Jump to content

SpencerBodwith

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. SpencerBodwith
    Everything seems to be in great condition. I was wondering if there is any way to prevent malwarebytes aswell as microsoft security essentials web protection feature from being turned off by users on the computer?
  2. SpencerBodwith
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205) # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=f081a8ee39933a4d944d8e22c7f60129 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-01-14 03:16:49 # local_time=2013-01-14 07:16:49 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776574 100 100 19261384 194784137 0 0 # scanned=180492 # found=0 # cleaned=0 # scan_time=11487
  3. SpencerBodwith
    ComboFix 13-01-13.01 - Owner 01/14/2013 3:23.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.863 [GMT -8:00] Running from: c:\users\Owner\Desktop\ComboFix.exe Command switches used :: c:\users\Owner\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 ))))))))))))))))))))))))))))))) . . 2013-01-14 11:39 . 2013-01-14 11:39 -------- d-----w- c:\users\Owner\AppData\Local\temp 2013-01-14 11:39 . 2013-01-14 11:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-14 11:39 . 2013-01-14 11:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-01-14 01:19 . 2012-11-19 09:04 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{676392AD-A538-4AAA-A349-5ED72184CB0A}\mpengine.dll 2013-01-13 03:30 . 2012-11-19 09:04 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-10 02:03 . 2013-01-10 02:03 -------- d-----w- c:\windows\ERUNT 2013-01-10 02:03 . 2013-01-10 02:03 -------- d-----w- C:\JRT 2013-01-10 01:49 . 2013-01-10 01:49 -------- d-----w- c:\users\Owner\AppData\Local\VS Revo Group 2013-01-09 00:08 . 2013-01-09 00:08 -------- d-----w- c:\program files\Common Files\Adobe 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2013-01-09 00:01 . 2013-01-09 00:02 -------- d-----w- c:\program files\QuickTime 2013-01-08 23:53 . 2013-01-08 23:52 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-08 23:35 . 2013-01-08 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-08 23:35 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-08 23:16 . 2013-01-08 23:16 -------- d-----w- c:\users\Owner\AppData\Local\Little_Apps 2013-01-08 23:09 . 2013-01-09 02:50 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner 2013-01-08 22:46 . 2013-01-09 00:22 -------- d-----w- c:\users\Owner\AppData\Local\Coupon Companion Plugin 2013-01-08 00:52 . 2012-10-23 14:04 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F801C26-8708-404E-A41C-813F0E99C3A7}\gapaengine.dll 2013-01-08 00:50 . 2013-01-13 04:37 -------- d-----w- c:\program files\Microsoft Security Client 2012-12-20 21:52 . 2012-12-20 21:52 -------- d-----w- c:\program files\7-zip . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 01:41 . 2012-07-27 04:54 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 01:41 . 2012-01-13 02:00 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-08 23:52 . 2012-01-22 23:04 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-01-29 15:55 . 2013-01-10 01:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-26 133656] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-26 141848] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-26 166424] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-12-15 00:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg] 2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "HP Health Check Service"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3303262224-1161555810-1120907641-1000] "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 01:41] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-22 23:45] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-22 23:45] . 2013-01-14 c:\windows\Tasks\User_Feed_Synchronization-{2152CFB3-CEEC-40A3-ADAA-2D85D6BDB1F8}.job - c:\windows\system32\msfeedssync.exe [2008-06-23 07:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local Trusted Zone: genieo.com\yahoo TCP: DhcpNameServer = 172.16.0.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ji4uxuvz.default\ FF - ExtSQL: 2013-01-08 03:49; links@rivalgaming.com; c:\users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-01-14 03:46:30 ComboFix-quarantined-files.txt 2013-01-14 11:46 ComboFix2.txt 2013-01-14 01:10 ComboFix3.txt 2013-01-13 03:29 . Pre-Run: 152,542,916,608 bytes free Post-Run: 152,515,051,520 bytes free . - - End Of File - - 448F2B52FBD75E0C2AD255E6ED37C1B5
  4. SpencerBodwith
    ComboFix 13-01-13.01 - Owner 01/13/2013 16:52:13.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1217 [GMT -8:00] Running from: c:\users\Owner\Desktop\ComboFix.exe Command switches used :: c:\users\Owner\Desktop\CFScript.txt.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 ))))))))))))))))))))))))))))))) . . 2013-01-14 01:03 . 2013-01-14 01:03 -------- d-----w- c:\users\Owner\AppData\Local\temp 2013-01-14 01:03 . 2013-01-14 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-14 01:03 . 2013-01-14 01:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-01-13 03:43 . 2012-11-19 09:04 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DE0BD10-2AEF-4745-A21C-73B1267B5F44}\mpengine.dll 2013-01-13 03:30 . 2012-11-19 09:04 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-10 02:03 . 2013-01-10 02:03 -------- d-----w- c:\windows\ERUNT 2013-01-10 02:03 . 2013-01-10 02:03 -------- d-----w- C:\JRT 2013-01-10 01:49 . 2013-01-10 01:49 -------- d-----w- c:\users\Owner\AppData\Local\VS Revo Group 2013-01-09 00:08 . 2013-01-09 00:08 -------- d-----w- c:\program files\Common Files\Adobe 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2013-01-09 00:01 . 2013-01-09 00:02 -------- d-----w- c:\program files\QuickTime 2013-01-08 23:53 . 2013-01-08 23:52 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-08 23:35 . 2013-01-08 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-08 23:35 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-08 23:16 . 2013-01-08 23:16 -------- d-----w- c:\users\Owner\AppData\Local\Little_Apps 2013-01-08 23:09 . 2013-01-09 02:50 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner 2013-01-08 22:46 . 2013-01-09 00:22 -------- d-----w- c:\users\Owner\AppData\Local\Coupon Companion Plugin 2013-01-08 00:52 . 2012-10-23 14:04 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F801C26-8708-404E-A41C-813F0E99C3A7}\gapaengine.dll 2013-01-08 00:50 . 2013-01-13 04:37 -------- d-----w- c:\program files\Microsoft Security Client 2012-12-20 21:52 . 2012-12-20 21:52 -------- d-----w- c:\program files\7-zip . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 01:41 . 2012-07-27 04:54 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 01:41 . 2012-01-13 02:00 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-08 23:52 . 2012-01-22 23:04 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-01-29 15:55 . 2013-01-10 01:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-26 133656] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-26 141848] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-26 166424] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-12-15 00:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg] 2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "HP Health Check Service"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3303262224-1161555810-1120907641-1000] "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 01:41] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-22 23:45] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-22 23:45] . 2013-01-14 c:\windows\Tasks\User_Feed_Synchronization-{2152CFB3-CEEC-40A3-ADAA-2D85D6BDB1F8}.job - c:\windows\system32\msfeedssync.exe [2008-06-23 07:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local Trusted Zone: genieo.com\yahoo TCP: DhcpNameServer = 172.16.0.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ji4uxuvz.default\ FF - ExtSQL: 2013-01-08 03:49; links@rivalgaming.com; c:\users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-13 17:03 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... .
  5. SpencerBodwith
    ComboFix 13-01-13.01 - Owner 01/12/2013 19:13:21.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1252 [GMT -8:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\48CC2084-CBC1-A7DC-7782-8DC65D4DA97D.ico c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender\Security Defender.lnk c:\users\Owner\AppData\Roaming\48CC2084-CBC1-A7DC-7782-8DC65D4DA97D.ico c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\cb.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\cid.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\cid.tmp c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ddv.tmp c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\eb.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\eb.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\energy.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\energy.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\energy.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\exec.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\exec.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\exec.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\fan.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\fix.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\FS.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\FS.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\FS.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\FW.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\gid.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\gid.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\pal.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\pal.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\runddl.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.tmp c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\sld.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\sld.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\snl2w.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\std.tmp c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Defender c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Defender\Security Defender.lnk c:\users\Owner\Documents\~WRL0001.tmp c:\windows\system32\AutoRun.inf c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 ))))))))))))))))))))))))))))))) . . 2013-01-13 03:21 . 2013-01-13 03:23 -------- d-----w- c:\users\Owner\AppData\Local\temp 2013-01-10 02:22 . 2012-11-19 09:04 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F9B720F-47E0-4145-B34A-ABD03823A265}\mpengine.dll 2013-01-10 02:03 . 2013-01-10 02:03 -------- d-----w- c:\windows\ERUNT 2013-01-10 02:03 . 2013-01-10 02:03 -------- d-----w- C:\JRT 2013-01-10 01:49 . 2013-01-10 01:49 -------- d-----w- c:\users\Owner\AppData\Local\VS Revo Group 2013-01-09 00:08 . 2013-01-09 00:08 -------- d-----w- c:\program files\Common Files\Adobe 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2013-01-09 00:01 . 2013-01-09 00:02 -------- d-----w- c:\program files\QuickTime 2013-01-08 23:53 . 2013-01-08 23:52 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-08 23:35 . 2013-01-08 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-08 23:35 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-08 23:16 . 2013-01-08 23:16 -------- d-----w- c:\users\Owner\AppData\Local\Little_Apps 2013-01-08 23:09 . 2013-01-09 02:50 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner 2013-01-08 22:46 . 2013-01-09 00:22 -------- d-----w- c:\users\Owner\AppData\Local\Coupon Companion Plugin 2013-01-08 00:52 . 2012-10-23 14:04 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F801C26-8708-404E-A41C-813F0E99C3A7}\gapaengine.dll 2013-01-08 00:50 . 2013-01-08 00:50 -------- d-----w- c:\program files\Microsoft Security Client 2012-12-20 21:52 . 2012-12-20 21:52 -------- d-----w- c:\program files\7-zip . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 01:41 . 2012-07-27 04:54 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 01:41 . 2012-01-13 02:00 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-08 23:52 . 2012-01-22 23:04 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-01-29 15:55 . 2013-01-10 01:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-26 133656] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-26 141848] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-26 166424] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-12-15 00:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg] 2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "HP Health Check Service"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3303262224-1161555810-1120907641-1000] "EnableNotificationsRef"=dword:00000001 . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 01:41] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-22 23:45] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-22 23:45] . 2013-01-13 c:\windows\Tasks\User_Feed_Synchronization-{2152CFB3-CEEC-40A3-ADAA-2D85D6BDB1F8}.job - c:\windows\system32\msfeedssync.exe [2008-06-23 07:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local Trusted Zone: genieo.com\yahoo TCP: DhcpNameServer = 172.16.0.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ji4uxuvz.default\ FF - ExtSQL: 2013-01-08 03:49; links@rivalgaming.com; c:\users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe AddRemove-Move Networks Player - IE - c:\users\Owner\AppData\Roaming\Move Networks\ie_bin\Uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-12 19:23 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\windows\RtHDVCpl.exe c:\program files\USTechSupport\SchedulerService\SchedulerService.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2013-01-12 19:29:49 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-13 03:28 . Pre-Run: 158,363,635,712 bytes free Post-Run: 158,011,367,424 bytes free . - - End Of File - - 457254E440880BBF5F82F560C56C2814 After the reboot i was able to enable website blocking and Microsoft Security Essentials is also now able to update. Are there anymore steps i should do before this post should be closed?
  6. SpencerBodwith
    Cant enable protection and also cant update Microsoft Security Essentials either. I tried to enable by right clicking on the tray icon as well as check marking on the protection tab.
  7. SpencerBodwith
    DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.10.2 Run by Owner at 14:38:55 on 2013-01-10 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1149 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\hp\support\hpsysdrv.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\USTechSupport\SchedulerService\SchedulerService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\hp\kbd\kbd.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k swprv . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uWindow Title = Internet Explorer, optimized for Bing and MSN mStart Page = hxxp://www.google.com uURLSearchHooks: <No Name>: - LocalServer32 - <no file> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [KBD] c:\hp\kbd\KbdStub.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" uPolicies-Explorer: NoViewOnDrive = dword:0 uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDevMgrUpdate = dword:0 uPolicies-Explorer: NoWindowsUpdate = dword:0 uPolicies-Explorer: HideSCAHealth = dword:1 uPolicies-System: NoDispAppearancePage = dword:0 uPolicies-System: NoDispSettingsPage = dword:0 mPolicies-Explorer: NoViewOnDrive = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDevMgrUpdate = dword:0 mPolicies-Explorer: NoWindowsUpdate = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: NoDispAppearancePage = dword:0 mPolicies-System: NoDispSettingsPage = dword:0 mPolicies-Explorer: NoViewOnDrive = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDevMgrUpdate = dword:0 mPolicies-Explorer: NoWindowsUpdate = dword:0 mPolicies-System: NoDispAppearancePage = dword:0 mPolicies-System: NoDispSettingsPage = dword:0 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 172.16.0.1 TCP: Interfaces\{080D68EA-294E-40A8-8835-2DE057B526EE} : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 TCP: Interfaces\{4ABD2250-268B-44BF-8DA8-65BCB9A82DF4} : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 TCP: Interfaces\{6C624868-5C55-49B4-BDE7-968EB5BAE32F} : DHCPNameServer = 172.16.0.1 TCP: Interfaces\{92EB5068-4F13-4296-B958-BDB4509A842B} : DHCPNameServer = 24.205.224.36 71.9.127.107 68.190.192.35 Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\ji4uxuvz.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071505000011.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2013-01-08 03:49; links@rivalgaming.com; c:\users\owner\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2012-7-16 21728] R1 MpKsl07fe0b24;MpKsl07fe0b24;c:\programdata\microsoft\microsoft antimalware\definition updates\{6f9b720f-47e0-4145-b34a-abd03823a265}\MpKsl07fe0b24.sys [2013-1-10 29904] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-22 21504] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-8 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-8 682344] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848] R2 USTSScheduler;US Tech Support Scheduling Service;c:\program files\ustechsupport\schedulerservice\SchedulerService.exe [2012-7-12 736648] R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-7-16 303360] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2012-7-16 1074944] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-8 21104] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?] S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2007-12-29 252416] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-7-16 50704] S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-10-14 348160] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-01-10 22:36:18 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f9b720f-47e0-4145-b34a-abd03823a265}\MpKsl07fe0b24.sys 2013-01-10 02:22:11 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f9b720f-47e0-4145-b34a-abd03823a265}\mpengine.dll 2013-01-10 02:03:30 -------- d-----w- c:\windows\ERUNT 2013-01-10 02:03:26 -------- d-----w- C:\JRT 2013-01-10 01:49:27 -------- d-----w- c:\users\owner\appdata\local\VS Revo Group 2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2013-01-08 23:53:12 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-08 23:35:29 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-08 23:35:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-08 23:16:01 -------- d-----w- c:\users\owner\appdata\local\Little_Apps 2013-01-08 23:09:43 -------- d-----w- c:\program files\common files\Little Registry Cleaner 2013-01-08 22:46:11 -------- d-----w- c:\users\owner\appdata\local\Coupon Companion Plugin 2013-01-08 00:52:27 740840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8f801c26-8708-404e-a41c-813f0e99c3a7}\gapaengine.dll 2013-01-08 00:50:00 -------- d-----w- c:\program files\Microsoft Security Client 2012-12-20 21:53:42 -------- d-----w- c:\program files\common files\MSSoap . ==================== Find3M ==================== . 2013-01-09 01:41:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-09 01:41:36 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-08 23:52:48 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-25 11:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 11:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts . ============= FINISH: 14:39:12.04 ===============
  8. SpencerBodwith
    Ok so i uninstalled Viewpoint Media Player and Qwiklinx. When i tried to uninstall Ask Toolbar Updater it told me "you dont have sufficient access to uninstall Ask Tollbar Updater. Please contact your system administrator." There are no other users on this computer so i looked it up on google. I ended up downloading revo uninstaller to remove it. First attempt failed then i checked advanced and ran a scan. It gave me a bunch of stuff in the registry so i deleted that and now its gone from the computer. I then uninstalled revo uninstaller. As for Norton i cant find it anywhere on my computer. Nothing in the control panel programs list or in the C drive> program files. So im not sure what to do about that. I also noticed that my Microsoft security essentials can no longer update so the problem may not just be linked to malwarebytes. dds.txt JRT.txt
  9. SpencerBodwith
    Hello I recently cleaned my computer from a handful of infections and i can no longer enable my website blocking. attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.