Jump to content

boognishd

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by boognishd

  1. boognishd
    ComboFix 12-10-18.03 - Dale 10/18/2012 21:27:27.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1500 [GMT -5:00] Running from: c:\users\Dale\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\msstdfmt.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_nvsvc . . ((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 ))))))))))))))))))))))))))))))) . . 2012-10-19 02:36 . 2012-10-19 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-18 21:17 . 2012-10-18 21:17 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-10-17 17:36 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7FF2DED-FDC4-4AC0-8F0E-49C1491829EE}\mpengine.dll 2012-10-15 19:23 . 2012-10-15 19:23 -------- d-----w- c:\users\Dale\AppData\Roaming\Malwarebytes 2012-10-15 19:22 . 2012-10-15 19:22 -------- d-----w- c:\programdata\Malwarebytes 2012-10-15 19:22 . 2012-10-18 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-15 19:22 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-15 18:27 . 2012-10-15 18:27 -------- d-----w- c:\programdata\McAfee 2012-10-15 18:19 . 2010-08-12 16:46 758784 ----a-w- c:\windows\system32\cohelper.dll 2012-10-15 18:19 . 2012-10-15 18:19 -------- d-----w- c:\program files\NVIDIA Corporation 2012-10-15 15:43 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2012-10-12 05:10 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-12 05:10 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-12 05:10 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-12 05:10 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-12 05:10 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-12 05:10 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-12 05:10 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-09-21 00:14 . 2012-08-21 18:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-21 00:12 . 2012-09-21 00:12 -------- d-----w- c:\program files\iPod 2012-09-21 00:12 . 2012-09-21 00:14 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-09-21 00:12 . 2012-09-21 00:14 -------- d-----w- c:\program files\iTunes 2012-09-21 00:00 . 2012-09-21 00:00 -------- d-----w- c:\program files\Bonjour 2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-09-20 23:56 . 2012-09-20 23:56 -------- d-----w- c:\program files\QuickTime 2012-09-20 23:48 . 2012-09-20 23:48 -------- d-----w- c:\program files\Apple Software Update . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-12 04:48 . 2012-05-05 03:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-12 04:48 . 2012-05-05 03:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-29 01:24 . 2012-06-18 19:40 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-08-29 01:24 . 2012-04-23 21:14 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-21 18:01 . 2009-10-23 00:26 106928 ----a-w- c:\windows\system32\GEARAspi.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-19 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-19 122368] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 04:48] . 2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 15:59] . 2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 15:59] . 2012-10-14 c:\windows\Tasks\HPCeeScheduleForDale.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 209.124.193.100 209.124.193.101 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-QlbCtrl.exe - c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-18 21:41 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72, 1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00 "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60, bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8 "{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea, 34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11, d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a, ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:00,f5,b5,c4,a9,26,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\atashost.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe c:\program files\Nero\Update\NASvc.exe c:\program files\SMINST\BLService.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe . ************************************************************************** . Completion time: 2012-10-18 21:48:39 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-19 02:48 . Pre-Run: 142,503,772,160 bytes free Post-Run: 143,423,238,144 bytes free . - - End Of File - - 6BD0ACF9667DA7CADE1F948E82908452
  2. boognishd
    # AdwCleaner v2.005 - Logfile created 10/18/2012 at 16:49:01 # Updated 14/10/2012 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Dale - DALE-PC # Boot Mode : Normal # Running from : C:\Users\Dale\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\Users\Public\Desktop\eBay.lnk Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\uTorrentBar Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\Users\Dale\AppData\Local\Conduit Folder Deleted : C:\Users\Dale\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Dale\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Dale\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Dale\AppData\LocalLow\uTorrentBar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F85FF3B-735B-43EB-9B5D-2CD41332B658} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5F85FF3B-735B-43EB-9B5D-2CD41332B658} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95F71B1E-AB65-4560-B11B-B52038A25147} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F06EF482-533A-452C-B694-2BF5C677E050} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5F85FF3B-735B-43EB-9B5D-2CD41332B658} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar Key Deleted : HKLM\Software\uTorrentBar Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [3829 octets] - [18/10/2012 16:31:12] AdwCleaner[s1].txt - [3838 octets] - [18/10/2012 16:49:01] ########## EOF - C:\AdwCleaner[s1].txt - [3898 octets] ##########
  3. boognishd
    # AdwCleaner v2.005 - Logfile created 10/18/2012 at 16:31:12 # Updated 14/10/2012 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Dale - DALE-PC # Boot Mode : Normal # Running from : C:\Users\Dale\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found : C:\Users\Public\Desktop\eBay.lnk Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\uTorrentBar Folder Found : C:\ProgramData\Ask Folder Found : C:\Users\Dale\AppData\Local\Conduit Folder Found : C:\Users\Dale\AppData\LocalLow\Conduit Folder Found : C:\Users\Dale\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\Dale\AppData\LocalLow\PriceGong Folder Found : C:\Users\Dale\AppData\LocalLow\uTorrentBar ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F85FF3B-735B-43EB-9B5D-2CD41332B658} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKCU\Software\Zugo Key Found : HKLM\SOFTWARE\Classes\CLSID\{5F85FF3B-735B-43EB-9B5D-2CD41332B658} Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95F71B1E-AB65-4560-B11B-B52038A25147} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F06EF482-533A-452C-B694-2BF5C677E050} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5F85FF3B-735B-43EB-9B5D-2CD41332B658} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar Key Found : HKLM\Software\uTorrentBar Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [3700 octets] - [18/10/2012 16:31:12] ########## EOF - C:\AdwCleaner[R1].txt - [3760 octets] ##########
  4. boognishd
    It doesn't say anything, just doesn't uninstall
  5. boognishd
    Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.18.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Dale :: DALE-PC [administrator] 10/18/2012 3:54:46 PM mbam-log-2012-10-18 (15-54-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216854 Time elapsed: 10 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-18 16:11:58 ----------------------------- 16:11:58.802 OS Version: Windows 6.0.6002 Service Pack 2 16:11:58.803 Number of processors: 2 586 0x301 16:11:58.804 ComputerName: DALE-PC UserName: Dale 16:12:00.744 Initialize success 16:12:50.119 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 16:12:50.121 Disk 0 Vendor: ST9320325AS 0003HPM1 Size: 305245MB BusType: 3 16:12:50.130 Disk 0 MBR read successfully 16:12:50.133 Disk 0 MBR scan 16:12:50.136 Disk 0 unknown MBR code 16:12:50.143 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294059 MB offset 2048 16:12:50.179 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11182 MB offset 602234880 16:12:50.219 Disk 0 scanning sectors +625135616 16:12:50.288 Disk 0 scanning C:\Windows\system32\drivers 16:12:59.939 Service scanning 16:13:14.167 Modules scanning 16:13:20.866 Disk 0 trace - called modules: 16:13:20.888 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 16:13:20.893 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cfbac8] 16:13:21.239 3 CLASSPNP.SYS[8079b8b3] -> nt!IofCallDriver -> [0x85571918] 16:13:21.246 5 acpi.sys[806086bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x85521b98] 16:13:21.252 Scan finished successfully 16:14:03.637 Disk 0 MBR has been saved successfully to "C:\Users\Dale\Desktop\MBR.dat" 16:14:03.646 The log file has been saved successfully to "C:\Users\Dale\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-18 16:20:50 ----------------------------- 16:20:50.022 OS Version: Windows 6.0.6002 Service Pack 2 16:20:50.022 Number of processors: 2 586 0x301 16:20:50.023 ComputerName: DALE-PC UserName: Dale 16:20:52.630 Initialize success 16:20:56.325 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 16:20:56.328 Disk 0 Vendor: ST9320325AS 0003HPM1 Size: 305245MB BusType: 3 16:20:56.383 Disk 0 MBR read successfully 16:20:56.386 Disk 0 MBR scan 16:20:56.389 Disk 0 unknown MBR code 16:20:56.395 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294059 MB offset 2048 16:20:56.432 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11182 MB offset 602234880 16:20:56.437 Disk 0 scanning sectors +625135616 16:20:56.497 Disk 0 scanning C:\Windows\system32\drivers 16:21:06.547 Service scanning 16:21:21.234 Modules scanning 16:21:27.740 Disk 0 trace - called modules: 16:21:27.768 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 16:21:27.773 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cfbac8] 16:21:27.778 3 CLASSPNP.SYS[8079b8b3] -> nt!IofCallDriver -> [0x85571918] 16:21:27.785 5 acpi.sys[806086bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x85521b98] 16:21:27.791 Scan finished successfully 16:21:50.734 Disk 0 MBR has been saved successfully to "C:\Users\Dale\Desktop\MBR.dat" 16:21:50.739 The log file has been saved successfully to "C:\Users\Dale\Desktop\aswMBR.txt" DDS (Ver_2012-10-14.05) - NTFS_x86 Internet Explorer: 9.0.8112.16421 Run by Dale at 16:15:04 on 2012-10-18 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1292 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Windows\system32\atashost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\SMINST\BLService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\WinZip\WZQKPICK32.EXE C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\utorrentbar\prxtbuTo2.dll TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [HPAdvisor] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe" autorun=AUTORUN uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe" mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0" mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [QlbCtrl.exe] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe" mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\dale\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 209.124.193.100 209.124.193.101 TCP: Interfaces\{AFB70EAD-54BF-440A-8A22-83674F42D911} : DHCPNameServer = 209.124.193.100 209.124.193.101 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-6-12 20376] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1ca0e0a13cb1aa0;Google Update Service (gupdate1ca0e0a13cb1aa0);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104] S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-4 250808] S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-10-17 17:36:41 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d7ff2ded-fdc4-4ac0-8f0e-49c1491829ee}\mpengine.dll 2012-10-15 19:23:27 -------- d-----w- c:\users\dale\appdata\roaming\Malwarebytes 2012-10-15 19:22:57 -------- d-----w- c:\programdata\Malwarebytes 2012-10-15 19:22:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-15 19:22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-15 18:19:45 758784 ----a-w- c:\windows\system32\cohelper.dll 2012-10-15 18:19:32 -------- d-----w- c:\program files\NVIDIA Corporation 2012-10-15 15:43:20 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2012-10-12 05:10:56 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-12 05:10:56 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-12 05:10:56 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-12 05:10:32 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-12 05:10:25 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-12 05:10:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-12 05:10:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-09-21 00:14:29 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-21 00:12:30 -------- d-----w- c:\program files\iPod 2012-09-21 00:12:27 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-09-21 00:12:27 -------- d-----w- c:\program files\iTunes 2012-09-21 00:00:50 -------- d-----w- c:\program files\Bonjour 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll . ==================== Find3M ==================== . 2012-10-12 04:48:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-12 04:48:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-29 01:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-08-29 01:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-21 18:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll . ============= FINISH: 16:15:26.40 ===============
  6. boognishd
    Toolbar won't uninstall, how should I continue?
  7. boognishd
    Hello Maniac . DDS (Ver_2012-10-14.05) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/22/2009 9:34:59 PM System Uptime: 10/16/2012 10:24:42 PM (39 hours ago) . Motherboard: Wistron | | 303C Processor: AMD Turion Dual-Core RM-75 | Socket A | 2200/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 287 GiB total, 129.934 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.823 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent 32 Bit HP CIO Components Installer Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.2 Adobe Shockwave Player Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Driver Installation Program Bonjour BufferChm CDisplay 1.8 Citrix online plug-in (Web) Compatibility Pack for the 2007 Office system Conexant HD Audio CyberLink DVD Suite CyberLink YouCam D1600 DJ_SF_06_D1600_SW_Min ESU for Microsoft Vista Google Chrome Google Earth Google Quick Search Box Google Toolbar for Internet Explorer Google Update Helper Google Updater HDAUDIO Soft Data Fax Modem with SmartCP High-Definition Video Playback Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6 HP Doc Viewer HP DVD Play 3.7 HP Help and Support HP Quick Launch Buttons 6.40 H2 HP Total Care Advisor HP Total Care Setup HP Update HP User Guides 0118 HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant HPPhotoGadget iTunes Java Auto Updater Java 6 Update 35 Java 6 Update 7 LabelPrint LightScribe System Software 1.14.17.1 Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Miro MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 muvee Reveal My HP Games Nero 11 Kwik Themes Basic Nero Audio Pack 1 Nero Core Components 11 Nero Kwik Media Nero Kwik Media Help (CHM) Nero Update nero.prerequisites.msi NetWaiting Norton Internet Security NVIDIA Drivers Power2Go PowerDirector PVSonyDll QuickTime Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Spelling Dictionaries Support For Adobe Reader 9 Synaptics Pointing Device Driver Toolbox Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) uTorrentBar Toolbar WebEx Support Manager for Internet Explorer WebReg WinZip 16.5 . ==== End Of File ===========================
  8. boognishd
    Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.15.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Dale :: DALE-PC [administrator] 10/15/2012 2:24:27 PM mbam-log-2012-10-15 (14-24-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216321 Time elapsed: 10 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Dale\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully. Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2012-10-14.05) - NTFS_x86 Internet Explorer: 9.0.8112.16421 Run by Dale at 13:03:40 on 2012-10-18 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1507 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\atashost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\SMINST\BLService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\WinZip\WZQKPICK32.EXE C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\utorrentbar\prxtbuTo2.dll TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [HPAdvisor] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe" autorun=AUTORUN uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe" mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0" mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [QlbCtrl.exe] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe" mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\dale\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 209.124.193.100 209.124.193.101 TCP: Interfaces\{AFB70EAD-54BF-440A-8A22-83674F42D911} : DHCPNameServer = 209.124.193.100 209.124.193.101 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-6-12 20376] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1ca0e0a13cb1aa0;Google Update Service (gupdate1ca0e0a13cb1aa0);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104] S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-4 250808] S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-10-17 17:46:25 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d7ff2ded-fdc4-4ac0-8f0e-49c1491829ee}\offreg.dll 2012-10-17 17:36:41 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d7ff2ded-fdc4-4ac0-8f0e-49c1491829ee}\mpengine.dll 2012-10-15 19:23:27 -------- d-----w- c:\users\dale\appdata\roaming\Malwarebytes 2012-10-15 19:22:57 -------- d-----w- c:\programdata\Malwarebytes 2012-10-15 19:22:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-15 19:22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-15 18:19:45 758784 ----a-w- c:\windows\system32\cohelper.dll 2012-10-15 18:19:32 -------- d-----w- c:\program files\NVIDIA Corporation 2012-10-15 18:19:29 -------- d-----w- c:\windows\LastGood.Tmp 2012-10-15 15:43:20 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2012-10-12 05:10:56 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-12 05:10:56 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-12 05:10:56 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-12 05:10:32 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-12 05:10:25 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-12 05:10:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-12 05:10:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-09-21 00:14:29 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-21 00:12:30 -------- d-----w- c:\program files\iPod 2012-09-21 00:12:27 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-09-21 00:12:27 -------- d-----w- c:\program files\iTunes 2012-09-21 00:00:50 -------- d-----w- c:\program files\Bonjour 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll . ==================== Find3M ==================== . 2012-10-12 04:48:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-12 04:48:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-29 01:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-08-29 01:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-21 18:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll . ============= FINISH: 13:04:09.29 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.