mcworthington1s

Results of screen317's Security Check version 0.99.58 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (3.6.4) Firefox out of Date! Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

I was able to update windows but of course it still shows that my copy of windows is not genuine.

Yeah bought it brand new at Best Buy probably back in 2008. I don't have any disks or paperwork on it. I've moved several times since then. I will go to windows update and see what happens. Here is the log: Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Status: Invalid License Validation Code: 50 Cached Online Validation Code: N/A, hr = 0xc004f012 Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90= Windows Product ID: 89583-OEM-7332157-00061 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.0.6001.2.00010300.1.0.003 ID: {BABDDF6A-9A62-4077-8552-1D7C4D81FB37}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: Registered, 1.9.42.0 Signed By: Microsoft Product Name: Windows Vista Home Premium Architecture: 0x00000009 Build lab: 6001.vistasp1_gdr.101014-0432 TTS Error: K:20120707185735050-M:20120707115520705- Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 100 Genuine Microsoft Office Home and Student 2007 - 100 Genuine Microsoft Office Enterprise 2007 - 100 Genuine OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files\Internet Explorer\iexplore.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{BABDDF6A-9A62-4077-8552-1D7C4D81FB37}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89583-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-2466500239-4024602432-3150243930</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>SLIC-MPC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.14</Version><SMBIOSVersion major="2" minor="4"/><Date>20090123000000.000000+000</Date></BIOS><HWID>90303507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>B06F35B9F713F10</Val><Hash>Tr549vSfUCyIH6RGx39WEW4ZRXc=</Hash><Pid>81599-904-7390853-65383</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> Spsys.log Content: 0x800700EA Licensing Data--> Software licensing service version: 6.0.6001.18000 Name: Windows Vista, HomePremium edition Description: Windows Operating System - Vista, OEM_SLP channel Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f Extended PID: 89583-00146-321-500061-02-1033-6001.0000-0472013 Installation ID: 003703033921351380637304489782089624429784132564148036 Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473 Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474 Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476 Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475 Partial Product Key: WQD8Q License Status: Notification Notification Reason: 0xC004F059. Windows Activation Technologies--> N/A HWID Data--> HWID Hash Current: MgAAAAEAAQABAAIAAQABAAAAAwABAAEA6GHuyXSm5FkMYWwICjHy9BpEsPb8A6xWRso= OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: no, invalid SLIC table Windows marker version: N/A OEMID and OEMTableID Consistent: N/A BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC HPQOEM SLIC-MPC FACP HPQOEM SLIC-MPC HPET HPQOEM SLIC-MPC BOOT HPQOEM SLIC-MPC MCFG HPQOEM SLIC-MPC ASF! HPQOEM SLIC-MPC SLIC HPQOEM SLIC-MPC SSDT PmRef CpuPm

Wow that is very interesting....and it sucks! lol

I was able to use the link you sent to find my windows key. When it tried to activate I got an error: OxCOO4EOO3 - License Evaluation Failed. Any suggestions to correct this? On a good note, I am able to open a new tab and close it without it stalling my IE alltogether.

When i was trying to open the zipped folder earlier, I tried opening it with different programs one of which was 'open with internet explorer'. What I didn't realize is that there was a button checked that said, "open all similar items with this program". So now everything like that, including all of my logs are set to open in internet explorer. I tried changing them to notepad but I can't even get my logs to open now. Do you have any suggestions on restoring it back to normal. Right now I'm going to try the other link you sent me. Thanks,

I ran TFC and I reset my IE. now I'm trying to run the Winkeyfinder but when I go to open the zipped file I get this error: Windows cannot open the folder. The Compressed (zipped) Folder is invalid.

I still can't open a window in new tab correctly. It will open but once I click to close that tab, it freezes everything and I have to go to my task manager to end whats running. Any idea on that and also how to activate my version of windows? I got it with the computer but I don't have the disks or anything and the microsoft sticker on the bottom of my laptop is unreadible (I've had this computer for a while)

Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.16.03 Windows Vista Service Pack 1 x64 NTFS Internet Explorer 8.0.6001.19088 Matthew Worthington :: MATTHEW-PC [administrator] 2/16/2013 7:18:08 AM mbam-log-2013-02-16 (07-18-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231337 Time elapsed: 4 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

# AdwCleaner v2.112 - Logfile created 02/12/2013 at 19:58:20 # Updated 10/02/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 1 (64 bits) # User : Matthew Worthington - MATTHEW-PC # Boot Mode : Normal # Running from : C:\Users\Matthew Worthington\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Viewpoint Manager Service ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Viewpoint Deleted on reboot : C:\ProgramData\boost_interprocess Deleted on reboot : C:\ProgramData\Trymedia Deleted on reboot : C:\ProgramData\Viewpoint Deleted on reboot : C:\Users\Matthew Worthington\AppData\Local\Conduit Deleted on reboot : C:\Users\Matthew Worthington\AppData\Local\OpenCandy Deleted on reboot : C:\Users\Matthew Worthington\AppData\LocalLow\Conduit Deleted on reboot : C:\Users\Matthew Worthington\AppData\LocalLow\FunWebProducts Deleted on reboot : C:\Users\Matthew Worthington\AppData\LocalLow\MyWebSearch Deleted on reboot : C:\Users\Matthew Worthington\AppData\Roaming\iWin File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376 Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.19088 [OK] Registry is clean. -\\ Mozilla Firefox v3.6.4 (en-US) File : C:\Users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\prefs.js [OK] File is clean. -\\ Google Chrome v24.0.1312.57 File : C:\Users\Matthew Worthington\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [10497 octets] - [10/02/2013 20:36:19] AdwCleaner[R2].txt - [10558 octets] - [12/02/2013 19:55:29] AdwCleaner[s1].txt - [8232 octets] - [12/02/2013 19:58:20] ########## EOF - C:\AdwCleaner[s1].txt - [8292 octets] ##########

# AdwCleaner v2.112 - Logfile created 02/10/2013 at 20:36:19 # Updated 10/02/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 1 (64 bits) # User : Matthew Worthington - MATTHEW-PC # Boot Mode : Normal # Running from : C:\Users\Matthew Worthington\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** Found : Viewpoint Manager Service ***** [Files / Folders] ***** File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found : C:\Windows\SysWOW64\conduitEngine.tmp Folder Found : C:\Program Files (x86)\Viewpoint Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\Trymedia Folder Found : C:\ProgramData\Viewpoint Folder Found : C:\Users\Matthew Worthington\AppData\Local\Conduit Folder Found : C:\Users\Matthew Worthington\AppData\Local\OpenCandy Folder Found : C:\Users\Matthew Worthington\AppData\LocalLow\Conduit Folder Found : C:\Users\Matthew Worthington\AppData\LocalLow\FunWebProducts Folder Found : C:\Users\Matthew Worthington\AppData\LocalLow\MyWebSearch Folder Found : C:\Users\Matthew Worthington\AppData\Roaming\iWin ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2418376 Key Found : HKLM\Software\MetaStream Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Found : HKLM\Software\Viewpoint Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF} Key Found : HKU\S-1-5-21-2466500239-4024602432-3150243930-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF} Key Found : HKU\S-1-5-21-2466500239-4024602432-3150243930-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.19088 [OK] Registry is clean. -\\ Mozilla Firefox v3.6.4 (en-US) File : C:\Users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\prefs.js [OK] File is clean. -\\ Google Chrome v24.0.1312.57 File : C:\Users\Matthew Worthington\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [10418 octets] - [10/02/2013 20:36:19] ########## EOF - C:\AdwCleaner[R1].txt - [10479 octets] ##########

ComboFix 13-02-07.02 - Matthew Worthington 02/10/2013 8:30.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3998.2274 [GMT -6:00] Running from: c:\users\Matthew Worthington\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - Windows: deleted 72 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\708d81e2 c:\programdata\SymUpdate.exe c:\users\Matthew Worthington\AppData\Local\Microsoft\sett.dat c:\users\Matthew Worthington\AppData\Roaming\d0bb97d3 c:\users\Matthew Worthington\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp c:\users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\extensions\{f100d786-a099-4f3c-bdde-78d6fdfba439} c:\users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\extensions\{f100d786-a099-4f3c-bdde-78d6fdfba439}\chrome.manifest c:\users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\extensions\{f100d786-a099-4f3c-bdde-78d6fdfba439}\chrome\xulcache.jar c:\users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\extensions\{f100d786-a099-4f3c-bdde-78d6fdfba439}\defaults\preferences\xulcache.js c:\users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\extensions\{f100d786-a099-4f3c-bdde-78d6fdfba439}\install.rdf . . ((((((((((((((((((((((((( Files Created from 2013-01-10 to 2013-02-10 ))))))))))))))))))))))))))))))) . . 2013-02-10 14:50 . 2013-02-10 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-09 16:47 . 2012-06-14 01:14 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-09 16:47 . 2012-06-14 01:14 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-10 13:40 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe 2012-12-14 22:49 . 2011-08-31 03:00 24176 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "Spotify"="c:\users\Matthew Worthington\AppData\Roaming\Spotify\Spotify.exe" [2012-05-20 9478320] "Spotify Web Helper"="c:\users\Matthew Worthington\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-20 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-26 210216] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736] "TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-23 206120] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [2008-06-27 89088] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-09 17:08 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 16:47] . 2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 23:48] . 2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 23:48] . 2009-07-13 c:\windows\Tasks\HPCeeScheduleForMatthew Worthington.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-18 18:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 153624] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 225816] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 199704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1533736] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ncaa.org/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = http=127.0.0.1:25412 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB FF - ProfilePath - c:\users\Matthew Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\of4mr6qp.default\ FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-02-10 08:54:58 ComboFix-quarantined-files.txt 2013-02-10 14:54 . Pre-Run: 193,321,730,048 bytes free Post-Run: 192,802,729,984 bytes free . - - End Of File - - 06298CD43A31BEED98D238EA42020B87

I ran the anti-rootkit and it found 4 threats, I then did cleanup and ran it again but found no threats. Here are the logs: Malwarebytes Anti-Rootkit BETA 1.01.0.1020 www.malwarebytes.org Database version: v2013.02.09.08 Windows Vista Service Pack 1 x64 NTFS Internet Explorer 8.0.6001.19088 Matthew Worthington :: MATTHEW-PC [administrator] 2/9/2013 9:09:10 PM mbar-log-2013-02-09 (21-09-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 31386 Time elapsed: 21 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1020 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6001 Windows Vista Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.6001.19088 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 4192485376, free: 2047737856 ------------ Kernel report ------------ 02/09/2013 20:43:33 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\isapnp.sys \SystemRoot\system32\drivers\mpio.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\aliide.sys \SystemRoot\system32\drivers\amdide.sys \SystemRoot\system32\drivers\cmdide.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\msdsm.sys \SystemRoot\system32\drivers\nvraid.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\viaide.sys \SystemRoot\system32\drivers\iastorv.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\lsi_scsi.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\hpcisss.sys \SystemRoot\system32\drivers\adp94xx.sys \SystemRoot\system32\drivers\adpahci.sys \SystemRoot\system32\drivers\adpu160m.sys \SystemRoot\system32\drivers\SCSIPORT.SYS \SystemRoot\system32\drivers\adpu320.sys \SystemRoot\system32\drivers\djsvs.sys \SystemRoot\system32\drivers\arc.sys \SystemRoot\system32\drivers\arcsas.sys \SystemRoot\system32\drivers\elxstor.sys \SystemRoot\system32\drivers\i2omp.sys \SystemRoot\system32\drivers\iirsp.sys \SystemRoot\system32\drivers\iteatapi.sys \SystemRoot\system32\drivers\iteraid.sys \SystemRoot\system32\drivers\lsi_fc.sys \SystemRoot\system32\drivers\lsi_sas.sys \SystemRoot\system32\drivers\megasas.sys \SystemRoot\system32\drivers\megasr.sys \SystemRoot\system32\drivers\mraid35x.sys \SystemRoot\system32\drivers\nfrd960.sys \SystemRoot\system32\drivers\nvstor.sys \SystemRoot\system32\drivers\ql2300.sys \SystemRoot\system32\drivers\ql40xx.sys \SystemRoot\system32\drivers\sisraid2.sys \SystemRoot\system32\drivers\sisraid4.sys \SystemRoot\system32\drivers\symc8xx.sys \SystemRoot\system32\drivers\sym_hi.sys \SystemRoot\system32\drivers\sym_u3.sys \SystemRoot\system32\drivers\uliahci.sys \SystemRoot\system32\drivers\ulsata.sys \SystemRoot\system32\drivers\ulsata2.sys \SystemRoot\system32\drivers\vsmraid.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\drivers\sbp2port.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\Rtlh64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\enecir.sys \SystemRoot\System32\Drivers\ElbyDelay.sys \SystemRoot\System32\Drivers\AnyDVD.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\circlass.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\agrsm64.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\drivers\IntcHdmi.sys \SystemRoot\system32\drivers\RTSTOR64.SYS \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\hidir.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswRdr.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\ElbyCDIO.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\adfs.SYS \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\WUDFPf.sys \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8007336060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\000000a5\ Lower Device Object: 0xfffffa800731a6f0 Lower Device Driver Name: \Driver\USBSTOR\ Device already Exists: 0xfffffa8008e56630 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004f5f790 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004c1e050 Lower Device Driver Name: \Driver\iaStor\ Device already Exists: 0xfffffa800665fa60 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1020 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6001 Windows Vista Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.6001.19088 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 4192485376, free: 2096545792 ------------ Kernel report ------------ 02/09/2013 20:46:19 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\isapnp.sys \SystemRoot\system32\drivers\mpio.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\aliide.sys \SystemRoot\system32\drivers\amdide.sys \SystemRoot\system32\drivers\cmdide.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\msdsm.sys \SystemRoot\system32\drivers\nvraid.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\viaide.sys \SystemRoot\system32\drivers\iastorv.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\lsi_scsi.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\hpcisss.sys \SystemRoot\system32\drivers\adp94xx.sys \SystemRoot\system32\drivers\adpahci.sys \SystemRoot\system32\drivers\adpu160m.sys \SystemRoot\system32\drivers\SCSIPORT.SYS \SystemRoot\system32\drivers\adpu320.sys \SystemRoot\system32\drivers\djsvs.sys \SystemRoot\system32\drivers\arc.sys \SystemRoot\system32\drivers\arcsas.sys \SystemRoot\system32\drivers\elxstor.sys \SystemRoot\system32\drivers\i2omp.sys \SystemRoot\system32\drivers\iirsp.sys \SystemRoot\system32\drivers\iteatapi.sys \SystemRoot\system32\drivers\iteraid.sys \SystemRoot\system32\drivers\lsi_fc.sys \SystemRoot\system32\drivers\lsi_sas.sys \SystemRoot\system32\drivers\megasas.sys \SystemRoot\system32\drivers\megasr.sys \SystemRoot\system32\drivers\mraid35x.sys \SystemRoot\system32\drivers\nfrd960.sys \SystemRoot\system32\drivers\nvstor.sys \SystemRoot\system32\drivers\ql2300.sys \SystemRoot\system32\drivers\ql40xx.sys \SystemRoot\system32\drivers\sisraid2.sys \SystemRoot\system32\drivers\sisraid4.sys \SystemRoot\system32\drivers\symc8xx.sys \SystemRoot\system32\drivers\sym_hi.sys \SystemRoot\system32\drivers\sym_u3.sys \SystemRoot\system32\drivers\uliahci.sys \SystemRoot\system32\drivers\ulsata.sys \SystemRoot\system32\drivers\ulsata2.sys \SystemRoot\system32\drivers\vsmraid.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\drivers\sbp2port.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\Rtlh64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\enecir.sys \SystemRoot\System32\Drivers\ElbyDelay.sys \SystemRoot\System32\Drivers\AnyDVD.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\circlass.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\agrsm64.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\drivers\IntcHdmi.sys \SystemRoot\system32\drivers\RTSTOR64.SYS \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\hidir.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswRdr.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\ElbyCDIO.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\adfs.SYS \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\WUDFPf.sys \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8007336060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\000000a5\ Lower Device Object: 0xfffffa800731a6f0 Lower Device Driver Name: \Driver\USBSTOR\ Device already Exists: 0xfffffa8008e56630 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004f5f790 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004c1e050 Lower Device Driver Name: \Driver\iaStor\ Device already Exists: 0xfffffa800665fa60 Downloaded database version: v2013.02.09.08 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004f5f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004f5f210, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004f5f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8004f5a450, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8004c1e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0xfffff8800cb0fb50, 0xfffffa8004f5f790, 0xfffffa8008e12080 Lower DeviceData: 0xfffff8800b0b7420, 0xfffffa8004c1e050, 0xfffffa800665fa60 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 7784295B Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 598982593 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 598982656 Numsec = 26152960 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8007336060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007336b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007336060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa800731a6f0, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0xfffff8800e48a5c0, 0xfffffa8007336060, 0xfffffa8008e47790 Lower DeviceData: 0xfffff8800e04c470, 0xfffffa800731a6f0, 0xfffffa8008e56630 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 21EA8A8A Partition information: Partition 0 type is Other (0x6) Partition is NOT ACTIVE. Partition starts at LBA: 1024 Numsec = 1969143 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1008730112 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Done! Scan finished =======================================

I was just searching the web on firefox when it shut down and I got the error....IE was just real slow and is kind of freezes up sometimes.