of Log ============================
========================= Memory info ======================
Percentage of memory in use: 8%
Total physical RAM: 2558.09 MB
Available physical RAM: 2339.91 MB
Total Pagefile: 2385.72 MB
Available Pagefile: 2331.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.38 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:145.58 GB) (Free:86.19 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive e: () (Removable) (Total:3.74 GB) (Free:3.72 GB) FAT32
5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 466 GB 466 GB
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 146 GB 55 MB
Partition 3 Unknown 3459 MB 146 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 FAT Partition 55 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 146 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT32 Partition 3459 MB Healthy
======================================================================================================
Partitions of Disk 1:
===============
There are no partitions on this disk to show.
======================================================================================================
Disk: 1
The specified partition is not valid.
Please select a valid partition.
======================================================================================================
****** End Of Log ******
-
It starts with a black screen offering the choices of safe mode, safe mode with networking, safe mode with command or windows, last known good config or start normally. Then the windows screen pops up for a few seconds then right to the blue screen. Thanks again. Cheryl
-
Hi,
Figured out how to burn disc and followed instructions. When I rebooted normally....blue screen again. Yikes! Help! Cheryl
-
Hi,
Having trouble with the disc. I downloaded NTBR_CD but when I click on the icon I keep getting a warning stating that it wants to make changes to my computer. I am afraid to say yes as I am borrowing this laptop. I burned it directly but when I boot up with it nothing happens....blue death screen. Should I open it on the laptop? Am I missing a step before I burn it? Wanted to let you know I contacted Dell requesting an installation disc for Windows...just waiting now. Please advise. Sorry so inept. Thank you for all your help. Cheryl
-
Hi,
I have been all over the Dell site and am feeling lost. I downloaded the owner's manual and it said there is a diagnostics program F12 but think my problem is beyond that. I did find an article about the bluescreen with my error but I need the windows installation disc to do anything. I cannot find the windows disc and don't recall ever having one. I have the drivers disc and the orginal mcafee backup but no windows. Can you advise me? Thanks.
Cheryl
-
So that wouldn't be an option on the Advanced Menu f8? I will look for Windows CD and ck out Dell after work. Thxs.
-
Hi. XP brought me back to blue screen. Recovery console is asking, "Whick Windows installation would you like to log onto? To cancel press Enter. Yikes! Thanks for your help.
-
Sure. Which operating system Windows Recovery Console or XP?
-
-
Yes. A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. if the screen appears again follow these steps: check for viruses on your computer remove any newly installed hard drives for hard drive controllers check your hard drive to make sure it's properly configured and terminated. Run CHKDSK /F to check for hard drive corruption and then restart your computer. Technical information: stop: 0x0000007B y(0xF789E524, 0xC0000034, 0x00000000,
0x00000000)
-
Absolutely sure......no, but fairly certain I didn't delete anything else. I trie Last known conf....no go, just back to blue screen.
-
I deleted them and now have the dreaded blue screen. I can't even use safe mode. HELP!
-
Hi,
Ran ComboFix. Here is log.
ComboFix 12-11-22.03 - Ekenbarger's 11/23/2012 8:27.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1867 [GMT -5:00]
Running from: c:\documents and settings\Ekenbarger's\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ekenbarger's\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
.
FILE ::
"c:\windows\system32\drivers\cIdshrGq.sys"
"c:\windows\system32\drivers\tYMsoVkA.sys"
.
.
((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2012-11-19 02:10 . 2012-11-19 02:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-17 21:17 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\cIdshrGq.sys
2012-11-17 16:41 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\tYMsoVkA.sys
2012-11-17 13:23 . 2012-11-17 13:23 150712 ----a-w- c:\windows\system32\WRusr.dll
2012-11-17 13:23 . 2012-11-17 13:23 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-11-17 13:23 . 2012-11-17 13:23 -------- d-----w- c:\program files\Webroot
2012-11-17 13:21 . 2012-11-21 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WRData
2012-11-17 12:58 . 2012-11-17 12:59 -------- d-----w- C:\CCE_Quarantine
2012-11-17 09:33 . 2012-11-17 13:31 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Utduu
2012-11-17 09:33 . 2012-11-17 13:06 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Bykegy
2012-11-11 12:08 . 2012-11-17 13:24 -------- d-----w- c:\program files\DefaultTab
2012-11-11 12:08 . 2012-11-19 23:50 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\DefaultTab
2012-11-06 22:50 . 2012-11-12 00:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-06 00:54 . 2012-11-06 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-10-30 22:48 . 2012-10-30 22:48 696760 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:48 . 2011-08-22 17:27 73656 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 22:56 . 2012-09-24 22:55 417792 ------w- c:\windows\Setup1.exe
2012-09-24 22:56 . 2012-09-24 22:55 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-08-28 15:14 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-10 17:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-10 17:51 385024 ---ha-w- c:\windows\system32\html.iec
2012-03-12 01:37 . 2012-03-12 01:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-30 273544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"HostManager"="c:\program files\Common Files\AOL\1178326658\ee\AOLSoftware.exe" [2006-09-26 50736]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-11-17 729544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1178326658\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [11/17/2012 8:23 AM 112656]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [5/21/2006 8:02 AM 34916]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [11/17/2012 8:23 AM 729544]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 12:51 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 22:48]
.
2012-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-11-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 19:26]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]
.
2012-11-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-11-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-11-23 c:\windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cox.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=
FF - ExtSQL: 2012-11-11 19:40; addon@defaulttab.com; c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: !HIDDEN! 2010-01-25 20:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-23 08:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sy@"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1946173170-350803515-410004273-1006\Software\SecuROM\License information*]
"datasecu"=hex:b8,87,05,22,55,50,53,a9,ec,08,ab,ed,c9,96,3f,46,66,fb,36,1a,02,
51,fe,f6,ea,e2,e1,69,b8,f4,0e,d2,dc,90,61,e7,71,97,13,16,55,fa,93,dd,2e,43,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\WRusr.dll
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-23 08:37:46
ComboFix-quarantined-files.txt 2012-11-23 13:37
ComboFix2.txt 2012-11-19 23:59
ComboFix3.txt 2012-03-03 23:09
ComboFix4.txt 2012-02-21 20:37
ComboFix5.txt 2012-11-23 13:22
.
Pre-Run: 92,060,700,672 bytes free
Post-Run: 92,097,626,112 bytes free
.
- - End Of File - - 678281CC67CBEB968CF48460B21881BA
-
Hi,
TDSSKiller didn't find anything. I ran Combofix. Here is the log. Thanks. Cheryl
ComboFix 12-11-19.02 - Ekenbarger's 11/19/2012 18:42:53.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2034 [GMT -5:00]
Running from: c:\documents and settings\Ekenbarger's\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\ebay_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\imdb_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\youtube_ie.ico
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DEFAULTTABSEARCH
-------\Service_DefaultTabSearch
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))
.
.
2012-11-19 02:10 . 2012-11-19 02:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-17 21:17 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\cIdshrGq.sys
2012-11-17 16:41 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\tYMsoVkA.sys
2012-11-17 13:23 . 2012-11-17 13:23 150712 ----a-w- c:\windows\system32\WRusr.dll
2012-11-17 13:23 . 2012-11-17 13:23 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-11-17 13:23 . 2012-11-17 13:23 -------- d-----w- c:\program files\Webroot
2012-11-17 13:21 . 2012-11-19 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WRData
2012-11-17 12:58 . 2012-11-17 12:59 -------- d-----w- C:\CCE_Quarantine
2012-11-17 09:33 . 2012-11-17 13:31 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Utduu
2012-11-17 09:33 . 2012-11-17 13:06 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Bykegy
2012-11-11 12:08 . 2012-11-17 13:24 -------- d-----w- c:\program files\DefaultTab
2012-11-11 12:08 . 2012-11-19 23:50 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\DefaultTab
2012-11-06 22:50 . 2012-11-12 00:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-06 00:54 . 2012-11-06 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-10-30 22:48 . 2012-10-30 22:48 696760 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:48 . 2011-08-22 17:27 73656 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 22:56 . 2012-09-24 22:55 417792 ------w- c:\windows\Setup1.exe
2012-09-24 22:56 . 2012-09-24 22:55 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-08-28 15:14 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-10 17:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-10 17:51 385024 ---ha-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-10 17:51 177664 ---ha-w- c:\windows\system32\wintrust.dll
2012-03-12 01:37 . 2012-03-12 01:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-30 273544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"HostManager"="c:\program files\Common Files\AOL\1178326658\ee\AOLSoftware.exe" [2006-09-26 50736]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-11-17 729544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1178326658\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [11/17/2012 8:23 AM 112656]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [5/21/2006 8:02 AM 34916]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [11/17/2012 8:23 AM 729544]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 12:51 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 22:48]
.
2012-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-11-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 19:26]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]
.
2012-11-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-11-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-11-19 c:\windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cox.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=
FF - ExtSQL: 2012-11-11 19:40; addon@defaulttab.com; c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: !HIDDEN! 2010-01-25 20:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
SafeBoot-35727893.sys
SafeBoot-90234348.sys
AddRemove-DefaultTab - c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-19 18:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
.
c:\docume~1\EKENBA~1\LOCALS~1\Temp\ArmUI.ini 170356 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sy@"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1946173170-350803515-410004273-1006\Software\SecuROM\License information*]
"datasecu"=hex:b8,87,05,22,55,50,53,a9,ec,08,ab,ed,c9,96,3f,46,66,fb,36,1a,02,
51,fe,f6,ea,e2,e1,69,b8,f4,0e,d2,dc,90,61,e7,71,97,13,16,55,fa,93,dd,2e,43,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1252)
c:\windows\system32\WRusr.dll
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msdtc.exe
c:\windows\stsystra.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-11-19 18:59:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-19 23:59
ComboFix2.txt 2012-03-03 23:09
ComboFix3.txt 2012-02-21 20:37
ComboFix4.txt 2012-02-16 02:12
.
Pre-Run: 91,982,397,440 bytes free
Post-Run: 92,117,921,792 bytes free
.
- - End Of File - - BABBD38B7E78B2D02FE4EAE844CAF779
-
Hi,
Ran TDSSKiller. Logs too long to post. See attached. Thanks. CAE
TDSSKiller.2.8.7.0_18.11.2012_21.01.44_log.txt
-
Hi,
I downloaded the Malwarebytes Anti-Rootkit but ran into a problem. I was not in safe mode. I got as far as beginning the scan and the the screen flicked, then an all too familiar blue screen appeared. It said Windows had shut down..........dumping physical memory etc. I rebooted in safe mode and tried to run it again but rec'd an error message that said could not load protection driver. It's just sitting there now. Help. Cheryl
Infected
in Resolved Malware Removal Logs
Posted
Ok ran Security Check. Here is the log. CAE
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Online Scanner v3
`````````Anti-malware/Other Utilities Check:`````````
Norton Ghost
Malwarebytes Anti-Malware version 1.62.0.1300
Java 6 Update 31
Java version out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 10.0.2 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````