Jump to content

Need help to remove PUP.MyWebsearch


Recommended Posts

I've been having lots of issues with my pc's performance including being real slow, internet explorer not responding, and if I try to open a new tab I can't close it without going into my task manager and ending the process to get the browser to close. If I want a second web page open, I have to open 'a new window' only. My computer also says my version of windows needs activated (needs a registry key code). My only option is to hit activate later when starting my computer. I have the version of windows that came with the computer so its legit. I'm assuming some virus or something has caused it to do that.

I decided to run Malwarebytes and it found about 6 viruses. One of which was PUP.MyWebsearch. The other 'trojans' it mentioned were removed after the quick scan/reboot, but the PUP registry key was found again when I ran another quick scan. I'm not sure if this is what is causing all my issues, but was hoping to at least get rid of it and see if it helps my computer.

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/21/2009 2:10:29 AM

System Uptime: 1/22/2013 8:01:18 PM (1 hours ago)

.

Motherboard: Quanta | | 3602

Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | CPU | 1200/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 286 GiB total, 167.421 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.96 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

64 Bit HP CIO Components Installer

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Anchor Service CS4

Adobe Anchor Service x64 CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe CMaps x64 CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe CSI CS4 x64

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Drive CS4

Adobe Drive CS4 x64

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 11 ActiveX

Adobe Fonts All

Adobe Fonts All x64

Adobe Linguistics CS4

Adobe Linguistics CS4 x64

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe PDF Library Files x64 CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 (64 Bit)

Adobe Photoshop CS4 Support

Adobe Reader 9

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player 11.5

Adobe Type Support CS4

Adobe Type Support x64 CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe WinSoft Linguistics Plugin x64

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Agere Systems HDA Modem

AnyDVD

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

Broadcom 802.11 Wireless LAN Adapter

CloneDVD2

Compatibility Pack for the 2007 Office system

Connect

CyberLink DVD Suite

DHTML Editing Component

DivX Setup

DJ_AIO_06_F2400_SW_Min

ESU for Microsoft Vista

GeoVision ADPCM

GeoVision H264

GeoVision JPEG

GeoVision MPEG2

GeoVision MPEG4

GeoVision MPEG4 ASP

GeoVision MPEG4 AVC

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP Games

HP Help and Support

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart SmartMenu

HP MediaSmart TV

HP MediaSmart Webcam

HP MULTIPLE MODEM INSTALLER for VISTA

HP Quick Launch Buttons 6.40 H2

HP Smart Web Printing 4.60

HP Total Care Advisor

HP Update

HP User Guides 0128

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPTCSSetup

IDT Audio

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Juniper Networks, Inc. Setup Client

Juniper Terminal Services Client

Juno Preloader

kuler

LabelPrint

LightScribe System Software 1.14.17.1

Magic ISO Maker v5.4 (build 0239)

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox (3.6.4)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Reveal

NetZero Preloader

PCFriendly

PDF Settings CS4

Photoshop Camera Raw

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.6001.19088

Run by Matthew Worthington at 21:38:58 on 2013-01-22

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3998.1240 [GMT -6:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe

C:\Windows\system32\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\SMINST\BLService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Matthew Worthington\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ncaa.org/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uProxyServer = hxxp=127.0.0.1:25412

uURLSearchHooks: {9565115d-c7d6-46d3-bd63-b67b481a4368} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [2008087725] C:\Users\MATTHE~1\AppData\Local\Temp\\jucheck.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [spotify] "C:\Users\Matthew Worthington\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [spotify Web Helper] "C:\Users\Matthew Worthington\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [uCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Search - ?p=ZLxdm065VAUS

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://extremeprop.webex.com/client/WBXclient-T28L10NSP5-15074/nbr/ieatgpc1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ive1.txstate.edu/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{90123EFF-9ED4-44A8-87FC-CD3C88C9DEE1} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D84B776A-0891-4176-965F-41986E4FE0C3} : DHCPNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe

x64-Run: [smartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide

x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"

x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe

x64-mPolicies-Explorer: NoActiveDesktop = dword:1

x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: C:\Users\Matthew Worthington\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: XUL Cache: {f100d786-a099-4f3c-bdde-78d6fdfba439} - %profile%\extensions\{f100d786-a099-4f3c-bdde-78d6fdfba439}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\Alwil Software\Avast5\WebRep\FF

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-21 984144]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-5-14 370288]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [2009-2-21 89088]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-5-14 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-5-14 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-7-14 44808]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]

R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-18 365904]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-30 1153368]

R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-4-22 296320]

R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-4-22 116104]

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-7-1 24652]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-18 193840]

R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-7-15 126464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]

S2 RapiMgr32;Windows Mobile-based device connectivity ;C:\Windows\System32\netplwiz32.exe --> C:\Windows\System32\netplwiz32.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-5-15 1038088]

S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-5-14 93184]

.

=============== File Associations ===============

.

FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2013-01-10 13:40:57 67599240 ----a-w- C:\Windows\System32\mrt.exe

2013-01-09 17:47:40 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-09 17:47:40 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-10-30 23:51:56 59728 ----a-w- C:\Windows\System32\drivers\aswTdi.sys

2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-10-30 23:51:55 44272 ----a-w- C:\Windows\System32\drivers\aswRdr.sys

2012-10-30 23:51:55 370288 ----a-w- C:\Windows\System32\drivers\aswSP.sys

2012-10-30 23:51:53 25232 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys

2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr

2012-10-30 23:50:59 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe

2012-10-30 23:50:30 285328 ----a-w- C:\Windows\System32\aswBoot.exe

.

============= FINISH: 21:40:06.20 ===============

Link to post
Share on other sites

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version

Started in : Normal mode

User : Matthew Worthington [Admin rights]

Mode : Scan -- Date : 01/22/2013 21:57:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤

[RUN][ROGUE ST] HKCU\[...]\Run : 2008087725 (C:\Users\MATTHE~1\AppData\Local\Temp\\jucheck.exe) -> FOUND

[RUN][ROGUE ST] HKUS\S-1-5-21-2466500239-4024602432-3150243930-1000[...]\Run : 2008087725 (C:\Users\MATTHE~1\AppData\Local\Temp\\jucheck.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2466500239-4024602432-3150243930-1000_Classes[...]\Run : PokerStarsUpdate (C:\Users\Matthew Worthington\AppData\Local\PokerStars\PokerStarsUpdate\PokerStarsupdt32.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2466500239-4024602432-3150243930-1000_Classes[...]\Run : AOLUpdate (C:\Users\Matthew Worthington\AppData\Local\AOL OCP\AOLUpdate\AOLupdt32.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2466500239-4024602432-3150243930-1000_Classes[...]\Run : MicrosoftUpdate (C:\Users\Matthew Worthington\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.exe) -> FOUND

[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND

[TASK][ROGUE ST] 4807 : wscript.exe C:\Users\MATTHE~1\AppData\Local\Temp\launchie.vbs //B -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:25412) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2320BH G2 +++++

--- User ---

[MBR] 87abe94673dd6562cf165508139d48cc

[bSP] 65c9d9f88ecd587e1ce2c1fe940b9235 : Toshiba tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 292471 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598982656 | Size: 12770 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01222013_02d2157.txt >>

RKreport[1]_S_01222013_02d2157.txt

Link to post
Share on other sites

Did you set this proxy:

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:25412) -> FOUND

---------------------------------------

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

Did you set this proxy:

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:25412) -> FOUND

-

No clue about that Proxy. I don't even know what that is or means.

I'm going to be out of town for a couple days so I will be back working on this next week. I didn't want to you to think I had stopped working on this. My cd-rom doesn't work on the computer so I'm going to try and see if I can find a big enough flash drive to back up my system. Not sure the size I would need though.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

I ran the anti-rootkit and it found 4 threats, I then did cleanup and ran it again but found no threats. Here are the logs:

Malwarebytes Anti-Rootkit BETA 1.01.0.1020

www.malwarebytes.org

Database version: v2013.02.09.08

Windows Vista Service Pack 1 x64 NTFS

Internet Explorer 8.0.6001.19088

Matthew Worthington :: MATTHEW-PC [administrator]

2/9/2013 9:09:10 PM

mbar-log-2013-02-09 (21-09-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 31386

Time elapsed: 21 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.6001.19088

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 4192485376, free: 2047737856

------------ Kernel report ------------

02/09/2013 20:43:33

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\acpi.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\isapnp.sys

\SystemRoot\system32\drivers\mpio.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\intelide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\aliide.sys

\SystemRoot\system32\drivers\amdide.sys

\SystemRoot\system32\drivers\cmdide.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\msdsm.sys

\SystemRoot\system32\drivers\nvraid.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\viaide.sys

\SystemRoot\system32\drivers\iastorv.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\lsi_scsi.sys

\SystemRoot\system32\drivers\storport.sys

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\hpcisss.sys

\SystemRoot\system32\drivers\adp94xx.sys

\SystemRoot\system32\drivers\adpahci.sys

\SystemRoot\system32\drivers\adpu160m.sys

\SystemRoot\system32\drivers\SCSIPORT.SYS

\SystemRoot\system32\drivers\adpu320.sys

\SystemRoot\system32\drivers\djsvs.sys

\SystemRoot\system32\drivers\arc.sys

\SystemRoot\system32\drivers\arcsas.sys

\SystemRoot\system32\drivers\elxstor.sys

\SystemRoot\system32\drivers\i2omp.sys

\SystemRoot\system32\drivers\iirsp.sys

\SystemRoot\system32\drivers\iteatapi.sys

\SystemRoot\system32\drivers\iteraid.sys

\SystemRoot\system32\drivers\lsi_fc.sys

\SystemRoot\system32\drivers\lsi_sas.sys

\SystemRoot\system32\drivers\megasas.sys

\SystemRoot\system32\drivers\megasr.sys

\SystemRoot\system32\drivers\mraid35x.sys

\SystemRoot\system32\drivers\nfrd960.sys

\SystemRoot\system32\drivers\nvstor.sys

\SystemRoot\system32\drivers\ql2300.sys

\SystemRoot\system32\drivers\ql40xx.sys

\SystemRoot\system32\drivers\sisraid2.sys

\SystemRoot\system32\drivers\sisraid4.sys

\SystemRoot\system32\drivers\symc8xx.sys

\SystemRoot\system32\drivers\sym_hi.sys

\SystemRoot\system32\drivers\sym_u3.sys

\SystemRoot\system32\drivers\uliahci.sys

\SystemRoot\system32\drivers\ulsata.sys

\SystemRoot\system32\drivers\ulsata2.sys

\SystemRoot\system32\drivers\vsmraid.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\msrpc.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\system32\drivers\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\system32\drivers\sbp2port.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\ecache.sys

\SystemRoot\system32\DRIVERS\hpdskflt.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\crcdisk.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\tunmp.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\Rtlh64.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\enecir.sys

\SystemRoot\System32\Drivers\ElbyDelay.sys

\SystemRoot\System32\Drivers\AnyDVD.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\Accelerometer.sys

\SystemRoot\system32\DRIVERS\msiscsi.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\circlass.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\agrsm64.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\drivers\IntcHdmi.sys

\SystemRoot\system32\drivers\RTSTOR64.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\hidir.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\aswSnx.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\System32\Drivers\aswTdi.SYS

\SystemRoot\system32\DRIVERS\smb.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\Drivers\aswRdr.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\ElbyCDIO.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\System32\Drivers\aswSP.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\aswMonFlt.sys

\SystemRoot\System32\Drivers\aswFsBlk.SYS

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\spsys.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\drivers\mrxdav.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\adfs.SYS

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\WUDFPf.sys

\??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8007336060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\000000a5\

Lower Device Object: 0xfffffa800731a6f0

Lower Device Driver Name: \Driver\USBSTOR\

Device already Exists: 0xfffffa8008e56630

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004f5f790

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8004c1e050

Lower Device Driver Name: \Driver\iaStor\

Device already Exists: 0xfffffa800665fa60

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.6001.19088

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 4192485376, free: 2096545792

------------ Kernel report ------------

02/09/2013 20:46:19

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\acpi.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\isapnp.sys

\SystemRoot\system32\drivers\mpio.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\intelide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\aliide.sys

\SystemRoot\system32\drivers\amdide.sys

\SystemRoot\system32\drivers\cmdide.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\msdsm.sys

\SystemRoot\system32\drivers\nvraid.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\viaide.sys

\SystemRoot\system32\drivers\iastorv.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\lsi_scsi.sys

\SystemRoot\system32\drivers\storport.sys

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\hpcisss.sys

\SystemRoot\system32\drivers\adp94xx.sys

\SystemRoot\system32\drivers\adpahci.sys

\SystemRoot\system32\drivers\adpu160m.sys

\SystemRoot\system32\drivers\SCSIPORT.SYS

\SystemRoot\system32\drivers\adpu320.sys

\SystemRoot\system32\drivers\djsvs.sys

\SystemRoot\system32\drivers\arc.sys

\SystemRoot\system32\drivers\arcsas.sys

\SystemRoot\system32\drivers\elxstor.sys

\SystemRoot\system32\drivers\i2omp.sys

\SystemRoot\system32\drivers\iirsp.sys

\SystemRoot\system32\drivers\iteatapi.sys

\SystemRoot\system32\drivers\iteraid.sys

\SystemRoot\system32\drivers\lsi_fc.sys

\SystemRoot\system32\drivers\lsi_sas.sys

\SystemRoot\system32\drivers\megasas.sys

\SystemRoot\system32\drivers\megasr.sys

\SystemRoot\system32\drivers\mraid35x.sys

\SystemRoot\system32\drivers\nfrd960.sys

\SystemRoot\system32\drivers\nvstor.sys

\SystemRoot\system32\drivers\ql2300.sys

\SystemRoot\system32\drivers\ql40xx.sys

\SystemRoot\system32\drivers\sisraid2.sys

\SystemRoot\system32\drivers\sisraid4.sys

\SystemRoot\system32\drivers\symc8xx.sys

\SystemRoot\system32\drivers\sym_hi.sys

\SystemRoot\system32\drivers\sym_u3.sys

\SystemRoot\system32\drivers\uliahci.sys

\SystemRoot\system32\drivers\ulsata.sys

\SystemRoot\system32\drivers\ulsata2.sys

\SystemRoot\system32\drivers\vsmraid.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\msrpc.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\system32\drivers\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\system32\drivers\sbp2port.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\ecache.sys

\SystemRoot\system32\DRIVERS\hpdskflt.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\crcdisk.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\tunmp.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\Rtlh64.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\enecir.sys

\SystemRoot\System32\Drivers\ElbyDelay.sys

\SystemRoot\System32\Drivers\AnyDVD.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\Accelerometer.sys

\SystemRoot\system32\DRIVERS\msiscsi.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\circlass.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\agrsm64.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\drivers\IntcHdmi.sys

\SystemRoot\system32\drivers\RTSTOR64.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\hidir.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\aswSnx.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\System32\Drivers\aswTdi.SYS

\SystemRoot\system32\DRIVERS\smb.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\Drivers\aswRdr.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\ElbyCDIO.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\System32\Drivers\aswSP.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\aswMonFlt.sys

\SystemRoot\System32\Drivers\aswFsBlk.SYS

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\spsys.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\drivers\mrxdav.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\adfs.SYS

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\WUDFPf.sys

\??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8007336060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\000000a5\

Lower Device Object: 0xfffffa800731a6f0

Lower Device Driver Name: \Driver\USBSTOR\

Device already Exists: 0xfffffa8008e56630

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004f5f790

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8004c1e050

Lower Device Driver Name: \Driver\iaStor\

Device already Exists: 0xfffffa800665fa60

Downloaded database version: v2013.02.09.08

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004f5f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004f5f210, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004f5f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8004f5a450, DeviceName: Unknown, DriverName: \Driver\hpdskflt\

DevicePointer: 0xfffffa8004c1e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0xfffff8800cb0fb50, 0xfffffa8004f5f790, 0xfffffa8008e12080

Lower DeviceData: 0xfffff8800b0b7420, 0xfffffa8004c1e050, 0xfffffa800665fa60

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7784295B

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 598982593

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 598982656 Numsec = 26152960

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8007336060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007336b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007336060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa800731a6f0, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

Upper DeviceData: 0xfffff8800e48a5c0, 0xfffffa8007336060, 0xfffffa8008e47790

Lower DeviceData: 0xfffff8800e04c470, 0xfffffa800731a6f0, 0xfffffa8008e56630

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 21EA8A8A

Partition information:

Partition 0 type is Other (0x6)

Partition is NOT ACTIVE.

Partition starts at LBA: 1024 Numsec = 1969143

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1008730112 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

OK......Next =

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 13-02-07.02 - Matthew Worthington 02/10/2013 8:30.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3998.2274 [GMT -6:00]

Running from: c:\users\Matthew Worthington\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - Windows: deleted 72 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\708d81e2

c:\programdata\SymUpdate.exe

c:\users\Matthew Worthington\AppData\Local\Microsoft\sett.dat

c:\users\Matthew Worthington\AppData\Roaming\d0bb97d3

c:\users\Matthew Worthington\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp

c:\users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\extensions\{f100d786-a099-4f3c-bdde-78d6fdfba439}

c:\users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\extensions\{f100d786-a099-4f3c-bdde-78d6fdfba439}\chrome.manifest

c:\users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\extensions\{f100d786-a099-4f3c-bdde-78d6fdfba439}\chrome\xulcache.jar

c:\users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\extensions\{f100d786-a099-4f3c-bdde-78d6fdfba439}\defaults\preferences\xulcache.js

c:\users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\extensions\{f100d786-a099-4f3c-bdde-78d6fdfba439}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2013-01-10 to 2013-02-10 )))))))))))))))))))))))))))))))

.

.

2013-02-10 14:50 . 2013-02-10 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-09 16:47 . 2012-06-14 01:14 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-09 16:47 . 2012-06-14 01:14 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-10 13:40 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe

2012-12-14 22:49 . 2011-08-31 03:00 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"Spotify"="c:\users\Matthew Worthington\AppData\Roaming\Spotify\Spotify.exe" [2012-05-20 9478320]

"Spotify Web Helper"="c:\users\Matthew Worthington\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-20 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-26 210216]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]

"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]

"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]

"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]

"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-23 206120]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [2008-06-27 89088]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-09 17:08 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 16:47]

.

2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 23:48]

.

2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 23:48]

.

2009-07-13 c:\windows\Tasks\HPCeeScheduleForMatthew Worthington.job

- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-18 18:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 153624]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 225816]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 199704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1533736]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ncaa.org/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = http=127.0.0.1:25412

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

FF - ProfilePath - c:\users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2013-02-10 08:54:58

ComboFix-quarantined-files.txt 2013-02-10 14:54

.

Pre-Run: 193,321,730,048 bytes free

Post-Run: 192,802,729,984 bytes free

.

- - End Of File - - 06298CD43A31BEED98D238EA42020B87

Link to post
Share on other sites

Looks Good....next:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

# AdwCleaner v2.112 - Logfile created 02/10/2013 at 20:36:19

# Updated 10/02/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 1 (64 bits)

# User : Matthew Worthington - MATTHEW-PC

# Boot Mode : Normal

# Running from : C:\Users\Matthew Worthington\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : Viewpoint Manager Service

***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Found : C:\Windows\SysWOW64\conduitEngine.tmp

Folder Found : C:\Program Files (x86)\Viewpoint

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\Trymedia

Folder Found : C:\ProgramData\Viewpoint

Folder Found : C:\Users\Matthew Worthington\AppData\Local\Conduit

Folder Found : C:\Users\Matthew Worthington\AppData\Local\OpenCandy

Folder Found : C:\Users\Matthew Worthington\AppData\LocalLow\Conduit

Folder Found : C:\Users\Matthew Worthington\AppData\LocalLow\FunWebProducts

Folder Found : C:\Users\Matthew Worthington\AppData\LocalLow\MyWebSearch

Folder Found : C:\Users\Matthew Worthington\AppData\Roaming\iWin

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts

Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2418376

Key Found : HKLM\Software\MetaStream

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Found : HKLM\Software\Viewpoint

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}

Key Found : HKU\S-1-5-21-2466500239-4024602432-3150243930-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}

Key Found : HKU\S-1-5-21-2466500239-4024602432-3150243930-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.4 (en-US)

File : C:\Users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Matthew Worthington\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10418 octets] - [10/02/2013 20:36:19]

########## EOF - C:\AdwCleaner[R1].txt - [10479 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

# AdwCleaner v2.112 - Logfile created 02/12/2013 at 19:58:20

# Updated 10/02/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 1 (64 bits)

# User : Matthew Worthington - MATTHEW-PC

# Boot Mode : Normal

# Running from : C:\Users\Matthew Worthington\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Viewpoint

Deleted on reboot : C:\ProgramData\boost_interprocess

Deleted on reboot : C:\ProgramData\Trymedia

Deleted on reboot : C:\ProgramData\Viewpoint

Deleted on reboot : C:\Users\Matthew Worthington\AppData\Local\Conduit

Deleted on reboot : C:\Users\Matthew Worthington\AppData\Local\OpenCandy

Deleted on reboot : C:\Users\Matthew Worthington\AppData\LocalLow\Conduit

Deleted on reboot : C:\Users\Matthew Worthington\AppData\LocalLow\FunWebProducts

Deleted on reboot : C:\Users\Matthew Worthington\AppData\LocalLow\MyWebSearch

Deleted on reboot : C:\Users\Matthew Worthington\AppData\Roaming\iWin

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts

Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\Software\Viewpoint

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.4 (en-US)

File : C:\Users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Matthew Worthington\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10497 octets] - [10/02/2013 20:36:19]

AdwCleaner[R2].txt - [10558 octets] - [12/02/2013 19:55:29]

AdwCleaner[s1].txt - [8232 octets] - [12/02/2013 19:58:20]

########## EOF - C:\AdwCleaner[s1].txt - [8292 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.16.03

Windows Vista Service Pack 1 x64 NTFS

Internet Explorer 8.0.6001.19088

Matthew Worthington :: MATTHEW-PC [administrator]

2/16/2013 7:18:08 AM

mbam-log-2013-02-16 (07-18-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 231337

Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

I still can't open a window in new tab correctly. It will open but once I click to close that tab, it freezes everything and I have to go to my task manager to end whats running. Any idea on that and also how to activate my version of windows? I got it with the computer but I don't have the disks or anything and the microsoft sticker on the bottom of my laptop is unreadible (I've had this computer for a while)

Link to post
Share on other sites

Clean out temp files:

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

-------------------------------

You can try to reset Internet Explorer:

http://www.mostiwant...7-8-9-settings/

-----------------------------------------

To retrieve you Windows Key, download, unzip and run Winkeyfinder

http://www.winkeyfin...der-Downloader/

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.