SpencerBodwith
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by SpencerBodwith
-
-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=f081a8ee39933a4d944d8e22c7f60129
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-14 03:16:49
# local_time=2013-01-14 07:16:49 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 19261384 194784137 0 0
# scanned=180492
# found=0
# cleaned=0
# scan_time=11487
-
ComboFix 13-01-13.01 - Owner 01/14/2013 3:23.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.863 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-14 11:39 . 2013-01-14 11:39 -------- d-----w- c:\users\Owner\AppData\Local\temp
2013-01-14 11:39 . 2013-01-14 11:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 11:39 . 2013-01-14 11:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-14 01:19 . 2012-11-19 09:04 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{676392AD-A538-4AAA-A349-5ED72184CB0A}\mpengine.dll
2013-01-13 03:30 . 2012-11-19 09:04 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-10 02:03 . 2013-01-10 02:03 -------- d-----w- c:\windows\ERUNT
2013-01-10 02:03 . 2013-01-10 02:03 -------- d-----w- C:\JRT
2013-01-10 01:49 . 2013-01-10 01:49 -------- d-----w- c:\users\Owner\AppData\Local\VS Revo Group
2013-01-09 00:08 . 2013-01-09 00:08 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-01-09 00:01 . 2013-01-09 00:02 -------- d-----w- c:\program files\QuickTime
2013-01-08 23:53 . 2013-01-08 23:52 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-08 23:35 . 2013-01-08 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-08 23:35 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-08 23:16 . 2013-01-08 23:16 -------- d-----w- c:\users\Owner\AppData\Local\Little_Apps
2013-01-08 23:09 . 2013-01-09 02:50 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
2013-01-08 22:46 . 2013-01-09 00:22 -------- d-----w- c:\users\Owner\AppData\Local\Coupon Companion Plugin
2013-01-08 00:52 . 2012-10-23 14:04 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F801C26-8708-404E-A41C-813F0E99C3A7}\gapaengine.dll
2013-01-08 00:50 . 2013-01-13 04:37 -------- d-----w- c:\program files\Microsoft Security Client
2012-12-20 21:52 . 2012-12-20 21:52 -------- d-----w- c:\program files\7-zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 01:41 . 2012-07-27 04:54 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 01:41 . 2012-01-13 02:00 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 23:52 . 2012-01-22 23:04 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-01-29 15:55 . 2013-01-10 01:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-26 133656]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-26 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-26 166424]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-12-15 00:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HP Health Check Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3303262224-1161555810-1120907641-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 01:41]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-22 23:45]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-22 23:45]
.
2013-01-14 c:\windows\Tasks\User_Feed_Synchronization-{2152CFB3-CEEC-40A3-ADAA-2D85D6BDB1F8}.job
- c:\windows\system32\msfeedssync.exe [2008-06-23 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: genieo.com\yahoo
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ji4uxuvz.default\
FF - ExtSQL: 2013-01-08 03:49; links@rivalgaming.com; c:\users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-14 03:46:30
ComboFix-quarantined-files.txt 2013-01-14 11:46
ComboFix2.txt 2013-01-14 01:10
ComboFix3.txt 2013-01-13 03:29
.
Pre-Run: 152,542,916,608 bytes free
Post-Run: 152,515,051,520 bytes free
.
- - End Of File - - 448F2B52FBD75E0C2AD255E6ED37C1B5
-
ComboFix 13-01-13.01 - Owner 01/13/2013 16:52:13.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1217 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-14 01:03 . 2013-01-14 01:03 -------- d-----w- c:\users\Owner\AppData\Local\temp
2013-01-14 01:03 . 2013-01-14 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 01:03 . 2013-01-14 01:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-13 03:43 . 2012-11-19 09:04 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DE0BD10-2AEF-4745-A21C-73B1267B5F44}\mpengine.dll
2013-01-13 03:30 . 2012-11-19 09:04 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-10 02:03 . 2013-01-10 02:03 -------- d-----w- c:\windows\ERUNT
2013-01-10 02:03 . 2013-01-10 02:03 -------- d-----w- C:\JRT
2013-01-10 01:49 . 2013-01-10 01:49 -------- d-----w- c:\users\Owner\AppData\Local\VS Revo Group
2013-01-09 00:08 . 2013-01-09 00:08 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-01-09 00:01 . 2013-01-09 00:02 -------- d-----w- c:\program files\QuickTime
2013-01-08 23:53 . 2013-01-08 23:52 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-08 23:35 . 2013-01-08 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-08 23:35 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-08 23:16 . 2013-01-08 23:16 -------- d-----w- c:\users\Owner\AppData\Local\Little_Apps
2013-01-08 23:09 . 2013-01-09 02:50 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
2013-01-08 22:46 . 2013-01-09 00:22 -------- d-----w- c:\users\Owner\AppData\Local\Coupon Companion Plugin
2013-01-08 00:52 . 2012-10-23 14:04 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F801C26-8708-404E-A41C-813F0E99C3A7}\gapaengine.dll
2013-01-08 00:50 . 2013-01-13 04:37 -------- d-----w- c:\program files\Microsoft Security Client
2012-12-20 21:52 . 2012-12-20 21:52 -------- d-----w- c:\program files\7-zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 01:41 . 2012-07-27 04:54 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 01:41 . 2012-01-13 02:00 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 23:52 . 2012-01-22 23:04 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-01-29 15:55 . 2013-01-10 01:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-26 133656]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-26 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-26 166424]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-12-15 00:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HP Health Check Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3303262224-1161555810-1120907641-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 01:41]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-22 23:45]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-22 23:45]
.
2013-01-14 c:\windows\Tasks\User_Feed_Synchronization-{2152CFB3-CEEC-40A3-ADAA-2D85D6BDB1F8}.job
- c:\windows\system32\msfeedssync.exe [2008-06-23 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: genieo.com\yahoo
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ji4uxuvz.default\
FF - ExtSQL: 2013-01-08 03:49; links@rivalgaming.com; c:\users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-13 17:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
-
ComboFix 13-01-13.01 - Owner 01/12/2013 19:13:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1252 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\48CC2084-CBC1-A7DC-7782-8DC65D4DA97D.ico
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender\Security Defender.lnk
c:\users\Owner\AppData\Roaming\48CC2084-CBC1-A7DC-7782-8DC65D4DA97D.ico
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\cid.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ddv.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\fix.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\FS.drv
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\runddl.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\snl2w.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Defender
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Defender\Security Defender.lnk
c:\users\Owner\Documents\~WRL0001.tmp
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))
.
.
2013-01-13 03:21 . 2013-01-13 03:23 -------- d-----w- c:\users\Owner\AppData\Local\temp
2013-01-10 02:22 . 2012-11-19 09:04 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F9B720F-47E0-4145-B34A-ABD03823A265}\mpengine.dll
2013-01-10 02:03 . 2013-01-10 02:03 -------- d-----w- c:\windows\ERUNT
2013-01-10 02:03 . 2013-01-10 02:03 -------- d-----w- C:\JRT
2013-01-10 01:49 . 2013-01-10 01:49 -------- d-----w- c:\users\Owner\AppData\Local\VS Revo Group
2013-01-09 00:08 . 2013-01-09 00:08 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-01-09 00:02 . 2013-01-09 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-01-09 00:01 . 2013-01-09 00:02 -------- d-----w- c:\program files\QuickTime
2013-01-08 23:53 . 2013-01-08 23:52 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-08 23:35 . 2013-01-08 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-08 23:35 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-08 23:16 . 2013-01-08 23:16 -------- d-----w- c:\users\Owner\AppData\Local\Little_Apps
2013-01-08 23:09 . 2013-01-09 02:50 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
2013-01-08 22:46 . 2013-01-09 00:22 -------- d-----w- c:\users\Owner\AppData\Local\Coupon Companion Plugin
2013-01-08 00:52 . 2012-10-23 14:04 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F801C26-8708-404E-A41C-813F0E99C3A7}\gapaengine.dll
2013-01-08 00:50 . 2013-01-08 00:50 -------- d-----w- c:\program files\Microsoft Security Client
2012-12-20 21:52 . 2012-12-20 21:52 -------- d-----w- c:\program files\7-zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 01:41 . 2012-07-27 04:54 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 01:41 . 2012-01-13 02:00 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 23:52 . 2012-01-22 23:04 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-01-29 15:55 . 2013-01-10 01:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-26 133656]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-26 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-26 166424]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-12-15 00:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HP Health Check Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3303262224-1161555810-1120907641-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 01:41]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-22 23:45]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-22 23:45]
.
2013-01-13 c:\windows\Tasks\User_Feed_Synchronization-{2152CFB3-CEEC-40A3-ADAA-2D85D6BDB1F8}.job
- c:\windows\system32\msfeedssync.exe [2008-06-23 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: genieo.com\yahoo
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ji4uxuvz.default\
FF - ExtSQL: 2013-01-08 03:49; links@rivalgaming.com; c:\users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
AddRemove-Move Networks Player - IE - c:\users\Owner\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-12 19:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\RtHDVCpl.exe
c:\program files\USTechSupport\SchedulerService\SchedulerService.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-01-12 19:29:49 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-13 03:28
.
Pre-Run: 158,363,635,712 bytes free
Post-Run: 158,011,367,424 bytes free
.
- - End Of File - - 457254E440880BBF5F82F560C56C2814
After the reboot i was able to enable website blocking and Microsoft Security Essentials is also now able to update.
Are there anymore steps i should do before this post should be closed?
-
Cant enable protection and also cant update Microsoft Security Essentials either.
I tried to enable by right clicking on the tray icon as well as check marking on the protection tab.
-
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.10.2
Run by Owner at 14:38:55 on 2013-01-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1149 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\USTechSupport\SchedulerService\SchedulerService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\hp\kbd\kbd.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://www.google.com
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 172.16.0.1
TCP: Interfaces\{080D68EA-294E-40A8-8835-2DE057B526EE} : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
TCP: Interfaces\{4ABD2250-268B-44BF-8DA8-65BCB9A82DF4} : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
TCP: Interfaces\{6C624868-5C55-49B4-BDE7-968EB5BAE32F} : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{92EB5068-4F13-4296-B958-BDB4509A842B} : DHCPNameServer = 24.205.224.36 71.9.127.107 68.190.192.35
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\ji4uxuvz.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-08 03:49; links@rivalgaming.com; c:\users\owner\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2012-7-16 21728]
R1 MpKsl07fe0b24;MpKsl07fe0b24;c:\programdata\microsoft\microsoft antimalware\definition updates\{6f9b720f-47e0-4145-b34a-abd03823a265}\MpKsl07fe0b24.sys [2013-1-10 29904]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-22 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-8 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-8 682344]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R2 USTSScheduler;US Tech Support Scheduling Service;c:\program files\ustechsupport\schedulerservice\SchedulerService.exe [2012-7-12 736648]
R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-7-16 303360]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2012-7-16 1074944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-8 21104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2007-12-29 252416]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-7-16 50704]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-10-14 348160]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-01-10 22:36:18 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f9b720f-47e0-4145-b34a-abd03823a265}\MpKsl07fe0b24.sys
2013-01-10 02:22:11 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f9b720f-47e0-4145-b34a-abd03823a265}\mpengine.dll
2013-01-10 02:03:30 -------- d-----w- c:\windows\ERUNT
2013-01-10 02:03:26 -------- d-----w- C:\JRT
2013-01-10 01:49:27 -------- d-----w- c:\users\owner\appdata\local\VS Revo Group
2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-01-09 00:02:02 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-01-08 23:53:12 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-08 23:35:29 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-08 23:35:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-08 23:16:01 -------- d-----w- c:\users\owner\appdata\local\Little_Apps
2013-01-08 23:09:43 -------- d-----w- c:\program files\common files\Little Registry Cleaner
2013-01-08 22:46:11 -------- d-----w- c:\users\owner\appdata\local\Coupon Companion Plugin
2013-01-08 00:52:27 740840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8f801c26-8708-404e-a41c-813f0e99c3a7}\gapaengine.dll
2013-01-08 00:50:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-12-20 21:53:42 -------- d-----w- c:\program files\common files\MSSoap
.
==================== Find3M ====================
.
2013-01-09 01:41:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 01:41:36 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 23:52:48 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-25 11:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 11:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 14:39:12.04 ===============
-
Ok so i uninstalled Viewpoint Media Player and Qwiklinx. When i tried to uninstall Ask Toolbar Updater it told me "you dont have sufficient access to uninstall Ask Tollbar Updater. Please contact your system administrator." There are no other users on this computer so i looked it up on google. I ended up downloading revo uninstaller to remove it. First attempt failed then i checked advanced and ran a scan. It gave me a bunch of stuff in the registry so i deleted that and now its gone from the computer. I then uninstalled revo uninstaller.
As for Norton i cant find it anywhere on my computer. Nothing in the control panel programs list or in the C drive> program files. So im not sure what to do about that.
I also noticed that my Microsoft security essentials can no longer update so the problem may not just be linked to malwarebytes.
-
Hello I recently cleaned my computer from a handful of infections and i can no longer enable my website blocking.
Cant enable website blocking
in Resolved Malware Removal Logs
Posted
Everything seems to be in great condition. I was wondering if there is any way to prevent malwarebytes aswell as microsoft security essentials web protection feature from being turned off by users on the computer?