# What should we remove from our old computer from the Hijackthis log?



## Methos' Morals (Nov 25, 2012)

I'm on a different computer now but the kids got a bunch of game-related crap on our old computer and it seems to be malicious. Malwarebyes didn't pick anything up but this play pickle and searchnu stuff and all kinds of toolbar mischief has gotten on there and I don't know what all. It's an older computer and it still runs mostly alright but certain games aren't working there now and the web browsers have been tampered with. And maybe not coincidentally our Malwarebytes got some weird glitch where it wouldn't update or run and we had to uninstall and reinstall it to run. 

We'd like to nip the problem in the bud here. I ran hijackthis and if you all could tell us what to remove that isn't right, we'd appreciate it. I don't know this play pickle thing but when I tried to uninstall it from Firefox it actually kept coming back up and when I tried to uninstall it from the computer with REVO's uninstaller it informed me that it was just placed in the autorun file.  I went and took it off that list though. It certainly acts malicious. Anyway, please tell us what looks bad from our Hijackthis log to get rid of:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:42:25 PM, on 11/24/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\1100845095\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\TWAIN_32\A4CIS\WATCH.exe
C:\MSCAN\Msoffice\panel.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\common files\aol\1100845095\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1100845095\EE\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\*****\Local Settings\Temp\install_flashplayer11x32ax_chra_aih[1].exe
C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=94c8a1c6000000000000000f1f475c0c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=au...d=11603&camp_id=1912&tb_version=2.5.15000.521
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WINDOW~4\Datamngr\IEBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100845095\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4CIS\WATCH.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Escape%20The%20Emerald%20Star/Images/stg_drm.ocx
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://admin-dev.mhi.aol.com/netagent/objects/custappx2.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1353614206070
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atlantis9.bigfishgames.com/Reef/en_LuxorAmunRising/online/mjolauncher.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} (MFInstall Class) - http://c.ancestry.com/MFInstall/MFInstall.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/The%20Scruffs/Images/armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O20 - AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll c:\progra~1\window~4\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~1\Bandoo\Bandoo.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12284 bytes

Thanks for your time if you look it over.


----------



## Methos' Morals (Nov 25, 2012)

I should also add that we had some sort of email virus(?) that got us kicked off of numerous forums on that computer. First we've ever had that we know of.


----------



## johnb35 (Nov 26, 2012)

I need you to post a special log using hijackthis.  Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it.    Then copy and paste the contents back here.


----------



## Methos' Morals (Nov 26, 2012)

johnb35 said:


> I need you to post a special log using hijackthis.  Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it.    Then copy and paste the contents back here.



Okay, let's hope it's two for two on the John and Methos crapware assassination squad. 


2 Player Chess
2004 Mahjongg
21
2Wire Wireless Client
3ivx D4 4.5.1 Decoder (remove only)
5 Dice
8 Away
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Alchemist Special Edition
ALOT Toolbar
AncestryView
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
ArcSoft DVD SlideShow (Shared Components)
ArcSoft VideoImpression 2
AT&T Yahoo! High Speed Internet Home Networking Installer
Balloon Kaboom
Balloon Pop Special Edition
Bingo Master Special Edition
Blast Thru Special Edition
Block Rox
Boggle
BookWorm Deluxe 1.01
Booym
Bowling Mania Special Edition
Box Attack
Box Rox
Brain Power
Break Gold
Bricks of Atlantis
Brigade Balloon
Broadcom Management Programs
Castle Poker Special Edition
CCHelp
CCScore
Championship Chess
Chess
Chess Puzzle
Chica Password Manager 1.10.0.6
Color Wheel
Crazy 8
Crossword Maker
Crystal Wizard Special Edition
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support 5.0.0 (734)
Diamond Fall
DiMAGE Viewer
DirectX Media Runtime 5.1
Discover Painting for Kids SE
Dodgem
Download Updater (AOL LLC)
Draw Poker
Drone
Dual Mode Camera 8008 VGA+
DVD SlideShow
eGames GameButler
eGames Master's Edition 151
Escape Rosecliff Island
Escape Whisper Valley
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
Eusing Free Registry Cleaner
Extreme Animals Special Edition
Family Tree Maker 6.0
Flipem 3D
Flipster Special Edition
Galaxy of Games 1001
Galaxy of Games 201
Garret Special Edition
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Halma
Hangman Special Edition
Hex
High Low
HiJackThis
HLPIndex
HLPRFO
Hot Slots
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 960c series (Remove only)
ID Vault
InstallIQ Updater
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
iPhoto Plus 4
J2SE Runtime Environment 5.0 Update 4
Jack Solitaire
Jasc Paint Shop Photo Album
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 37
Jetball Special Edition
Jigsaw USA Special Edition
Just Aces
Kodak EasyShare software
KODAK Memory Albums
KODAK Picture Software
Kombat Kars Special Edition
KONICA_MINOLTA DiMAGE remote camera driver
KSU
Learn2 Player (Uninstall Only)
Lizardtech Express View Browser Plug-in
Ludo
Magic Balls
Magic Lines
Magic Square
Mahjong Match
Mahjongg Egyptian Special Edition
Mahjongg Empire Special Edition
Malwarebytes Anti-Malware version 1.65.1.1000
Master of Dwarves
Max Slots
Maze Cube
McAfee Security Scan Plus
Medi@Show
Memory Machine
Memory Match
Micro Innovations Optical Scroll Mouse
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mini Go
Modem Event Monitor
Modem Helper
Modem On Hold
Monkeys & Bananas Maze
Mozilla Firefox (3.6.28)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Munkey Boom
MVP Word Search
Mystery Solitaire
No Bull
No Match
Node Jumper Special Edition
Notifier
OTtBP
OTtBPSDK
Paper, Scissors, Rock
Paragon Bridge
PCDADDIN
PCDHELP
PCDLNCH
Peg Hop
PhotoScape
PhotoSuite 4 (Remove Only)
Professor Wilde
Pure Networks Port Magic
Puzzle Master 2 Special Edition
Pyramid
QuickTime
RahJongg- The Curse of Ra Special Edition
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Reversi
Revo Uninstaller 1.94
Roulette Fever Special Edition
Run Around
Secunia PSI (2.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SFR2
Shockwave
Skype™ 4.2
Slide Puzzle
Snowbound Sheri Special Edition
Sound Blaster Live!
Spades
SPCA1528 PC Driver
Speed Trip
SpywareBlaster v3.4
Square Solitaire
Strata Poker
Sunken Treasure
Super Word Slide
swMSM
Tai Match
Tai Xiu
TalkAndWrite
TextBridge Classic
The Sims Deluxe Edition
The Sims™ 2 Double Deluxe
Tile Blazer Special Edition
Triathalon
TriRangle
Tropical Poker Special Edition
Turbo Bingo
U.S. Slots Special Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vertical Tic Tac Toe
Video Poker
Viewpoint Media Player
VLC media player 1.1.7
VPRINTOL
Wendy's Word Game Special Edition
Windows iLivid Toolbar
Windows Presentation Foundation
Windows XP Service Pack 3
WinHanaFuda
Wiz Solitaire
WModem Driver Installer
Word Scramble
Word Wars Special Edition
Word Whomp To Go
Word Wiz
WordPerfect Office 11


----------



## johnb35 (Nov 26, 2012)

Please uninstall the following programs.

ALOT Toolbar
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 37
McAfee Security Scan Plus
Viewpoint Media Player
Windows iLivid Toolbar

Then go here to download the lastest version of Java.

www.java.com

Then do the following so I can get a better idea of whats going on.


*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

*Combofix*


When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop.  The combofix icon will look like this when it has downloaded to your desktop.





We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:


Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found *here*.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.





ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.





Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:





At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.

Please click on yes in the next window to continue scanning for malware.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.





When ComboFix has finished running, you will see a screen stating that it is preparing the log report.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.  

Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy.  Then come to the forum in your reply and right click on your mouse and click on paste.  



In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## Methos' Morals (Nov 27, 2012)

Okay, I don't know if any of this is relevant, but, better safe than sorry. I uninstalled half the things this morning here and while I was gone adobe was updated by someone. I hope that doesn't botch anything up. I just uninstalled the rest and rebooted. There's an iLivid icon still on desktop. I downloaded Combofix. It's running now, but I had AOL running while it started. I shut it down when I saw it shouldn't be on. I'd run Combofix before but forgot about that. Sorry. If I have to redo it, let me know. If not, I'll post the results shortly, hopefully.


----------



## Methos' Morals (Nov 27, 2012)

Okay: 

*ComboFix:*


ComboFix 12-11-26.02 - *******
 11/26/2012  22:44:05.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.584 [GMT -5:00]
Running from: c:\documents and settings\*******\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\*******\Application Data\AdobeDLM.log
c:\documents and settings\*******\WINDOWS
c:\windows\~GLC0000.TMP
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\expert
c:\windows\expert\XSNCR.INI
c:\windows\help\wmplayer.bak
c:\windows\iun6002.exe
c:\windows\patch.exe
c:\windows\system32\comrepl.exe
c:\windows\system32\DC120fc7_32.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-10-27 to 2012-11-27  )))))))))))))))))))))))))))))))
.
.
2012-11-27 03:13 . 2012-11-27 03:13 -------- d-----w- c:\program files\Common Files\Java
2012-11-27 03:12 . 2012-11-27 03:11 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-23 02:38 . 2012-11-23 02:38 388096 ----a-r- c:\documents and settings\*******\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-23 02:38 . 2012-11-23 02:38 -------- d-----w- c:\program files\Trend Micro
2012-11-22 19:52 . 2012-11-22 19:52 -------- dc----w- C:\Malwarebytes
2012-11-22 19:49 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-22 19:49 . 2012-11-22 19:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-02 17:40 . 2012-11-27 03:11 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-02 17:40 . 2012-11-27 03:11 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 15:43 . 2012-05-24 23:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-18 15:43 . 2011-05-19 03:56 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-02 17:39 . 2010-08-30 11:21 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-22 08:37 . 2003-07-15 21:01 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2002-08-29 10:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-03 11:50 . 2011-12-14 20:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-03 11:50 . 2011-12-14 20:51 499712 ----a-w- c:\windows\system32\msvcp71.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-06-22 155648]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-06-22 126976]
"HostManager"="c:\program files\Common Files\AOL\1100845095\ee\AOLSoftware.exe" [2010-03-08 41800]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2010-07-13 70720]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-09-03 296096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\*******\Start Menu\Programs\Startup\
Watch.lnk - c:\windows\TWAIN_32\A4CIS\WATCH.exe [2005-5-10 184320]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0SsiEfr.e
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]
backup=c:\windows\pss\KODAK Picture Transfer Software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2006-08-20 00:51 356352 ----a-w- c:\program files\Micro Innovations\Optical Scroll\mouse32a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pogo Games\\BookWorm Deluxe\\BookWorm.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1100845095\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Pogo Games\\Word Whomp To Go\\WordWhompToGo.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Common Files\\AOL\\1100845095\\EE\\aolsoftware.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\AOLBrowser\\aolbrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
.
R2 MustekMA1908Driver;MustekMA1908Driver;c:\windows\SYSTEM32\DRIVERS\MA1908.SYS [5/10/2005 8:32 AM 22528]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 9:24 AM 399416]
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [4/30/2004 5:20 PM 23296]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\*******~1\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\*******~1\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 9:24 AM 993848]
S3 SNDP202;Dual Mode Camera 8008 VGA+;c:\windows\SYSTEM32\DRIVERS\sndp202.sys [2/9/2006 7:20 PM 227072]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 15:43]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 02:38]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 02:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=114066&tt=3612_6&babsrc=HP_ss&mntrId=94c8a1c6000000000000000f1f475c0c
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
TCP: DhcpNameServer = 192.168.1.254
DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} - hxxp://admin-dev.mhi.aol.com/netagent/objects/custappx2.CAB
DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} - hxxp://c.ancestry.com/MFInstall/MFInstall.cab
FF - ProfilePath - c:\documents and settings\*******\Application Data\Mozilla\Firefox\Profiles\se21gico.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=406&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {0153E448-190B-4987-BDE1-F256CADA672F} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=94c8a1c6000000000000000f1f475c0c&q=
FF - user.js: extensions.BabylonToolbar.id - 94c8a1c6000000000000000f1f475c0c
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15586
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.127:41
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114066&tt=3612_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
AddRemove-Bogglev1 - c:\windows\DeIsL1.isu
AddRemove-Microsoft Interactive Training - c:\windows\orun32.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-26 23:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3459216650-3883230224-1220620696-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3459216650-3883230224-1220620696-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W% %-*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3459216650-3883230224-1220620696-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W% %-*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\WRLogonNTF.dll
.
Completion time: 2012-11-26  23:06:27
ComboFix-quarantined-files.txt  2012-11-27 04:06
.
Pre-Run: 2,035,032,064 bytes free
Post-Run: 2,661,818,368 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 34359582682ED8402D2D5BCA84B08F93

HijackThis new scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:28 PM, on 11/26/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\1100845095\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\WINDOWS\TWAIN_32\A4CIS\WATCH.exe
C:\MSCAN\Msoffice\panel.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1100845095\EE\aolsoftware.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=94c8a1c6000000000000000f1f475c0c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - !{ba00b7b1-0351-477a-b948-23e3ee5a73d4} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100845095\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4CIS\WATCH.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Escape%20The%20Emerald%20Star/Images/stg_drm.ocx
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://admin-dev.mhi.aol.com/netagent/objects/custappx2.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1353614206070
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atlantis9.bigfishgames.com/Reef/en_LuxorAmunRising/online/mjolauncher.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} (MFInstall Class) - http://c.ancestry.com/MFInstall/MFInstall.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/The%20Scruffs/Images/armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~1\Bandoo\Bandoo.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10190 bytes


----------



## johnb35 (Nov 27, 2012)

Can't remember if you said you or don't but if you don't use all that AOL software, uninstall it.  AOL tends to drag your system down a lot.

I need you to run a special script for combofix.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box


```
Driver::

ewdmaudn
```

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


Also rerun hijackthis and place checks next to the following entries.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - !{ba00b7b1-0351-477a-b948-23e3ee5a73d4} - (no file)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Then click on fix checked.


----------



## Methos' Morals (Nov 28, 2012)

I don't use all the AOL software on my personal laptop but the lady of the house likes it on her old desktop computer. Maybe I could persuade her to junk it and just sign into the website like I do. 

ComboFix 12-11-27.01 - ****** 11/27/2012  20:33:20.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.583 [GMT -5:00]
Running from: c:\documents and settings\******\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\******\Desktop\CFScript.txt
AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EWDMAUDN
-------\Service_ewdmaudn
.
.
(((((((((((((((((((((((((   Files Created from 2012-10-28 to 2012-11-28  )))))))))))))))))))))))))))))))
.
.
2012-11-27 03:13 . 2012-11-27 03:13	--------	d-----w-	c:\program files\Common Files\Java
2012-11-27 03:12 . 2012-11-27 03:11	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-11-23 02:38 . 2012-11-23 02:38	388096	----a-r-	c:\documents and settings\******\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-23 02:38 . 2012-11-23 02:38	--------	d-----w-	c:\program files\Trend Micro
2012-11-22 19:52 . 2012-11-22 19:52	--------	dc----w-	C:\Malwarebytes
2012-11-22 19:49 . 2012-09-30 00:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-22 19:49 . 2012-11-22 19:49	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-11-02 17:40 . 2012-11-27 03:11	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-11-02 17:40 . 2012-11-27 03:11	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 15:43 . 2012-05-24 23:00	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-18 15:43 . 2011-05-19 03:56	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-02 17:39 . 2010-08-30 11:21	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-22 08:37 . 2003-07-15 21:01	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2002-08-29 10:00	58368	----a-w-	c:\windows\system32\synceng.dll
2012-09-03 11:50 . 2011-12-14 20:51	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-09-03 11:50 . 2011-12-14 20:51	499712	----a-w-	c:\windows\system32\msvcp71.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-06-22 155648]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-06-22 126976]
"HostManager"="c:\program files\Common Files\AOL\1100845095\ee\AOLSoftware.exe" [2010-03-08 41800]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2010-07-13 70720]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-09-03 296096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\******\Start Menu\Programs\Startup\
Watch.lnk - c:\windows\TWAIN_32\A4CIS\WATCH.exe [2005-5-10 184320]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0SsiEfr.e
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]
backup=c:\windows\pss\KODAK Picture Transfer Software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2006-08-20 00:51	356352	----a-w-	c:\program files\Micro Innovations\Optical Scroll\mouse32a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pogo Games\\BookWorm Deluxe\\BookWorm.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1100845095\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Pogo Games\\Word Whomp To Go\\WordWhompToGo.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Common Files\\AOL\\1100845095\\EE\\aolsoftware.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\AOLBrowser\\aolbrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
.
R2 MustekMA1908Driver;MustekMA1908Driver;c:\windows\SYSTEM32\DRIVERS\MA1908.SYS [5/10/2005 8:32 AM 22528]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 9:24 AM 399416]
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [4/30/2004 5:20 PM 23296]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?]
S3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 9:24 AM 993848]
S3 SNDP202;Dual Mode Camera 8008 VGA+;c:\windows\SYSTEM32\DRIVERS\sndp202.sys [2/9/2006 7:20 PM 227072]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 15:43]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 02:38]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 02:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=114066&tt=3612_6&babsrc=HP_ss&mntrId=94c8a1c6000000000000000f1f475c0c
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
TCP: DhcpNameServer = 192.168.1.254
DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} - hxxp://admin-dev.mhi.aol.com/netagent/objects/custappx2.CAB
DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} - hxxp://c.ancestry.com/MFInstall/MFInstall.cab
FF - ProfilePath - c:\documents and settings\******\Application Data\Mozilla\Firefox\Profiles\se21gico.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=406&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {0153E448-190B-4987-BDE1-F256CADA672F} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=94c8a1c6000000000000000f1f475c0c&q=
FF - user.js: extensions.BabylonToolbar.id - 94c8a1c6000000000000000f1f475c0c
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15586
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.127:41
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114066&tt=3612_6
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-27 20:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3459216650-3883230224-1220620696-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3459216650-3883230224-1220620696-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%%-*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3459216650-3883230224-1220620696-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%%-*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\WRLogonNTF.dll
.
- - - - - - - > 'explorer.exe'(3660)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\System32\CTsvcCDA.exe
c:\windows\system32\drivers\dcfssvc.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsrte.exe
c:\windows\wanmpsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\mscan\Msoffice\panel.exe
c:\program files\common files\aol\1100845095\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\Common Files\AOL\1100845095\EE\anotify.exe
.
**************************************************************************
.
Completion time: 2012-11-27  21:05:31 - machine was rebooted
ComboFix-quarantined-files.txt  2012-11-28 02:05
ComboFix2.txt  2012-11-27 04:06
.
Pre-Run: 2,638,548,992 bytes free
Post-Run: 2,631,233,536 bytes free
.
- - End Of File - - B82B64B57AF61F280533E83A56366743


Did you want me to run Hijack this after too? Just in case, here it is after getting rid of those items and combofix running:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:26:28 PM, on 11/27/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\1100845095\ee\AOLSoftware.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\TWAIN_32\A4CIS\WATCH.exe
C:\MSCAN\Msoffice\panel.exe
c:\program files\common files\aol\1100845095\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1100845095\EE\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=94c8a1c6000000000000000f1f475c0c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - !{ba00b7b1-0351-477a-b948-23e3ee5a73d4} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100845095\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4CIS\WATCH.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Escape%20The%20Emerald%20Star/Images/stg_drm.ocx
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://admin-dev.mhi.aol.com/netagent/objects/custappx2.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1353614206070
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atlantis9.bigfishgames.com/Reef/en_LuxorAmunRising/online/mjolauncher.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} (MFInstall Class) - http://c.ancestry.com/MFInstall/MFInstall.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/The%20Scruffs/Images/armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~1\Bandoo\Bandoo.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9190 bytes


----------



## johnb35 (Nov 28, 2012)

Looks good.  I would suggest getting rid of the babylon addon in your firefox browser.  

Yeah, if you can persuade them to get rid of AOL, the system will work better.

Oops, looks like you missed one in hijackthis.

O3 - Toolbar: (no name) - !{ba00b7b1-0351-477a-b948-23e3ee5a73d4} - (no file)


----------



## Methos' Morals (Nov 28, 2012)

No, Amy. We thank you for _your_ participation. 



johnb35 said:


> Looks good.  I would suggest getting rid of the babylon addon in your firefox browser.
> 
> Yeah, if you can persuade them to get rid of AOL, the system will work better.
> 
> ...



Cool, I will get them out of there. Babylon is on IE too, I think. May have been there before the kids started in with the games. It seems like no one downloads anything on that computer without getting some extra junk. 
Thanks for walking me through everything. I keep thinking, eventually I'll pick up on this stuff myself but it never takes.


----------



## johnb35 (Nov 28, 2012)

Methos' Morals said:


> No, Amy. We thank you for _your_ participation.



That was spam, just ignore it.  It has been deleted.


----------



## johnb35 (Nov 28, 2012)

Lets go ahead and scan your system for adware.

Please download* AdwCleaner* by Xplode onto your Desktop.

•Double click on AdwCleaner.exe to run the tool.
•Click on Search.
•A logfile will automatically open after the scan has finished.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


----------



## Methos' Morals (Nov 29, 2012)

That toolbar thing, the O3, no name, no file one, I tried to get rid of several times with Hijackthis and it just keeps showing up over and over when I run the scan to check. I don't know what's up with that. I'll run the adware thing now.


----------



## johnb35 (Nov 29, 2012)

Methos' Morals said:


> That toolbar thing, the O3, no name, no file one, I tried to get rid of several times with Hijackthis and it just keeps showing up over and over when I run the scan to check. I don't know what's up with that. I'll run the adware thing now.



It might not go away, its an AOL toolbar.  Might be dependent on another AOL program.  Waiting for your next log.


----------



## Methos' Morals (Nov 29, 2012)

Sorry, I couldn't post that right away. Here's the log:

# AdwCleaner v2.009 - Logfile created 11/28/2012 at 20:05:17
# Updated 24/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ****** - ******
# Boot Mode : Normal
# Running from : C:\Documents and Settings\******\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Bandoo Coordinator

***** [Files / Folders] *****

File Found : C:\Documents and Settings\******\Application Data\Mozilla\Firefox\Profiles\se21gico.default\searchplugins\SearchResults.xml
File Found : C:\Program Files\Mozilla Firefox\.autoreg
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Found : C:\user.js
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\Bandoo
Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\******\Application Data\Babylon
Folder Found : C:\Documents and Settings\******\Application Data\Bandoo
Folder Found : C:\Documents and Settings\******\Application Data\searchquband
Folder Found : C:\Documents and Settings\******\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\******\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\******\Local Settings\Application Data\Ilivid Player
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\Program Files\Trymedia
Folder Found : C:\Program Files\Viewpoint

***** [Registry] *****

Key Found : HKCU\Software\Freeze.com
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\PriceGong
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-3459216650-3883230224-1220620696-1007\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=114066&tt=3612_6&babsrc=HP_ss&mntrId=94c8a1c6000000000000000f1f475c0c

-\\ Mozilla Firefox v3.6.28 (en-US)

Profile name : default 
File : C:\Documents and Settings\******\Application Data\Mozilla\Firefox\Profiles\se21gico.default\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=114066&tt=3612_6&babsrc=NT_ss&mntr[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=114066&tt=3612_6");
Found : user_pref("extensions.BabylonToolbar.bbDpng", "19");
Found : user_pref("extensions.BabylonToolbar.cntry", "US");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "0609C842E936C63FF3E43C0952A507E3");
Found : user_pref("extensions.BabylonToolbar.hmpg", true);
Found : user_pref("extensions.BabylonToolbar.id", "94c8a1c6000000000000000f1f475c0c");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15586");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.127:41:55");
Found : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"50\",\"lastVrsn\":\"50\",\"vrsnLoad\[...]
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.sg", "tzb");
Found : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.127:41:55");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114066&tt=3612_6");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.127:41:55");
Found : user_pref("extensions.crossriderapp1950.1950.InstallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp1950.1950.InstallationTime", 1328301648);
Found : user_pref("extensions.crossriderapp1950.1950.InstallationUserSettings.searchUserConifrmation", false[...]
Found : user_pref("extensions.crossriderapp1950.1950.InstallationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp1950.1950.InstallationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp1950.1950.InstallationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp1950.1950.active", true);
Found : user_pref("extensions.crossriderapp1950.1950.addressbar", "");
Found : user_pref("extensions.crossriderapp1950.1950.affid", "0");
Found : user_pref("extensions.crossriderapp1950.1950.backgroundjs", "\n//------------------  PLUGIN resource[...]
Found : user_pref("extensions.crossriderapp1950.1950.backgroundver", 13);
Found : user_pref("extensions.crossriderapp1950.1950.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp1950.1950.changeprevious", false);
Found : user_pref("extensions.crossriderapp1950.1950.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie.InstallationTime.value", "1328301648");
Found : user_pref("extensions.crossriderapp1950.1950.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22de[...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_aoi.value", "1328301648");
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_country_code.expiration", "Wed Dec 05 2012 [...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_country_code.value", "%22US%22");
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_installer_params.value", "%7B%22sub_id%22%3[...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_parent_zoneid.value", "%2213620%22");
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_pc_20120828.value", "1353362533395");
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_product_id.value", "%221042%22");
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_zoneid.value", "%2217979%22");
Found : user_pref("extensions.crossriderapp1950.1950.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Found : user_pref("extensions.crossriderapp1950.1950.cookie.dbtest.value", "1353362527123");
Found : user_pref("extensions.crossriderapp1950.1950.description", "RewardsArcade allows you to play multipl[...]
Found : user_pref("extensions.crossriderapp1950.1950.domain", "www.rewardsarcade.com");
Found : user_pref("extensions.crossriderapp1950.1950.emailsig", "");
Found : user_pref("extensions.crossriderapp1950.1950.enablesearch", false);
Found : user_pref("extensions.crossriderapp1950.1950.exposesites", "");
Found : user_pref("extensions.crossriderapp1950.1950.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp1950.1950.group", 0);
Found : user_pref("extensions.crossriderapp1950.1950.homepage", "");
Found : user_pref("extensions.crossriderapp1950.1950.iframe", false);
Found : user_pref("extensions.crossriderapp1950.1950.js", "\n\n//------------------ USER PLUGIN GPL Plugin ([...]
Found : user_pref("extensions.crossriderapp1950.1950.manifesturl", "");
Found : user_pref("extensions.crossriderapp1950.1950.name", "RewardsArcade Suite");
Found : user_pref("extensions.crossriderapp1950.1950.newtab", "");
Found : user_pref("extensions.crossriderapp1950.1950.opensearch", "");
Found : user_pref("extensions.crossriderapp1950.1950.premium", true);
Found : user_pref("extensions.crossriderapp1950.1950.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp1950.1950.searchstatus", 0);
Found : user_pref("extensions.crossriderapp1950.1950.setnewtab", false);
Found : user_pref("extensions.crossriderapp1950.1950.settingsurl", "");
Found : user_pref("extensions.crossriderapp1950.1950.thankyou", "hxxp://www.rewardsarcade.com/r.php?app_id=1[...]
Found : user_pref("extensions.crossriderapp1950.1950.updateinterval", 360);
Found : user_pref("extensions.crossriderapp1950.1950.ver", 62);
Found : user_pref("extensions.crossriderapp1950.apps", "1950");
Found : user_pref("extensions.crossriderapp1950.bic", "1354683302c32c66690df156e4abed7e");
Found : user_pref("extensions.crossriderapp1950.cid", 1950);
Found : user_pref("extensions.crossriderapp1950.firstrun", false);
Found : user_pref("extensions.crossriderapp1950.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp1950.installationdate", 1328327897);
Found : user_pref("extensions.crossriderapp1950.jsver", 3);
Found : user_pref("extensions.crossriderapp1950.lastcheck", 22569153);
Found : user_pref("extensions.crossriderapp1950.lastcheckitem", 22569153);
Found : user_pref("extensions.crossriderapp1950.misc.lastBgWorkerTimer", "1354149247533");
Found : user_pref("extensions.crossriderapp1950.misc.lastDomWorkerTimer", "1354149247522");
Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=406&q=");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\******\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.1] : urls_to_restore_on_startup ={ "backup": { "_signature": "ewUSiDGumjCXSVTM3zTG6O89cxgcyUvyR\/5aj+AIDYI=", "_version": 3, "browser": { "show_home_button": false }, "extensions": { "ids": [ "ahfgeienlihckogmohjhadlkjgocpleb", "blpcfgokakmgnkcojhhkbfbldkacnbeo", "coobgpohoikkiipiblmjeljniedjpjpf", "ielefkgbofdpglioecfjcbikholflklb", "jfmjfhklogoienhpfnppmbcbjfjnkonk", "pjkljhegncpnkpknbcohdijeoejaedia" ] }, "homepage": "hxxp:\/\/www.google.com\/", "homepage_is_newtabpage": false, "session": { "restore_on_startup": 4,  [ "hxxp:\/\/www.google.com\/" ] } }, "browser": { "last_known_google_url": "hxxp:\/\/www.google.com\/", "last_prompted_google_url": "hxxp:\/\/www.google.com\/", "window_placement": { "bottom": 724, "left": 10, "maximized": false, "right": 1014, "top": 10, "work_area_bottom": 734, "work_area_left": 0, "work_area_right": 1024, "work_area_top": 0 } }, "countryid_at_install": 21843, "default_apps_install_state": 1, "distribution": { "create_all_shortcuts": true, "do_not_launch_chrome": true, "import_history": false, "import_search_engine": false, "make_chrome_default": false, "ping_delay": 10, "show_welcome_page": true, "skip_first_run_ui": false, "verbose_logging": false }, "dns_prefetching": { "host_referral_list": [ 2, [ "hxxp:\/\/contentcache-a.akamaihd.net\/", [ "hxxp:\/\/trkjmp.com\/", 2.457556 ] ], [ "hxxp:\/\/tools.google.com\/", [ "hxxp:\/\/fonts.googleapis.com\/", 2.457556, "hxxp:\/\/themes.googleusercontent.com\/", 2.457556, "hxxp:\/\/tools.google.com\/", 2.769336, "hxxp:\/\/www.google-analytics.com\/", 2.145777, "hxxp:\/\/www.google.com\/", 3.081115 ] ], [ "hxxp:\/\/www.facebook.com\/", [ "hxxp:\/\/contentcache-a.akamaihd.net\/", 2.145777, "hxxp:\/\/static.ak.fbcdn.net\/", 4.951792 ] ], [ "hxxp:\/\/www.google.com\/", [ "hxxp:\/\/ssl.gstatic.com\/", 2.145777, "hxxp:\/\/www.google.com\/", 4.640013 ] ], [ "hxxp:\/\/www.rewardsarcade.com\/", [ "hxxp:\/\/ads2srv.com\/", 2.457556, "hxxp:\/\/app-static.crossrider.com\/", 2.145777, "hxxp:\/\/contentcache-a.akamaihd.net\/", 2.145777, "hxxp:\/\/track.ads2srv.com\/", 2.457556 ] ], [ "hxxps:\/\/a248.e.akamai.net\/", [ "hxxps:\/\/a248.e.akamai.net\/", 2.145777, "hxxps:\/\/hoopdeloop.king.com\/", 2.769336 ] ], [ "hxxps:\/\/apps.facebook.com\/", [ "hxxps:\/\/apps.facebook.com\/", 2.208657, "hxxps:\/\/s-static.ak.fbcdn.net\/", 0.934700 ] ], [ "hxxps:\/\/bling.king.com\/", [ "hxxps:\/\/altfarm.mediaplex.com\/", 2.208657, "hxxps:\/\/bling.king.com\/", 1.372146, "hxxps:\/\/bling1.midasplayer.com\/", 0.730314, "hxxps:\/\/cdn.rockyou.com\/", 2.208657, "hxxps:\/\/cdnrockyou-a.akamaihd.net\/", 2.850489, "hxxps:\/\/ox-d.king.com\/", 0.499649, "hxxps:\/\/rya.rockyou.com\/", 3.171405, "hxxps:\/\/secserv.adtech.de\/", 0.409398, "hxxps:\/\/ssl-i.cdn.openx.com\/", 0.236516, "hxxps:\/\/ssl.google-analytics.com\/", 1.715513 ] ], [ "hxxps:\/\/bubblewitch.king.com\/", [ "hxxps:\/\/bling.king.com\/", 3.392895, "hxxps:\/\/bling1.midasplayer.com\/", 3.099388, "hxxps:\/\/bubblewitch.king.com\/", 2.787609, "hxxps:\/\/bw1.midasplayer.com\/", 4.640013, "hxxps:\/\/connect.facebook.net\/", 2.145777, "hxxps:\/\/graph.facebook.com\/", 2.778472, "hxxps:\/\/s-static.ak.facebook.com\/", 3.081115, "hxxps:\/\/www.facebook.com\/", 3.099388 ] ], [ "hxxps:\/\/bw1.midasplayer.com\/", [ "hxxps:\/\/bubblewitch.king.com\/", 2.850489, "hxxps:\/\/bw1.midasplayer.com\/", 2.208657 ] ], [ "hxxps:\/\/cdnrockyou-a.akamaihd.net\/", [ "hxxps:\/\/bling.king.com\/", 2.208657 ] ], [ "hxxps:\/\/fb-0.hidden.zynga.com\/", [ "hxxps:\/\/ads.socialvi.be\/", 2.208657, "hxxps:\/\/api.zynga.com\/", 2.208657, "hxxps:\/\/connect.facebook.net\/", 2.208657, "hxxps:\/\/graph.facebook.com\/", 2.850489, "hxxps:\/\/s-static.ak.facebook.com\/", 3.171405, "hxxps:\/\/static.socialvi.be\/", 2.529573, "hxxps:\/\/www.facebook.com\/", 2.529573, "hxxps:\/\/zbar.zynga.com\/", 2.208657, "hxxps:\/\/zynga1-a.akamaihd.net\/", 12.343620, "hxxps:\/\/zynga2-a.akamaihd.net\/", 3.901313 ] ], [ "hxxps:\/\/hoopdeloop.king.com\/", [ "hxxps:\/\/bling.king.com\/", 4.640013, "hxxps:\/\/bling1.midasplayer.com\/", 4.951792, "hxxps:\/\/connect.facebook.net\/", 2.145777, "hxxps:\/\/geo.tp-cdn.com\/", 2.145777, "hxxps:\/\/graph.facebook.com\/", 3.081115, "hxxps:\/\/hoopdeloop.king.com\/", 2.457556, "hxxps:\/\/s-static.ak.facebook.com\/", 3.081115, "hxxps:\/\/s-static.ak.fbcdn.net\/", 2.457556, "hxxps:\/\/www.facebook.com\/", 4.016454, "hxxps:\/\/www.trialpay.com\/", 2.457556 ] ], [ "hxxps:\/\/partners.socialvi.be\/", [ "hxxps:\/\/s3.amazonaws.com\/", 0.186683, "hxxps:\/\/sb.scorecardresearch.com\/", 0.186673, "hxxps:\/\/stags.bluekai.com\/", 0.186604, "hxxps:\/\/static.socialvi.be\/", 0.609828, "hxxps:\/\/tp.socialvi.be\/", 0.186594 ] ], [ "hxxps:\/\/platform.twitter.com\/", [ "hxxps:\/\/cdn.api.twitter.com\/", 0.317148, "hxxps:\/\/p.twitter.com\/", 0.317148, "hxxps:\/\/r.twimg.com\/", 0.317148 ] ], [ "hxxps:\/\/s-assets.tp-cdn.com\/", [ "hxxps:\/\/geo.tp-cdn.com\/", 2.457556 ] ], [ "hxxps:\/\/wwf-fb.zyngawithfriends.com\/", [ "hxxps:\/\/wwf-fb.static.zgncdn.com\/", 2.769336, "hxxps:\/\/zpay.static.zynga.com\/", 2.769336, "hxxps:\/\/zynga1-a.akamaihd.net\/", 2.457556, "hxxps:\/\/zynga2-a.akamaihd.net\/", 2.769336 ] ], [ "hxxps:\/\/zynga1-a.akamaihd.net\/", [ "hxxps:\/\/ajax.googleapis.com\/", 2.145777, "hxxps:\/\/web-0.hidden.zynga.com\/", 5.648443, "hxxps:\/\/zbar.zynga.com\/", 2.145777, "hxxps:\/\/zynga1-a.akamaihd.net\/", 6.335453, "hxxps:\/\/zynga2-a.akamaihd.net\/", 3.108525, "hxxps:\/\/zynga3-a.akamaihd.net\/", 4.775985, "hxxps:\/\/zynga4-a.akamaihd.net\/", 3.813237 ] ] ], "startup_list": [ 1, "hxxp:\/\/app-static.crossrider.com\/", "hxxp:\/\/fonts.googleapis.com\/", "hxxp:\/\/p5-r7nf2cfxrt6is-hzldmjs36gyexrpf-891206-i1-v6exp3-v4.metric.gstatic.com\/", "hxxp:\/\/p5-r7nf2cfxrt6is-hzldmjs36gyexrpf-891206-i2-v6exp3-ds.metric.gstatic.com\/", "hxxp:\/\/ssl.gstatic.com\/", "hxxp:\/\/themes.googleusercontent.com\/", "hxxp:\/\/tools.google.com\/", "hxxp:\/\/www.google-analytics.com\/", "hxxp:\/\/www.google.com\/", "hxxps:\/\/crossrider.cotssl.net\/" ] }, "download": { "directory_upgrade": true }, "extensions": { "autoupdate": { "next_check": "12990389142726642" }, "chrome_url_overrides": { "bookmarks": [ "chrome-extension:\/\/eemcgdkfndhakfknompkggombfjjjeno\/main.html" ] }, "settings": { "ahfgeienlihckogmohjhadlkjgocpleb": { "app_launcher_ordinal": "n", "page_ordinal": "n" }, "blpcfgokakmgnkcojhhkbfbldkacnbeo": { "ack_external": true, "active_permissions": { "api": [ "appNotifications" ] }, "app_launcher_ordinal": "x", "events": [ "experimental.runtime.onInstalled" ], "from_bookmark": true, "from_webstore": true, "install_time": "12990372797799490", "location": 2, "manifest": { "app": { "launch": { "container": "tab", "web_url": "hxxp:\/\/www.youtube.com\/" }, "web_content": { "enabled": true, "origin": "hxxp:\/\/www.youtube.com" } }, "current_locale": "en_US", "default_locale": "en", "description": "The world's most popular online video community.", "icons": { "128": "128.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC\/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW\/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB", "name": "YouTube", "permissions": [ "appNotifications" ], "update_url": "hxxp:\/\/clients2.google.com\/service\/update2\/crx", "version": "4.2.5" }, "page_ordinal": "n", "path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0", "state": 1 }, "coobgpohoikkiipiblmjeljniedjpjpf": { "ack_external": true, "app_launcher_ordinal": "w", "events": [ "experimental.runtime.onInstalled" ], "from_bookmark": true, "from_webstore": true, "install_time": "12990372793854490", "location": 2, "manifest": { "app": { "launch": { "web_url": "hxxp:\/\/www.google.com\/webhp?source=search_app" }, "urls": [ "*:\/\/www.google.com\/search", "*:\/\/www.google.com\/webhp", "*:\/\/www.google.com\/imgres" ] }, "current_locale": "en_US", "default_locale": "en", "description": "The fastest way to search the web.", "icons": { "128": "128.png", "16": "16.png", "32": "32.png", "48": "48.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q\/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB", "name": "Google Search", "update_url": "hxxp:\/\/clients2.google.com\/service\/update2\/crx", "version": "0.0.0.19" }, "page_ordinal": "n", "path": "coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0", "state": 1 }, "ielefkgbofdpglioecfjcbikholflklb": { "active_permissions": { "api": [ "contextMenus", "cookies", "management", "notifications", "tabs" ], "explicit_host": [ "hxxp:\/\/*\/*", "hxxps:\/\/*\/*" ], "scriptable_host": [ "hxxp:\/\/*\/*", "hxxps:\/\/*\/*" ] }, "events": [ "experimental.runtime.onInstalled" ], "from_bookmark": false, "from_webstore": false, "install_time": "12990372783251490", "location": 3, "manifest": { "background_page": "background.html", "content_scripts": [ { "js": [ "js\/lib\/jquery-1.4.2.js", "js\/lib\/jquery_later.js", "js\/lib\/util.js", "js\/api\/request.js", "js\/api\/time.js", "js\/api\/cookie.js", "js\/api\/push.js", "js\/api\/debug.js", "js\/api\/fb_api.js", "js\/api\/dom.js", "js\/api\/chrome.js", "js\/api\/message.js", "js\/api\/analytics.js", "js\/api\/installer.js", "js\/lib\/async_api.js", "js\/lib\/fb_bridge.js", "js\/lib\/app_api.js" ], "matches": [ "hxxp:\/\/*\/*", "hxxps:\/\/*\/*" ], "run_at": "document_end" } ], "crossrider": { "appID": 1950, "background_script": "background.js", "debug": false, "user_script": "extension.js" }, "description": "RewardsArcade allows you to play multiplayer games with your friends! ", "icons": { "128": "\/icons\/icon128.png", "16": "\/icons\/icon16.png", "48": "\/icons\/icon48.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDSX3hoBHjy9Qpg2rrHmwJIVcZ8ufBdD5PN9woNoCv6tepiGbqv+g94mnK6PT4PMe0Y+rhcocP6qzjtZuIofZhHFz7D6U5HsF3gWAXURd2Jm\/tgw5wHJelbrF2FbVcwXeX+uY+wtJKhZAZr1SdJFNUaEPwdXfMC2UVnKwQ9wDEDwIDAQAB", "name": "RewardsArcade Suite", "permissions": [ "hxxp:\/\/*\/*", "hxxps:\/\/*\/*", "tabs", "cookies", "management", "notifications", "contextMenus" ], "update_url": "hxxps:\/\/crossrider.cotssl.net\/plugin\/chrome\/update\/1950.xml", "version": "1.13.15" }, "path": "ielefkgbofdpglioecfjcbikholflklb\\1.13.15_0", "state": 1 }, "jfmjfhklogoienhpfnppmbcbjfjnkonk": { "active_permissions": { "api": [ "tabs" ], "explicit_host": [ "hxxp:\/\/*\/*", "hxxps:\/\/*\/*" ], "scriptable_host": [ "hxxp:\/\/*\/*", "hxxps:\/\/*\/*" ] }, "events": [ "experimental.runtime.onInstalled" ], "from_bookmark": false, "from_webstore": false, "install_time": "12990372755782490", "location": 3, "manifest": { "background_page": "background.html", "content_scripts": [ { "js": [ "contentscript.js" ], "matches": [ "hxxp:\/\/*\/*", "hxxps:\/\/*\/*" ], "run_at": "document_idle" } ], "description": "RealPlayer HTML5Video Downloader Extension", "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl0WKWTrid8Fh+tsoJPRheLc7tksPgH1NfLF79Fj3YKb0fk2Fip1eE\/chfSnGWQkxe5Ck2r+ZPba7m+FWQhZDCE5EXvOTDoqi7TEvjccW5pMpW5wCUOLKQVSttgBwkY8EUYt40SwtJ6HmLoPZfQmo9W3qAjnlhlF5AkY4jYgBv3QIDAQAB", "name": "RealPlayer HTML5Video Downloader Extension", "permissions": [ "tabs", "hxxp:\/\/*\/*", "hxxps:\/\/*\/*" ], "version": "1.5" }, "path": "jfmjfhklogoienhpfnppmbcbjfjnkonk\\1.5_0", "state": 1 }, "pjkljhegncpnkpknbcohdijeoejaedia": { "ack_external": true, "active_permissions": { "api": [ "notifications" ] }, "app_launcher_ordinal": "t", "events": [ "experimental.runtime.onInstalled" ], "from_bookmark": false, "from_webstore": true, "install_time": "12990372791244490", "location": 2, "manifest": { "app": { "launch": { "container": "tab", "web_url": "hxxps:\/\/mail.google.com\/mail\/ca" }, "urls": [ "*:\/\/mail.google.com\/mail\/ca" ] }, "current_locale": "en_US", "default_locale": "en", "description": "Fast, searchable email with less spam.", "icons": { "128": "128.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK\/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT\/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ\/CQIDAQAB", "name": "Gmail", "options_page": "hxxps:\/\/mail.google.com\/mail\/ca\/#settings", "permissions": [ "notifications" ], "update_url": "hxxp:\/\/clients2.google.com\/service\/update2\/crx", "version": "7" }, "page_ordinal": "n", "path": "pjkljhegncpnkpknbcohdijeoejaedia\\7_0", "state": 1 } } }, "first_run_tabs": [ "hxxp:\/\/www.google.com\/", "hxxp:\/\/welcome_page" ], "homepage": "hxxp:\/\/www.google.com\/", "homepage_is_newtabpage": false, "net": { "hxxp_server_properties": { "ad.doubleclick.net:443": { "settings": [ { "id": 4, "value": 100 }, { "id": 5, "value": 3 }, { "id": 6, "value": 23 } ], "supports_spdy": true }, "ajax.googleapis.com:443": { "settings": [ { "id": 4, "value": 100 }, { "id": 5, "value": 35 }, { "id": 6, "value": 0 } ], "supports_spdy": true }, "r.twimg.com:443": { "supports_spdy": true }, "securepubads.g.doubleclick.net:443": { "settings": [ { "id": 4, "value": 100 }, { "id": 5, "value": 32 }, { "id": 6, "value": 0 } ], "supports_spdy": true }, "ssl.google-analytics.com:443": { "settings": [ { "id": 4, "value": 100 }, { "id": 5, "value": 32 }, { "id": 6, "value": 0 } ], "supports_spdy": true }, "www.google.com:443": { "settings": [ { "id": 4, "value": 100 }, { "id": 5, "value": 32 }, { "id": 6, "value": 0 } ], "supports_spdy": true }, "www.googletagservices.com:443": { "settings": [ { "id": 4, "value": 100 }, { "id": 5, "value": 7 }, { "id": 6, "value": 0 } ], "supports_spdy": true } } }, "ntp": { "promo_resource_cache_update": "1345899152.94949" }, "plugins": { "enabled_internal_pdf3": true, "enabled_nacl": true, "last_internal_directory": "C:\\Program Files\\Google\\Chrome\\Application\\20.0.1132.57", "plugins_list": [ { "enabled": true, "name": "Remoting Viewer", "path": "internal-remoting-viewer", "version": "" }, { "enabled": true, "name": "Remoting Viewer" }, { "enabled": true, "name": "Native Client", "path": "C:\\Program Files\\Google\\Chrome\\Application\\20.0.1132.57\\ppGoogleNaClPluginChrome.dll", "version": "" }, { "enabled": true, "name": "Native Client" }, { "enabled": true, "name": "Chrome PDF Viewer", "path": "C:\\Program Files\\Google\\Chrome\\Application\\20.0.1132.57\\pdf.dll", "version": "" }, { "enabled": true, "name": "Chrome PDF Viewer" }, { "enabled": true, "name": "Shockwave Flash", "path": "C:\\Program Files\\Google\\Chrome\\Application\\20.0.1132.57\\gcswf32.dll", "version": "11,3,300,265" }, { "enabled": true, "name": "Shockwave Flash", "path": "C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_11_3_300_271.dll", "version": "11,3,300,271" }, { "enabled": true, "name": "Flash" }, { "enabled": true, "name": "Adobe Acrobat", "path": "C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll", "version": "10.1.3.23" }, { "enabled": false, "name": "Adobe Acrobat" }, { "enabled": true, "name": "Java Deployment Toolkit 6.0.260.3", "path": "C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll", "version": "6.0.260.3" }, { "enabled": true, "name": "Java(TM) Platform SE 6 U26", "path": "C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll", "version": "6.0.260.3" }, { "enabled": true, "name": "Java" }, { "enabled": true, "name": "downloadUpdater", "path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npdnu.dll", "version": "1.1.0.2" }, { "enabled": true, "name": "downloadUpdater2", "path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npdnupdater2.dll", "version": "1.3.0.0" }, { "enabled": true, "name": "downloadUpdater" }, { "enabled": true, "name": "RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ", "path": "C:\\Program Files\\Mozilla Firefox\\plugins\\nppl3260.dll", "version": "12.0.1.669" }, { "enabled": true, "name": "RealPlayer Version Plugin", "path": "C:\\Program Files\\Mozilla Firefox\\plugins\\nprpjplug.dll", "version": "12.0.1.669" }, { "enabled": true, "name": "RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ", "path": "C:\\Documents and Settings\\All Users\\Application Data\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprphtml5videoshim.dll", "version": "12.0.1.669" }, { "enabled": true, "name": "RealPlayer" }, { "enabled": true, "name": "RealJukebox NS Plugin", "path": "C:\\Program Files\\Mozilla Firefox\\plugins\\nprjplug.dll", "version": "12.0.1.669" }, { "enabled": true, "name": "RealJukebox NS Plugin" }, { "enabled": true, "name": "Microsoft® DRM", "path": "C:\\Program Files\\Windows Media Player\\npdrmv2.dll", "version": "9.00.00.4503" }, { "enabled": true, "name": "Microsoft® DRM", "path": "C:\\Program Files\\Windows Media Player\\npwmsdrm.dll", "version": "9.00.00.4503" }, { "enabled": true, "name": "Microsoft® DRM" }, { "enabled": true, "name": "Windows Media Player Plug-in Dynamic Link Library", "path": "C:\\Program Files\\Windows Media Player\\npdsplay.dll", "version": "3.0.2.629" }, { "enabled": true, "name": "Windows Media Player" }, { "enabled": true, "name": "RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ", "path": "C:\\Documents and Settings\\All Users\\Application Data\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprpchromebrowserrecordext.dll", "version": "12.0.1.669" }, { "enabled": true, "name": "RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) " }, { "enabled": true, "name": "Oberon com adapter", "path": "C:\\Program Files\\Common Files\\Oberon Media\\NCAdapter\\1.0.0.8\\npapicomadapter.dll", "version": "1.0.0.8" }, { "enabled": true, "name": "Oberon com adapter" }, { "enabled": true, "name": "Google Update", "path": "C:\\Program Files\\Google\\Update\\1.3.21.115\\npGoogleUpdate3.dll", "version": "1.3.21.115" }, { "enabled": true, "name": "Google Update" }, { "enabled": true, "name": "VLC Multimedia Plug-in", "path": "C:\\Program Files\\VideoLAN\\VLC\\npvlc.dll", "version": "1.1.7" }, { "enabled": true, "name": "VLC Multimedia Plug-in" }, { "enabled": true, "name": "MetaStream 3 Plugin", "path": "C:\\Program Files\\Viewpoint\\Viewpoint Experience Technology\\npViewpoint.dll", "version": "3, 2, 2, 26" }, { "enabled": true, "name": "MetaStream 3 Plugin" }, { "enabled": true, "name": "Shockwave for Director", "path": "C:\\WINDOWS\\system32\\Adobe\\Director\\np32dsw.dll", "version": "11.6.3r633" }, { "enabled": true, "name": "Shockwave" }, { "enabled": true, "name": "Silverlight Plug-In", "path": "c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll", "version": "4.1.10329.0" }, { "enabled": true, "name": "Silverlight" }, { "enabled": true, "name": "Windows Presentation Foundation", "path": "c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll", "version": "3.5.30729.1 built by: SP" }, { "enabled": true, "name": "Windows Presentation Foundation" } ] }, "profile": { "avatar_index": 0, "content_settings": { "pref_version": 1 }, "exited_cleanly": true, "name": "First user" }, "session": { "restore_on_startup": 4, "restore_on_startup_migrated": true,  [ "hxxp:\/\/www.google.com\/" ] }, "sync_promo": { "show_on_first_run_allowed": false } }

*************************

AdwCleaner[R1].txt - [32864 octets] - [28/11/2012 20:05:17]

########## EOF - C:\AdwCleaner[R1].txt - [32925 octets] ##########


----------



## johnb35 (Nov 29, 2012)

Now rerun the program again but this time open it and click on delete instead of search.  Then post the log it provides.


----------



## Methos' Morals (Nov 30, 2012)

Okay, here we are, lots of Babylon deletions. 

# AdwCleaner v2.009 - Logfile created 11/29/2012 at 22:32:21
# Updated 24/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ****** - ******
# Boot Mode : Normal
# Running from : C:\Documents and Settings\******\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Bandoo Coordinator

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\******\Application Data\Mozilla\Firefox\Profiles\se21gico.default\searchplugins\SearchResults.xml
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Bandoo
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\******\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\******\Application Data\Bandoo
Folder Deleted : C:\Documents and Settings\******\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\******\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\******\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\******\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Freeze.com
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\PriceGong
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=114066&tt=3612_6&babsrc=HP_ss&mntrId=94c8a1c6000000000000000f1f475c0c --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.28 (en-US)

Profile name : default 
File : C:\Documents and Settings\******\Application Data\Mozilla\Firefox\Profiles\se21gico.default\prefs.js

C:\Documents and Settings\******\Application Data\Mozilla\Firefox\Profiles\se21gico.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=114066&tt=3612_6&babsrc=NT_ss&mntr[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=114066&tt=3612_6");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "19");
Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "0609C842E936C63FF3E43C0952A507E3");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "94c8a1c6000000000000000f1f475c0c");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15586");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.127:41:55");
Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"50\",\"lastVrsn\":\"50\",\"vrsnLoad\[...]
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.sg", "tzb");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.127:41:55");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114066&tt=3612_6");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.127:41:55");
Deleted : user_pref("extensions.crossriderapp1950.1950.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp1950.1950.InstallationTime", 1328301648);
Deleted : user_pref("extensions.crossriderapp1950.1950.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp1950.1950.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp1950.1950.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp1950.1950.active", true);
Deleted : user_pref("extensions.crossriderapp1950.1950.addressbar", "");
Deleted : user_pref("extensions.crossriderapp1950.1950.affid", "0");
Deleted : user_pref("extensions.crossriderapp1950.1950.backgroundjs", "\n//------------------  PLUGIN resource[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.backgroundver", 13);
Deleted : user_pref("extensions.crossriderapp1950.1950.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp1950.1950.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie.InstallationTime.value", "1328301648");
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22de[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_aoi.value", "1328301648");
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_blocklist.expiration", "Thu Nov 29 2012 22:[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_country_code.expiration", "Wed Dec 05 2012 [...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_installer_params.value", "%7B%22sub_id%22%3[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_parent_zoneid.value", "%2213620%22");
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_pc_20120828.value", "1353362533395");
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_product_id.value", "%221042%22");
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_zoneid.value", "%2217979%22");
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.cookie.dbtest.value", "1353362527123");
Deleted : user_pref("extensions.crossriderapp1950.1950.description", "RewardsArcade allows you to play multipl[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.domain", "www.rewardsarcade.com");
Deleted : user_pref("extensions.crossriderapp1950.1950.emailsig", "");
Deleted : user_pref("extensions.crossriderapp1950.1950.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp1950.1950.exposesites", "");
Deleted : user_pref("extensions.crossriderapp1950.1950.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp1950.1950.group", 0);
Deleted : user_pref("extensions.crossriderapp1950.1950.homepage", "");
Deleted : user_pref("extensions.crossriderapp1950.1950.iframe", false);
Deleted : user_pref("extensions.crossriderapp1950.1950.js", "\n\n//------------------ USER PLUGIN GPL Plugin ([...]
Deleted : user_pref("extensions.crossriderapp1950.1950.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp1950.1950.name", "RewardsArcade Suite");
Deleted : user_pref("extensions.crossriderapp1950.1950.newtab", "");
Deleted : user_pref("extensions.crossriderapp1950.1950.opensearch", "");
Deleted : user_pref("extensions.crossriderapp1950.1950.premium", true);
Deleted : user_pref("extensions.crossriderapp1950.1950.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp1950.1950.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp1950.1950.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp1950.1950.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp1950.1950.thankyou", "hxxp://www.rewardsarcade.com/r.php?app_id=1[...]
Deleted : user_pref("extensions.crossriderapp1950.1950.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp1950.1950.ver", 62);
Deleted : user_pref("extensions.crossriderapp1950.apps", "1950");
Deleted : user_pref("extensions.crossriderapp1950.bic", "1354683302c32c66690df156e4abed7e");
Deleted : user_pref("extensions.crossriderapp1950.cid", 1950);
Deleted : user_pref("extensions.crossriderapp1950.firstrun", false);
Deleted : user_pref("extensions.crossriderapp1950.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp1950.installationdate", 1328327897);
Deleted : user_pref("extensions.crossriderapp1950.jsver", 3);
Deleted : user_pref("extensions.crossriderapp1950.lastcheck", 22570655);
Deleted : user_pref("extensions.crossriderapp1950.lastcheckitem", 22570771);
Deleted : user_pref("extensions.crossriderapp1950.misc.lastBgWorkerTimer", "1354246217644");
Deleted : user_pref("extensions.crossriderapp1950.misc.lastDomWorkerTimer", "1354246217594");
Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=406&q=");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\******\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : urls_to_restore_on_startup ={ "backup": { "_signature": "ewUSiDGumjCXSVTM3zTG6O89cxgcyUvyR\/5aj+AIDYI=", "_version": 3, "browser[...]

*************************

AdwCleaner[R1].txt - [32995 octets] - [28/11/2012 20:05:17]
AdwCleaner[S1].txt - [14496 octets] - [29/11/2012 22:32:21]

########## EOF - C:\AdwCleaner[S1].txt - [14557 octets] ##########


----------



## johnb35 (Nov 30, 2012)

Ok, your system should be pretty well clean by now.  How is it running?


----------



## Okedokey (Nov 30, 2012)

Honestly, 5 days.... you would have a much more responsive computer, 100% clean (not necessarily the case now) by backing up data and reinstalling Windows in the first place.  Just saying...


----------



## Okedokey (Nov 30, 2012)

Let me rephrase the above post a bit.  John does amazing work here in computer security.  Don't get me wrong.  John's probably the only one around here that can fix it.  But seriously, the methodology (on average) takes more than 4 days.

My approach is different i guess, i would've just given detailed description and method of backup and reinstall, done the first time it may be just as slow, but the results are far better.

An old XP or any windows for that matter, benefits massively from a reinstall and virtually ensures no malware 100%.

Also what's the reference to rewardsarchive.com?


----------



## Methos' Morals (Dec 4, 2012)

johnb35 said:


> Ok, your system should be pretty well clean by now.  How is it running?



It's definitely better, thanks. What glitches are left over with their Facebook flash games are looking to be problems with the actual company putting out those games. We don't see anything weird with the rest of the computer, right now.



bigfellla said:


> Honestly, 5 days.... you would have a much more responsive computer, 100% clean (not necessarily the case now) by backing up data and reinstalling Windows in the first place.  Just saying...





bigfellla said:


> Let me rephrase the above post a bit.  John does amazing work here in computer security.  Don't get me wrong.  John's probably the only one around here that can fix it.  But seriously, the methodology (on average) takes more than 4 days.
> 
> My approach is different i guess, i would've just given detailed description and method of backup and reinstall, done the first time it may be just as slow, but the results are far better.
> 
> ...



This suggestion might be best but it makes us nervous, man. We have never actually backed up anything. We've got zero experience or know-how involved with it. And it's got a bad cd rom drive. The computer is so old and there's just so much on it. We can't even defrag it anymore because there's so little space. And it's just years, and years, and years of family photos and records and programs and this and that and the other. And we have no experience in backing it up. 

I don't even know if we've got the software for the version of Windows that went with it. Honestly, even on my new laptop, I failed to be able to back the thing up when it recently got redone and the prompt has been there for a few months, I think. I had no idea what went wrong but it didn't work. This house is very low on technical savvy. We're basically just sitting here slobbering all over ourselves, occasionally trying to answer the phone by talking into loaves of bread or vacuum the carpet with shower curtain rods. It's not pretty. We're not smart people. It's shocking we haven't blown our house up trying to make the coffee. We should all have been born circa the time wheels were first put on barrows.


----------



## johnb35 (Dec 4, 2012)

If you have no space left on your drive then you have 2 options.

1.  Get a new drive, reinstall windows and use the drive you have now for storage since all your files are on it.  You can do this providing your case has room for another drive.

2.  Get a new bigger drive and clone your existing drive to it and you'll have more space.  

3.  However, if its been a few years since a fresh install has been done, then I highly recommend a fresh install of windows no matter what you do.


----------



## spirit (Dec 5, 2012)

Methos' Morals said:


> This suggestion might be best but it makes us nervous, man. We have never actually backed up anything. We've got zero experience or know-how involved with it.


You really need to start thinking about backing up your files. You never know when the drive they are all stored will die and take the files stored on the drive with it.


----------

