zombi2

March 4, 2013

Not sure if I got the Alactro toolbar as I was locked out of that laptop shortly after (unrelated issues), but it seems like a repainted Chrome. Had some good features I thought but I'm not so sure about security. :unsure:

February 28, 2013

I hadn't seen your post when I was making mine. The gaps are just one large space in the log to the text cursor so when you copy and paste it shows up a single space, not the multiple needed for it look the same. So I took a screenshot (or picture, I fail to see the difference), and uploaded it. Then it dawned on me why I couldn't find any logs on this forum that looked that way: nobody posts their logs using photobucket! :lol:

February 27, 2013

Nevermind, I just realized why I never see them like that! :lol: :blush:

February 27, 2013

I guess it won't post that way either so here's a pic

February 27, 2013

I ran DDS to show my brother what it does and all the info under "Last 30 Days" and "Find 3M" are oddly uniform and full of gaps.

Ex:

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:43:1216384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

I had to re-create this since the gaps only constitute one space regardless of size, but is this indicative of a problem? I haven't had any issues lately but I've never seen dds logs that look like this. :unsure:

February 26, 2013

I was unaware of this before today but I am a little intrigued by a few of it's features. Though of course like a lot of new software brands there are claims about malicious intent, I'm guessing these WOT ratings probably say all I need to know about that:

But I'm still wondering if it's worth getting since the only reviews I've seen are from sites I'm not familiar with and and searching "torch browser" on a few tech forums resulted in no hits. :? Has anyone tried this?

February 6, 2013

All done, and I bookmarked the links. Thanks so much for all your help! Cheers

February 6, 2013

ComboFix 13-02-03.03 - z 02/05/2013 15:38:15.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4565 [GMT -8:00]

Running from: c:\users\z\.swt\Downloads\Contacts\Desktop\ComboFix.exe

Command switches used :: c:\users\z\.swt\Downloads\Contacts\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\z\.swt\Downloads\10_8.exe"

"c:\users\z\.swt\Downloads\Downloads\10_8.exe"

"c:\users\z\.swt\Downloads\jak.htm"

"c:\users\z\.swt\Downloads\jak_001.htm"

"c:\users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\97fea4d-279e1251"

"c:\users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\41b43445-5e88d7bc"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\z\.swt\Downloads\10_8.exe

c:\users\z\.swt\Downloads\Downloads\10_8.exe

c:\users\z\.swt\Downloads\jak.htm

c:\users\z\.swt\Downloads\jak_001.htm

.

((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 )))))))))))))))))))))))))))))))

.

2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Guest\AppData\Local\temp

2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Guest.z-PC\AppData\Local\temp

2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Guest.z-PC.000\AppData\Local\temp

2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\dwayne\AppData\Local\temp

2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-05 22:35 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52066E1F-8327-4433-94FE-0B349F9BCA29}\mpengine.dll

2013-02-05 08:51 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-02-03 21:11 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F541064-4E5A-46CF-A492-081BFAFD043F}\gapaengine.dll

2013-02-01 08:23 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9695A6C0-4CEA-456D-AEF7-67197F4C9227}\mpengine.dll

2013-02-01 07:01 . 2013-02-01 07:02 -------- d-----w- C:\Downloads

2013-01-30 06:02 . 2013-01-30 06:02 -------- d-----w- c:\users\dwayne\AppData\Local\Oberon Media

2013-01-20 01:35 . 2013-01-28 18:22 -------- d-----w- c:\programdata\Free Download Manager

2013-01-19 07:36 . 2013-01-19 07:36 -------- d-----w- c:\users\dwayne\AppData\Roaming\Shockwave

2013-01-18 00:51 . 2013-01-28 18:26 -------- d-----w- c:\program files\Old Movie Maker

2013-01-10 17:58 . 2013-01-28 18:22 -------- d-----w- c:\program files (x86)\ESET

2013-01-10 15:45 . 2013-01-28 18:26 -------- d-----w- c:\windows\ERUNT

2013-01-10 15:44 . 2013-02-03 21:29 -------- d-----w- C:\JRT

2013-01-10 15:26 . 2013-01-28 18:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-01-10 15:26 . 2013-01-28 18:26 -------- d-----w- c:\program files\Microsoft Security Client

2013-01-09 10:37 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 10:37 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-09 10:37 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 10:37 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-01-09 10:37 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-09 10:37 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-01-09 10:37 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 10:37 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-09 10:37 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll

2013-01-09 10:37 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2013-01-09 08:41 . 2013-01-09 08:41 -------- d-----w- c:\users\z\AppData\Roaming\Malwarebytes

2013-01-09 08:40 . 2013-01-28 18:22 -------- d-----w- c:\programdata\Malwarebytes

2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-09 08:40 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\users\z\AppData\Local\Programs

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-01 16:41 . 2011-09-02 04:43 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe

2013-01-30 10:53 . 2012-01-29 17:45 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-09 11:03 . 2012-09-13 10:00 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-01 20:53 . 2012-02-12 09:43 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2013-01-01 20:53 . 2012-02-12 09:43 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2013-01-01 20:53 . 2012-02-12 09:43 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2013-01-01 20:53 . 2012-02-12 09:43 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-12-16 17:11 . 2012-12-22 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-22 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-22 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-22 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-07 08:18 . 2012-03-30 16:30 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-07 08:18 . 2011-12-10 05:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-05 17:38 . 2012-02-27 01:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-12-05 17:37 . 2012-02-25 20:11 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-12-05 17:37 . 2012-02-25 20:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-11-30 04:45 . 2013-01-09 10:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-29 18:52 . 2012-11-29 18:52 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-11-29 18:52 . 2012-11-29 18:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-11-29 12:40 . 2012-02-25 20:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-11-29 12:40 . 2012-02-27 01:09 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-11-29 12:39 . 2012-02-27 01:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-11-29 12:39 . 2012-02-27 01:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-11-23 10:29 . 2012-11-23 10:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-23 10:29 . 2011-12-09 03:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-11-15 20:46 . 2012-02-25 20:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-11-14 07:06 . 2012-12-13 11:00 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 11:00 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 11:00 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 11:00 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 11:00 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 11:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 11:00 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 11:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 11:00 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 11:00 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 11:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 11:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 11:00 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 11:00 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 11:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 11:00 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 11:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 11:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 11:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 11:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 11:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 11:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-13 01:35 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-13 01:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]

2011-04-20 23:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-11-29 296096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-7-17 549040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 assd;assd; [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]

S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]

S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe [2012-10-31 519920]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-03-23 31920]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689237700-1048555172-985343890-1000Core.job

- c:\users\z\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 21:09]

.

2013-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689237700-1048555172-985343890-1000UA.job

- c:\users\z\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 21:09]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll

TCP: DhcpNameServer = 192.168.1.1

DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab

FF - ProfilePath - c:\users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-01-06 13:39; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - (no file)

Toolbar-Locked - (no file)

AddRemove-113270367 - c:\programdata\Oberon Media\Channels\110341560\\Uninstaller.exe

AddRemove-11551673 - c:\programdata\Oberon Media\Channels\110341560\\Uninstaller.exe

AddRemove-UNO® - Undercover™ - c:\progra~2\SHOCKW~1.COM\UNOUND~1\UNWISE.EXE

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\04\05\0d\09-\0c?"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-02-05 15:51:09

ComboFix-quarantined-files.txt 2013-02-05 23:51

ComboFix2.txt 2013-02-03 21:01

ComboFix3.txt 2013-01-10 14:53

.

Pre-Run: 393,055,653,888 bytes free

Post-Run: 393,963,016,192 bytes free

.

- - End Of File - - 2AD3F31DA49B40373EDE97B6C2025D04

Everything seems to be running fine and CPU usage is much lower than it was before

February 5, 2013

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT3 +++++

--- User ---

[MBR] c109e6cbb74cc7ed16fc4a15ef895d59

[bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 584878 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02052013_02d0004.txt >>

RKreport[1]_S_02052013_02d0004.txt

RogueKiller V8.4.4 _x64_ [Feb 4 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : z [Admin rights]

Mode : Remove -- Date : 02/05/2013 00:06:01

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Guest.z-PC.000 : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED

[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableTaskMgr (0) -> DELETED

[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED

[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT3 +++++

--- User ---

[MBR] c109e6cbb74cc7ed16fc4a15ef895d59

[bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 584878 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_02052013_02d0006.txt >>

RKreport[1]_S_02052013_02d0004.txt ; RKreport[2]_D_02052013_02d0006.txt

RogueKiller V8.4.4 _x64_ [Feb 4 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : z [Admin rights]

Mode : Shortcuts HJfix -- Date : 02/05/2013 00:11:08

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤

Desktop: Success 1 / Fail 0

Quick launch: Success 1 / Fail 0

Programs: Success 96 / Fail 0

Start menu: Success 1 / Fail 0

User folder: Success 272 / Fail 0

My documents: Success 4 / Fail 4

My favorites: Success 0 / Fail 0

My pictures: Success 0 / Fail 0

My music: Success 596 / Fail 0

My videos: Success 0 / Fail 0

Local drives: Success 283 / Fail 0

Backup: [NOT FOUND]

Drives:

[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored

[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_02052013_02d0011.txt >>

RKreport[1]_S_02052013_02d0004.txt ; RKreport[2]_D_02052013_02d0006.txt ; RKreport[3]_SC_02052013_02d0011.txt

February 5, 2013

ESET scan:

C:\Qoobox\Quarantine\C\ProgramData\Bcool\background.html.vir Win32/Adware.MultiPlug.H application

C:\Qoobox\Quarantine\C\ProgramData\Bcool\eekifemnhghopphmadcfepmcbnnphcnj.crx.vir Win32/Adware.MultiPlug.H application

C:\Users\z\.swt\Downloads\Downloads\10_8.exe multiple threats

C:\Users\z\.swt\Downloads\10_8.exe multiple threats

C:\Users\z\.swt\Downloads\jak.htm HTML/Iframe.B.Gen virus

C:\Users\z\.swt\Downloads\jak_001.htm HTML/Iframe.B.Gen virus

C:\Users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\97fea4d-279e1251 multiple threats

C:\Users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\41b43445-5e88d7bc multiple threats

February 3, 2013

Thanks for keeping it open. I've had several problems while offline and have had to restore (and undo restores) multiple times, including dates prior to any of the steps above so I'm sure some old issues crept up again, along with new ones. I now have random shut-offs (even while plugged in and fully charged) and my screen brightness changes out of nowhere while simply browsing and the cooling fans go nuts. Plus MSE is turned off and can't be started (Error 0x8007002). I'll redo all the above tonight or in the morning and get back when I'm at the ESET scan.

January 13, 2013

Sorry, my internet was shut off during the scan. Since I'm moving this month anyway I won't have any service til next month. Just to be safe I'll do the last steps when I get connected but I can already tell things are much better. Thanks a lot for all your help. I'm gonna go over these logs while I'm offline and see if I can't learn something. :lol:

January 10, 2013

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.10.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

z :: Z-PC [administrator]

Protection: Enabled

1/10/2013 9:49:37 AM

mbam-log-2013-01-10 (09-49-37).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 298595

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

January 10, 2013

I thought the site looked a little "cheap" but checking it's rep I guess it's beyond safe. :blush:

# AdwCleaner v2.105 - Logfile created 01/10/2013 at 09:34:50

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : z - Z-PC

# Boot Mode : Normal

# Running from : C:\Downloads\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix

Folder Deleted : C:\Users\dwayne\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\dwayne\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\dwayne\AppData\LocalLow\Vuze_Remote

Folder Deleted : C:\Users\z\AppData\Local\APN

Folder Deleted : C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Folder Deleted : C:\Users\z\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\Software\GamesBarSetup

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\prefs.js

Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/US", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\z\\AppData\\Roaming\\Mozilla\\Firef[...]

Deleted : user_pref("extensions.gencrawler@some.com.install-event-fired", true);

-\\ Google Chrome v23.0.1271.97

File : C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : homepage = "hxxp://www.ask.com/?l=dis&o=15486cr",

Deleted [l.2125] : homepage = "hxxp://www.ask.com/?l=dis&o=15486cr",

*************************

AdwCleaner[R1].txt - [4282 octets] - [10/01/2013 09:34:06]

AdwCleaner[s1].txt - [4295 octets] - [10/01/2013 09:34:50]

########## EOF - C:\AdwCleaner[s1].txt - [4355 octets] ##########

January 10, 2013

It's taken me through a couple pages to a download from bleepingcomputer. Is this what I need or did I click on the wrong things? The pages on the previous site were mostly in French and switching between English and French doesn't change it.

January 10, 2013

Junkware log:

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba14329e-9550-4989-b3f2-9732e92d17cc}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\ilivid

Successfully deleted: [Registry Key] hkey_local_machine\software\ilivid

Successfully deleted: [Registry Key] hkey_local_machine\software\iminent

Successfully deleted: [Registry Key] hkey_current_user\software\startsearch

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\ilividsetupv1_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\ilividsetupv1_rasmancs

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2504091

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{cc59e0f9-7e43-44fa-9faa-8377850bf205}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc59e0f9-7e43-44fa-9faa-8377850bf205}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"

Successfully deleted: [Folder] "C:\ProgramData\iminent"

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\ProgramData\iwin"

Successfully deleted: [Folder] "C:\ProgramData\pc1data"

Successfully deleted: [Folder] "C:\ProgramData\premium"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\ProgramData\trymedia"

Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\iminent"

Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\iwin"

Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\media finder"

Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\pcpro"

Successfully deleted: [Folder] "C:\Users\z\appdata\local\babylon"

Successfully deleted: [Folder] "C:\Users\z\appdata\local\best buy pc app"

Successfully deleted: [Folder] "C:\Users\z\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\z\appdata\local\ilivid player"

Successfully deleted: [Folder] "C:\Users\z\appdata\local\iwin"

Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\babylontoolbar"

Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\toolbar4"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\fbphotozoom"

Successfully deleted: [Folder] "C:\Program Files (x86)\ilivid"

Successfully deleted: [Folder] "C:\Program Files (x86)\iminent"

Successfully deleted: [Folder] "C:\Program Files (x86)\iminent toolbar"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bcool"

Successfully deleted: [Folder] "C:\Users\z\appdata\local\google\chrome\user data\default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0"

Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\searchtheweb.xml"

Successfully deleted: [File] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\user.js

Successfully deleted: [File] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\searchplugins\askcom.xml

Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@babylontc.com"

Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\conduitcommon

Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\fctb

Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\extensions\ffxtlbr@babylon.com

Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\extensions\{c9b68337-e93a-44ea-94dc-cb300ec06444}

Successfully deleted the following from C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\prefs.js

user_pref("CT2504091..clientLogIsEnabled", false);

user_pref("CT2504091..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

user_pref("CT2504091..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

user_pref("CT2504091.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");

user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);

user_pref("CT2504091.CTID", "CT2504091");

user_pref("CT2504091.CurrentServerDate", "14-4-2012");

user_pref("CT2504091.DSInstall", false);

user_pref("CT2504091.DialogsAlignMode", "LTR");

user_pref("CT2504091.DialogsGetterLastCheckTime", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.DownloadReferralCookieData", "");

user_pref("CT2504091.EMailNotifierPollDate", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.EnableClickToSearchBox", false);

user_pref("CT2504091.EnableSearchHistory", false);

user_pref("CT2504091.EnableSearchSuggest", false);

user_pref("CT2504091.FeedLastCount129079840422964131", 0);

user_pref("CT2504091.FeedPollDate128891351169457140", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.FeedPollDate129079840422964131", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.FeedTTL128891351169457140", 40);

user_pref("CT2504091.FirstServerDate", "14-4-2012");

user_pref("CT2504091.FirstTime", true);

user_pref("CT2504091.FirstTimeFF3", true);

user_pref("CT2504091.FixPageNotFoundErrors", true);

user_pref("CT2504091.GroupingServerCheckInterval", 1440);

user_pref("CT2504091.GroupingServiceUrl", "http://grouping.services.conduit.com/");

user_pref("CT2504091.HPInstall", false);

user_pref("CT2504091.HasUserGlobalKeys", true);

user_pref("CT2504091.Initialize", true);

user_pref("CT2504091.InitializeCommonPrefs", true);

user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);

user_pref("CT2504091.InstallationType", "UnknownIntegration");

user_pref("CT2504091.InstalledDate", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.IsGrouping", false);

user_pref("CT2504091.IsInitSetupIni", true);

user_pref("CT2504091.IsMulticommunity", false);

user_pref("CT2504091.IsOpenThankYouPage", false);

user_pref("CT2504091.IsOpenUninstallPage", false);

user_pref("CT2504091.LanguagePackLastCheckTime", "Sat Apr 14 2012 03:03:30 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);

user_pref("CT2504091.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");

user_pref("CT2504091.LastLogin_3.10.0.1", "Sat Apr 14 2012 03:03:29 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.LatestVersion", "3.10.0.1");

user_pref("CT2504091.Locale", "en-us");

user_pref("CT2504091.MCDetectTooltipHeight", "83");

user_pref("CT2504091.MCDetectTooltipShow", false);

user_pref("CT2504091.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

user_pref("CT2504091.MCDetectTooltipWidth", "295");

user_pref("CT2504091.MyStuffEnabledAtInstallation", true);

user_pref("CT2504091.OriginalFirstVersion", "3.10.0.1");

user_pref("CT2504091.SearchBackToDefaultEngine", false);

user_pref("CT2504091.SearchCaption", "Web Search");

user_pref("CT2504091.SearchFromAddressBarIsInit", true);

user_pref("CT2504091.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=");

user_pref("CT2504091.SearchInNewTabEnabled", true);

user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);

user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sat Apr 14 2012 03:03:30 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

user_pref("CT2504091.SearchInNewTabUserEnabled", false);

user_pref("CT2504091.SearchProtectorToolbarDisabled", true);

user_pref("CT2504091.SendProtectorDataViaLogin", true);

user_pref("CT2504091.ServiceMapLastCheckTime", "Sat Apr 14 2012 03:03:26 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.SettingsLastCheckTime", "Sat Apr 14 2012 03:03:27 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.SettingsLastUpdate", "1331729343");

user_pref("CT2504091.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2504091&SearchSource=13");

user_pref("CT2504091.ThirdPartyComponentsInterval", 504);

user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Sat Apr 14 2012 03:03:26 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");

user_pref("CT2504091.ToolbarDisabled", true);

user_pref("CT2504091.ToolbarShrinkedFromSetup", false);

user_pref("CT2504091.TrusteLinkUrl", "http://trust.conduit.com/CT2504091");

user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com

user_pref("CT2504091.UserID", "UN91214868072606966");

user_pref("CT2504091.alertChannelId", "897164");

user_pref("CT2504091.approveUntrustedApps", false);

user_pref("CT2504091.components.1000034", false);

user_pref("CT2504091.components.129079840422182852", false);

user_pref("CT2504091.components.129079840422339107", false);

user_pref("CT2504091.components.129079840422964131", false);

user_pref("CT2504091.components.129079849636241789", false);

user_pref("CT2504091.components.129707804829376918", false);

user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP

user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.homepageProtectorEnableByLogin", true);

user_pref("CT2504091.initDone", true);

user_pref("CT2504091.isAppTrackingManagerOn", true);

user_pref("CT2504091.isSearchProtectorNotifyChanges", false);

user_pref("CT2504091.myStuffEnabled", true);

user_pref("CT2504091.myStuffPublihserMinWidth", 400);

user_pref("CT2504091.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

user_pref("CT2504091.myStuffServiceIntervalMM", 1440);

user_pref("CT2504091.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

user_pref("CT2504091.navigateToUrlOnSearch", false);

user_pref("CT2504091.revertSettingsEnabled", false);

user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);

user_pref("CT2504091.searchProtectorEnableByLogin", true);

user_pref("CT2504091.testingCtid", "");

user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Sat Apr 14 2012 03:03:30 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.usagesFlag", 2);

user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091", "\"0ed21444a51360e874a1a819c752a8cb1\"");

user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/897164/892962/US", "\"0\"");

user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", "\"1326306883\"");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "C5ZJe6gL80JBW5CuLy+wkg==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "k9un27OkAvkwB2ZmvXxTnA==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");

user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"80133a6b165cd1:0\"");

user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:1308\"");

user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091", "\"75babe825203d7a8eecb898dcf55bf17\"");

user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en-us", "\"b751c0bb41b1519d39b2b1c04f5e2cd5\"");

user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\z\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hgeawx3j.default\\conduitCommon\\modules\\3.10.0.1");

user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");

user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

user_pref("CommunityToolbar.ToolbarsList", "CT2504091");

user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");

user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");

user_pref("CommunityToolbar.globalUserId", "ba44276f-fcb0-410d-a3c2-04510cb3260f");

user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Apr 14 2012 03:03:30 GMT-0700 (Pacific Daylight Time)");

user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);

user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Apr 14 2012 03:03:38 GMT-0700 (Pacific Daylight Time)");

user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");

user_pref("CommunityToolbar.notifications.locale", "en");

user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Apr 14 2012 03:03:27 GMT-0700 (Pacific Daylight Time)");

user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");

user_pref("CommunityToolbar.notifications.showTrayIcon", false);

user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

user_pref("CommunityToolbar.notifications.userId", "c3e72112-beb7-4dff-9720-46f9d5b99f4b");

user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "orgnl");

user_pref("extensions.BabylonToolbar.bbDpng", 14);

user_pref("extensions.BabylonToolbar.dfltSrch", false);

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.hmpg", false);

user_pref("extensions.BabylonToolbar.lastDP", 14);

user_pref("extensions.BabylonToolbar.lastVrsnTs", "");

user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0");

user_pref("extensions.BabylonToolbar.newTab", false);

user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

user_pref("extensions.BabylonToolbar.propectorlck", 75578083);

user_pref("extensions.BabylonToolbar.smplGrp", "free");

user_pref("extensions.adapter@babylontc.com.install-event-fired", true);

user_pref("extensions.crossriderapp2258@crossrider.com.install-event-fired", true);

user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);

user_pref("extensions.ghostery.uiLog", "{\"type\":\"pixel_block\",\"ref\":\"www.facebook.com/ai.php?aed=AQLUwDkJhjNqAksNUKXyVp_9tWt0maxFM_BARdKejELJVJmHuB1c099rNSOgl_bl2eNQnFo

user_pref("extensions.toolbar@ask.com.install-event-fired", true);

Emptied folder: C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\minidumps [114 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 01/10/2013 at 7:51:28.31

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It seems at some point between MSE and Junkware the PC Cleaner msg. finally went away. I'll go on with the next step,,,

January 10, 2013

MSE finished and detected no threats. I'll go on to Junkware...

January 10, 2013

Here is the ComboFix log:

ComboFix 13-01-08.01 - z 01/10/2013 6:41.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.3665 [GMT -8:00]

Running from: c:\users\z\.swt\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\program files (x86)\intellidownload\gunzip.exe

c:\program files (x86)\smartdl

c:\program files (x86)\smartdl\gunzip.exe

c:\program files (x86)\smartdl\status-o

c:\programdata\Bcool

c:\programdata\Bcool\background.html

c:\programdata\Bcool\eekifemnhghopphmadcfepmcbnnphcnj.crx

c:\programdata\Roaming

C:\torrent.exe

c:\windows\msvcr71.dll

.

((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))

.

2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\dwayne\AppData\Local\temp

2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\Guest\AppData\Local\temp

2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\Guest.z-PC\AppData\Local\temp

2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\Guest.z-PC.000\AppData\Local\temp

2013-01-10 03:48 . 2013-01-10 03:48 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D50CF6C0-4486-4F2C-B386-CCD797C49534}\offreg.dll