Jump to content

mcworthington1s

Honorary Members
 View Profile  See their activity

  • Posts

    46

  • Joined

  • Last visited

 Content Type 

Everything posted by mcworthington1s

  1. mcworthington1s
    I couldn't find that 'weatherblink bar' to remove it. But here is the log after running combofix: ComboFix 13-01-17.04 - Deven Worthington 01/19/2013 13:59:33.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1643.670 [GMT -6:00] Running from: c:\users\Deven Worthington\Desktop\ComboFix.exe Command switches used :: c:\users\Deven Worthington\Desktop\CFScript.txt AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\progra~2\WEATHE~2\bar\1.bin\gcbar.dll" "c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll" . . ((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 ))))))))))))))))))))))))))))))) . . 2013-01-19 20:20 . 2013-01-19 20:20 -------- d-----w- c:\users\WBO\AppData\Local\temp 2013-01-19 20:20 . 2013-01-19 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-17 02:20 . 2013-01-17 02:20 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-01-16 03:42 . 2013-01-16 03:42 -------- d-----w- c:\program files (x86)\ESET 2013-01-16 02:33 . 2013-01-16 02:33 -------- d-----w- c:\windows\ERUNT 2013-01-16 02:33 . 2013-01-16 02:33 -------- d-----w- C:\JRT 2013-01-14 00:16 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-14 00:16 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-14 00:12 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-14 00:09 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-14 00:09 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-05 03:39 . 2013-01-05 04:19 -------- dc----w- c:\users\Deven Worthington\AppData\Local\MigWiz 2012-12-31 20:59 . 2012-12-31 22:59 -------- d-----w- C:\EFSTMPWP 2012-12-31 01:27 . 2012-12-31 01:27 -------- d-----w- c:\users\Deven Worthington\AppData\Roaming\Malwarebytes 2012-12-31 01:27 . 2012-12-31 01:27 -------- d-----w- c:\programdata\Malwarebytes 2012-12-31 01:27 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-31 01:27 . 2012-12-31 01:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-31 01:26 . 2012-12-31 01:26 -------- d-----w- c:\users\Deven Worthington\AppData\Local\Programs 2012-12-29 09:17 . 2012-12-29 09:17 -------- d-----w- C:\8b9139c4573887d14330b183 2012-12-28 01:49 . 2012-12-28 01:49 -------- d-----w- c:\program files\Microsoft Office 2012-12-28 01:49 . 2012-12-30 00:38 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-12-28 01:47 . 2012-12-28 01:54 -------- d-----w- c:\users\Deven Worthington\AppData\Roaming\TP 2012-12-28 01:23 . 2012-12-28 01:32 -------- d-----w- c:\program files\Adobe 2012-12-28 01:11 . 2012-12-28 01:11 -------- d-----w- C:\adobeTemp 2012-12-23 22:53 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-23 22:53 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-23 22:53 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-23 22:53 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-15 23:52 . 2012-09-05 15:44 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-14 00:36 . 2012-04-04 21:46 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-14 00:36 . 2012-01-02 18:57 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-26 04:13 . 2012-01-08 01:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-12-26 04:11 . 2012-03-06 00:45 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-12-26 04:11 . 2012-03-06 00:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-12-26 04:10 . 2012-01-08 01:15 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-12-19 22:48 . 2012-12-19 22:03 151816 ----a-w- c:\windows\SysWow64\WRusr.dll 2012-12-19 22:48 . 2012-12-19 22:03 111712 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2012-12-19 22:48 . 2012-12-19 22:03 104960 ----a-w- c:\windows\system32\WRusr.dll 2012-11-30 04:45 . 2013-01-14 00:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-12 09:04 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 09:04 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 09:05 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 09:05 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 09:04 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 09:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 09:05 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 09:04 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 09:04 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 09:04 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 09:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 09:04 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 09:05 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 09:05 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 09:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 09:05 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 09:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 09:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 09:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 09:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 09:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 09:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 05:22 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 05:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-05 05:16 . 2012-01-08 01:15 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-11-05 05:15 . 2012-01-08 01:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-11-02 05:59 . 2012-12-12 05:20 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 05:20 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-30 03:32 . 2012-10-30 03:34 1560168 ----a-w- c:\windows\system32\RTSnMg64.cpl 2012-10-30 03:32 . 2012-10-30 03:34 2615400 ----a-w- c:\windows\system32\RtPgEx64.dll 2012-10-30 03:32 . 2012-10-30 03:34 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll 2012-10-30 03:32 . 2012-10-30 03:34 4730344 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2012-10-30 03:32 . 2012-10-30 03:34 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll 2012-10-30 03:32 . 2012-10-30 03:34 823912 ----a-w- c:\windows\system32\RtkApi64.dll 2012-10-30 03:32 . 2012-10-30 03:34 3747944 ----a-w- c:\windows\system32\RtkAPO64.dll 2012-10-30 03:32 . 2012-10-30 03:34 100968 ----a-w- c:\windows\system32\RCoInstII64.dll 2012-10-30 03:31 . 2011-07-29 07:41 1698408 ----a-w- c:\windows\RtlExUpd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9b9dcae3-be34-424c-8d73-75e305a9e091}] c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll [bU] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{dc9051c2-8f55-479a-97a4-747980d9047f}] c:\progra~2\WEATHE~2\bar\1.bin\gcbar.dll [bU] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Deven Worthington\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "SOSUAUI"="c:\program files (x86)\SOS Online Backup\sosuploadagent.exe" [2012-06-25 36296] "WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-12-19 733232] "SMessaging"="c:\program files (x86)\SOS Online Backup\SMessaging.exe" [2012-06-25 55752] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A] Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944] R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-12-19 733232] R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504] S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-12-19 111712] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-04 203776] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-10 31088] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-05-28 878184] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] . . Contents of the 'Scheduled Tasks' folder . 2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:36] . 2013-01-19 c:\windows\Tasks\HPCeeScheduleForDeven Worthington.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2013-01-17 c:\windows\Tasks\HPCeeScheduleForDEVEN$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-10-30 6457960] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9ED832F4-B788-422F-A6D0-6D8264B91E7D}\77F62747869333: NameServer = 192.168.0.1 FF - ProfilePath - c:\users\Deven Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\h5yco6vu.default\ . - - - - ORPHANS REMOVED - - - - . AddRemove-My HP Game Console - c:\program files (x86)\HP Games\HP Game Console\Uninstall.exe AddRemove-RegPowerClean_is1 - c:\program files (x86)\Winferno\RegistryPowerCleaner\unins000.exe AddRemove-Smart PC Cleaner_is1 - c:\program files (x86)\Smart PC Cleaner\unins000.exe AddRemove-The Sea App - c:\program files (x86)\The Sea App (Internet Explorer)\uninstall.exe AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe AddRemove-vfd-adk - c:\program files (x86)\OApps\vfd-adk_uninstall.exe AddRemove-WildTangent hp Master Uninstall - c:\program files (x86)\HP Games\Uninstall.exe AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe AddRemove-WildTangentGameProvider-hp-main - c:\program files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe AddRemove-WildTangentGDF-hp-habbohotel - c:\program files (x86)\HP Games\Web Link - Habbo Hotel\Uninstall.exe AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe AddRemove-WT087328 - c:\program files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe AddRemove-WT087330 - c:\program files (x86)\HP Games\Bounce Symphony\Uninstall.exe AddRemove-WT087335 - c:\program files (x86)\HP Games\Build-a-lot 2\Uninstall.exe AddRemove-WT087343 - c:\program files (x86)\HP Games\Dora's World Adventure\Uninstall.exe AddRemove-WT087360 - c:\program files (x86)\HP Games\Escape Rosecliff Island\Uninstall.exe AddRemove-WT087361 - c:\program files (x86)\HP Games\FATE\Uninstall.exe AddRemove-WT087362 - c:\program files (x86)\HP Games\Final Drive Nitro\Uninstall.exe AddRemove-WT087372 - c:\program files (x86)\HP Games\Heroes of Hellas 2 - Olympia\Uninstall.exe AddRemove-WT087379 - c:\program files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe AddRemove-WT087394 - c:\program files (x86)\HP Games\Penguins!\Uninstall.exe AddRemove-WT087395 - c:\program files (x86)\HP Games\Poker Superstars III\Uninstall.exe AddRemove-WT087396 - c:\program files (x86)\HP Games\Polar Bowler\Uninstall.exe AddRemove-WT087397 - c:\program files (x86)\HP Games\Polar Golfer\Uninstall.exe AddRemove-WT087414 - c:\program files (x86)\HP Games\Virtual Families\Uninstall.exe AddRemove-WT087415 - c:\program files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe AddRemove-WT087428 - c:\program files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe AddRemove-WT087453 - c:\program files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe AddRemove-WT087501 - c:\program files (x86)\HP Games\Plants vs. Zombies\Uninstall.exe AddRemove-WT087533 - c:\program files (x86)\HP Games\Zuma Deluxe\Uninstall.exe AddRemove-WT087536 - c:\program files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe AddRemove-WT089299 - c:\program files (x86)\HP Games\Mystery P.I. - The London Caper\Uninstall.exe AddRemove-WT089307 - c:\program files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Uninstall.exe AddRemove-WT089308 - c:\program files (x86)\HP Games\Blasterball 3\Uninstall.exe AddRemove-WT089328 - c:\program files (x86)\HP Games\Farm Frenzy\Uninstall.exe AddRemove-WT089359 - c:\program files (x86)\HP Games\Cake Mania\Uninstall.exe AddRemove-WT089362 - c:\program files (x86)\HP Games\Agatha Christie - Peril at End House\Uninstall.exe AddRemove-{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-19 14:26:52 ComboFix-quarantined-files.txt 2013-01-19 20:26 ComboFix2.txt 2013-01-18 03:18 ComboFix3.txt 2013-01-16 01:29 . Pre-Run: 176,785,874,944 bytes free Post-Run: 176,724,725,760 bytes free . - - End Of File - - 9BEE1600CCB2562F81EA200576358664
  2. mcworthington1s
    --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1016 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_22 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 0.997000 GHz Memory total: 1722712064, free: 183107584 ------------ Kernel report ------------ 01/13/2013 18:01:14 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\amd_sata.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\amd_xata.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\drivers\WRkrn.sys \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\NETIO.SYS \SystemRoot\System32\drivers\NDIS.SYS \SystemRoot\System32\drivers\TDI.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\aswKbd.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\rtl8192Ce.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amd_sata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\iertutil.dll \Windows\System32\oleaut32.dll \Windows\System32\kernel32.dll \Windows\System32\difxapi.dll \Windows\System32\ws2_32.dll \Windows\System32\comdlg32.dll \Windows\System32\imm32.dll \Windows\System32\lpk.dll \Windows\System32\gdi32.dll \Windows\System32\psapi.dll \Windows\System32\setupapi.dll \Windows\System32\clbcatq.dll \Windows\System32\wininet.dll \Windows\System32\msvcrt.dll \Windows\System32\user32.dll \Windows\System32\Wldap32.dll \Windows\System32\usp10.dll \Windows\System32\normaliz.dll \Windows\System32\urlmon.dll \Windows\System32\msctf.dll \Windows\System32\shlwapi.dll \Windows\System32\advapi32.dll \Windows\System32\nsi.dll \Windows\System32\rpcrt4.dll \Windows\System32\ole32.dll \Windows\System32\imagehlp.dll \Windows\System32\sechost.dll \Windows\System32\shell32.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\wintrust.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xfffffa8004615060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007e\ Lower Device Object: 0xfffffa8004b42880 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800244c060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000065\ Lower Device Object: 0xfffffa800232c060 Lower Device Driver Name: \Driver\amd_sata\ Driver name found: amd_sata Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.01.13.09 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800244c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800244cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800244c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800232f760, DeviceName: Unknown, DriverName: \Driver\amd_xata\ DevicePointer: 0xfffffa800232c060, DeviceName: \Device\00000065\, DriverName: \Driver\amd_sata\ ------------ End ---------- Upper DeviceData: 0xfffff8a00f87d830, 0xfffffa800244c060, 0xfffffa8004fb6090 Lower DeviceData: 0xfffff8a00314a2b0, 0xfffffa800232c060, 0xfffffa8004be93f0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 20ED0ABE Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 459112448 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 459522048 Numsec = 28661760 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8004615060, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004615ad0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004615060, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004b42880, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0xfffff8a00fed0190, 0xfffffa8004615060, 0xfffffa8004d29790 Lower DeviceData: 0xfffff8a0090ec8f0, 0xfffffa8004b42880, 0xfffffa8002a6a090 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 21EA8A8A Partition information: Partition 0 type is Other (0x6) Partition is NOT ACTIVE. Partition starts at LBA: 1024 Numsec = 1969143 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1008730112 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539} --> [PUP.CrossFire.SA] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{44444444-4444-4444-4444-440044464439} --> [PUP.CrossFire.SA] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066466639} --> [PUP.CrossFire.SA] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{77777777-7777-7777-7777-770077467739} --> [PUP.CrossFire.SA] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{1F52A5FA-A705-4415-B975-88503B291728} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1F52A5FA-A705-4415-B975-88503B291728} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{3E720451-B472-4954-B7AA-33069EB53906} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{3E720453-B472-4954-B7AA-33069EB53906} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3E720453-B472-4954-B7AA-33069EB53906} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{72EE7F04-15BD-4845-A005-D6711144D86A} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{07B18EAA-A523-4961-B6BB-170DE4475CCA} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{AAA9C380-E19A-4436-88F6-02942C31CC9E} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{AAA9C381-E19A-4436-88F6-02942C31CC9E} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AAA9C380-E19A-4436-88F6-02942C31CC9E} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AAA9C381-E19A-4436-88F6-02942C31CC9E} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{1D4DB7D0-6EC9-47A3-BD87-1E41684E07BB} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{1D4DB7D3-6EC9-47A3-BD87-1E41684E07BB} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{1093995A-BA37-41D2-836E-091067C4AD17} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{120927BF-1700-43BC-810F-FAB92549B390} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{90449521-D834-4703-BB4E-D3AA44042FF8} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{991AAC62-B100-47CE-8B75-253965244F69} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{BBABDC90-F3D5-4801-863A-EE6AE529862D} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{120927BF-1700-43BC-810F-FAB92549B390} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{90449521-D834-4703-BB4E-D3AA44042FF8} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{991AAC62-B100-47CE-8B75-253965244F69} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BBABDC90-F3D5-4801-863A-EE6AE529862D} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{CF54BE1C-9359-4395-8533-1657CF209CFE} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{3E1656ED-F60E-4597-B6AA-B6A58E171495} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} --> [PUP.MyWebSearch] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} --> [PUP.MyWebSearch] Read File: File "c:\ProgramData\WRData\db4244.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4247.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4248.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4249.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4244.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4247.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4248.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4249.db" is compressed (flags = 1) Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} --> [Hijack.Trojan.Siredef.C] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal successful. No system shutdown is required. ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1016 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_22 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 0.997000 GHz Memory total: 1722712064, free: 641978368 ------------ Kernel report ------------ 01/13/2013 21:47:58 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\amd_sata.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\amd_xata.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\drivers\WRkrn.sys \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\NETIO.SYS \SystemRoot\System32\drivers\NDIS.SYS \SystemRoot\System32\drivers\TDI.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\aswKbd.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\rtl8192Ce.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amd_sata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\iertutil.dll \Windows\System32\oleaut32.dll \Windows\System32\kernel32.dll \Windows\System32\difxapi.dll \Windows\System32\ws2_32.dll \Windows\System32\comdlg32.dll \Windows\System32\imm32.dll \Windows\System32\lpk.dll \Windows\System32\gdi32.dll \Windows\System32\psapi.dll \Windows\System32\setupapi.dll \Windows\System32\clbcatq.dll \Windows\System32\wininet.dll \Windows\System32\msvcrt.dll \Windows\System32\user32.dll \Windows\System32\Wldap32.dll \Windows\System32\usp10.dll \Windows\System32\normaliz.dll \Windows\System32\urlmon.dll \Windows\System32\msctf.dll \Windows\System32\shlwapi.dll \Windows\System32\advapi32.dll \Windows\System32\nsi.dll \Windows\System32\rpcrt4.dll \Windows\System32\ole32.dll \Windows\System32\imagehlp.dll \Windows\System32\sechost.dll \Windows\System32\shell32.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\wintrust.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xfffffa8004615060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007e\ Lower Device Object: 0xfffffa8004b42880 Lower Device Driver Name: \Driver\USBSTOR\ Device already Exists: 0xfffffa8002a6a090 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800244c060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000065\ Lower Device Object: 0xfffffa800232c060 Lower Device Driver Name: \Driver\amd_sata\ Device already Exists: 0xfffffa8004be93f0 Downloaded database version: v2013.01.14.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800244c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800244cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800244c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800232f760, DeviceName: Unknown, DriverName: \Driver\amd_xata\ DevicePointer: 0xfffffa800232c060, DeviceName: \Device\00000065\, DriverName: \Driver\amd_sata\ ------------ End ---------- Upper DeviceData: 0xfffff8a009bb62c0, 0xfffffa800244c060, 0xfffffa8004fb6090 Lower DeviceData: 0xfffff8a00f9afca0, 0xfffffa800232c060, 0xfffffa8004be93f0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 20ED0ABE Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 459112448 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 459522048 Numsec = 28661760 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8004615060, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004615ad0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004615060, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004b42880, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0xfffff8a001cf2e30, 0xfffffa8004615060, 0xfffffa8004d29790 Lower DeviceData: 0xfffff8a001263ab0, 0xfffffa8004b42880, 0xfffffa8002a6a090 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 21EA8A8A Partition information: Partition 0 type is Other (0x6) Partition is NOT ACTIVE. Partition starts at LBA: 1024 Numsec = 1969143 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1008730112 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Read File: File "c:\ProgramData\WRData\db4244.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4247.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4248.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4249.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4244.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4247.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4248.db" is compressed (flags = 1) Read File: File "c:\ProgramData\WRData\db4249.db" is compressed (flags = 1) Done! Scan finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1016 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Non-administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_22 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 0.997000 GHz Memory total: 1722712064, free: 900030464 Removal queue found; removal started Removal finished =======================================
  3. mcworthington1s
    ComboFix 13-01-17.03 - Deven Worthington 01/17/2013 20:51:06.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1643.600 [GMT -6:00] Running from: c:\users\Deven Worthington\Desktop\ComboFix.exe Command switches used :: c:\users\Deven Worthington\Desktop\CFScript.txt AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Deven Worthington\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\25f53d2b-6ac8bbe1" "c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\cute-sleepy-kittens-meowing[1].htm" "c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\imp[4].js" "c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\imp[5].js" "c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\cute-sleepy-kittens-meowing[1].htm" "c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\imp[4].js" "c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\imp[5].js" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\cute-sleepy-kittens-meowing[1].htm c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\imp[4].js c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\imp[5].js . . ((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 ))))))))))))))))))))))))))))))) . . 2013-01-18 03:11 . 2013-01-18 03:11 -------- d-----w- c:\users\WBO\AppData\Local\temp 2013-01-18 03:11 . 2013-01-18 03:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-17 02:20 . 2013-01-17 02:20 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-01-16 03:42 . 2013-01-16 03:42 -------- d-----w- c:\program files (x86)\ESET 2013-01-16 02:33 . 2013-01-16 02:33 -------- d-----w- c:\windows\ERUNT 2013-01-16 02:33 . 2013-01-16 02:33 -------- d-----w- C:\JRT 2013-01-14 00:16 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-14 00:16 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-14 00:12 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-14 00:09 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-14 00:09 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-05 03:39 . 2013-01-05 04:19 -------- dc----w- c:\users\Deven Worthington\AppData\Local\MigWiz 2012-12-31 20:59 . 2012-12-31 22:59 -------- d-----w- C:\EFSTMPWP 2012-12-31 01:27 . 2012-12-31 01:27 -------- d-----w- c:\users\Deven Worthington\AppData\Roaming\Malwarebytes 2012-12-31 01:27 . 2012-12-31 01:27 -------- d-----w- c:\programdata\Malwarebytes 2012-12-31 01:27 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-31 01:27 . 2012-12-31 01:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-31 01:26 . 2012-12-31 01:26 -------- d-----w- c:\users\Deven Worthington\AppData\Local\Programs 2012-12-29 09:17 . 2012-12-29 09:17 -------- d-----w- C:\8b9139c4573887d14330b183 2012-12-28 01:49 . 2012-12-28 01:49 -------- d-----w- c:\program files\Microsoft Office 2012-12-28 01:49 . 2012-12-30 00:38 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-12-28 01:47 . 2012-12-28 01:54 -------- d-----w- c:\users\Deven Worthington\AppData\Roaming\TP 2012-12-28 01:23 . 2012-12-28 01:32 -------- d-----w- c:\program files\Adobe 2012-12-28 01:11 . 2012-12-28 01:11 -------- d-----w- C:\adobeTemp 2012-12-23 22:53 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-23 22:53 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-23 22:53 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-23 22:53 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-20 09:40 . 2012-12-20 09:40 -------- d-----w- C:\132a09b146be1acf1cf83edf 2012-12-20 09:39 . 2012-12-20 09:39 -------- d-----w- c:\program files (x86)\The Weather Channel 2012-12-19 22:05 . 2012-12-19 22:07 -------- d-----w- c:\users\Deven Worthington\AppData\Local\lptmp1469847479 2012-12-19 22:03 . 2012-12-19 22:48 151816 ----a-w- c:\windows\SysWow64\WRusr.dll 2012-12-19 22:03 . 2012-12-19 22:48 111712 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2012-12-19 22:03 . 2012-12-19 22:48 104960 ----a-w- c:\windows\system32\WRusr.dll 2012-12-19 22:03 . 2012-12-27 05:12 -------- d-----w- c:\program files\Webroot 2012-12-19 22:03 . 2013-01-17 21:37 -------- d-----w- c:\programdata\WRData . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-15 23:52 . 2012-09-05 15:44 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-14 00:36 . 2012-04-04 21:46 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-14 00:36 . 2012-01-02 18:57 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-26 04:13 . 2012-01-08 01:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-12-26 04:11 . 2012-03-06 00:45 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-12-26 04:11 . 2012-03-06 00:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-12-26 04:10 . 2012-01-08 01:15 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-11-30 04:45 . 2013-01-14 00:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-12 09:04 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 09:04 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 09:05 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 09:05 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 09:04 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 09:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 09:05 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 09:04 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 09:04 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 09:04 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 09:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 09:04 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 09:05 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 09:05 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 09:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 09:05 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 09:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 09:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 09:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 09:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 09:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 09:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 05:22 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 05:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-05 05:16 . 2012-01-08 01:15 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-11-05 05:15 . 2012-01-08 01:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-11-02 05:59 . 2012-12-12 05:20 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 05:20 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-30 03:32 . 2012-10-30 03:34 1560168 ----a-w- c:\windows\system32\RTSnMg64.cpl 2012-10-30 03:32 . 2012-10-30 03:34 2615400 ----a-w- c:\windows\system32\RtPgEx64.dll 2012-10-30 03:32 . 2012-10-30 03:34 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll 2012-10-30 03:32 . 2012-10-30 03:34 4730344 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2012-10-30 03:32 . 2012-10-30 03:34 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll 2012-10-30 03:32 . 2012-10-30 03:34 823912 ----a-w- c:\windows\system32\RtkApi64.dll 2012-10-30 03:32 . 2012-10-30 03:34 3747944 ----a-w- c:\windows\system32\RtkAPO64.dll 2012-10-30 03:32 . 2012-10-30 03:34 100968 ----a-w- c:\windows\system32\RCoInstII64.dll 2012-10-30 03:31 . 2011-07-29 07:41 1698408 ----a-w- c:\windows\RtlExUpd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9b9dcae3-be34-424c-8d73-75e305a9e091}] c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll [bU] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{dc9051c2-8f55-479a-97a4-747980d9047f}] c:\progra~2\WEATHE~2\bar\1.bin\gcbar.dll [bU] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Deven Worthington\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "SOSUAUI"="c:\program files (x86)\SOS Online Backup\sosuploadagent.exe" [2012-06-25 36296] "WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-12-19 733232] "SMessaging"="c:\program files (x86)\SOS Online Backup\SMessaging.exe" [2012-06-25 55752] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A] Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944] R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-12-19 733232] R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504] S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-12-19 111712] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-04 203776] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-10 31088] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-05-28 878184] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] . . Contents of the 'Scheduled Tasks' folder . 2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:36] . 2013-01-18 c:\windows\Tasks\HPCeeScheduleForDeven Worthington.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2013-01-17 c:\windows\Tasks\HPCeeScheduleForDEVEN$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-10-30 6457960] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9ED832F4-B788-422F-A6D0-6D8264B91E7D}\77F62747869333: NameServer = 192.168.0.1 FF - ProfilePath - c:\users\Deven Worthington\AppData\Roaming\Mozilla\Firefox\Profiles\h5yco6vu.default\ . - - - - ORPHANS REMOVED - - - - . AddRemove-My HP Game Console - c:\program files (x86)\HP Games\HP Game Console\Uninstall.exe AddRemove-RegPowerClean_is1 - c:\program files (x86)\Winferno\RegistryPowerCleaner\unins000.exe AddRemove-Smart PC Cleaner_is1 - c:\program files (x86)\Smart PC Cleaner\unins000.exe AddRemove-The Sea App - c:\program files (x86)\The Sea App (Internet Explorer)\uninstall.exe AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe AddRemove-vfd-adk - c:\program files (x86)\OApps\vfd-adk_uninstall.exe AddRemove-WildTangent hp Master Uninstall - c:\program files (x86)\HP Games\Uninstall.exe AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe AddRemove-WildTangentGameProvider-hp-main - c:\program files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe AddRemove-WildTangentGDF-hp-habbohotel - c:\program files (x86)\HP Games\Web Link - Habbo Hotel\Uninstall.exe AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe AddRemove-World of Warcraft - c:\program files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe AddRemove-WT087328 - c:\program files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe AddRemove-WT087330 - c:\program files (x86)\HP Games\Bounce Symphony\Uninstall.exe AddRemove-WT087335 - c:\program files (x86)\HP Games\Build-a-lot 2\Uninstall.exe AddRemove-WT087343 - c:\program files (x86)\HP Games\Dora's World Adventure\Uninstall.exe AddRemove-WT087360 - c:\program files (x86)\HP Games\Escape Rosecliff Island\Uninstall.exe AddRemove-WT087361 - c:\program files (x86)\HP Games\FATE\Uninstall.exe AddRemove-WT087362 - c:\program files (x86)\HP Games\Final Drive Nitro\Uninstall.exe AddRemove-WT087372 - c:\program files (x86)\HP Games\Heroes of Hellas 2 - Olympia\Uninstall.exe AddRemove-WT087379 - c:\program files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe AddRemove-WT087394 - c:\program files (x86)\HP Games\Penguins!\Uninstall.exe AddRemove-WT087395 - c:\program files (x86)\HP Games\Poker Superstars III\Uninstall.exe AddRemove-WT087396 - c:\program files (x86)\HP Games\Polar Bowler\Uninstall.exe AddRemove-WT087397 - c:\program files (x86)\HP Games\Polar Golfer\Uninstall.exe AddRemove-WT087414 - c:\program files (x86)\HP Games\Virtual Families\Uninstall.exe AddRemove-WT087415 - c:\program files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe AddRemove-WT087428 - c:\program files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe AddRemove-WT087453 - c:\program files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe AddRemove-WT087501 - c:\program files (x86)\HP Games\Plants vs. Zombies\Uninstall.exe AddRemove-WT087533 - c:\program files (x86)\HP Games\Zuma Deluxe\Uninstall.exe AddRemove-WT087536 - c:\program files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe AddRemove-WT089299 - c:\program files (x86)\HP Games\Mystery P.I. - The London Caper\Uninstall.exe AddRemove-WT089307 - c:\program files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Uninstall.exe AddRemove-WT089308 - c:\program files (x86)\HP Games\Blasterball 3\Uninstall.exe AddRemove-WT089328 - c:\program files (x86)\HP Games\Farm Frenzy\Uninstall.exe AddRemove-WT089359 - c:\program files (x86)\HP Games\Cake Mania\Uninstall.exe AddRemove-WT089362 - c:\program files (x86)\HP Games\Agatha Christie - Peril at End House\Uninstall.exe AddRemove-{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-17 21:18:47 ComboFix-quarantined-files.txt 2013-01-18 03:18 ComboFix2.txt 2013-01-16 01:29 . Pre-Run: 176,628,555,776 bytes free Post-Run: 176,808,755,200 bytes free . - - End Of File - - 14762ED447F684B49DA48A80EE4AD6C9
  4. mcworthington1s
    C:\Users\Deven Worthington\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\25f53d2b-6ac8bbe1 a variant of Java/JShrink.A application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\cute-sleepy-kittens-meowing[1].htm HTML/ScrInject.B.Gen virus C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\imp[4].js HTML/Iframe.B.Gen virus C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\imp[5].js HTML/Iframe.B.Gen virus C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\cute-sleepy-kittens-meowing[1].htm HTML/ScrInject.B.Gen virus C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\imp[4].js HTML/Iframe.B.Gen virus C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ3BNIVH\imp[5].js HTML/Iframe.B.Gen virus
  5. mcworthington1s
    I've done all the steps except for running ESET. Having trouble with it running. I will try again tomorrow. It keeps going blank screen on the popup until i hit the compatibility button, then it has me hit retry to reload the page. Once I do that I start all over installing it, and then get to the compatibility issue again, starting all over.
  6. mcworthington1s
    Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.16.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Deven Worthington :: DEVEN [administrator] 1/15/2013 9:26:14 PM mbam-log-2013-01-15 (21-26-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 232867 Time elapsed: 6 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. mcworthington1s
    # AdwCleaner v2.105 - Logfile created 01/15/2013 at 21:11:03 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Deven Worthington - DEVEN # Boot Mode : Normal # Running from : C:\Users\Deven Worthington\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Deven Worthington\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo Folder Deleted : C:\Users\Deven Worthington\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh Folder Deleted : C:\Users\Deven Worthington\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc ***** [Registry] ***** Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{625F420E-A4A9-4B40-BC23-716C1C43893A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [19764 octets] - [15/01/2013 21:11:03] ########## EOF - C:\AdwCleaner[s1].txt - [19825 octets] ##########
  8. mcworthington1s
    log from jrt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.3 (01.15.2013:1) OS: Windows 7 Home Premium x64 Ran by Deven Worthington on Tue 01/15/2013 at 20:33:45.95 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\smessaging Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{977ae9cc-af83-45e8-9e03-e2798216e2d5} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{977ae9cc-af83-45e8-9e03-e2798216e2d5} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4024078358-745022265-3371673231-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload Successfully deleted: [Registry Key] hkey_current_user\software\default tab Successfully deleted: [Registry Key] hkey_local_machine\software\default tab Successfully deleted: [Registry Key] hkey_current_user\software\defaulttab Successfully deleted: [Registry Key] hkey_local_machine\software\defaulttab Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com Successfully deleted: [Registry Key] hkey_local_machine\software\iminent Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions Successfully deleted: [Registry Key] hkey_current_user\software\qwiklinx Successfully deleted: [Registry Key] hkey_current_user\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\defaulttab Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\fun web products Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\funwebproducts Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\482aa67ad25e6e74e9f48bd5fbe8533c Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\482aa67ad25e6e74e9f48bd5fbe8533c Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasmancs Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{08858af6-42ad-4914-95d2-ac3ab0dc8e28} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{26d675ac-d925-4bbf-a720-62c2aa4a81eb} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3e7c8b5a-96ab-438f-bf9b-782400655440} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{3e7c8b5a-96ab-438f-bf9b-782400655440} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{58124a0b-dc32-4180-9bff-e0e21ae34026} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{58124a0b-dc32-4180-9bff-e0e21ae34026} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{799391d3-eb86-4bac-9bd3-cbfea58a0e15} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{819ffe22-35c7-4925-8cda-4e0e2db94302} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{bffed5ca-8bdf-47cc-aed0-23f4e6d77732} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{c585d593-e7f3-4852-a200-561686ee02e4} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{c585d593-e7f3-4852-a200-561686ee02e4} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d858dafc-9573-4811-b323-7011a3aa7e61} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\iminent" Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro" Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\Users\Deven Worthington\AppData\Roaming\defaulttab" Successfully deleted: [Folder] "C:\Users\Deven Worthington\AppData\Roaming\qwiklinx" Successfully deleted: [Folder] "C:\Users\Deven Worthington\appdata\local\rivalgaming" Successfully deleted: [Folder] "C:\Users\Deven Worthington\appdata\local\savingsapp" Successfully deleted: [Folder] "C:\Users\Deven Worthington\appdata\locallow\toolbar4" Successfully deleted: [Folder] "C:\Program Files (x86)\defaulttab" Successfully deleted: [Folder] "C:\Program Files (x86)\iminent toolbar" Successfully deleted: [Folder] "C:\Program Files (x86)\oapps" Successfully deleted: [Folder] "C:\ProgramData\ask" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 01/15/2013 at 20:59:28.02 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. mcworthington1s
    Here is the first log made by mbar: Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2013.01.05.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Deven Worthington :: DEVEN [administrator] 1/5/2013 12:06:46 PM mbar-log-2013-01-05 (12-06-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 27859 Time elapsed: 44 minute(s), 15 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 4748 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 8 HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Delete on reboot. HKCR\Interface\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539}\TypeLib (PUP.CrossFire.SA) -> Delete on reboot. HKCR\TypeLib\{44444444-4444-4444-4444-440044464439} (PUP.CrossFire.SA) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539}\TypeLib (PUP.CrossFire.SA) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539}\TypeLib (PUP.CrossFire.SA) -> Delete on reboot. HKCU\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539}\TypeLib (PUP.CrossFire.SA) -> Delete on reboot. HKCU\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539}\TypeLib (PUP.CrossFire.SA) -> Delete on reboot. HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-4024078358-745022265-3371673231-1001\$e82f9450296cc67b4b55b9c9491facb5\n.) Good: (shell32.dll) -> Delete on reboot. Folders Detected: 2 C:\$Recycle.Bin\S-1-5-18\$e82f9450296cc67b4b55b9c9491facb5 (Trojan.Siredef.C) -> Delete on reboot. C:\$Recycle.Bin\S-1-5-21-4024078358-745022265-3371673231-1001\$e82f9450296cc67b4b55b9c9491facb5 (Trojan.Siredef.C) -> Delete on reboot. Files Detected: 4 C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_63_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot. C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot. C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_488396821_user.mbam (Forged physical sector) -> Delete on reboot. C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end)
  10. mcworthington1s
    My internet is really slow now and it takes me forever just to get to this forum to post. Here is the combofix log: ComboFix 13-01-15.02 - Deven Worthington 01/15/2013 18:53:33.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1643.504 [GMT -6:00] Running from: c:\users\Deven Worthington\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\IMinent Toolbar\tbHElper.dll c:\program files (x86)\WeatherBlink c:\program files (x86)\WeatherBlink\bar\1.bin\CHROME.MANIFEST c:\program files (x86)\WeatherBlink\bar\1.bin\chrome\gcffxtbr.jar c:\program files (x86)\WeatherBlink\bar\1.bin\INSTALL.RDF c:\program files (x86)\WeatherBlink\bar\1.bin\installKeys.js c:\program files (x86)\WeatherBlink\bar\1.bin\LOGO.BMP c:\program files (x86)\WeatherBlink\bar\1.bin\T8RES.DLL c:\program files (x86)\WeatherBlink\bar\gen1\COMMON.T8S c:\program files (x86)\WeatherBlink\bar\IE9Mesg\COMMON.T8S c:\program files (x86)\WeatherBlink\bar\Message\COMMON.T8S c:\program files (x86)\WeatherBlink\bar\Settings\s_pid.dat c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\addon.ico c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\bing.ico c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\DT.ico c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\google.ico c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\update.exe c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\yahoo.ico c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico c:\users\Deven Worthington\Documents\ShopToWin c:\windows\SysWow64\Sendori.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_DefaultTabSearch -------\Service_DefaultTabUpdate -------\Service_DefaultTabUpdate . . ((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 ))))))))))))))))))))))))))))))) . . 2013-01-05 03:39 . 2013-01-05 04:19 -------- dc----w- c:\users\Deven Worthington\AppData\Local\MigWiz 2012-12-31 20:59 . 2012-12-31 22:59 -------- d-----w- C:\EFSTMPWP 2012-12-31 01:27 . 2012-12-31 01:27 -------- d-----w- c:\users\Deven Worthington\AppData\Roaming\Malwarebytes 2012-12-31 01:27 . 2012-12-31 01:27 -------- d-----w- c:\programdata\Malwarebytes 2012-12-31 01:27 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-31 01:27 . 2012-12-31 01:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-31 01:26 . 2012-12-31 01:26 -------- d-----w- c:\users\Deven Worthington\AppData\Local\Programs 2012-12-29 09:17 . 2012-12-29 09:17 -------- d-----w- C:\8b9139c4573887d14330b183 2012-12-28 01:49 . 2012-12-28 01:49 -------- d-----w- c:\program files\Microsoft Office 2012-12-28 01:49 . 2012-12-30 00:38 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-12-28 01:47 . 2012-12-28 01:54 -------- d-----w- c:\users\Deven Worthington\AppData\Roaming\TP 2012-12-28 01:23 . 2012-12-28 01:32 -------- d-----w- c:\program files\Adobe 2012-12-28 01:11 . 2012-12-28 01:11 -------- d-----w- C:\adobeTemp 2012-12-23 22:53 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-23 22:53 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-23 22:53 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-23 22:53 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-20 09:40 . 2012-12-20 09:40 -------- d-----w- C:\132a09b146be1acf1cf83edf 2012-12-20 09:39 . 2012-12-20 09:39 -------- d-----w- c:\program files (x86)\The Weather Channel 2012-12-19 22:05 . 2012-12-19 22:07 -------- d-----w- c:\users\Deven Worthington\AppData\Local\lptmp1469847479 2012-12-19 22:03 . 2012-12-19 22:48 151816 ----a-w- c:\windows\SysWow64\WRusr.dll 2012-12-19 22:03 . 2012-12-19 22:48 111712 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2012-12-19 22:03 . 2012-12-19 22:48 104960 ----a-w- c:\windows\system32\WRusr.dll 2012-12-19 22:03 . 2012-12-27 05:12 -------- d-----w- c:\program files\Webroot 2012-12-19 22:03 . 2013-01-16 00:03 -------- d-----w- c:\programdata\WRData 2012-12-18 05:34 . 2012-12-18 05:34 -------- d-----w- c:\windows\Sun 2012-12-17 05:44 . 2012-12-19 22:15 -------- d-----w- c:\users\Deven Worthington\AppData\Roaming\System . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-15 23:52 . 2012-09-05 15:44 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-14 00:36 . 2012-04-04 21:46 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-14 00:36 . 2012-01-02 18:57 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-26 04:13 . 2012-01-08 01:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-12-26 04:11 . 2012-03-06 00:45 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-12-26 04:11 . 2012-03-06 00:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-12-26 04:10 . 2012-01-08 01:15 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-11-22 03:26 . 2012-12-12 05:22 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-14 07:06 . 2012-12-12 09:04 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 09:04 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 09:05 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 09:05 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 09:04 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 09:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 09:05 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 09:04 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 09:04 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 09:04 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 09:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 09:04 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 09:05 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 09:05 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 09:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 09:05 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 09:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 09:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 09:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 09:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 09:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 09:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 05:22 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 05:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-05 05:16 . 2012-01-08 01:15 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-11-05 05:15 . 2012-01-08 01:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-11-02 05:59 . 2012-12-12 05:20 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 05:20 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-30 23:50 . 2012-03-10 20:34 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-30 03:32 . 2012-10-30 03:34 1560168 ----a-w- c:\windows\system32\RTSnMg64.cpl 2012-10-30 03:32 . 2012-10-30 03:34 2615400 ----a-w- c:\windows\system32\RtPgEx64.dll 2012-10-30 03:32 . 2012-10-30 03:34 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll 2012-10-30 03:32 . 2012-10-30 03:34 4730344 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2012-10-30 03:32 . 2012-10-30 03:34 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll 2012-10-30 03:32 . 2012-10-30 03:34 823912 ----a-w- c:\windows\system32\RtkApi64.dll 2012-10-30 03:32 . 2012-10-30 03:34 3747944 ----a-w- c:\windows\system32\RtkAPO64.dll 2012-10-30 03:32 . 2012-10-30 03:34 100968 ----a-w- c:\windows\system32\RCoInstII64.dll 2012-10-30 03:31 . 2011-07-29 07:41 1698408 ----a-w- c:\windows\RtlExUpd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}] 2012-07-30 22:29 1964016 ----a-w- c:\users\Deven Worthington\AppData\Roaming\Qwiklinx\Qwiklinx.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] 2010-07-02 14:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}] 2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872] . [HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}] [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Deven Worthington\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "SOSUAUI"="c:\program files (x86)\SOS Online Backup\sosuploadagent.exe" [2012-06-25 36296] "SMessaging"="c:\program files (x86)\SOS Online Backup\SMessaging.exe" [2012-06-25 55752] "WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-12-19 733232] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A] Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944] R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504] S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-12-19 111712] S1 aswKbd;aswKbd; [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-04 203776] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-12-19 733232] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-10 31088] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-05-28 878184] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] . . Contents of the 'Scheduled Tasks' folder . 2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:36] . 2013-01-14 c:\windows\Tasks\HPCeeScheduleForDeven Worthington.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-12-11 c:\windows\Tasks\HPCeeScheduleForDEVEN$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2013-01-14 c:\windows\Tasks\RGames Updater.job - c:\users\Deven Worthington\AppData\Local\RivalGaming\Updater.exe [2012-11-10 02:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-10-30 6457960] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9ED832F4-B788-422F-A6D0-6D8264B91E7D}\77F62747869333: NameServer = 192.168.0.1 . . ------- File Associations ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll BHO-{9b9dcae3-be34-424c-8d73-75e305a9e091} - c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll BHO-{dc9051c2-8f55-479a-97a4-747980d9047f} - c:\progra~2\WEATHE~2\bar\1.bin\gcbar.dll BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient_2.dll Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe Wow6432Node-HKCU-Run-AdobeBridge - (no file) WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-DefaultTab - c:\users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe AddRemove-My HP Game Console - c:\program files (x86)\HP Games\HP Game Console\Uninstall.exe AddRemove-RegPowerClean_is1 - c:\program files (x86)\Winferno\RegistryPowerCleaner\unins000.exe AddRemove-Smart PC Cleaner_is1 - c:\program files (x86)\Smart PC Cleaner\unins000.exe AddRemove-The Sea App - c:\program files (x86)\The Sea App (Internet Explorer)\uninstall.exe AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe AddRemove-WildTangent hp Master Uninstall - c:\program files (x86)\HP Games\Uninstall.exe AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe AddRemove-WildTangentGameProvider-hp-main - c:\program files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe AddRemove-WildTangentGDF-hp-habbohotel - c:\program files (x86)\HP Games\Web Link - Habbo Hotel\Uninstall.exe AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe AddRemove-World of Warcraft - c:\program files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe AddRemove-WT087328 - c:\program files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe AddRemove-WT087330 - c:\program files (x86)\HP Games\Bounce Symphony\Uninstall.exe AddRemove-WT087335 - c:\program files (x86)\HP Games\Build-a-lot 2\Uninstall.exe AddRemove-WT087343 - c:\program files (x86)\HP Games\Dora's World Adventure\Uninstall.exe AddRemove-WT087360 - c:\program files (x86)\HP Games\Escape Rosecliff Island\Uninstall.exe AddRemove-WT087361 - c:\program files (x86)\HP Games\FATE\Uninstall.exe AddRemove-WT087362 - c:\program files (x86)\HP Games\Final Drive Nitro\Uninstall.exe AddRemove-WT087372 - c:\program files (x86)\HP Games\Heroes of Hellas 2 - Olympia\Uninstall.exe AddRemove-WT087379 - c:\program files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe AddRemove-WT087394 - c:\program files (x86)\HP Games\Penguins!\Uninstall.exe AddRemove-WT087395 - c:\program files (x86)\HP Games\Poker Superstars III\Uninstall.exe AddRemove-WT087396 - c:\program files (x86)\HP Games\Polar Bowler\Uninstall.exe AddRemove-WT087397 - c:\program files (x86)\HP Games\Polar Golfer\Uninstall.exe AddRemove-WT087414 - c:\program files (x86)\HP Games\Virtual Families\Uninstall.exe AddRemove-WT087415 - c:\program files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe AddRemove-WT087428 - c:\program files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe AddRemove-WT087453 - c:\program files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe AddRemove-WT087501 - c:\program files (x86)\HP Games\Plants vs. Zombies\Uninstall.exe AddRemove-WT087533 - c:\program files (x86)\HP Games\Zuma Deluxe\Uninstall.exe AddRemove-WT087536 - c:\program files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe AddRemove-WT089299 - c:\program files (x86)\HP Games\Mystery P.I. - The London Caper\Uninstall.exe AddRemove-WT089307 - c:\program files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Uninstall.exe AddRemove-WT089308 - c:\program files (x86)\HP Games\Blasterball 3\Uninstall.exe AddRemove-WT089328 - c:\program files (x86)\HP Games\Farm Frenzy\Uninstall.exe AddRemove-WT089359 - c:\program files (x86)\HP Games\Cake Mania\Uninstall.exe AddRemove-WT089362 - c:\program files (x86)\HP Games\Agatha Christie - Peril at End House\Uninstall.exe AddRemove-{2E497885-E60B-420A-832D-0148B392E058}_is1 - c:\program files (x86)\Qwiklinx\unins000.exe AddRemove-{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2013-01-15 19:29:21 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-16 01:29 . Pre-Run: 176,815,878,144 bytes free Post-Run: 178,850,631,680 bytes free . - - End Of File - - 0587CA2634F38A5AB98568C467DC063D
  11. mcworthington1s
    hitting f10 just got me to the BIOS system and I followed the instructions on http://pcsupport.about.com/od/fixtheproblem/ss/bootorderchange.htm for changing the start up order.
  12. mcworthington1s
    Right now I'm having trouble accessing the internet on the infected computer to do the next step you requested. I just got a notice from webroot secure anywhere that a file is trying to install itself every time I start my computer. It is C:/Windows/SysWOW64/lodctr.exe I'm blocking it for now.
  13. mcworthington1s
    Before I saw your last message I ran the anti-rootkit program again (found the virus again) and then did a cleanup. Do you want to see another report now that it cleaned it or should i run combofix first? I won't be able to work on it until this evening.
  14. mcworthington1s
    Malwarebytes Anti-Rootkit BETA 1.01.0.1016 www.malwarebytes.org Database version: v2013.01.13.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Deven Worthington :: DEVEN [administrator] 1/13/2013 6:37:55 PM mbar-log-2013-01-13 (18-37-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29929 Time elapsed: 35 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 95 HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539} (PUP.CrossFire.SA) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{44444444-4444-4444-4444-440044464439} (PUP.CrossFire.SA) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066466639} (PUP.CrossFire.SA) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{77777777-7777-7777-7777-770077467739} (PUP.CrossFire.SA) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{1F52A5FA-A705-4415-B975-88503B291728} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1F52A5FA-A705-4415-B975-88503B291728} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{3E720453-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3E720453-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{AAA9C380-E19A-4436-88F6-02942C31CC9E} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{AAA9C381-E19A-4436-88F6-02942C31CC9E} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AAA9C380-E19A-4436-88F6-02942C31CC9E} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AAA9C381-E19A-4436-88F6-02942C31CC9E} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{1D4DB7D0-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{1D4DB7D3-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{120927BF-1700-43BC-810F-FAB92549B390} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{90449521-D834-4703-BB4E-D3AA44042FF8} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{991AAC62-B100-47CE-8B75-253965244F69} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{BBABDC90-F3D5-4801-863A-EE6AE529862D} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{120927BF-1700-43BC-810F-FAB92549B390} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{90449521-D834-4703-BB4E-D3AA44042FF8} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{991AAC62-B100-47CE-8B75-253965244F69} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BBABDC90-F3D5-4801-863A-EE6AE529862D} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} (PUP.MyWebSearch) -> Delete on reboot. HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  15. mcworthington1s
    I was able to change the boot order so that the computer would check cd/rom first. It restored windows. I then went back to malware anti-rootkit to run a scan again and it wanted me to update anti-rootkit. I have ran that again and still found 95 malware items. I'm going to cleanup and see what happens. I'll add the log on my next post.
  16. mcworthington1s
    Yeah, that is what I used and it worked. Was able to restore windows and I had to download a new update for the anti-rootkit. I did that and now I am having it scan my system again.
  17. mcworthington1s
    sorry, I've been away and haven't had a chance to mess with it. f2 took me to my system diagnostics. ill try again with f9 or f10
  18. mcworthington1s
    ok, I finally found someone with Windows 7 and made the disk. Now the issue is I can 'restart' the computer. I turned it on and put the disk in but when I turn the computer off or on, it doesn't really reboot. It just turns off or turns on and goes immediately to the windows boot manager. Still doesn't recognize there is a disk in there.
  19. mcworthington1s
    I can't seem to find anyone with windows 7. Is there a way I could dowload it off the internet? Everyone I know has Vista or an Apple computer.
  20. mcworthington1s
    On the windeos boot maanger there are no options for repair. It just say to insert the windows installation disc and restart the computer. I can hit enter and it goes back to the tools option but only lists 'windows memory diagnostic'. The only option for operating system to start is Ramdisk Options (EMS Enable) but that does nothing. If I hit enter or f8 it just takes me back to teh part telling me to insert the installation disc and shows the status and info like before.
  21. mcworthington1s
    Sorry for the delayed response. Had to get some blank dvd's to backup my system and then had to do a bunch of troubleshooting to get my computer to back up. Finally got it backed up today and then I installed the anti-rootkit and ran a scan. When i ran the cleanup, after the scan, it wanted to reboot my system. My computer shut down but now it wont restart correctly. The windows boot manager has come up and says "windows failed to start. A recent hardware or software change might be the cause". Status: 0xc000000f Ifno: The boot selection failed because a requred device is inaccessible. Can you assist me with this? It wants me to insert my windows installation disc but I don't have one.
  22. mcworthington1s
    I have a trojan agent coming up in my svchost.exe. I haven't had any luck getting rid of it. Been causing the blue screen of death. Thanks in advance for your help. Here are the logs for dds.txt and attach.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Run by Deven Worthington at 21:04:35 on 2013-01-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1643.382 [GMT -6:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Webroot\WRSA.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe C:\Users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE \\.\globalroot\systemroot\svchost.exe -netsvcs C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Webroot\WRSA.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Windows\System32\StikyNot.exe C:\Users\Deven Worthington\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\SOS Online Backup\SMessaging.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe "C:\Windows\svchost.exe" "C:\Windows\svchost.exe" C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearch Bar = Preserve uURLSearchHooks: <No Name>: {8ba2cfef-a1bc-4964-aadc-33be1ae5a33c} - BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Deven Worthington\AppData\Roaming\Qwiklinx\Qwiklinx.dll BHO: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Search Assistant BHO: {9b9dcae3-be34-424c-8d73-75e305a9e091} - BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: TheSea.TheSeaPlugin: {C585D593-E7F3-4852-A200-561686EE02E4} - BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Toolbar BHO: {dc9051c2-8f55-479a-97a4-747980d9047f} - BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - TB: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll TB: WeatherBlink: {F20DE5E0-2A6E-4C54-985F-1CF59551CE39} - TB: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll EB: TheSeaApp: {c585d593-e7f4-4852-a200-561686ee02e4} - uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe uRun: [spotify Web Helper] "C:\Users\Deven Worthington\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [AdobeBridge] <no file> mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [sOSUAUI] "C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe" -showui mRun: [sMessaging] C:\Program Files (x86)\SOS Online Backup\SMessaging.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe uPolicies-Explorer: NoViewOnDrive = dword:0 uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: DisableLocalMachineRun = dword:0 uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0 uPolicies-Explorer: DisableCurrentUserRun = dword:0 uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:0 uPolicies-Explorer: NoFile = dword:0 uPolicies-Explorer: HideClock = dword:0 uPolicies-Explorer: NoDevMgrUpdate = dword:0 uPolicies-Explorer: NoDFSTab = dword:0 uPolicies-Explorer: NoWindowsUpdate = dword:0 uPolicies-Explorer: NoEncryptOnMove = dword:0 uPolicies-Explorer: NoRunasInstallPrompt = dword:0 uPolicies-Explorer: NoResolveTrack = dword:0 uPolicies-Explorer: NoStartMenuSubFolders = dword:0 uPolicies-System: NoDispAppearancePage = dword:0 uPolicies-System: NoDispSettingsPage = dword:0 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoViewOnDrive = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: DisableLocalMachineRun = dword:0 mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0 mPolicies-Explorer: DisableCurrentUserRun = dword:0 mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:0 mPolicies-Explorer: NoFile = dword:0 mPolicies-Explorer: HideClock = dword:0 mPolicies-Explorer: NoDevMgrUpdate = dword:0 mPolicies-Explorer: NoDFSTab = dword:0 mPolicies-Explorer: NoWindowsUpdate = dword:0 mPolicies-Explorer: NoEncryptOnMove = dword:0 mPolicies-Explorer: NoRunasInstallPrompt = dword:0 mPolicies-Explorer: NoResolveTrack = dword:0 mPolicies-Explorer: NoStartMenuSubFolders = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: NoDispAppearancePage = dword:0 mPolicies-System: NoDispSettingsPage = dword:0 mPolicies-Explorer: NoViewOnDrive = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: DisableLocalMachineRun = dword:0 mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0 mPolicies-Explorer: DisableCurrentUserRun = dword:0 mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:0 mPolicies-Explorer: NoFile = dword:0 mPolicies-Explorer: HideClock = dword:0 mPolicies-Explorer: NoDevMgrUpdate = dword:0 mPolicies-Explorer: NoDFSTab = dword:0 mPolicies-Explorer: NoWindowsUpdate = dword:0 mPolicies-Explorer: NoEncryptOnMove = dword:0 mPolicies-Explorer: NoRunasInstallPrompt = dword:0 mPolicies-Explorer: NoResolveTrack = dword:0 mPolicies-Explorer: NoStartMenuSubFolders = dword:0 mPolicies-System: NoDispAppearancePage = dword:0 mPolicies-System: NoDispSettingsPage = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{9ED832F4-B788-422F-A6D0-6D8264B91E7D} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{9ED832F4-B788-422F-A6D0-6D8264B91E7D}\234333023716E6026656C6960756 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{9ED832F4-B788-422F-A6D0-6D8264B91E7D}\2375942554737393 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{9ED832F4-B788-422F-A6D0-6D8264B91E7D}\77F62747869333 : NameServer = 192.168.0.1 TCP: Interfaces\{9ED832F4-B788-422F-A6D0-6D8264B91E7D}\77F62747869333 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{9ED832F4-B788-422F-A6D0-6D8264B91E7D}\C696E6B6379737 : DHCPNameServer = 208.84.188.130 208.84.191.130 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-11-11 77952] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-11-11 37504] R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2012-12-19 111712] R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-3-27 19600] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-7-29 98208] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-4 203776] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-4 354304] R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Deven Worthington\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-7-29 107520] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-29 1817088] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-30 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-30 682344] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-12-19 733232] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-7-29 46136] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-2-9 31088] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-30 24176] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-7-29 335464] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-29 436840] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-7-29 878184] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-7-29 44672] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-11-14 568832] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944] S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-27 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1 FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1 FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2013-01-03 01:11:27 20480 ----a-w- C:\Windows\svchost.exe 2012-12-31 20:59:08 -------- d-----w- C:\EFSTMPWP 2012-12-31 01:27:21 -------- d-----w- C:\Users\Deven Worthington\AppData\Roaming\Malwarebytes 2012-12-31 01:27:08 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-31 01:27:05 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-31 01:27:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-31 01:26:47 -------- d-----w- C:\Users\Deven Worthington\AppData\Local\Programs 2012-12-29 09:17:04 -------- d-----w- C:\8b9139c4573887d14330b183 2012-12-28 01:49:13 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client 2012-12-28 01:47:11 -------- d-----w- C:\Users\Deven Worthington\AppData\Roaming\TP 2012-12-28 01:11:27 -------- d-----w- C:\adobeTemp 2012-12-23 22:53:47 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-23 22:53:46 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-23 22:53:36 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-23 22:53:25 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-20 09:40:15 -------- d-----w- C:\132a09b146be1acf1cf83edf 2012-12-20 09:39:31 -------- d-----w- C:\Program Files (x86)\The Weather Channel 2012-12-19 22:05:32 -------- d-----w- C:\Users\Deven Worthington\AppData\Local\lptmp1469847479 2012-12-19 22:03:43 151816 ----a-w- C:\Windows\SysWow64\WRusr.dll 2012-12-19 22:03:43 111712 ----a-w- C:\Windows\System32\drivers\WRkrn.sys 2012-12-19 22:03:43 104960 ----a-w- C:\Windows\System32\WRusr.dll 2012-12-19 22:03:24 -------- d-----w- C:\Program Files\Webroot 2012-12-19 22:03:13 -------- d-----w- C:\ProgramData\WRData 2012-12-17 05:44:18 -------- d-----w- C:\Users\Deven Worthington\AppData\Roaming\System 2012-12-13 00:54:14 -------- d-----w- C:\.file_store_32 2012-12-12 05:22:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-12 05:22:57 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-12 05:22:27 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-12-12 05:20:44 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-12-12 05:20:42 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll . ==================== Find3M ==================== . 2013-01-01 04:05:28 0 ----a-w- C:\Windows\SysWow64\Sendori.dll 2012-12-12 03:35:31 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 03:35:31 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-30 03:32:17 2615400 ----a-w- C:\Windows\System32\RtPgEx64.dll 2012-10-30 03:32:17 1560168 ----a-w- C:\Windows\System32\RTSnMg64.cpl 2012-10-30 03:32:16 4730344 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys 2012-10-30 03:32:16 331880 ----a-w- C:\Windows\System32\RtlCPAPI64.dll 2012-10-30 03:32:14 14952 ----a-w- C:\Windows\System32\RtkCoLDR64.dll 2012-10-30 03:32:13 823912 ----a-w- C:\Windows\System32\RtkApi64.dll 2012-10-30 03:32:13 3747944 ----a-w- C:\Windows\System32\RtkAPO64.dll 2012-10-30 03:32:11 100968 ----a-w- C:\Windows\System32\RCoInstII64.dll 2012-10-30 03:31:26 1698408 ----a-w- C:\Windows\RtlExUpd.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll . ============= FINISH: 21:07:44.42 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/25/2011 10:20:10 PM System Uptime: 1/2/2013 7:09:43 PM (2 hours ago) . Motherboard: Hewlett-Packard | | 3577 Processor: AMD C-50 Processor | Socket FT1 | 800/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 219 GiB total, 158.793 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1.703 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP125: 12/26/2012 11:02:08 PM - Restore Operation RP126: 12/29/2012 3:12:06 AM - Windows Update RP127: 12/29/2012 6:35:17 PM - Windows Update RP128: 12/30/2012 3:00:47 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Photoshop CS6 Adobe Reader X (10.1.4) MUI Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House AMD Fuel ATI Catalyst Install Manager Bejeweled 2 Deluxe Blackhawk Striker 2 Blasterball 3 Bounce Symphony Build-a-lot 2 Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Compaq Setup Manager CyberLink YouCam D3DX10 DefaultTab DefaultTab Chrome Diner Dash 2 Restaurant Rescue Dora's World Adventure Energy Star Digital Logo Escape Rosecliff Island ESU for Microsoft Windows 7 Farm Frenzy FATE Final Drive Nitro Heroes of Hellas 2 - Olympia Hewlett-Packard ACLM.NET v1.2.1.1 HP Auto HP Client Services HP CloudDrive HP Customer Experience Enhancements HP Documentation HP Game Console HP Games HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP Setup HP Software Framework HP Support Assistant HP Wireless Assistant IMinent Toolbar Java 7 Update 7 Java Auto Updater Java™ 6 Update 22 Java™ 6 Update 22 (64-bit) JavaFX 2.1.1 Jewel Quest Solitaire 2 Junk Mail filter update Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 MSVCRT MSVCRT_amd64 Mystery P.I. - The London Caper PDF Settings CS6 Penguins! Pepakura Viewer 3 Plants vs. Zombies Poker Superstars III Polar Bowler Polar Golfer Qwiklinx Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek PCIE Card Reader REALTEK Wireless LAN Driver Recovery Manager RoxioNow Player Sansa Updater Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Skype Click to Call Skype™ 5.10 Smart PC Cleaner v3.0 SOS Online Backup Spotify Synaptics Pointing Device Driver The Sea App (Internet Explorer) The Weather Channel App The Weather Channel Desktop 6 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VideoFileDownload Virtual Families Virtual Villagers 4 - The Tree of Life WeatherBug Webroot SecureAnywhere Wheel of Fortune 2 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Winferno Registry Power Cleaner WMV9/VC-1 Video Playback World of Warcraft Yahoo! Software Update Yahoo! Toolbar Yontoo 1.10.02 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 12/31/2012 9:39:12 PM, Error: Service Control Manager [7000] - The Sendori Interceptor service failed to start due to the following error: The system cannot find the file specified. 12/31/2012 9:39:03 PM, Error: Service Control Manager [7000] - The Sendori service failed to start due to the following error: The system cannot find the file specified. 12/31/2012 9:23:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 12/31/2012 5:04:32 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 12/31/2012 10:05:22 PM, Error: Service Control Manager [7000] - The Sendoriv1 service failed to start due to the following error: The system cannot find the file specified. 12/31/2012 1:43:16 PM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 1/2/2013 7:14:17 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 1/2/2013 7:14:17 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 1/2/2013 7:10:44 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). 1/2/2013 7:10:34 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 1/2/2013 7:10:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 1/2/2013 7:10:32 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 1/2/2013 7:10:30 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126 1/2/2013 7:10:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cce16a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010213-42369-01. 1/2/2013 7:08:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect. 1/2/2013 7:08:10 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/2/2013 7:07:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 1/2/2013 7:07:39 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/2/2013 7:07:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 1/1/2013 1:57:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000089, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cc4aa6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: . 1/1/2013 1:57:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.