Jump to content

ROIGuy

Honorary Members
  • Posts

    38
  • Joined

  • Last visited

Everything posted by ROIGuy

  1. Wow... fantastic. I've done everything that you put on the list except for removing ESET which I didn't have installed. I'll turn on the malwarebytes program and my antivirus. Let me know if there is somewhere I can post a favorable review for you (or your business). Thanks for all of your assistance.
  2. Well AdvancedSetup... that did the trick! I followed those procedures on your last post and that allowed me to Update and run the Malwarebytes program. Everything came out clean. Problem solved. thank you very much!
  3. Ok AdvancedSetup I ran the program as specified above with the fixlist.txt file on the desktop with the program and hit the 'Fix' button. Here is the output of the log. It didn't take more than a second to run the fix. No restart was requested by the program. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-09-2013 03Ran by Prime at 2013-09-17 22:05:21 Run:1Running from C:\Users\Prime\yyBoot Mode: Normal ============================================== Content of fixlist:*****************AlternateDataStreams: C:\ProgramData\TEMP:408F95E5AlternateDataStreams: C:\ProgramData\TEMP:98781370 ***************** C:\ProgramData\TEMP => ":408F95E5" ADS removed successfully.C:\ProgramData\TEMP => ":98781370" ADS removed successfully. ==== End of Fixlog ====
  4. Thanks Advanced, The apache server software was used on this computer for website development for a php testing server environment. I can get rid of it. I've deleted all of the Java software and used the cleaner that you have posted. Ugh, unfortunately I didn't capture the log file before closing the text file. It did remove 2 pieces of java but I cannot remember which. I've attached the logs from when I just used the Farbar Recovery Scan Tool. I hope that helps. Let me know when you think I should give the Malwarbytes software another try. Regards,Addition.txtFRST.txt
  5. Result.txtI've attached the reulsts.txt of the minitoolbox to this post
  6. Here is the log from the Farbar Service Scanner: Farbar Service Scanner Version: 13-09-2013Ran by Prime (administrator) on 16-09-2013 at 18:05:52Running from "C:\Users\Prime\Desktop\Downloads"Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)Boot Mode: Normal**************************************************************** Internet Services:============ Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible. Windows Firewall:============= Firewall Disabled Policy: ================== System Restore:============ System Restore Disabled Policy: ======================== Security Center:============ Windows Update:============ Windows Autoupdate Disabled Policy: ============================ Windows Defender:==============WinDefend Service is not running. Checking service configuration:The start type of WinDefend service is set to Demand. The default start type is Auto.The ImagePath of WinDefend service is OK.The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ==========================[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]"DisableAntiSpyware"=DWORD:1 Other Services:============== File Check:========C:\Windows\system32\nsisvc.dll => MD5 is legitC:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legitC:\Windows\system32\dhcpcsvc.dll => MD5 is legitC:\Windows\system32\Drivers\afd.sys => MD5 is legitC:\Windows\system32\Drivers\tdx.sys => MD5 is legitC:\Windows\system32\Drivers\tcpip.sys[2013-08-14 16:56] - [2013-07-04 22:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C C:\Windows\system32\dnsrslvr.dll => MD5 is legitC:\Windows\system32\mpssvc.dll => MD5 is legitC:\Windows\system32\bfe.dll => MD5 is legitC:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legitC:\Windows\system32\SDRSVC.dll => MD5 is legitC:\Windows\system32\vssvc.exe => MD5 is legitC:\Windows\system32\wscsvc.dll => MD5 is legitC:\Windows\system32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\system32\wuaueng.dll => MD5 is legitC:\Windows\system32\qmgr.dll => MD5 is legitC:\Windows\system32\es.dll => MD5 is legitC:\Windows\system32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  7. Thanks Advanced:.. Here is the new log: ComboFix 13-09-14.01 - Prime 09/16/2013 8:13.8.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1110 [GMT -5:00]Running from: c:\users\Prime\Desktop\Downloads\ComboFix.exeCommand switches used :: c:\users\Prime\yy\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk""c:\windows\Tasks\Adobe Flash Player Updater.job""c:\windows\Tasks\GoogleUpdateTaskMachineCore.job""c:\windows\Tasks\GoogleUpdateTaskMachineUA.job""c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.job""c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnkc:\windows\Tasks\Adobe Flash Player Updater.jobc:\windows\Tasks\GoogleUpdateTaskMachineCore.jobc:\windows\Tasks\GoogleUpdateTaskMachineUA.jobc:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.jobc:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job..((((((((((((((((((((((((( Files Created from 2013-08-16 to 2013-09-16 )))))))))))))))))))))))))))))))..2013-09-16 13:31 . 2013-09-16 13:31 -------- d-----w- c:\users\Prime\AppData\Local\temp2013-09-16 13:31 . 2013-09-16 13:31 -------- d-----w- c:\users\Public\AppData\Local\temp2013-09-16 13:31 . 2013-09-16 13:31 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-16 13:31 . 2013-09-16 13:31 -------- d-----w- c:\users\apache2triad\AppData\Local\temp2013-09-14 16:39 . 2013-09-14 17:08 -------- d-----w- C:\pirates-22013-09-13 19:15 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EF77C8D-CF57-4143-AF0D-0FABC9227DCF}\mpengine.dll2013-09-13 19:09 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-13 18:05 . 2013-09-14 02:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-09-13 18:05 . 2013-09-13 18:05 -------- d-----w- c:\users\Prime\AppData\Roaming\Malwarebytes2013-09-13 18:05 . 2013-09-13 18:05 -------- d-----w- c:\programdata\Malwarebytes2013-09-13 18:04 . 2013-09-13 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-13 18:04 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-13 16:41 . 2013-09-13 16:41 -------- d-----w- C:\TDSSKiller_Quarantine2013-09-13 12:37 . 2013-09-13 12:58 -------- d-----w- C:\AdwCleaner2013-09-12 21:40 . 2013-09-12 21:40 -------- d-----w- C:\FRST2013-09-09 20:02 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-09-06 13:29 . 2013-09-06 13:21 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89C7C82E-9F00-4E5E-8332-1F1BB601DEFA}\gapaengine.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-13 15:11 . 2012-04-25 16:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-13 15:11 . 2011-12-13 23:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-08-23 03:17 . 2012-06-12 18:26 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-07-31 11:23 . 2013-07-31 11:23 121688 ----a-w- c:\windows\system32\drivers\AnyDVD.sys2013-07-25 02:32 . 2013-08-14 22:04 1800704 ----a-w- c:\windows\system32\jscript9.dll2013-07-25 02:26 . 2013-08-14 22:04 1129472 ----a-w- c:\windows\system32\wininet.dll2013-07-25 02:25 . 2013-08-14 22:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-07-25 02:23 . 2013-08-14 22:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-07-25 02:23 . 2013-08-14 22:04 420864 ----a-w- c:\windows\system32\vbscript.dll2013-07-25 02:22 . 2013-08-14 22:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-07-17 19:41 . 2013-08-14 21:57 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-10 09:47 . 2013-08-14 21:57 783360 ----a-w- c:\windows\system32\rpcrt4.dll2013-07-09 12:10 . 2013-08-14 21:56 1205168 ----a-w- c:\windows\system32\ntdll.dll2013-07-08 04:55 . 2013-08-14 21:56 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe2013-07-08 04:55 . 2013-08-14 21:56 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-07-08 04:20 . 2013-08-14 21:53 172544 ----a-w- c:\windows\system32\wintrust.dll2013-07-08 04:16 . 2013-08-14 21:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-08 04:16 . 2013-08-14 21:53 98304 ----a-w- c:\windows\system32\cryptnet.dll2013-07-08 04:16 . 2013-08-14 21:53 992768 ----a-w- c:\windows\system32\crypt32.dll2013-07-05 03:20 . 2013-08-14 21:56 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-07-05 01:43 . 2013-08-14 21:56 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2013-07-02 13:27 . 2013-07-02 13:27 97176 ----a-w- c:\windows\system32\ElbyCDIO.dll2013-06-19 02:50 . 2013-06-19 02:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-06-19 02:50 . 2012-03-21 01:44 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]"NDSTray.exe"="NDSTray.exe" [bU]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-02-11 36864]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]"Talk"="c:\program files\NCH Software\Talk\talk.exe" [2012-12-14 1420292]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952].c:\users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2BS9SJ0P05RQ;CONNECTION=NW;MONITOR=1; [2006-11-2 44544].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux4"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2533579671-3271529956-2011735840-1000]"EnableNotificationsRef"=dword:00000001.S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]..--- Other Services/Drivers In Memory ---.*Deregistered* - ctxusbm.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcLocalServiceAndNoImpersonation REG_MULTI_SZ FontCache..------- Supplementary Scan -------.Trusted Zone: myps.com\portalTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - ExtSQL: !HIDDEN! 2010-02-03 08:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-09-16 08:31Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:e2,5a,10,f9,2e,3f,cd,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e, dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\.[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e, dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000001.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Completion time: 2013-09-16 08:37:22ComboFix-quarantined-files.txt 2013-09-16 13:37ComboFix2.txt 2013-09-15 20:51ComboFix3.txt 2013-09-15 20:12ComboFix4.txt 2013-09-13 03:56ComboFix5.txt 2013-09-16 13:11.Pre-Run: 49,904,750,592 bytes freePost-Run: 49,863,467,008 bytes free.- - End Of File - - 564B64FB782BE3CF0175AAC301C748385B5E648D12FCADC244C1EC30318E1EB9
  8. Combofix.txtThank you AdvancedSetup (Ron) I've downloaded and ran the Combofix and attached the log to this post.
  9. It took about 20 minutes or so to run I ran it at startup. I followed the instructions that you posted to find the Check Disk log by using the event viewer to no avail. I'll see if there is another reason I can't find it or if there is a physical location of the log file that I can open and paste so you can review it.
  10. Thank you AdvancedSetup. I've searched for the Wininit in the source column and the only ones that I see are over a year old. Strange....
  11. thanks.... in progress. Will there be a report that I can upload from it?
  12. Ok.. Sorry about the post. I tried to attach the minidump file and it says "You aren't permitted to upload this kind of file" Can I rename it to a text file? like: Mini091213-01.txt Would that work?
  13. Ok. I've removed all of those red entries in the registry as well as removed the IObit program Advanced System Care. I'll refer to the other thread to see if you guys find anything more in the results log that I posted there. thank you for your help.
  14. Hello Advanced and MrCharlie Here is the 'Results' log from running MiniToolBox:
  15. MrCharlie asked me to post the problem that we are experiencing here with a snippet of the mbam-check log file. Here is the thread where we discuss fully what the symptoms are and what I have done in coordination with MrC's directions to try to solve the problems. (Synopsis--- The Malwarebytes program is not running. It shuts down whenever I try to update it or when I try to run the program). Please let us know what we can do to solve the problems in running the Malwarebytes program. thanks in advance. http://forums.malwarebytes.org/index.php?showtopic=133113&p=729082
  16. The link above that you provide is a FAQ topic which is locked. Is there another one that isn't locked that I can make the post you told me to ? thanks in advance.
  17. Ok Thanks MrC. Here are the results of implementing all of the procedures above in your post: 1. Downloaded and ran rkill----> Tried to run Malwarebytes to no effect. 2. Uninstalled Malwarebytes, rebooted, downloaded mbam-clean, ran it, Rebooted again. 3. downloaded MBAM from the beta link you provided, installed, Tried to update :::MBAM closed. Opened Malwarebytes and tried to update manually, whereupon the program CLOSED again. 4. Downloaded MBAM check. Ran program and below are the results. thank you again for your diligence. mbam-check result log version: 2.0.0.1000 Malwarebytes Version: REG_SZ 1.75.0.1300 Date Log Created: 09/13/13Time Log Created: 13:07:51 User Account type: Administrator 32 bit Operating System Product Name: REG_SZ Windows Vista Home Premium Current Build Number: 6002 Current Version Number: 6.0 Current CSDVersion: Service Pack 2 Proxy Status: No proxy is Set LAN Settings:============= No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY SystemPartition:================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition REG_SZ \Device\HarddiskVolume2 Balloon Tips Status:==================== Enabled Time Format Settings:===================== Should be:h:mm:ss ttAM PM : Currently:REG_SZ h:mm:ss ttREG_SZ AMREG_SZ PMREG_SZ : Language and Regional Settings:=============================== ACP: Language is English (United States)MACCP: Language is English (United States)OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check:==================================================== All Users Startup Folder Exists.Current User's Startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors:=============================================================================== TERMService:==============Type : 32State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 TermService Start is set to: 2 (Automatic Startup) Compatibility Flag Settings (Any MBAM file listings should be removed):======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\LayersC:\ProgramData\WebEx\mwcliun.exeREG_SZ WINXPSP2C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exeREG_SZ WINXPSP2HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\LayersC:\Users\Prime\Documents\RootkitRevealer\RootkitRevealer.exeREG_SZ WINXPSP2C:\Program Files\Motorola Phone Tools\mPhonetools.exeREG_SZ WINXPSP2C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEREG_SZ WINXPSP2 Malwarebytes Anti-Malware Shell Extension Block Check:====================================================== MBAM Startup Entries: =====================HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceMalwarebytes Anti-Malware REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent Service and Driver Status:========================== <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon MBAMProtector Registry Values:============================== MBAMService Registry Values:============================ MBAMScheduler Registry Values:============================== MBAM DLL's and Runtime Files:============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid(Default): REG_SZ vbAccelerator Grid ControlHKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass(Default): REG_SZ SSubTimer6.GSubclassHKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer(Default): REG_SZ SSubTimer6.CTimerHKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass(Default): REG_SZ SSubTimer6.ISubclassHKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ SSubTimer6.ISubclassHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID(Default): REG_SZ SSubTimer6.ISubclassHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION(Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ SSubTimer6.GSubclassHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllThreadingModel REG_SZ ApartmentHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID(Default): REG_SZ SSubTimer6.GSubclassHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION(Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ SSubTimer6.CTimerHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllThreadingModel REG_SZ ApartmentHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID(Default): REG_SZ SSubTimer6.CTimerHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION(Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocxHKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS(Default): REG_SZ 2HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllHKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS(Default): REG_SZ 0HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ ISubclassHKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ CTimerHKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}(Default): REG_SZ vbalGridHKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}Version REG_SZ 1.1 MBAM Registry Settings and License Info:======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malwareadvancedheuristics REG_DWORD 1downloadprogram REG_DWORD 1hidereg REG_DWORD 0detectp2p REG_DWORD 0detectpum REG_DWORD 1detectpup REG_DWORD 2updatewarn REG_DWORD 1updatewarndays REG_DWORD 7useproxy REG_DWORD 0useauthentication REG_DWORD 0contextmenu REG_DWORD 1reportthreats REG_DWORD 1startwithwindows REG_DWORD 1startfsdisabled REG_DWORD 0startipdisabled REG_DWORD 0silentipmode REG_DWORD 0autoquarantine REG_DWORD 1notifyinstallprogram REG_DWORD 1trialpromptshown REG_DWORD 0autoquarantinenotify REG_DWORD 1alwaysscanarchives REG_DWORD 1InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malwaredbdate REG_SZ Thu, 04 Apr 2013 18:41:20 GMTdbversion REG_SZ v2013.04.04.07programversion REG_SZ 1.75.0.1300programbuild REG_SZ consumer HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malwarealwaysscanfiles REG_DWORD 1alwaysscanheuristics REG_DWORD 1alwaysscanmemory REG_DWORD 1alwaysscanregistry REG_DWORD 1alwaysscanstartups REG_DWORD 1autosavelog REG_DWORD 1openlog REG_DWORD 1defaultscan REG_DWORD 1terminateie REG_DWORD 0Language REG_SZ English.lngselectedrives REG_SZ C:\|F:\| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1Inno Setup: Setup Version REG_SZ 5.5.3-dev (a)Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-MalwareInstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-MalwareInno Setup: User REG_SZ PrimeInno Setup: Selected Tasks REG_DWORD 0Inno Setup: Deselected Tasks REG_SZ desktopicon,quicklaunchiconInno Setup: Language REG_SZ EnglishDisplayName REG_SZ Malwarebytes Anti-Malware version 1.75.0.1300DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENTDisplayVersion REG_SZ 1.75.0.1300Publisher REG_SZ Malwarebytes CorporationURLInfoAbout REG_SZ http://www.malwarebytes.orgNoModify REG_DWORD 1NoRepair REG_DWORD 1InstallDate REG_SZ 20130913MajorVersion REG_DWORD 1MinorVersion REG_DWORD 75 Pending File Rename Operations: ================================If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. Scheduler Queue:================ Context Menu Entries:===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt(Default): REG_SZ MBAMShlExt ClassHKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer(Default): REG_SZ MBAMExt.MBAMShlExt.1HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1(Default): REG_SZ MBAMShlExt ClassHKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}(Default): REG_SZ IMBAMShlExtHKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}Version REG_SZ 1.0HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}(Default): REG_SZ MBAMShlExt ClassHKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dllThreadingModel REG_SZ ApartmentHKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID(Default): REG_SZ MBAMExt.MBAMShlExt.1HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID(Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0(Default): REG_SZ MBAMExt 1.0 Type LibraryHKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dllHKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS(Default): REG_SZ 0HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware MBAM Drivers:============= C:\Windows\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0C:\Windows\system32\drivers\mbamswissarmy.sys File Size: 40776 BYTES FileVersion: 1.60.0.0 Required Dependencies:====================== BFE:==============Type : 32State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFEDisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001Group REG_SZ NetworkProviderImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetworkDescription REG_SZ @%SystemRoot%\system32\bfe.dll,-1002ObjectName REG_SZ NT AUTHORITY\LocalServiceErrorControl REG_DWORD 1Start REG_DWORD 2Type REG_DWORD 32DependOnService REG_MULTI_SZ RpcSs ServiceSidType REG_DWORD 3RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege FailureActions REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\ParametersServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dllServiceDllUnloadOnStop REG_DWORD 1ServiceMain REG_SZ BfeServiceMainHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\PolicyHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTimeHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\PersistentHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\CalloutHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data {b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data {3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data {b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data {d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data {8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data {4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data {3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data {17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data {567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data {4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data {3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data fltmgr:==============Type : 2State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgrAttachWhenLoaded REG_DWORD 1DisplayName REG_SZ FltMgrGroup REG_SZ FSFilter InfrastructureImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sysDescription REG_SZ File System Filter Manager DriverErrorControl REG_DWORD 3Start REG_DWORD 0Tag REG_DWORD 1Type REG_DWORD 2HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum0 REG_SZ Root\LEGACY_FLTMGR\0000Count REG_DWORD 1NextInstance REG_DWORD 1C:\Windows\system32\drivers\fltmgr.sys File Size: 190424 BYTES FileVersion: 6.0.6002.18005C:\Windows\system32\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34C:\Windows\system32\olepro32.dll File Size: 88576 BYTES FileVersion: 6.0.6002.18005 List of MBAM Related Directories:================================= C:\Program Files\Malwarebytes' Anti-Malware7z.dll File Size: 914432 BYTES FileVersion: 9.20.0.0changes.txt File Size: 200 BYTESlicense.rtf File Size: 17916 BYTESmbam.chm File Size: 474148 BYTESmbam.dll File Size: 527944 BYTES FileVersion: 1.70.0.0mbam.exe File Size: 887432 BYTES FileVersion: 1.75.0.1mbamcore.dll File Size: 1127496 BYTES FileVersion: 1.70.0.0mbamext.dll File Size: 80968 BYTES FileVersion: 1.70.0.0mbamgui.exe File Size: 532040 BYTES FileVersion: 1.70.0.0mbamnet.dll File Size: 2191944 BYTES FileVersion: 1.70.0.0mbampt.exe File Size: 40008 BYTES FileVersion: 1.70.0.0mbamscheduler.exe File Size: 418376 BYTES FileVersion: 1.70.0.0mbamservice.exe File Size: 701512 BYTES FileVersion: 1.70.0.0ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3unins000.dat File Size: 14952 BYTESunins000.exe File Size: 712264 BYTES FileVersion: 51.52.0.0unins000.msg File Size: 11277 BYTESvbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40 C:\Program Files\Malwarebytes' Anti-Malware\Chameleonchameleon.chm File Size: 186068 BYTESfirefox.com File Size: 218184 BYTESfirefox.exe File Size: 218184 BYTESfirefox.pif File Size: 218184 BYTESfirefox.scr File Size: 218184 BYTESiexplore.exe File Size: 218184 BYTESmbam-chameleon.com File Size: 218184 BYTESmbam-chameleon.exe File Size: 218184 BYTESmbam-chameleon.pif File Size: 218184 BYTESmbam-chameleon.scr File Size: 218184 BYTESmbam-killer.exe File Size: 896072 BYTESrundll32.exe File Size: 218184 BYTESsvchost.exe File Size: 218184 BYTESwinlogon.exe File Size: 218184 BYTES C:\Program Files\Malwarebytes' Anti-Malware\Languagesarabic.lng File Size: 21894 BYTESbelarusian.lng File Size: 26884 BYTESbosnian.lng File Size: 27108 BYTESbulgarian.lng File Size: 27574 BYTEScatalan.lng File Size: 28252 BYTESchineseSI.lng File Size: 11024 BYTESchineseTR.lng File Size: 11952 BYTEScroatian.lng File Size: 26670 BYTESczech.lng File Size: 24874 BYTESdanish.lng File Size: 26582 BYTESdutch.lng File Size: 28342 BYTESenglish.lng File Size: 24542 BYTESestonian.lng File Size: 25146 BYTESfinnish.lng File Size: 25950 BYTESfrench.lng File Size: 29830 BYTESgerman.lng File Size: 29894 BYTESgreek.lng File Size: 29300 BYTEShebrew.lng File Size: 19362 BYTEShungarian.lng File Size: 28666 BYTESindonesian.lng File Size: 26854 BYTESitalian.lng File Size: 28194 BYTESjapanese.lng File Size: 16266 BYTESkorean.lng File Size: 14188 BYTESlatvian.lng File Size: 27100 BYTESlithuanian.lng File Size: 27838 BYTESnorwegian.lng File Size: 25116 BYTESpolish.lng File Size: 26644 BYTESportugueseBR.lng File Size: 28654 BYTESportuguesePT.lng File Size: 29062 BYTESromanian.lng File Size: 28290 BYTESrussian.lng File Size: 27302 BYTESserbian.lng File Size: 26804 BYTESslovak.lng File Size: 25644 BYTESslovenian.lng File Size: 24852 BYTESspanish.lng File Size: 30060 BYTESswedish.lng File Size: 25992 BYTESthai.lng File Size: 26092 BYTESturkish.lng File Size: 25876 BYTESvietnamese.lng File Size: 29528 BYTES C:\Users\Prime\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware C:\Users\Prime\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs C:\Users\Prime\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malwarerules.ref File Size: 6302342 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configurationbuild.conf File Size: 140 BYTESconfig.conf File Size: 4076 BYTEScustom.conf File Size: 20 BYTESdatabase.conf File Size: 432 BYTEShtml.conf File Size: 2762 BYTESlocal.conf File Size: 420 BYTESmanifest.conf File Size: 184 BYTESmessaging.conf File Size: 1430 BYTESnews.conf File Size: 379 BYTES ===============================================================END OF FILE
  18. Thanks MrC. Done with the above delete procedure but no joy running Malwarebytes. Still opens up then slams closed when either trying to update or when I try to run the program without updating. Thank you for being patient with me. I guess this can be a long process determining what is going on. Let me know what I need to do next. Kind regards,
  19. Here is the report. (Attached). Says 29 'threats' but I'm not sure if any are REALLY threats or just files that the program doesn't recognize. the log is pretty long so I attached it instead of copy and pasting.TDSSKiller-report.txt
  20. Ok... I'll report back after scan and post results. thanks.
  21. MrC I think you are looking at the log that was posted PRIOR to my using the adware removal software. What program should I run to double check the log (I'll post it to my next post so you can see a fresh log file)? thanks
  22. Thank you MrC. Actions taken: 1. I unchecked the SAS Start with Windows option 2. I downloaded and ran the AdwCleaner program and ran it again just to look at the logs and it appears clean of adware 3. I opened Malwarebytes and tried to update manually. The program closed soon after the small GUI appears showing its trying to connect to a download server. Looks like something must still be preventing me from using Malwarebytes. Should I run another Combofix report? I await your instructions.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.