Jump to content

IE slow, trojan found


Recommended Posts

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.15.10

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Dale :: DALE-PC [administrator]

10/15/2012 2:24:27 PM

mbam-log-2012-10-15 (14-24-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216321

Time elapsed: 10 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Users\Dale\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-10-14.05) - NTFS_x86

Internet Explorer: 9.0.8112.16421

Run by Dale at 13:03:40 on 2012-10-18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1507 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\atashost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\WinZip\WZQKPICK32.EXE

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\utorrentbar\prxtbuTo2.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [HPAdvisor] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe" autorun=AUTORUN

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [QlbCtrl.exe] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"

mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\dale\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 209.124.193.100 209.124.193.101

TCP: Interfaces\{AFB70EAD-54BF-440A-8A22-83674F42D911} : DHCPNameServer = 209.124.193.100 209.124.193.101

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-6-12 20376]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca0e0a13cb1aa0;Google Update Service (gupdate1ca0e0a13cb1aa0);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]

S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-4 250808]

S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-10-17 17:46:25 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d7ff2ded-fdc4-4ac0-8f0e-49c1491829ee}\offreg.dll

2012-10-17 17:36:41 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d7ff2ded-fdc4-4ac0-8f0e-49c1491829ee}\mpengine.dll

2012-10-15 19:23:27 -------- d-----w- c:\users\dale\appdata\roaming\Malwarebytes

2012-10-15 19:22:57 -------- d-----w- c:\programdata\Malwarebytes

2012-10-15 19:22:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-15 19:22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-15 18:19:45 758784 ----a-w- c:\windows\system32\cohelper.dll

2012-10-15 18:19:32 -------- d-----w- c:\program files\NVIDIA Corporation

2012-10-15 18:19:29 -------- d-----w- c:\windows\LastGood.Tmp

2012-10-15 15:43:20 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2012-10-12 05:10:56 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-10-12 05:10:56 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-12 05:10:56 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-12 05:10:32 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-12 05:10:25 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-12 05:10:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-12 05:10:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-09-21 00:14:29 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-21 00:12:30 -------- d-----w- c:\program files\iPod

2012-09-21 00:12:27 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-09-21 00:12:27 -------- d-----w- c:\program files\iTunes

2012-09-21 00:00:50 -------- d-----w- c:\program files\Bonjour

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2012-10-12 04:48:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-12 04:48:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-29 01:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-29 01:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-21 18:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll

.

============= FINISH: 13:04:09.29 ===============

Link to post
Share on other sites

Hello boognishd and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please post the content of Attach.txt

Link to post
Share on other sites

Hello Maniac

.

DDS (Ver_2012-10-14.05)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/22/2009 9:34:59 PM

System Uptime: 10/16/2012 10:24:42 PM (39 hours ago)

.

Motherboard: Wistron | | 303C

Processor: AMD Turion Dual-Core RM-75 | Socket A | 2200/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 129.934 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.823 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

32 Bit HP CIO Components Installer

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.2

Adobe Shockwave Player

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Driver Installation Program

Bonjour

BufferChm

CDisplay 1.8

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Conexant HD Audio

CyberLink DVD Suite

CyberLink YouCam

D1600

DJ_SF_06_D1600_SW_Min

ESU for Microsoft Vista

Google Chrome

Google Earth

Google Quick Search Box

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

HDAUDIO Soft Data Fax Modem with SmartCP

High-Definition Video Playback

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6

HP Doc Viewer

HP DVD Play 3.7

HP Help and Support

HP Quick Launch Buttons 6.40 H2

HP Total Care Advisor

HP Total Care Setup

HP Update

HP User Guides 0118

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

HPPhotoGadget

iTunes

Java Auto Updater

Java 6 Update 35

Java 6 Update 7

LabelPrint

LightScribe System Software 1.14.17.1

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Miro

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

muvee Reveal

My HP Games

Nero 11 Kwik Themes Basic

Nero Audio Pack 1

Nero Core Components 11

Nero Kwik Media

Nero Kwik Media Help (CHM)

Nero Update

nero.prerequisites.msi

NetWaiting

Norton Internet Security

NVIDIA Drivers

Power2Go

PowerDirector

PVSonyDll

QuickTime

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Spelling Dictionaries Support For Adobe Reader 9

Synaptics Pointing Device Driver

Toolbox

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

uTorrentBar Toolbar

WebEx Support Manager for Internet Explorer

WebReg

WinZip 16.5

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

µTorrent

uTorrentBar Toolbar

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.10.18.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Dale :: DALE-PC [administrator]

10/18/2012 3:54:46 PM

mbam-log-2012-10-18 (15-54-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216854

Time elapsed: 10 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-10-18 16:11:58

-----------------------------

16:11:58.802 OS Version: Windows 6.0.6002 Service Pack 2

16:11:58.803 Number of processors: 2 586 0x301

16:11:58.804 ComputerName: DALE-PC UserName: Dale

16:12:00.744 Initialize success

16:12:50.119 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5

16:12:50.121 Disk 0 Vendor: ST9320325AS 0003HPM1 Size: 305245MB BusType: 3

16:12:50.130 Disk 0 MBR read successfully

16:12:50.133 Disk 0 MBR scan

16:12:50.136 Disk 0 unknown MBR code

16:12:50.143 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294059 MB offset 2048

16:12:50.179 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11182 MB offset 602234880

16:12:50.219 Disk 0 scanning sectors +625135616

16:12:50.288 Disk 0 scanning C:\Windows\system32\drivers

16:12:59.939 Service scanning

16:13:14.167 Modules scanning

16:13:20.866 Disk 0 trace - called modules:

16:13:20.888 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

16:13:20.893 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cfbac8]

16:13:21.239 3 CLASSPNP.SYS[8079b8b3] -> nt!IofCallDriver -> [0x85571918]

16:13:21.246 5 acpi.sys[806086bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x85521b98]

16:13:21.252 Scan finished successfully

16:14:03.637 Disk 0 MBR has been saved successfully to "C:\Users\Dale\Desktop\MBR.dat"

16:14:03.646 The log file has been saved successfully to "C:\Users\Dale\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-10-18 16:20:50

-----------------------------

16:20:50.022 OS Version: Windows 6.0.6002 Service Pack 2

16:20:50.022 Number of processors: 2 586 0x301

16:20:50.023 ComputerName: DALE-PC UserName: Dale

16:20:52.630 Initialize success

16:20:56.325 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5

16:20:56.328 Disk 0 Vendor: ST9320325AS 0003HPM1 Size: 305245MB BusType: 3

16:20:56.383 Disk 0 MBR read successfully

16:20:56.386 Disk 0 MBR scan

16:20:56.389 Disk 0 unknown MBR code

16:20:56.395 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294059 MB offset 2048

16:20:56.432 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11182 MB offset 602234880

16:20:56.437 Disk 0 scanning sectors +625135616

16:20:56.497 Disk 0 scanning C:\Windows\system32\drivers

16:21:06.547 Service scanning

16:21:21.234 Modules scanning

16:21:27.740 Disk 0 trace - called modules:

16:21:27.768 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

16:21:27.773 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cfbac8]

16:21:27.778 3 CLASSPNP.SYS[8079b8b3] -> nt!IofCallDriver -> [0x85571918]

16:21:27.785 5 acpi.sys[806086bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x85521b98]

16:21:27.791 Scan finished successfully

16:21:50.734 Disk 0 MBR has been saved successfully to "C:\Users\Dale\Desktop\MBR.dat"

16:21:50.739 The log file has been saved successfully to "C:\Users\Dale\Desktop\aswMBR.txt"

DDS (Ver_2012-10-14.05) - NTFS_x86

Internet Explorer: 9.0.8112.16421

Run by Dale at 16:15:04 on 2012-10-18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1292 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Windows\system32\atashost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\WinZip\WZQKPICK32.EXE

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\utorrentbar\prxtbuTo2.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [HPAdvisor] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe" autorun=AUTORUN

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [QlbCtrl.exe] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"

mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\dale\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 209.124.193.100 209.124.193.101

TCP: Interfaces\{AFB70EAD-54BF-440A-8A22-83674F42D911} : DHCPNameServer = 209.124.193.100 209.124.193.101

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-6-12 20376]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca0e0a13cb1aa0;Google Update Service (gupdate1ca0e0a13cb1aa0);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]

S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-4 250808]

S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-10-17 17:36:41 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d7ff2ded-fdc4-4ac0-8f0e-49c1491829ee}\mpengine.dll

2012-10-15 19:23:27 -------- d-----w- c:\users\dale\appdata\roaming\Malwarebytes

2012-10-15 19:22:57 -------- d-----w- c:\programdata\Malwarebytes

2012-10-15 19:22:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-15 19:22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-15 18:19:45 758784 ----a-w- c:\windows\system32\cohelper.dll

2012-10-15 18:19:32 -------- d-----w- c:\program files\NVIDIA Corporation

2012-10-15 15:43:20 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2012-10-12 05:10:56 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-10-12 05:10:56 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-12 05:10:56 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-12 05:10:32 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-12 05:10:25 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-12 05:10:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-12 05:10:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-09-21 00:14:29 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-21 00:12:30 -------- d-----w- c:\program files\iPod

2012-09-21 00:12:27 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-09-21 00:12:27 -------- d-----w- c:\program files\iTunes

2012-09-21 00:00:50 -------- d-----w- c:\program files\Bonjour

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-09-20 23:56:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2012-10-12 04:48:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-12 04:48:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-29 01:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-29 01:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-21 18:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll

.

============= FINISH: 16:15:26.40 ===============

Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Link to post
Share on other sites

# AdwCleaner v2.005 - Logfile created 10/18/2012 at 16:31:12

# Updated 14/10/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Dale - DALE-PC

# Boot Mode : Normal

# Running from : C:\Users\Dale\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Found : C:\Users\Public\Desktop\eBay.lnk

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\uTorrentBar

Folder Found : C:\ProgramData\Ask

Folder Found : C:\Users\Dale\AppData\Local\Conduit

Folder Found : C:\Users\Dale\AppData\LocalLow\Conduit

Folder Found : C:\Users\Dale\AppData\LocalLow\ConduitEngine

Folder Found : C:\Users\Dale\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Dale\AppData\LocalLow\uTorrentBar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F85FF3B-735B-43EB-9B5D-2CD41332B658}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Found : HKCU\Software\Zugo

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5F85FF3B-735B-43EB-9B5D-2CD41332B658}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95F71B1E-AB65-4560-B11B-B52038A25147}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F06EF482-533A-452C-B694-2BF5C677E050}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5F85FF3B-735B-43EB-9B5D-2CD41332B658}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

Key Found : HKLM\Software\uTorrentBar

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3700 octets] - [18/10/2012 16:31:12]

########## EOF - C:\AdwCleaner[R1].txt - [3760 octets] ##########

Link to post
Share on other sites

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Link to post
Share on other sites

# AdwCleaner v2.005 - Logfile created 10/18/2012 at 16:49:01

# Updated 14/10/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Dale - DALE-PC

# Boot Mode : Normal

# Running from : C:\Users\Dale\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\Users\Public\Desktop\eBay.lnk

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\uTorrentBar

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Users\Dale\AppData\Local\Conduit

Folder Deleted : C:\Users\Dale\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Dale\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Dale\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Dale\AppData\LocalLow\uTorrentBar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F85FF3B-735B-43EB-9B5D-2CD41332B658}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5F85FF3B-735B-43EB-9B5D-2CD41332B658}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95F71B1E-AB65-4560-B11B-B52038A25147}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F06EF482-533A-452C-B694-2BF5C677E050}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5F85FF3B-735B-43EB-9B5D-2CD41332B658}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

Key Deleted : HKLM\Software\uTorrentBar

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3829 octets] - [18/10/2012 16:31:12]

AdwCleaner[s1].txt - [3838 octets] - [18/10/2012 16:49:01]

########## EOF - C:\AdwCleaner[s1].txt - [3898 octets] ##########

Link to post
Share on other sites

Good! :)

Note: Please do not run this tool without special supervision and instruction of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 12-10-18.03 - Dale 10/18/2012 21:27:27.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1500 [GMT -5:00]

Running from: c:\users\Dale\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\msstdfmt.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_nvsvc

.

.

((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))

.

.

2012-10-19 02:36 . 2012-10-19 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-18 21:17 . 2012-10-18 21:17 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-10-17 17:36 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7FF2DED-FDC4-4AC0-8F0E-49C1491829EE}\mpengine.dll

2012-10-15 19:23 . 2012-10-15 19:23 -------- d-----w- c:\users\Dale\AppData\Roaming\Malwarebytes

2012-10-15 19:22 . 2012-10-15 19:22 -------- d-----w- c:\programdata\Malwarebytes

2012-10-15 19:22 . 2012-10-18 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-15 19:22 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-15 18:27 . 2012-10-15 18:27 -------- d-----w- c:\programdata\McAfee

2012-10-15 18:19 . 2010-08-12 16:46 758784 ----a-w- c:\windows\system32\cohelper.dll

2012-10-15 18:19 . 2012-10-15 18:19 -------- d-----w- c:\program files\NVIDIA Corporation

2012-10-15 15:43 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2012-10-12 05:10 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-10-12 05:10 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-12 05:10 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-12 05:10 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-12 05:10 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-12 05:10 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-12 05:10 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-09-21 00:14 . 2012-08-21 18:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-21 00:12 . 2012-09-21 00:12 -------- d-----w- c:\program files\iPod

2012-09-21 00:12 . 2012-09-21 00:14 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-09-21 00:12 . 2012-09-21 00:14 -------- d-----w- c:\program files\iTunes

2012-09-21 00:00 . 2012-09-21 00:00 -------- d-----w- c:\program files\Bonjour

2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2012-09-20 23:56 . 2012-09-20 23:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2012-09-20 23:56 . 2012-09-20 23:56 -------- d-----w- c:\program files\QuickTime

2012-09-20 23:48 . 2012-09-20 23:48 -------- d-----w- c:\program files\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-12 04:48 . 2012-05-05 03:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-12 04:48 . 2012-05-05 03:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-29 01:24 . 2012-06-18 19:40 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-29 01:24 . 2012-04-23 21:14 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-21 18:01 . 2009-10-23 00:26 106928 ----a-w- c:\windows\system32\GEARAspi.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-19 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-19 122368]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

c:\users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 04:48]

.

2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 15:59]

.

2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 15:59]

.

2012-10-14 c:\windows\Tasks\HPCeeScheduleForDale.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 209.124.193.100 209.124.193.101

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-QlbCtrl.exe - c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-18 21:41

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,

1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00

"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,

bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8

"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,

34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,

ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:00,f5,b5,c4,a9,26,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\atashost.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

c:\program files\Nero\Update\NASvc.exe

c:\program files\SMINST\BLService.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

.

**************************************************************************

.

Completion time: 2012-10-18 21:48:39 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-19 02:48

.

Pre-Run: 142,503,772,160 bytes free

Post-Run: 143,423,238,144 bytes free

.

- - End Of File - - 6BD0ACF9667DA7CADE1F948E82908452

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.