Jump to content

Help removing Hijack.Shell.Gen


Recommended Posts

Ive been trying to remove that following virus but no luck.

 

dds.text

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490  BrowserJavaVersion: 10.15.2
Run by Panhandle at 14:32:21 on 2013-07-04
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3838.1837 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Users\Panhandle\AppData\Roaming\Microsoft\Windows\Templates\VaultCmd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Panhandle\AppData\Local\Akamai\netsession_win.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Panhandle\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.




uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uWinlogon: Shell = C:\Windows\explorer.exe, C:\Users\Panhandle\AppData\Roaming\Microsoft\Windows\Templates\VaultCmd.exe
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} -
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\Panhandle\AppData\Local\Akamai\netsession_win.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll




TCP: NameServer = 192.168.1.254
TCP: Interfaces\{DFE0C40B-5B01-40A2-AC90-B657C0E6FB00} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg


x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe
x64-Run: [smartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\
FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-4 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-4 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2009-2-10 287744]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-4 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-10 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2011-8-8 45176]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-7-11 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-06-17 21:13:25    75825640    ----a-w-    C:\Windows\System32\mrt.exe
2013-06-17 20:11:27    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-17 20:11:27    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 04:05:41    17824768    ----a-w-    C:\Windows\System32\mshtml.dll
2013-05-17 03:27:25    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-05-17 03:09:56    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 03:02:53    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-05-17 03:02:29    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 03:01:13    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-05-17 03:00:22    237056    ----a-w-    C:\Windows\System32\url.dll
2013-05-17 02:58:20    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-05-17 02:56:09    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-05-17 02:56:00    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-05-17 02:55:59    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-05-17 02:54:09    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-05-17 02:53:20    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-05-17 02:51:49    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-05-17 02:51:27    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-17 02:46:31    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-05-16 23:08:55    12329984    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-05-16 22:49:25    9738752    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-05-16 22:39:39    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-16 22:28:40    1104384    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-05-16 22:28:26    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-16 22:27:30    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-05-16 22:26:07    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-05-16 22:23:35    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-05-16 22:21:37    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-05-16 22:21:34    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-05-16 22:20:30    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-05-16 22:19:25    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-05-16 22:17:30    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-05-16 22:17:21    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-05-16 22:16:57    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-16 22:12:55    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-05-08 04:14:40    1417576    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-08 02:27:42    40448    ----a-w-    C:\Windows\System32\drivers\tcpipreg.sys
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-02 04:16:27    686080    ----a-w-    C:\Windows\System32\win32spl.dll
2013-05-02 04:04:25    443904    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-05-02 04:03:42    37376    ----a-w-    C:\Windows\SysWow64\printcom.dll
2013-04-24 04:09:48    174592    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-04-24 04:09:48    132096    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-04-24 04:09:48    1269248    ----a-w-    C:\Windows\System32\crypt32.dll
2013-04-24 04:09:41    50688    ----a-w-    C:\Windows\System32\certenc.dll
2013-04-24 04:00:30    985600    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-04-24 04:00:30    98304    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-04-24 04:00:30    133120    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-04-24 04:00:24    41984    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-04-24 02:10:00    1078272    ----a-w-    C:\Windows\System32\certutil.exe
2013-04-24 01:46:29    812544    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-04-17 13:04:03    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-04-17 12:30:06    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-04-15 14:17:12    901496    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 03:34:30    47104    ----a-w-    C:\Windows\System32\cdd.dll
2013-04-09 01:55:57    2774016    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 14:32:36.33 ===============

and

 

Attach.text

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2011 7:24:33 PM
System Uptime: 7/4/2013 2:06:30 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | VIOLET
Processor: AMD Athlon 64 X2 Dual Core Processor 5400+ | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 291.562 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.766 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0008
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0008
Service: tunnel
.
==== System Restore Points ===================
.
RP672: 4/14/2013 9:13:46 PM - Scheduled Checkpoint
RP673: 5/7/2013 12:35:48 PM - Windows Update
RP674: 5/13/2013 9:44:43 PM - Windows Update
RP675: 5/21/2013 8:25:47 PM - Windows Update
RP676: 5/21/2013 9:27:44 PM - Windows Update
RP677: 6/17/2013 12:28:17 PM - Windows Update
RP678: 6/17/2013 2:11:41 PM - Windows Update
RP679: 6/21/2013 11:41:52 PM - Windows Update
RP680: 6/22/2013 1:23:08 PM - Scheduled Checkpoint
RP681: 6/23/2013 2:09:08 AM - Scheduled Checkpoint
RP682: 6/24/2013 11:48:41 PM - Windows Update
RP683: 6/27/2013 3:43:45 PM - Scheduled Checkpoint
RP684: 6/29/2013 3:36:16 AM - Windows Update
RP685: 6/30/2013 4:31:35 AM - Scheduled Checkpoint
RP686: 6/30/2013 12:55:26 PM - Windows Update
RP687: 6/30/2013 6:22:13 PM - Windows Update
RP688: 7/2/2013 6:44:11 AM - Scheduled Checkpoint
RP689: 7/3/2013 11:52:39 AM - Scheduled Checkpoint
RP690: 7/4/2013 6:27:58 AM - Windows Update
RP691: 7/4/2013 2:09:13 PM - Removed Skype™ 5.10
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader X (10.1.6)
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Bandisoft MPEG-1 Decoder
Bonjour
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D3DX10
Download Updater (AOL LLC)
Enhanced Multimedia Keyboard Solution
GunBound Thor's Hammer version 550
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Photo Creations
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
iTunes
Java 7 Update 15
Java Auto Updater
Java 6 Update 38
Java 6 Update 7
Junk Mail filter update
Juno Preloader
LabelPrint
LightScribe System Software  1.14.25.1
LightScribe Template Labeler
Malwarebytes Anti-Malware version 1.75.0.1300
MapleStory
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
Nexon Game Manager
NVIDIA Drivers
Pando Media Booster
PCIe Soft Data Fax Modem with SmartCP
PictureMover
Power2Go
PowerDirector
Python 2.5.2
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Segoe UI
SPORE Creature Creator Trial Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VLC media player 1.1.7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/4/2013 8:04:25 AM, Error: EventLog [6008]  - The previous system shutdown at 7:59:27 AM on 7/4/2013 was unexpected.
7/4/2013 2:07:40 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SRTSP SRTSPX
7/4/2013 2:07:40 PM, Error: Service Control Manager [7000]  - The Norton Internet Security service failed to start due to the following error:  The system cannot find the path specified.
7/4/2013 1:56:27 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  MpFilter SASDIFSV SASKUTIL spldr SRTSP SRTSPX Wanarpv6
7/4/2013 1:56:27 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
7/4/2013 1:55:17 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/4/2013 1:55:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/4/2013 1:55:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/3/2013 4:08:14 PM, Error: EventLog [6008]  - The previous system shutdown at 4:05:29 PM on 7/3/2013 was unexpected.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello Trygator and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

Ask Toolbar

Ask Toolbar Updater

Coupon Printer for Windows

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 5

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • RogueKiller log
  • a new fresh DDS log
Link to post
Share on other sites

Thanks for the quick reply Maniac

 

I finished Step 1

 

and here is Step 2

 

JRT.Text

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista Home Premium x64
Ran by Panhandle on Thu 07/04/2013 at 15:01:47.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{652853ad-5592-4231-88c6-706613a52e61}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1313603468-453834131-3448594304-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dnu.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{91C0FCEE-2906-411A-875A-F3898E19BD0C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FC1AE45E-1C62-4CA8-B88C-510557B0B6EA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{033B1C10-5C3F-469F-91BF-FCA0CFAFFC4C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{91C0FCEE-2906-411A-875A-F3898E19BD0C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{652853AD-5592-4231-88C6-706613A52E61}



~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Panhandle\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{0146473C-B483-48B0-8EEE-9CA5C3965FD6}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{01B83BAF-37EB-4086-A7F0-02E4109959B0}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{01EFD995-1D1D-4CF5-90BA-C72E18486E5A}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{04F55247-CC46-45F7-8130-6806B6798E67}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{05E66231-053B-45B4-ACFC-E19D7AA9676A}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{09C467A7-4D18-4AFF-97A8-A355EEC1E7F9}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{0B3BBE60-C1A3-4E35-8566-338B6C0C40B5}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{0C9AC532-47FF-4E5C-8996-F23BD4EE508E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{0D144F1C-3EDE-47F2-8DFE-D54888F7DD12}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{0E0744FB-793A-44A7-A398-69832EFCA7EA}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{12749128-477C-4377-9145-F125A626638C}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{15515CB7-DA01-4363-AFAB-F6A02A9EC27B}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{15B23897-1AF7-4D16-AFA3-00AB23D67B92}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{165CE9B7-7FB4-4ABF-B7C5-4833F8E44616}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{18EB1E8F-1086-4C8A-9DC2-4164D85C4B63}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{18F1376E-24D6-409A-8C40-BDB635E73B76}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{1BD95D15-2FCD-4C65-9642-C3A05C1A7509}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{1F3E8876-C660-454F-A7F0-DA38942D3A84}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{2024BC7D-0335-4EA8-9933-3748636FADD6}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{20251AF2-4A9A-44C3-BDA3-10F65277A740}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{20E980B6-0F90-4EA2-A51D-843E510B824F}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{21CA4E4A-27DA-411E-BD61-78222678AFCD}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{259BC9D2-64D8-4D1D-AC3F-74BEC072A75C}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{25BDCFC5-96C1-4E5B-9F72-5635D5138994}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{286A2822-E695-41F7-A5A5-5BF95A371559}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{28990F5D-E587-4533-9347-772A2A429914}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{309F516F-77AD-4179-84BE-DB6FD9DA020C}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{30B791F3-E9AD-46CC-8663-FB9FD5D5927B}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{3291896C-CA83-4FAF-A1C6-BEC26851D8E2}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{33EB4097-F09B-4A3B-95FE-190820DC7361}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{3457BBA7-DA15-4627-B7AC-EAA263BD2D2E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{351DDC31-1DE8-4B06-A8CC-E7CF984362D9}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{3571FD87-98F5-43BD-81DE-36E878D8701B}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{361941AB-2CF6-4BE1-9867-0926C5989CBC}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{3689C9F1-557A-41F9-8AAD-4AA230793448}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{382E3DBB-4D6F-4F2C-A6B9-3065B557E95A}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{3B2E269E-98F5-4471-8EA9-CABCD9EE2634}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{3D307234-58B2-4471-840D-DF7E5F179A29}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{3DAC7FB9-3E3E-476D-A193-AC2EE3AD1AEA}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{3E2A7795-5835-4484-8CD3-C475D9CC7A15}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{3EE5AE0E-2B94-46AE-8C6F-D20D0ED3DF3A}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{4044F689-187C-46CC-96EB-AEF05AFD0D7E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{408590FD-47E4-450C-8B90-B8389485F403}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{40DE1DC3-2F2E-44B7-8A7A-944B522E07AD}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{41EC0AA9-8F31-4BEC-9E62-D37D6440D18B}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{464EFB95-E122-4A2F-BBE4-6E36C852E386}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{4A24E9BD-C53B-4E8B-A71A-36A0105F767E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{4B484272-151F-471D-9F17-94EB68CB1245}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{4D009F08-A156-45F8-B7E0-EBA22FE0AA09}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{4DFED2AB-71AE-404E-923B-45DE57EC2F02}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{4E66B0F9-28A3-4448-9A47-E628A347987E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{4F6E96E9-1B4A-4409-91A7-2000B1CE176E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{5074F4D7-6D6D-4145-B9C4-E50A5BF356E7}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{50E97CAE-1407-4166-8569-C2102B8E2CB2}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{54D59A9A-A57C-41B6-92D7-2AFF4760F694}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{5801E59A-EB3A-4A0B-A361-DFAF1838A1ED}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{5929AFBC-1944-41ED-8511-2DB0953C0E58}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{59695582-55E6-452C-8B05-3C8240FEF63E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{5A06F70F-3ED1-4ABA-910E-2070270E72D4}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{5A76EFE2-540D-4BF9-A768-9D369C5AE807}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{5CFFA9E2-8A30-4025-9C7A-D7041D6B475A}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{5D20452D-FCEA-446C-AE18-03E27806A756}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{61649942-7745-405D-8F0A-6D8B0281A892}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{6391CFC5-F098-4341-82AD-55DFEF43D7EE}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{67FE3B00-163C-44D6-8E31-E15DD74DB1C1}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{6897CAB0-1973-49D1-9F0E-A99B36ECFE68}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{69579593-D475-4F9B-B088-809E1E62C397}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{6B0684A4-280E-4408-BD2D-BA8BD5AA7498}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{6BC932A0-B5F5-4DE7-A41D-6ABB3E7A5712}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{6DB6465C-A90A-48EA-A0F1-377C63ACBAE1}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{6DC612ED-AF27-470C-B17E-7C06E7A51B93}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{6ED49011-1CED-4ED5-A1BF-1C38E18F3E6C}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{70376386-9655-49D8-B7F3-7FD796B30682}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{70AD19C9-4E6B-4DC6-97C9-DD197708F917}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{70EB078F-820B-4B2D-AE89-BF5FDD83DFAF}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{787595B7-C791-4080-90EF-B1D4237FB665}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{78A5D3B1-1182-4217-BF5C-AD5DE7682D7E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{7A400A57-A52E-4C8D-BD01-E553B33BC762}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{7B8C6F4B-78F7-4770-9721-63FFA582894D}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{7C3E2377-67AA-4665-BCC5-3690723FBCBC}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{7CDB103D-5D80-4D7A-B39C-BAB1AA433F8D}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{7E006001-B1CD-401B-928E-FE7D8C06410B}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{80313B70-02E3-4CCE-A7B7-0F133B550D00}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{81F619A7-4FE5-4202-85EE-BE1B6D0C2582}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{827BB6E6-E0FF-4156-B07C-289E03DE067B}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{84DC86BD-1795-454F-8D8F-DEAC9EDEDC75}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{859BC1B8-B9C9-45ED-8E28-DBE502BC43D5}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{85BA4FC6-C0CC-4273-886D-AEF9F50632A9}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{87AE2EC6-F182-4D91-B822-3ED28854F1DB}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{882038ED-65CA-4E65-9C25-FD4D681B5965}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{8905AF34-0719-4353-8E37-A57672435192}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{898FB5FA-08AF-45F2-BC2E-6A5049B6BAE8}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{8B963976-D160-4126-9ED6-63C1E33B3163}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{8CE4C1F6-8826-4A3D-AF6A-7AC2FA1E8E44}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{8D0EB28B-C34C-4924-8432-8C0E66D6C05D}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{928681BA-47A7-428B-8DDF-232FB9C017CD}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{93447FD5-E231-401E-B047-7E9159839AFA}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{93644FCC-937D-47E5-9043-0A8C91A6E9A7}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{940434B7-7EF5-4656-97F2-4583BBBB095B}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{94351354-E497-4701-BDDF-F477EFD4A246}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{96E3B076-4E37-45E5-8953-50D7A7804271}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{96E9C4F2-082B-4AA3-8F92-43959B21B41B}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{9787FBDD-4360-4955-8FC1-B063590E2276}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{992EA0F5-453B-4DE2-A47C-C1B2A36A2AF1}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{99EE7202-7172-4FFB-B7D5-4431B780A3C2}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{9A0E44CE-673A-412B-B56D-A2B0B1F29D0E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{9A3BF910-130E-430B-A3A4-CC6837F3412C}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{9A9CF2D5-708A-46CC-8FD8-6313DE034ABE}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{9BAB9D1C-89DC-4D12-8EBB-26E17C26B284}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{9C895A95-A188-4702-8945-41F90C14EEFA}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{9CB6BE4C-CBE3-4ED8-A1BA-9A9FCC257896}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{9D70710A-DA6A-4188-A801-D304BAA22301}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{9F34EBC0-7009-4ED3-8C3D-A12B5D31BD1D}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{A1C4FAEE-A7E8-410D-9230-4DE8ACB3536E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{A1D1F8BD-48E4-47A0-B5AC-4D4FBBCEF695}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{A3CA0748-8A02-4E54-BDDC-317878D0D4DC}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{A48E6CF1-409D-404F-AAC4-FECB39B18DEA}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{A625306E-F09F-4340-9260-FFB6FE586120}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{A63072EA-6B8A-49A0-B167-3D1562645A41}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{A662737D-28A4-4F9A-9BFE-1464AF92A62C}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{A677E878-245A-49F5-B063-91430AA91EE9}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{A86C1330-DB83-4A08-8825-9263298F947E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{A9BB8F56-4A58-442E-8ED8-16162AC2A31E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{AB1FE38E-A44B-43E9-A2E6-6C51E1866F87}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{AB4EE855-B14D-40D0-97AC-5BD2A34A8CC5}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{AD3ECC46-2657-41E1-A581-60161D674ED3}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{ADCF2A22-9A2B-4D10-892F-A4816C4E59C2}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{ADD87331-9C3C-4770-AA1C-6E1B2DC37637}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{AED34468-DE10-4EB5-97A4-E18A1025AB72}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{B65E0D04-F8B9-441D-81EB-BF42824012DD}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{B67BDE19-EAFB-4397-856C-DBB56D188C0E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{B8115578-3EDB-4601-9A3D-D85ED8D2ADE6}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{BC3102ED-117D-4A5B-8555-2BBABA2E2623}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{BD3B49BB-D396-4207-977E-30B965F73D0D}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{BDF8B5B6-8C0E-4D43-9BAC-4FA0EE593B67}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{BF2D7A07-4D70-49EB-B0B0-55ECAD98A1AA}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{C39A70A0-3B40-498F-A23B-8CD7D9472CC7}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{C3D80755-BCD8-4B1F-9097-41A65138A42F}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{C7532CA9-3E2A-4B48-A5E1-7BC3737A4EC7}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{C879BCB6-A452-4A42-91F0-4AC72EB790FD}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{C92E94FA-968A-4A17-8517-8824BD73D1DA}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{C944FE3D-A326-4AEC-9C4F-C742DFE36EEA}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{CA389551-C287-4B5D-A2FD-DCD5473E80DA}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{CA7A7ED4-02BA-4039-A40E-EC893565796A}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{CB807ED9-F080-4C40-BA4B-276C1991FF6A}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{CE8455CF-6B31-47FF-A514-CBDA2E5D0F99}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{CFCBF0D0-E86B-46D3-94D7-E4F3113E9FCE}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{D051D5B2-8FFB-42BC-BA5B-0D09AF57C97B}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{D2C7975F-0BF3-4555-AE87-761CC9D07B6F}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{D39168D7-016A-46B7-909A-C1C98299ECE3}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{D3A1FAFF-92CC-4425-A735-7F0CF847E576}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{D44EA235-8904-488B-82F0-F57B3E353A59}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{D481A543-8C70-4AEB-BA04-C815155012DF}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{D5B3A048-F1BC-485C-BE7D-A1E8E8D81E32}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{D622619F-C853-483A-B143-505448204857}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{D71731A4-A4DE-4AB6-91C5-6DC7618C0D57}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{DA34A0AE-347B-4B41-810F-47DF49427759}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{DCC77BC7-FEE6-49CC-A52B-5C7B0C31556E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{DEBCACC8-0039-4DC3-90D0-269B7BB792C7}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{DF3397E2-4977-4151-9D70-981A53740B36}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{DFD76C36-116D-445F-850E-57443D5F76FF}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{E049A25C-81CE-4881-B124-AC032E4B9C3E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{E3FDC26F-8147-47B7-B39C-FD737FF2C4DB}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{E4C4B30E-76B5-4446-9D3B-9106A5F02A82}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{E5BB445F-694B-41C6-8FD3-E8E1B9C60C97}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{E69BF8B3-2F3E-4246-8981-7FCA047A0A9E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{E7290CD9-6C1B-440A-9890-EC04EA4B506C}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{E8C7759B-5914-44B6-BD9E-AF837A490E1C}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{F29A22BA-78EC-493D-8639-78192C01E96A}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{F6A9B1DD-84A1-4763-9B60-3DDAD62CE006}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{F6FF4DDD-2731-49BF-9538-3ABB83E9B9E2}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{F7F756CD-5BF9-4ABF-ACB1-06F6B3520E25}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{F97539C8-A367-40CF-B2B6-28EC78455392}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{FB83A3F6-C7A4-49D1-A223-864D8FC27F6E}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{FDF22518-C8E6-43EE-B5AE-08F7AAA0DFB5}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{FF4BC619-14A0-4808-888F-1EBAC85D2EC4}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{FF91A9FD-82D1-4240-8F03-C92907B65EB1}
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{FFCC6FA0-526F-48A0-A779-DCFF14FEC4D4}
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [File] C:\Users\Panhandle\AppData\Roaming\mozilla\firefox\profiles\f9q67gsd.default\searchplugins\askcom.xml
Successfully deleted the following from C:\Users\Panhandle\AppData\Roaming\mozilla\firefox\profiles\f9q67gsd.default\prefs.js

user_pref("browser.search.order.1", "Ask.com");
Emptied folder: C:\Users\Panhandle\AppData\Roaming\mozilla\firefox\profiles\f9q67gsd.default\minidumps [27 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/04/2013 at 15:07:17.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Here is step 3

 

ADwCleaner.text

# AdwCleaner v2.304 - Logfile created 07/04/2013 at 15:14:17
# Updated 03/07/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)
# User : Panhandle - PANHANDLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Panhandle\Desktop\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [1840 octets] - [04/07/2013 15:14:17]

########## EOF - C:\AdwCleaner[s1].txt - [1900 octets] ##########
 

here is Step 4

 

MBAM.text

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.04.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Panhandle :: PANHANDLE-PC [administrator]

Protection: Enabled

7/4/2013 3:22:42 PM
mbam-log-2013-07-04 (15-22-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216607
Time elapsed: 8 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: C:\Windows\explorer.exe, C:\Users\Panhandle\AppData\Roaming\Microsoft\Windows\Templates\VaultCmd.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

here is step 5

 

RogueKiller log.text

RogueKiller V8.6.2 [Jul  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com


Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Panhandle [Admin rights]
Mode : Remove -- Date : 07/04/2013 15:38:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] VaultCmd.exe -- C:\Users\Panhandle\AppData\Roaming\Microsoft\Windows\Templates\VaultCmd.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[sHELL][sUSP PATH] HKCU\[...]\Winlogon : shell (C:\Windows\explorer.exe, C:\Users\Panhandle\AppData\Roaming\Microsoft\Windows\Templates\VaultCmd.exe [7][-]) -> DELETED
[sHELL][sUSP PATH] HKUS\[...]\Winlogon : shell (C:\Windows\explorer.exe, C:\Users\Panhandle\AppData\Roaming\Microsoft\Windows\Templates\VaultCmd.exe [7][-]) -> [0x2] The system cannot find the file specified.
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKS-65A7B SCSI Disk Device +++++
--- User ---
[MBR] 27b512873d5bf0aa10f22f3a0bd0bfa7
[bSP] 00da2e786f4fa0e89eb67f4c8b435a6e : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 463468 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949184460 | Size: 13468 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_07042013_153815.txt >>
RKreport[0]_S_07042013_153636.txt


 

Link to post
Share on other sites

and here are the new dds/attach files.

 

dds.text

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490  BrowserJavaVersion: 10.15.2
Run by Panhandle at 15:43:12 on 2013-07-04
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3838.2279 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Panhandle\AppData\Local\Akamai\netsession_win.exe
C:\hp\support\hpsysdrv.exe
C:\Users\Panhandle\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.




mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\Panhandle\AppData\Local\Akamai\netsession_win.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll




TCP: NameServer = 192.168.1.254
TCP: Interfaces\{DFE0C40B-5B01-40A2-AC90-B657C0E6FB00} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg


x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe
x64-Run: [smartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-4 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-4 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2009-2-10 287744]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-4 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-10 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2011-8-8 45176]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-7-11 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-06-17 21:13:25    75825640    ----a-w-    C:\Windows\System32\mrt.exe
2013-06-17 20:11:27    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-17 20:11:27    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 04:05:41    17824768    ----a-w-    C:\Windows\System32\mshtml.dll
2013-05-17 03:27:25    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-05-17 03:09:56    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 03:02:53    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-05-17 03:02:29    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 03:01:13    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-05-17 03:00:22    237056    ----a-w-    C:\Windows\System32\url.dll
2013-05-17 02:58:20    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-05-17 02:56:09    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-05-17 02:56:00    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-05-17 02:55:59    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-05-17 02:54:09    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-05-17 02:53:20    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-05-17 02:51:49    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-05-17 02:51:27    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-17 02:46:31    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-05-16 23:08:55    12329984    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-05-16 22:49:25    9738752    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-05-16 22:39:39    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-16 22:28:40    1104384    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-05-16 22:28:26    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-16 22:27:30    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-05-16 22:26:07    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-05-16 22:23:35    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-05-16 22:21:37    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-05-16 22:21:34    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-05-16 22:20:30    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-05-16 22:19:25    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-05-16 22:17:30    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-05-16 22:17:21    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-05-16 22:16:57    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-16 22:12:55    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-05-08 04:14:40    1417576    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-08 02:27:42    40448    ----a-w-    C:\Windows\System32\drivers\tcpipreg.sys
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-02 04:16:27    686080    ----a-w-    C:\Windows\System32\win32spl.dll
2013-05-02 04:04:25    443904    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-05-02 04:03:42    37376    ----a-w-    C:\Windows\SysWow64\printcom.dll
2013-04-24 04:09:48    174592    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-04-24 04:09:48    132096    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-04-24 04:09:48    1269248    ----a-w-    C:\Windows\System32\crypt32.dll
2013-04-24 04:09:41    50688    ----a-w-    C:\Windows\System32\certenc.dll
2013-04-24 04:00:30    985600    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-04-24 04:00:30    98304    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-04-24 04:00:30    133120    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-04-24 04:00:24    41984    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-04-24 02:10:00    1078272    ----a-w-    C:\Windows\System32\certutil.exe
2013-04-24 01:46:29    812544    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-04-17 13:04:03    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-04-17 12:30:06    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-04-15 14:17:12    901496    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 03:34:30    47104    ----a-w-    C:\Windows\System32\cdd.dll
2013-04-09 01:55:57    2774016    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 15:44:10.89 ===============

and

 

Attach.text

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2011 7:24:33 PM
System Uptime: 7/4/2013 3:15:50 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | VIOLET
Processor: AMD Athlon 64 X2 Dual Core Processor 5400+ | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 292.188 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.766 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0008
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0008
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader X (10.1.6)
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bandisoft MPEG-1 Decoder
Bonjour
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
Enhanced Multimedia Keyboard Solution
GunBound Thor's Hammer version 550
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Photo Creations
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
iTunes
Java 7 Update 15
Java Auto Updater
Java 6 Update 38
Java 6 Update 7
Junk Mail filter update
Juno Preloader
LabelPrint
LightScribe System Software  1.14.25.1
LightScribe Template Labeler
Malwarebytes Anti-Malware version 1.75.0.1300
MapleStory
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
Nexon Game Manager
NVIDIA Drivers
Pando Media Booster
PCIe Soft Data Fax Modem with SmartCP
PictureMover
Power2Go
PowerDirector
Python 2.5.2
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Segoe UI
SPORE Creature Creator Trial Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VLC media player 1.1.7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (64-bit)
.
==== End Of File ===========================
 

Link to post
Share on other sites

Well done!

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Sorry it took so long Maniac but i got the scan done.

 

Combofix.text

ComboFix 13-07-07.01 - Panhandle 07/07/2013   2:05.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3838.2348 [GMT -7:00]
Running from: c:\users\Panhandle\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Panhandle\AppData\Local\DownloadTerms\teMP.dat
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-07 to 2013-07-07  )))))))))))))))))))))))))))))))
.
.
2013-07-07 09:13 . 2013-07-07 09:13    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-07 00:04 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E51F634C-8CB6-4EDB-B147-993973CD5339}\mpengine.dll
2013-07-05 23:17 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-05 22:04 . 2013-07-05 22:05    --------    d-----w-    c:\users\Panhandle\AppData\Local\Smartbar
2013-07-05 22:03 . 2013-07-07 09:12    --------    d-----w-    c:\users\Panhandle\AppData\Local\DownloadTerms
2013-07-05 22:03 . 2013-07-05 23:49    --------    d-----w-    c:\users\Panhandle\AppData\Local\SwvUpdater
2013-07-05 22:02 . 2013-07-05 23:51    --------    d-----w-    c:\users\Panhandle\AppData\Roaming\WebCake
2013-07-05 22:02 . 2013-07-05 23:49    --------    d-----w-    c:\program files (x86)\WebCake
2013-07-05 22:02 . 2013-07-05 23:49    --------    d-----w-    c:\programdata\Tarma Installer
2013-07-05 22:02 . 2013-07-05 22:02    --------    d-----w-    c:\users\Panhandle\AppData\Local\TopArcadeHits
2013-07-05 22:01 . 2013-07-05 22:01    --------    d-----w-    c:\users\AppData
2013-07-05 22:01 . 2013-07-05 22:01    --------    d-----w-    c:\program files (x86)\Conduit
2013-07-05 22:01 . 2013-07-05 22:01    --------    d-----w-    c:\program files (x86)\MixiDJ_V36
2013-07-05 22:01 . 2013-07-05 22:01    --------    d-----w-    c:\users\Panhandle\AppData\Local\Conduit
2013-07-05 22:01 . 2013-07-05 22:01    --------    d-----w-    c:\program files (x86)\SearchProtect
2013-07-05 22:00 . 2013-07-05 22:06    --------    d-----w-    c:\users\Panhandle\AppData\Roaming\SearchProtect
2013-07-04 22:01 . 2013-07-04 22:01    --------    d-----w-    c:\windows\ERUNT
2013-07-04 22:00 . 2013-07-04 22:00    --------    d-----w-    C:\JRT
2013-07-04 15:10 . 2013-07-04 15:10    --------    d-----w-    c:\users\Panhandle\AppData\Roaming\Malwarebytes
2013-07-04 15:10 . 2013-07-04 15:10    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-04 15:10 . 2013-07-04 15:10    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-04 15:10 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-04 12:58 . 2013-07-04 12:58    --------    d-----w-    c:\users\Panhandle\AppData\Roaming\SUPERAntiSpyware.com
2013-07-04 12:57 . 2013-07-04 15:00    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-07-03 15:33 . 2013-07-03 15:51    11264    ----a-w-    c:\users\Panhandle\AppData\Roaming\Microsoft\Windows\Templates\VaultCmd.exe
2013-06-22 06:45 . 2013-06-22 06:42    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE6C9C06-4C82-419F-AEE0-C7188B51213D}\gapaengine.dll
2013-06-17 19:34 . 2013-04-24 02:10    1078272    ----a-w-    c:\windows\system32\certutil.exe
2013-06-17 19:34 . 2013-04-24 01:46    812544    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-06-17 19:34 . 2013-04-24 04:09    1269248    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-17 19:34 . 2013-04-24 04:00    985600    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-06-17 19:34 . 2013-04-24 04:09    174592    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-17 19:34 . 2013-04-24 04:00    133120    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-06-17 19:34 . 2013-04-24 04:09    132096    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-17 19:34 . 2013-04-24 04:09    50688    ----a-w-    c:\windows\system32\certenc.dll
2013-06-17 19:34 . 2013-04-24 04:00    98304    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-06-17 19:34 . 2013-04-24 04:00    41984    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-06-17 19:34 . 2013-04-17 13:04    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-06-17 19:34 . 2013-04-17 12:30    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-06-17 19:33 . 2013-05-08 04:14    1417576    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-17 19:33 . 2013-05-08 02:27    40448    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-06-17 19:33 . 2013-05-02 04:16    686080    ----a-w-    c:\windows\system32\win32spl.dll
2013-06-17 19:33 . 2013-05-02 04:04    443904    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-06-17 19:33 . 2013-05-02 04:03    37376    ----a-w-    c:\windows\SysWow64\printcom.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 21:13 . 2006-11-02 12:35    75825640    ----a-w-    c:\windows\system32\mrt.exe
2013-06-17 20:11 . 2013-04-09 05:53    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-17 20:11 . 2011-07-12 01:10    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-22 03:27 . 2013-05-07 19:41    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-14 04:41 . 2010-06-24 18:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2011-07-11 02:57    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-15 14:17 . 2013-05-22 03:30    901496    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 03:34 . 2013-05-22 03:30    47104    ----a-w-    c:\windows\system32\cdd.dll
2013-04-09 01:55 . 2013-05-22 03:30    2774016    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{587d8d3d-079b-49d0-b54d-dd2a9911fffb}"= "c:\program files (x86)\MixiDJ_V36\prxtbMixi.dll" [2013-06-18 231712]
.
[HKEY_CLASSES_ROOT\clsid\{587d8d3d-079b-49d0-b54d-dd2a9911fffb}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-08 17:55    297808    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{587d8d3d-079b-49d0-b54d-dd2a9911fffb}]
2013-06-18 11:54    231712    ----a-w-    c:\program files (x86)\MixiDJ_V36\prxtbMixi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]
2013-07-05 22:02    153432    ----a-w-    c:\users\Panhandle\AppData\Local\TopArcadeHits\Toparcadehits.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{587d8d3d-079b-49d0-b54d-dd2a9911fffb}"= "c:\program files (x86)\MixiDJ_V36\prxtbMixi.dll" [2013-06-18 231712]
.
[HKEY_CLASSES_ROOT\clsid\{587d8d3d-079b-49d0-b54d-dd2a9911fffb}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
"Akamai NetSession Interface"="c:\users\Panhandle\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-18 1152296]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-18 189736]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2008-9-8 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-09 20:11]
.
2013-07-03 c:\windows\Tasks\HPCeeScheduleForPanhandle.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-10 19:12]
.
2012-12-26 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-10-03 333344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 16335976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\

FF - ExtSQL: 2013-07-04 21:00; cxfnl@nxazbwxrbgsgfqqp.net; c:\users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\extensions\cxfnl@nxazbwxrbgsgfqqp.net
FF - ExtSQL: 2013-07-05 15:00; {587d8d3d-079b-49d0-b54d-dd2a9911fffb}; c:\users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\extensions\{587d8d3d-079b-49d0-b54d-dd2a9911fffb}
FF - ExtSQL: 2013-07-05 15:02; plugin@getwebcake.com; c:\users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\extensions\plugin@getwebcake.com
FF - user.js: extentions.webcake.installId - 4a99c91e-2a39-4e01-b36c-deb71a977fa8
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\users\Panhandle\AppData\Local\DownloadTerms\temp.dat
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{587D8D3D-079B-49D0-B54D-DD2A9911FFFB} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\01\0c\140-?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-07-07  02:17:13
ComboFix-quarantined-files.txt  2013-07-07 09:17
.
Pre-Run: 310,034,911,232 bytes free
Post-Run: 311,674,245,120 bytes free
.
- - End Of File - - 30BD6A18C6661B2D6ECDF4DA182B0762
03BA8F890B47C0BE359A4D5A636D214D
 

Link to post
Share on other sites

Alright maniac heres the JRT

 

JRT.Text

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista Home Premium x64
Ran by Panhandle on Sun 07/07/2013 at 17:05:01.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [service] cltmngsvc
Successfully deleted: [service] cltmngsvc



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotectall
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1313603468-453834131-3448594304-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3298572
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{094B4C52-97CD-4B21-B6B1-FABD3BA56E87}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Panhandle\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Panhandle\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Panhandle\appdata\local\downloadterms"
Successfully deleted: [Folder] "C:\Users\Panhandle\appdata\local\smartbar"
Successfully deleted: [Folder] "C:\Users\Panhandle\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Panhandle\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Panhandle\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Panhandle\appdata\locallow\smartbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Empty Folder] C:\Users\Panhandle\appdata\local\{3259D266-144B-4834-80AA-97F040EDD869}



~~~ FireFox

Successfully deleted: [File] C:\Users\Panhandle\AppData\Roaming\mozilla\firefox\profiles\f9q67gsd.default\user.js
Successfully deleted: [File] C:\Users\Panhandle\AppData\Roaming\mozilla\firefox\profiles\f9q67gsd.default\searchplugins\conduit.xml
Successfully deleted the following from C:\Users\Panhandle\AppData\Roaming\mozilla\firefox\profiles\f9q67gsd.default\prefs.js


user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Emptied folder: C:\Users\Panhandle\AppData\Roaming\mozilla\firefox\profiles\f9q67gsd.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/07/2013 at 17:10:20.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

and heres the Adwcleaner.

 

Adwcleaner.text

# AdwCleaner v2.304 - Logfile created 07/07/2013 at 17:28:58
# Updated 03/07/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)
# User : Panhandle - PANHANDLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Panhandle\Desktop\AdwCleaner.exe
# Option [search]


***** [services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\MixiDJ_V36
Folder Found : C:\Program Files (x86)\WebCake
Folder Found : C:\Users\Panhandle\AppData\LocalLow\MixiDJ_V36
Folder Found : C:\Users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\CT3298572
Folder Found : C:\Users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\extensions\{587d8d3d-079b-49d0-b54d-dd2a9911fffb}
Folder Found : C:\Users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\extensions\plugin@getwebcake.com
Folder Found : C:\Users\Panhandle\AppData\Roaming\WebCake

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\MixiDJ_V36
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MixiDJ_V36 Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94B58D55-27F0-4678-93F2-E449A37D00BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\SmartbarLog
Key Found : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{94B58D55-27F0-4678-93F2-E449A37D00BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKLM\Software\MixiDJ_V36
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94B58D55-27F0-4678-93F2-E449A37D00BB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DA47DD5-A42F-4490-95F9-04D646CAA5CE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60FC86FB-DB78-4C64-AB9C-EAE3EA397420}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V36 Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14962 octets] - [07/07/2013 17:28:58]
AdwCleaner[s1].txt - [1961 octets] - [04/07/2013 15:14:17]

########## EOF - C:\AdwCleaner[R1].txt - [15083 octets] ##########
 

Link to post
Share on other sites

I reran AdwCleaner and it finished the deleted process then rebooted.

 

AdwCleaner.text

# AdwCleaner v2.304 - Logfile created 07/08/2013 at 11:01:42
# Updated 03/07/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)
# User : Panhandle - PANHANDLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Panhandle\Desktop\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\MixiDJ_V36
Deleted on reboot : C:\Program Files (x86)\WebCake
Deleted on reboot : C:\Users\Panhandle\AppData\LocalLow\MixiDJ_V36
Deleted on reboot : C:\Users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\CT3298572
Deleted on reboot : C:\Users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\extensions\{587d8d3d-079b-49d0-b54d-dd2a9911fffb}
Deleted on reboot : C:\Users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\extensions\plugin@getwebcake.com
Deleted on reboot : C:\Users\Panhandle\AppData\Roaming\WebCake

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V36
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MixiDJ_V36 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94B58D55-27F0-4678-93F2-E449A37D00BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartbarLog
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{94B58D55-27F0-4678-93F2-E449A37D00BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\Software\MixiDJ_V36
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94B58D55-27F0-4678-93F2-E449A37D00BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DA47DD5-A42F-4490-95F9-04D646CAA5CE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60FC86FB-DB78-4C64-AB9C-EAE3EA397420}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V36 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{587D8D3D-079B-49D0-B54D-DD2A9911FFFB}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Panhandle\AppData\Roaming\Mozilla\Firefox\Profiles\f9q67gsd.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [15049 octets] - [07/07/2013 17:28:58]
AdwCleaner[R2].txt - [15169 octets] - [08/07/2013 11:01:22]
AdwCleaner[s1].txt - [1961 octets] - [04/07/2013 15:14:17]
AdwCleaner[s2].txt - [339 octets] - [07/07/2013 17:30:54]
AdwCleaner[s3].txt - [11224 octets] - [08/07/2013 11:01:42]

########## EOF - C:\AdwCleaner[s3].txt - [11285 octets] ##########

Link to post
Share on other sites

hello again Maniac here is the Roguekiller log.

 

Roguekiller.text

RogueKiller V8.6.2 _x64_ [Jul  2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com


Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Panhandle [Admin rights]
Mode : Scan -- Date : 07/08/2013 16:15:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKS-65A7B SCSI Disk Device +++++
--- User ---
[MBR] 27b512873d5bf0aa10f22f3a0bd0bfa7
[bSP] 00da2e786f4fa0e89eb67f4c8b435a6e : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 463468 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949184460 | Size: 13468 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_07082013_161536.txt >>
 

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

i just scanned with malwarebytes the log didnt have anything to deleted neither did the quarantine.

 

malwarebytes.log

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.09.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Panhandle :: PANHANDLE-PC [administrator]

Protection: Enabled

7/9/2013 5:51:20 AM
mbam-log-2013-07-09 (05-51-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221845
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Do not fix anything with RogueKiller, those entries are legitimate. Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.