Vista 2012 Alert Malware

**meghantothemax** · 2012-01-13, 06:22

Today I had notices pop up from a program called "Vista 2012 Alert". It disabled all access to the internet until a credit card number was entered (I was able to track down a manual serial number online that would get me past that point though) and it also seems to have disabled my virus scanner. Any attempts to install a new virus scanner also appear to be blocked.

I can see that this virus was a common problem last year, and there are several possible fixes, but I really don't want to throw more software I'm not familiar with at it since I'm not sure which ones to trust. Would anyone be able to help me with this?

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Owner at 0:13:05 on 2012-01-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3998.2358 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\trlrm\RMHSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\UltimateZip\uzqkst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Owner\AppData\Local\hqu.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Users\Owner\AppData\Local\SanctionedMedia\Smad\Smad.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\WhiteSmoke\WSTray64.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
uURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
mURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
mWinlogon: Userinit=userinit.exe
BHO: MRI_DISABLED - No File
BHO: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\bh\BabylonToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: SearchCore for Browsers: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO: Trlokom IE Toolbar: {c5af4d9b-0b55-4bac-9486-218ea2c6bc3e} - C:\Program Files (x86)\SpyWall\TrlIETool.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Trlokom IE Toolbar: {c5af4d9b-0b55-4bac-9486-218ea2c6bc3e} - C:\Program Files (x86)\SpyWall\TrlIETool.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarTlbr.dll
TB: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [cdloader] "C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Smad] "C:\Users\Owner\AppData\Local\SanctionedMedia\Smad\Smad.exe"
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Driver Fetch] "C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe" --start-trayed
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe" /md I
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK - C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ULTIMA~1.LNK - C:\Program Files (x86)\UltimateZip\uzqkst.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{ED73AC6B-7A58-4C36-B3E3-399653F0B91C} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
BHO-X64: WhiteSmoke Bar - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: SearchCore for Browsers: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO-X64: Trlokom IE Toolbar: {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Program Files (x86)\SpyWall\TrlIETool.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Trlokom IE Toolbar: {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Program Files (x86)\SpyWall\TrlIETool.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarTlbr.dll
TB-X64: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Driver Fetch] "C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe" --start-trayed
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe" /md I
mRun-x64: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: network.proxy.http - 125.5.6.7.7.7
FF - prefs.js: network.proxy.http_port - 8231
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - component: C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF3.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: WhiteSmoke Bar Community Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - %profile%\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: ClickPotatoLite Component: ClickPotatoLite@ClickPotatoLite.com - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\firefox\extensions
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110819.030\IDSviA64.sys [2011-8-19 488056]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-7-1 298824]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-10 117648]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-11-3 365952]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-9-24 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-9-24 116096]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-28 136824]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-23 135664]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-3 193840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-23 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Sockblkd;Sockblkd;C:\Program Files\Extegrity\Exam4\Sockblkd.sys [2009-10-19 6784]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-22 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.exe=ux
.
=============== Created Last 30 ================
.
2012-01-13 05:05:06 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{310BECBA-3D99-4A52-BC12-2ACD13601E5E}\offreg.dll
2012-01-12 17:48:58 269824 ----a-w- C:\Users\Owner\AppData\Local\hqu.exe
2012-01-12 17:48:54 -------- d-----w- C:\Users\Owner\AppData\Local\SanctionedMedia
2012-01-11 02:16:40 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-01-11 02:16:40 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-01-10 23:14:24 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{310BECBA-3D99-4A52-BC12-2ACD13601E5E}\mpengine.dll
2011-12-16 04:43:02 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-16 04:42:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-16 04:42:58 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-16 04:42:54 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-16 04:42:54 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-16 04:42:34 2764800 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-12-10 01:08:36 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll
2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll
2011-10-25 16:13:33 1570816 ----a-w- C:\Windows\System32\quartz.dll
2011-10-25 16:13:31 352256 ----a-w- C:\Windows\System32\qdvd.dll
2011-10-25 15:58:55 1314816 ----a-w- C:\Windows\SysWow64\quartz.dll
2011-10-25 15:58:54 497152 ----a-w- C:\Windows\SysWow64\qdvd.dll
.
============= FINISH: 0:13:32.30 ===============

**ken545** · 2012-01-18, 23:56

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR

You have lots and lots of garbage on your system .

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

**meghantothemax** · 2012-01-20, 04:35

Just so you know, while I was waiting for your reply, Windows Defender caught something called Adware:MSIL/SanctionedMedia on the 16th, so I selected the option to remove it. I'm not sure how that will affect the results.

Also, when I did the MalwareBytes scan, I accidentally selected Full Scan instead of Quick Scan.

Thank you very much for your help!

Here's the aswMBR log:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 10:52:24
-----------------------------
10:52:24.071 OS Version: Windows x64 6.0.6002 Service Pack 2
10:52:24.072 Number of processors: 2 586 0x170A
10:52:24.073 ComputerName: OWNER-PC UserName: Owner
10:52:26.350 Initialize success
10:52:55.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
10:52:55.081 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
10:52:55.088 Disk 0 MBR read successfully
10:52:55.092 Disk 0 MBR scan
10:52:55.096 Disk 0 unknown MBR code
10:52:55.100 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 292830 MB offset 63
10:52:55.130 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12411 MB offset 599717888
10:52:55.135 Service scanning
10:52:56.514 Modules scanning
10:52:56.518 Disk 0 trace - called modules:
10:52:56.525 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:52:56.530 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f61790]
10:52:56.534 3 CLASSPNP.SYS[fffffa6000a48c33] -> nt!IofCallDriver -> [0xfffffa8004f5cc20]
10:52:56.538 5 hpdskflt.sys[fffffa6001a020ee] -> nt!IofCallDriver -> [0xfffffa8004c119b0]
10:52:56.545 7 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0xfffffa8004c0e060]
10:52:56.551 Scan finished successfully
10:53:24.196 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
10:53:24.204 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

And here's the Malwarebytes log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

19/01/2012 10:56:51 AM
mbam-log-2012-01-19 (10-56-51).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 416701
Time elapsed: 1 hour(s), 19 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 29
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Quarantined and deleted successfully.
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileHunter (PUP.FileHunter) -> Quarantined and deleted successfully.
HKCR\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\firefox\extensions -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Owner\AppData\Local\hqu.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Owner\AppData\Local\hqu.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

Folders Detected: 15
C:\Users\Owner\AppData\Roaming\FileHunter (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\FileHunter\downloads (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\FileHunter\metafiles (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport2\Bin\2.7.37 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Detected: 31
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\ClickPotatoLiteSACB.exe (Adware.HotBar.Gen) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\ClickPotatoLiteSAHook.dll (Adware.HotBar.Gen) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\ClickPotatoLiteUninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DFCWdiMi.exe.part (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\_te8913.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Owner\Documents\XvidSetup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Owner\Documents\XvidSetup(3).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Owner\Documents\XvidSetup(4).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Owner\Documents\XvidSetup(5).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Owner\Documents\XvidSetup(6).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Owner\Documents\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\FileHunter-Win32.exe (Adware.Dropper) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\FileHunter\pumpa.state (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\FileHunter\extensions.exe (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\FileHunter\FileHunter.exe (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\FileHunter\pumpa.exe (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\FileHunter\uninstall.exe (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\FileHunter\metafiles\23F2A1B8F2E017DDE2B4213D9214D49C623C910C.torrent (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\copyright.txt (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

(end)

**ken545** · 2012-01-20, 12:13

Thats fine. I saw Whitesmoke in your original log but dont see it removed, it may have not been checked for removal when you ran Malwarebytes, run Malwarebytes again and if Whitesmoke is not checked than check it and remove it also.

Download CKScanner by askey127 from Here & save it to your Desktop.

Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Please Run this program only once
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

**meghantothemax** · 2012-01-22, 04:26

Ran a MalwareBytes Quick Scan, received no results. Here's the log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.22.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

21/01/2012 7:47:33 PM
mbam-log-2012-01-21 (19-47-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195052
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And here`s the CKScanner log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\owner\music\berlin symphony orchestra\nutcracker highlights\desktop.ini
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\01 nutcracker, ballet, op. 71~no. 2. 1.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\01 nutcracker, ballet, op. 71~no. 2..m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\02 nutcracker, ballet, op. 71~no. 4. 1.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\02 nutcracker, ballet, op. 71~no. 4..m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\03 nutcracker, ballet, op. 71~no. 5. 1.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\03 nutcracker, ballet, op. 71~no. 5..m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\04 nutcracker, ballet, op. 71~no. 6. 1.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\04 nutcracker, ballet, op. 71~no. 6..m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\05 nutcracker, ballet, op. 71~no. 7. 1.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\05 nutcracker, ballet, op. 71~no. 7..m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\06 nutcracker, ballet, op. 71~no. 8. 1.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\06 nutcracker, ballet, op. 71~no. 8..m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\07 nutcracker, ballet, op. 71~no. 12 1.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\07 nutcracker, ballet, op. 71~no. 12.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\08 nutcracker, ballet, op. 71~no. 13 1.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\08 nutcracker, ballet, op. 71~no. 13.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\09 nutcracker, ballet, op. 71~no. 14 1.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\09 nutcracker, ballet, op. 71~no. 14.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\10 nutcracker, ballet, op. 71~no. 15 1.m4a
c:\users\owner\music\itunes\itunes media\music\berlin symphony orchestra\nutcracker highlights\10 nutcracker, ballet, op. 71~no. 15.m4a
scanner sequence 3.ZZ.11.XQNAOF
----- EOF -----

Thanks again!

**ken545** · 2012-01-22, 11:13

Good Morning,

If you would have given these people your credit card number you would have been giving it to a gang of thieves, there is no telling what they could have done with it, making other charges and possibly identity theft.

Run DDS again and post a new log please, then run this free online virus scanner

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

**meghantothemax** · 2012-01-23, 00:03

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Owner at 11:46:56 on 2012-01-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3998.2567 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\trlrm\RMHSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\UltimateZip\uzqkst.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\WhiteSmoke\WSTray64.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
uURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
mURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
mWinlogon: Userinit=userinit.exe,
BHO: MRI_DISABLED - No File
BHO: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\bh\BabylonToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: SearchCore for Browsers: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO: Trlokom IE Toolbar: {c5af4d9b-0b55-4bac-9486-218ea2c6bc3e} - C:\Program Files (x86)\SpyWall\TrlIETool.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Trlokom IE Toolbar: {c5af4d9b-0b55-4bac-9486-218ea2c6bc3e} - C:\Program Files (x86)\SpyWall\TrlIETool.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarTlbr.dll
TB: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [cdloader] "C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Driver Fetch] "C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe" --start-trayed
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe" /md I
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK - C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ULTIMA~1.LNK - C:\Program Files (x86)\UltimateZip\uzqkst.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{ED73AC6B-7A58-4C36-B3E3-399653F0B91C} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
BHO-X64: WhiteSmoke Bar - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: SearchCore for Browsers: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO-X64: Trlokom IE Toolbar: {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Program Files (x86)\SpyWall\TrlIETool.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Trlokom IE Toolbar: {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Program Files (x86)\SpyWall\TrlIETool.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarTlbr.dll
TB-X64: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Driver Fetch] "C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe" --start-trayed
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe" /md I
mRun-x64: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: network.proxy.http - 125.5.6.7.7.7
FF - prefs.js: network.proxy.http_port - 8231
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - component: C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF3.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: WhiteSmoke Bar Community Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - %profile%\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110819.030\IDSviA64.sys [2011-8-19 488056]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-7-1 298824]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-10 117648]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-11-3 365952]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-9-24 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-9-24 116096]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-28 136824]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-23 135664]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-3 193840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-23 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Sockblkd;Sockblkd;C:\Program Files\Extegrity\Exam4\Sockblkd.sys [2009-10-19 6784]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-22 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-20 15:19:19 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{535BE1B5-E39E-4E35-8A85-A2399CBFA90D}\mpengine.dll
2012-01-19 15:56:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-01-19 15:56:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-19 15:56:09 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-19 15:56:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-12 17:48:54 -------- d-----w- C:\Users\Owner\AppData\Local\SanctionedMedia
2012-01-11 02:16:40 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-01-11 02:16:40 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-12-10 01:08:36 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll
2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-08 14:58:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-08 14:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-10-25 16:13:33 1570816 ----a-w- C:\Windows\System32\quartz.dll
2011-10-25 16:13:31 352256 ----a-w- C:\Windows\System32\qdvd.dll
2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-25 15:58:55 1314816 ----a-w- C:\Windows\SysWow64\quartz.dll
2011-10-25 15:58:54 497152 ----a-w- C:\Windows\SysWow64\qdvd.dll
.
============= FINISH: 11:49:52.45 ===============

And here's the ESETScan results:

C:\$RECYCLE.BIN\S-1-5-21-3984993148-1309757251-1189783091-1000\$RFITV14.lnk LNK/URL.B trojan
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\Program Files (x86)\WhiteSmoke\HookDllOE.dll probably a variant of Win32/WhiteSmoke application
C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe a variant of Win32/WhiteSmoke application
C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe probably a variant of Win32/WhiteSmoke application
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\index.html HTML/WhiteSmoke application
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\translator.html HTML/WhiteSmoke application
C:\Users\Owner\AppData\Local\Temp\SetupDataMngr_Searchqu.exe a variant of Win32/Toolbar.SearchSuite application
C:\Users\Owner\AppData\Local\Temp\werxmsacon.exe a variant of MSIL/Kryptik.M trojan
C:\Users\Owner\AppData\Local\Temp\~nsu.tmp\WhiteSmoke2011.exe multiple threats
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\7a924d69-7c8b940d Java/Exploit.CVE-2011-3544.AC trojan
C:\Users\Owner\Desktop\HSS-1.49-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application
C:\Users\Owner\Desktop\HSS-1.57-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application
C:\Users\Owner\Documents\registrybooster.exe a variant of Win32/RegistryBooster application
C:\Users\Owner\Documents\Tracy Anderson - Perfect Design Series_ Sequence I, II, III.exe a variant of Win32/Adware.WinPump.Y application
Operating memory multiple threats

Thanks again!

**ken545** · 2012-01-23, 01:56

Lets run Combofix and then we can see what else there is to remove, lots of bad stuff still showing up on your DDS log and ESET Scanner also

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**meghantothemax** · 2012-01-23, 10:55

ComboFix didn't ask to install Microsoft Windows Recovery Console, but otherwise it seemed to run normally.

Thanks!

ComboFix 12-01-23.02 - Owner 23/01/2012 4:26.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3998.2453 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\blinkx.ico
c:\program files (x86)\Blinkx\blinkxss.exe
c:\program files (x86)\Blinkx\blinkxstop.exe
c:\program files (x86)\Blinkx\lang.dll
c:\program files (x86)\Blinkx\templates\beat.ico
c:\program files (x86)\Blinkx\templates\index.html
c:\program files (x86)\Blinkx\templates\noflash.html
c:\program files (x86)\Blinkx\templates\offline.html
c:\program files (x86)\Blinkx\templates\offline.swf
c:\program files (x86)\Blinkx\templates\uninstall.exe
c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\Mozilla Firefox\components\AskHPRFF.js
c:\users\Owner\AppData\Roaming\cacaoweb
c:\users\Owner\AppData\Roaming\cacaoweb\adstorage.db
c:\users\Owner\AppData\Roaming\cacaoweb\replicatingD61FF760749E9CB9572DE57A6762D2E0.cacao
c:\users\Owner\AppData\Roaming\cacaoweb\storage.db
c:\windows\SysWow64\system
.
.
((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-23 09:36 . 2012-01-23 09:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-22 17:00 . 2012-01-22 17:00 -------- d-----w- c:\program files (x86)\ESET
2012-01-19 15:56 . 2012-01-19 15:56 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-01-19 15:56 . 2012-01-19 15:56 -------- d-----w- c:\programdata\Malwarebytes
2012-01-19 15:56 . 2012-01-19 15:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-19 15:56 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 04:35 . 2012-01-13 04:36 -------- d-----w- c:\program files (x86)\ERUNT
2012-01-12 17:48 . 2012-01-12 17:48 -------- d-----w- c:\users\Owner\AppData\Local\SanctionedMedia
2012-01-11 02:16 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 02:16 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-12-30 19:17 . 2011-12-30 19:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 05:15 . 2012-01-20 15:19 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{535BE1B5-E39E-4E35-8A85-A2399CBFA90D}\mpengine.dll
2011-12-10 01:08 . 2011-12-10 01:08 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-26 05:25 . 2011-11-26 05:25 0 ---ha-w- c:\users\Owner\AppData\Local\BIT8535.tmp
2011-11-23 13:57 . 2011-12-16 04:42 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 19:29 . 2009-10-22 21:18 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:58 . 2011-12-16 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-16 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-10-25 16:09 . 2011-12-16 04:43 85504 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-01 972080]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"cdloader"="c:\users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-05-16 50592]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Driver Fetch"="c:\program files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe" [2010-02-12 798176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BabylonToolbar"="c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe" [2010-11-07 286720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch WhiteSmoke.lnk - c:\program files (x86)\WhiteSmoke\WSEnrichment.exe [2011-4-12 2162688]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
UltimateZip Quick Start.lnk - c:\program files (x86)\UltimateZip\uzqkst.exe [2010-2-13 1075200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2008-09-26 01:42 189736 ------w- c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2008-09-26 09:36 1148200 ------w- c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 16:03 75008 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files (x86)\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-02 00:14 202032 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 12:27 144784 ----a-w- c:\program files (x86)\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]
2008-09-26 01:41 1152296 ------w- c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]
2008-09-25 01:07 206120 ------w- c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-08 c:\windows\Tasks\Driver Fetch.job
- c:\program files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe [2010-02-25 17:08]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-23 19:58]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-23 19:58]
.
2011-12-28 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-04 19:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2011-05-24 23:41 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1533736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: network.proxy.http - 125.5.6.7.7.7
FF - prefs.js: network.proxy.http_port - 8231
FF - prefs.js: network.proxy.type - 0
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: WhiteSmoke Bar Community Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - %profile%\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-UCam_Menu - c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdateLBPShortCut - c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdateP2GoShortCut - c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePDIRShortCut - c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePSTShortCut - c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-ExtegrityExam40 - c:\program files\Extegrity\Exam4\Uninstall.exe
AddRemove-blinkx beat - c:\program files (x86)\Blinkx\templates\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Hotspot Shield\bin\hsswd.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\windows\trlrm\RMHSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2012-01-23 04:51:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-23 09:51
.
Pre-Run: 59,476,185,088 bytes free
Post-Run: 62,009,880,576 bytes free
.
- - End Of File - - BC46C22D80915C2D733DA1228E3B128C

**ken545** · 2012-01-23, 13:20

Thats fine, when you run Combofix and it detects a Recovery Console already installed it will not prompt you to install one.

BabylonToolbar<--This is not recommended, do you use it, it does bring ads

Backup Your Registry with ERUNT:

Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Folder::

Code:

Folder::
c:\users\Owner\AppData\Local\SanctionedMedia

Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Thread: Vista 2012 Alert Malware

Thread Tools

Display

Vista 2012 Alert Malware

Posting Permissions