ROIGuy
-
Posts
38 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by ROIGuy
-
-
Well AdvancedSetup...
that did the trick! I followed those procedures on your last post and that allowed me to Update and run the Malwarebytes program.
Everything came out clean.
Problem solved.
thank you very much!
-
Ok AdvancedSetup
I ran the program as specified above with the fixlist.txt file on the desktop with the program and hit the 'Fix' button.
Here is the output of the log. It didn't take more than a second to run the fix. No restart was requested by the program.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-09-2013 03Ran by Prime at 2013-09-17 22:05:21 Run:1Running from C:\Users\Prime\yyBoot Mode: Normal==============================================Content of fixlist:*****************AlternateDataStreams: C:\ProgramData\TEMP:408F95E5AlternateDataStreams: C:\ProgramData\TEMP:98781370*****************C:\ProgramData\TEMP => ":408F95E5" ADS removed successfully.C:\ProgramData\TEMP => ":98781370" ADS removed successfully.==== End of Fixlog ==== -
Thanks Advanced,
The apache server software was used on this computer for website development for a php testing server environment.
I can get rid of it.
I've deleted all of the Java software and used the cleaner that you have posted. Ugh, unfortunately I didn't capture the log file before closing the text file. It did remove 2 pieces of java but I cannot remember which.
I've attached the logs from when I just used the Farbar Recovery Scan Tool. I hope that helps.
Let me know when you think I should give the Malwarbytes software another try.
Regards,Addition.txtFRST.txt
-
Result.txtI've attached the reulsts.txt of the minitoolbox to this post
-
Here is the log from the Farbar Service Scanner:
Farbar Service Scanner Version: 13-09-2013Ran by Prime (administrator) on 16-09-2013 at 18:05:52Running from "C:\Users\Prime\Desktop\Downloads"Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Security Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============WinDefend Service is not running. Checking service configuration:The start type of WinDefend service is set to Demand. The default start type is Auto.The ImagePath of WinDefend service is OK.The ServiceDll of WinDefend service is OK.Windows Defender Disabled Policy:==========================[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]"DisableAntiSpyware"=DWORD:1Other Services:==============File Check:========C:\Windows\system32\nsisvc.dll => MD5 is legitC:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legitC:\Windows\system32\dhcpcsvc.dll => MD5 is legitC:\Windows\system32\Drivers\afd.sys => MD5 is legitC:\Windows\system32\Drivers\tdx.sys => MD5 is legitC:\Windows\system32\Drivers\tcpip.sys[2013-08-14 16:56] - [2013-07-04 22:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3CC:\Windows\system32\dnsrslvr.dll => MD5 is legitC:\Windows\system32\mpssvc.dll => MD5 is legitC:\Windows\system32\bfe.dll => MD5 is legitC:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legitC:\Windows\system32\SDRSVC.dll => MD5 is legitC:\Windows\system32\vssvc.exe => MD5 is legitC:\Windows\system32\wscsvc.dll => MD5 is legitC:\Windows\system32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\system32\wuaueng.dll => MD5 is legitC:\Windows\system32\qmgr.dll => MD5 is legitC:\Windows\system32\es.dll => MD5 is legitC:\Windows\system32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legit**** End of log **** -
Ok... will do.
thanks.
-
Thanks Advanced:.. Here is the new log:
ComboFix 13-09-14.01 - Prime 09/16/2013 8:13.8.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1110 [GMT -5:00]Running from: c:\users\Prime\Desktop\Downloads\ComboFix.exeCommand switches used :: c:\users\Prime\yy\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk""c:\windows\Tasks\Adobe Flash Player Updater.job""c:\windows\Tasks\GoogleUpdateTaskMachineCore.job""c:\windows\Tasks\GoogleUpdateTaskMachineUA.job""c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.job""c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnkc:\windows\Tasks\Adobe Flash Player Updater.jobc:\windows\Tasks\GoogleUpdateTaskMachineCore.jobc:\windows\Tasks\GoogleUpdateTaskMachineUA.jobc:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.jobc:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job..((((((((((((((((((((((((( Files Created from 2013-08-16 to 2013-09-16 )))))))))))))))))))))))))))))))..2013-09-16 13:31 . 2013-09-16 13:31 -------- d-----w- c:\users\Prime\AppData\Local\temp2013-09-16 13:31 . 2013-09-16 13:31 -------- d-----w- c:\users\Public\AppData\Local\temp2013-09-16 13:31 . 2013-09-16 13:31 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-16 13:31 . 2013-09-16 13:31 -------- d-----w- c:\users\apache2triad\AppData\Local\temp2013-09-14 16:39 . 2013-09-14 17:08 -------- d-----w- C:\pirates-22013-09-13 19:15 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EF77C8D-CF57-4143-AF0D-0FABC9227DCF}\mpengine.dll2013-09-13 19:09 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-13 18:05 . 2013-09-14 02:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-09-13 18:05 . 2013-09-13 18:05 -------- d-----w- c:\users\Prime\AppData\Roaming\Malwarebytes2013-09-13 18:05 . 2013-09-13 18:05 -------- d-----w- c:\programdata\Malwarebytes2013-09-13 18:04 . 2013-09-13 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-13 18:04 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-13 16:41 . 2013-09-13 16:41 -------- d-----w- C:\TDSSKiller_Quarantine2013-09-13 12:37 . 2013-09-13 12:58 -------- d-----w- C:\AdwCleaner2013-09-12 21:40 . 2013-09-12 21:40 -------- d-----w- C:\FRST2013-09-09 20:02 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-09-06 13:29 . 2013-09-06 13:21 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89C7C82E-9F00-4E5E-8332-1F1BB601DEFA}\gapaengine.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-13 15:11 . 2012-04-25 16:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-13 15:11 . 2011-12-13 23:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-08-23 03:17 . 2012-06-12 18:26 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-07-31 11:23 . 2013-07-31 11:23 121688 ----a-w- c:\windows\system32\drivers\AnyDVD.sys2013-07-25 02:32 . 2013-08-14 22:04 1800704 ----a-w- c:\windows\system32\jscript9.dll2013-07-25 02:26 . 2013-08-14 22:04 1129472 ----a-w- c:\windows\system32\wininet.dll2013-07-25 02:25 . 2013-08-14 22:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-07-25 02:23 . 2013-08-14 22:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-07-25 02:23 . 2013-08-14 22:04 420864 ----a-w- c:\windows\system32\vbscript.dll2013-07-25 02:22 . 2013-08-14 22:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-07-17 19:41 . 2013-08-14 21:57 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-10 09:47 . 2013-08-14 21:57 783360 ----a-w- c:\windows\system32\rpcrt4.dll2013-07-09 12:10 . 2013-08-14 21:56 1205168 ----a-w- c:\windows\system32\ntdll.dll2013-07-08 04:55 . 2013-08-14 21:56 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe2013-07-08 04:55 . 2013-08-14 21:56 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-07-08 04:20 . 2013-08-14 21:53 172544 ----a-w- c:\windows\system32\wintrust.dll2013-07-08 04:16 . 2013-08-14 21:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-08 04:16 . 2013-08-14 21:53 98304 ----a-w- c:\windows\system32\cryptnet.dll2013-07-08 04:16 . 2013-08-14 21:53 992768 ----a-w- c:\windows\system32\crypt32.dll2013-07-05 03:20 . 2013-08-14 21:56 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-07-05 01:43 . 2013-08-14 21:56 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2013-07-02 13:27 . 2013-07-02 13:27 97176 ----a-w- c:\windows\system32\ElbyCDIO.dll2013-06-19 02:50 . 2013-06-19 02:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-06-19 02:50 . 2012-03-21 01:44 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]"NDSTray.exe"="NDSTray.exe" [bU]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-02-11 36864]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]"Talk"="c:\program files\NCH Software\Talk\talk.exe" [2012-12-14 1420292]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952].c:\users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2BS9SJ0P05RQ;CONNECTION=NW;MONITOR=1; [2006-11-2 44544].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux4"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2533579671-3271529956-2011735840-1000]"EnableNotificationsRef"=dword:00000001.S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]..--- Other Services/Drivers In Memory ---.*Deregistered* - ctxusbm.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcLocalServiceAndNoImpersonation REG_MULTI_SZ FontCache..------- Supplementary Scan -------.Trusted Zone: myps.com\portalTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - ExtSQL: !HIDDEN! 2010-02-03 08:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-09-16 08:31Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ....scanning hidden autostart entries ....scanning hidden files ....scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:e2,5a,10,f9,2e,3f,cd,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e,dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\.[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e,dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000001.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Completion time: 2013-09-16 08:37:22ComboFix-quarantined-files.txt 2013-09-16 13:37ComboFix2.txt 2013-09-15 20:51ComboFix3.txt 2013-09-15 20:12ComboFix4.txt 2013-09-13 03:56ComboFix5.txt 2013-09-16 13:11.Pre-Run: 49,904,750,592 bytes freePost-Run: 49,863,467,008 bytes free.- - End Of File - - 564B64FB782BE3CF0175AAC301C748385B5E648D12FCADC244C1EC30318E1EB9 -
Combofix.txtThank you AdvancedSetup (Ron)
I've downloaded and ran the Combofix and attached the log to this post.
-
It took about 20 minutes or so to run
I ran it at startup.
I followed the instructions that you posted to find the Check Disk log by using the event viewer to no avail. I'll see if there is another reason I can't find it or if there is a physical location of the log file that I can open and paste so you can review it.
-
Thank you AdvancedSetup.
I've searched for the Wininit in the source column and the only ones that I see are over a year old.
Strange....
-
thanks.... in progress.
Will there be a report that I can upload from it?
-
-
Ok.. Sorry about the post.
I tried to attach the minidump file and it says "You aren't permitted to upload this kind of file"
Can I rename it to a text file? like: Mini091213-01.txt
Would that work?
-
Ok. I've removed all of those red entries in the registry as well as removed the IObit program Advanced System Care.
I'll refer to the other thread to see if you guys find anything more in the results log that I posted there.
thank you for your help.
-
Hello Advanced and MrCharlie
Here is the 'Results' log from running MiniToolBox:
MiniToolBox by Farbar Version: 13-07-2013
Ran by Prime (administrator) on 13-09-2013 at 15:19:29Running from "C:\Users\Prime\yy"Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)Boot Mode: Normal***************************************************************************========================= Flush DNS: ===================================Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.========================= IE Proxy Settings: ==============================Proxy is not enabled.No Proxy Server is set."Reset IE Proxy Settings": IE Proxy Settings were reset.========================= FF Proxy Settings: =============================="network.proxy.type", 0"Reset FF Proxy Settings": Firefox Proxy settings were reset.========================= Hosts content: =================================127.0.0.1 localhost========================= IP Configuration: ================================Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)# ----------------------------------# IPv4 Configuration# ----------------------------------pushd interface ipv4resetset global icmpredirects=enabledpopd# End of IPv4 configurationWindows IP ConfigurationHost Name . . . . . . . . . . . . : Prime-PCPrimary Dns Suffix . . . . . . . :Node Type . . . . . . . . . . . . : BroadcastIP Routing Enabled. . . . . . . . : NoWINS Proxy Enabled. . . . . . . . : NoDNS Suffix Search List. . . . . . : gateway.2wire.netWireless LAN adapter Wireless Network Connection:Connection-specific DNS Suffix . : gateway.2wire.netDescription . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGNPhysical Address. . . . . . . . . : 00-13-E8-10-44-83DHCP Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesLink-local IPv6 Address . . . . . : fe80::6d06:ff7d:4d3e:64b5%9(Preferred)IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)Subnet Mask . . . . . . . . . . . : 255.255.255.0Lease Obtained. . . . . . . . . . : Friday, September 13, 2013 1:00:10 PMLease Expires . . . . . . . . . . : Saturday, September 14, 2013 3:04:49 PMDefault Gateway . . . . . . . . . : 192.168.1.254DHCP Server . . . . . . . . . . . : 192.168.1.254DHCPv6 IAID . . . . . . . . . . . : 218108904DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-5D-E8-6B-00-A0-D1-74-70-2BDNS Servers . . . . . . . . . . . : 192.168.1.254NetBIOS over Tcpip. . . . . . . . : EnabledEthernet adapter Local Area Connection:Media State . . . . . . . . . . . : Media disconnectedConnection-specific DNS Suffix . :Description . . . . . . . . . . . : Marvell Yukon 88E8039 PCI-E Fast Ethernet ControllerPhysical Address. . . . . . . . . : 00-A0-D1-74-70-2BDHCP Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesTunnel adapter Local Area Connection* 9:Media State . . . . . . . . . . . : Media disconnectedConnection-specific DNS Suffix . :Description . . . . . . . . . . . : Teredo Tunneling Pseudo-InterfacePhysical Address. . . . . . . . . : 02-00-54-55-4E-01DHCP Enabled. . . . . . . . . . . : NoAutoconfiguration Enabled . . . . : YesTunnel adapter Local Area Connection* 12:Media State . . . . . . . . . . . : Media disconnectedConnection-specific DNS Suffix . :Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0DHCP Enabled. . . . . . . . . . . : NoAutoconfiguration Enabled . . . . : YesTunnel adapter Local Area Connection* 16:Media State . . . . . . . . . . . : Media disconnectedConnection-specific DNS Suffix . :Description . . . . . . . . . . . : isatap.gateway.2wire.netPhysical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0DHCP Enabled. . . . . . . . . . . : NoAutoconfiguration Enabled . . . . : YesTunnel adapter Local Area Connection* 17:Media State . . . . . . . . . . . : Media disconnectedConnection-specific DNS Suffix . :Description . . . . . . . . . . . : isatap.{3B116DE3-149F-4E6A-ACDF-FCA09C67589E}Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0DHCP Enabled. . . . . . . . . . . : NoAutoconfiguration Enabled . . . . : YesTunnel adapter Local Area Connection* 19:Media State . . . . . . . . . . . : Media disconnectedConnection-specific DNS Suffix . : gateway.2wire.netDescription . . . . . . . . . . . : isatap.gateway.2wire.netPhysical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0DHCP Enabled. . . . . . . . . . . : NoAutoconfiguration Enabled . . . . : YesTunnel adapter Local Area Connection* 20:Media State . . . . . . . . . . . : Media disconnectedConnection-specific DNS Suffix . :Description . . . . . . . . . . . : isatap.{5CF63800-A8B9-4061-BFD6-E01C4FF176F2}Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0DHCP Enabled. . . . . . . . . . . : NoAutoconfiguration Enabled . . . . : YesServer: homeportalAddress: 192.168.1.254Name: google.comAddresses: 2607:f8b0:4000:803::100e173.194.46.3173.194.46.2173.194.46.8173.194.46.1173.194.46.6173.194.46.9173.194.46.4173.194.46.5173.194.46.0173.194.46.7173.194.46.14Pinging google.com [173.194.46.8] with 32 bytes of data:Reply from 173.194.46.8: bytes=32 time=48ms TTL=50Reply from 173.194.46.8: bytes=32 time=47ms TTL=50Ping statistics for 173.194.46.8:Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 47ms, Maximum = 48ms, Average = 47msServer: homeportalAddress: 192.168.1.254Name: yahoo.comAddresses: 206.190.36.4598.139.183.2498.138.253.109Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32 time=62ms TTL=49Reply from 98.138.253.109: bytes=32 time=78ms TTL=49Ping statistics for 98.138.253.109:Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 62ms, Maximum = 78ms, Average = 70msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================Interface List9 ...00 13 e8 10 44 83 ...... Intel® Wireless WiFi Link 4965AGN8 ...00 a0 d1 74 70 2b ...... Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller1 ........................... Software Loopback Interface 111 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface15 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #324 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net21 ...00 00 00 00 00 00 00 e0 isatap.{3B116DE3-149F-4E6A-ACDF-FCA09C67589E}25 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net23 ...00 00 00 00 00 00 00 e0 isatap.{5CF63800-A8B9-4061-BFD6-E01C4FF176F2}===========================================================================IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67 25127.0.0.0 255.0.0.0 On-link 127.0.0.1 306127.0.0.1 255.255.255.255 On-link 127.0.0.1 306127.255.255.255 255.255.255.255 On-link 127.0.0.1 306192.168.1.0 255.255.255.0 On-link 192.168.1.67 281192.168.1.67 255.255.255.255 On-link 192.168.1.67 281192.168.1.255 255.255.255.255 On-link 192.168.1.67 281224.0.0.0 240.0.0.0 On-link 127.0.0.1 306224.0.0.0 240.0.0.0 On-link 192.168.1.67 281255.255.255.255 255.255.255.255 On-link 127.0.0.1 306255.255.255.255 255.255.255.255 On-link 192.168.1.67 281===========================================================================Persistent Routes:NoneIPv6 Route Table===========================================================================Active Routes:If Metric Network Destination Gateway1 306 ::1/128 On-link9 281 fe80::/64 On-link9 281 fe80::6d06:ff7d:4d3e:64b5/128On-link1 306 ff00::/8 On-link9 281 ff00::/8 On-link===========================================================================Persistent Routes:None========================= Winsock entries =====================================Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)Catalog5 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog5 07 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)========================= Event log errors: ===============================Application errors:==================Error: (09/13/2013 01:00:08 PM) (Source: Apache Service) (User: )Description: The Apache service named Apache2Triad Apache2 Service reported the following error:>>> Unable to open logs .Error: (09/13/2013 01:00:08 PM) (Source: Apache Service) (User: )Description: The Apache service named Apache2Triad Apache2 Service reported the following error:>>> no listening sockets available, shutting down .Error: (09/13/2013 01:00:08 PM) (Source: Apache Service) (User: )Description: The Apache service named Apache2Triad Apache2 Service reported the following error:>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80 .Error: (09/13/2013 11:54:37 AM) (Source: Apache Service) (User: )Description: The Apache service named reported the following error:>>> no listening sockets available, shutting down .Error: (09/13/2013 11:54:37 AM) (Source: Apache Service) (User: )Description: The Apache service named reported the following error:>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80 .Error: (09/13/2013 11:45:58 AM) (Source: Apache Service) (User: )Description: The Apache service named Apache2Triad Apache2 Service reported the following error:>>> Unable to open logs .Error: (09/13/2013 11:45:58 AM) (Source: Apache Service) (User: )Description: The Apache service named Apache2Triad Apache2 Service reported the following error:>>> no listening sockets available, shutting down .Error: (09/13/2013 11:45:58 AM) (Source: Apache Service) (User: )Description: The Apache service named Apache2Triad Apache2 Service reported the following error:>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80 .Error: (09/13/2013 09:24:29 AM) (Source: Apache Service) (User: )Description: The Apache service named Apache2Triad Apache2 Service reported the following error:>>> Unable to open logs .Error: (09/13/2013 09:24:29 AM) (Source: Apache Service) (User: )Description: The Apache service named Apache2Triad Apache2 Service reported the following error:>>> no listening sockets available, shutting down .System errors:=============Error: (09/13/2013 03:13:35 PM) (Source: Service Control Manager) (User: )Description: TOSHIBA Optical Disc Drive Service1Error: (09/13/2013 02:05:52 PM) (Source: Service Control Manager) (User: )Description: 30000NetmanError: (09/13/2013 01:01:41 PM) (Source: Service Control Manager) (User: )Description: SCDEmuError: (09/13/2013 01:01:40 PM) (Source: Service Control Manager) (User: )Description: HP CUE DeviceDiscovery ServiceError: (09/13/2013 01:01:08 PM) (Source: Service Control Manager) (User: )Description: Apache2Triad SlimFTPd Server%%1069Error: (09/13/2013 01:01:08 PM) (Source: Service Control Manager) (User: )Description: SlimFTPd.\apache2triad%%1330Error: (09/13/2013 01:01:08 PM) (Source: Service Control Manager) (User: )Description: LogMeIn Kernel Information Provider%%3Error: (09/13/2013 01:01:08 PM) (Source: Service Control Manager) (User: )Description: Apache2Triad Apache2 Service1 (0x1)Error: (09/13/2013 01:01:08 PM) (Source: Service Control Manager) (User: )Description: Parallel port driver%%1058Error: (09/13/2013 01:01:08 PM) (Source: Service Control Manager) (User: )Description: avast! iAVS4 Control Service%%3Microsoft Office Sessions:=========================Error: (09/13/2013 01:00:08 PM) (Source: Apache Service)(User: )Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:>>>Unable to open logsError: (09/13/2013 01:00:08 PM) (Source: Apache Service)(User: )Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:>>>no listening sockets available, shutting downError: (09/13/2013 01:00:08 PM) (Source: Apache Service)(User: )Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:>>>(OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80Error: (09/13/2013 11:54:37 AM) (Source: Apache Service)(User: )Description: The Apache service namedreported the following error:>>>no listening sockets available, shutting downError: (09/13/2013 11:54:37 AM) (Source: Apache Service)(User: )Description: The Apache service namedreported the following error:>>>(OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80Error: (09/13/2013 11:45:58 AM) (Source: Apache Service)(User: )Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:>>>Unable to open logsError: (09/13/2013 11:45:58 AM) (Source: Apache Service)(User: )Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:>>>no listening sockets available, shutting downError: (09/13/2013 11:45:58 AM) (Source: Apache Service)(User: )Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:>>>(OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80Error: (09/13/2013 09:24:29 AM) (Source: Apache Service)(User: )Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:>>>Unable to open logsError: (09/13/2013 09:24:29 AM) (Source: Apache Service)(User: )Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:>>>no listening sockets available, shutting downCodeIntegrity Errors:===================================Date: 2013-09-12 14:32:37.949Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2013-09-12 14:32:37.372Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2013-09-12 00:00:04.269Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2013-09-12 00:00:03.678Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2013-09-12 00:00:03.136Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2013-09-12 00:00:02.544Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2013-09-11 23:45:36.107Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2013-09-11 23:45:35.524Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2013-09-11 23:45:34.894Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2013-09-11 23:45:34.242Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.=========================== Installed Programs ============================32 Bit HP CIO Components Installer (Version: 1.0.0)7-Zip 4.57Acrobat.com (Version: 0.0.0)Acrobat.com (Version: 1.1.377)Activation Assistant for the 2007 Microsoft Office suitesActivation Assistant for the 2007 Microsoft Office suites (Version: 1.0)Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0)Adobe Acrobat 8 Professional (Version: 8.1.0)Adobe After Effects CS3 (Version: 8)Adobe After Effects CS3 Presets (Version: 8)Adobe After Effects CS3 Third Party Content (Version: 3)Adobe AIR (Version: 1.5.3.9130)Adobe Anchor Service CS3 (Version: 1.0)Adobe Asset Services CS3 (Version: 3)Adobe Bridge CS3 (Version: 2)Adobe Bridge Start Meeting (Version: 1.0)Adobe BridgeTalk Plugin CS3 (Version: 1.0)Adobe Camera Raw 4.0 (Version: 4.0)Adobe CMaps (Version: 1.0)Adobe Color - Photoshop Specific (Version: 1.0)Adobe Color Common Settings (Version: 1.0)Adobe Color EU Extra Settings (Version: 1.0)Adobe Color JA Extra Settings (Version: 1.0)Adobe Color NA Recommended Settings (Version: 1.0)Adobe Contribute CS3 (Version: 4.1)Adobe Default Language CS3 (Version: 1.0)Adobe Device Central CS3 (Version: 1.0)Adobe Dreamweaver CS3 (Version: 9)Adobe Encore CS3 (Version: 3)Adobe Encore CS3 Codecs (Version: 3)Adobe ExtendScript Toolkit 2 (Version: 2.0)Adobe Extension Manager CS3 (Version: 1.8)Adobe Fireworks CS3 (Version: 9.0)Adobe Flash CS3 (Version: 9.0)Adobe Flash Player 11 ActiveX (Version: 11.8.800.174)Adobe Flash Player 11 Plugin (Version: 11.8.800.168)Adobe Flash Video Encoder (Version: 2.0)Adobe Fonts All (Version: 1.0)Adobe Help Viewer CS3 (Version: 1)Adobe Illustrator CS3 (Version: 13.0)Adobe InDesign CS3 (Version: 5.0)Adobe InDesign CS3 Icon Handler (Version: 5.0)Adobe Linguistics CS3 (Version: 3.0.0)Adobe MotionPicture Color Files (Version: 1.0)Adobe PDF Library Files (Version: 8.0)Adobe Photoshop CS3 (Version: 10)Adobe Premiere Pro CS3 (Version: 3)Adobe Premiere Pro CS3 Functional Content (Version: 8)Adobe Premiere Pro CS3 Third Party Content (Version: 3)Adobe Reader X (10.1.6) (Version: 10.1.6)Adobe Setup (Version: 1.0)Adobe Shockwave Player 11 (Version: 11)Adobe SING CS3 (Version: 0.1)Adobe Soundbooth CS3 (Version: 1)Adobe Soundbooth CS3 Codecs (Version: 3)Adobe Stock Photos CS3 (Version: 1.5)Adobe Type Manager 4.1Adobe Type Support (Version: 1.0)Adobe Update Manager CS3 (Version: 5.1.0)Adobe Version Cue CS3 Client (Version: 3)Adobe Version Cue CS3 Server (Version: 3.0)Adobe Video Profiles (Version: 1.0)Adobe WAS CS3 (Version: 1.0)Adobe WinSoft Linguistics Plugin (Version: 1.0)Adobe XMP DVA Panels CS3 (Version: 1.0)Adobe XMP Panels CS3 (Version: 1.0)Advanced PDF Password Recovery (Version: 4.0)Advanced SystemCare 5 (Version: 5.2.0)AHV content for Acrobat and Flash (Version: 1)AnyDVD (Version: 7.1.2.0)Apache HTTP Server 2.2.8 (Version: 2.2.8)Apache2Triad: apache server bundleApple Application Support (Version: 2.1.7)Apple Software Update (Version: 2.1.3.127)AT&T Connect Participant Application v8.8.53 (Version: 8.8.53)AT&T Self Support ToolAudacity 1.3.12 (Unicode)Avanquest update (Version: 1.19)avast! BART CD Manager (Version: 2.0)AviSynth 2.5Bejeweled 2 Deluxe (Version: WT017700)Blackhawk Striker 2 (Version: WT017710)Blasterball 3 (Version: WT017720)Bluetooth Stack for Windows by Toshiba (Version: v5.10.04(T))BPD_HPSU (Version: 1.00.0000)BPD_Scan (Version: 3.00.0000)BPDSoftware (Version: 82.0.173.000)BPDSoftware_Ini (Version: 1.00.0000)BufferChm (Version: 82.0.173.000)Camera Assistant Software for Toshiba (Version: 1.7.115.0213)CCleaner (Version: 4.01)CD/DVD Drive Acoustic Silencer (Version: 2.00.02)Chat Dashboard (Version: 0.6.4)Chat Dashboard (Version: 0.6.4b)Chuzzle Deluxe (Version: WT017760)Citrix online plug-in - web (Version: 12.0.0.6410)Citrix online plug-in (DV) (Version: 12.0.0.6410)Citrix online plug-in (HDX) (Version: 12.0.0.6410)Citrix online plug-in (USB) (Version: 12.0.0.6410)Citrix online plug-in (Web) (Version: 12.0.0.6410)CoffeeCup Flash Menu BuilderCoffeeCup Web Form Builder - RegisteredCompatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)CustomerResearchQFolder (Version: 1.00.0000)CutePDF Writer 2.8D3DX10 (Version: 15.4.2368.0902)D6100_D7100_D7300_Help (Version: 82.0.233.000)D7300 (Version: 82.0.233.000)Destination Component (Version: 090.000.091.086)DeviceDiscovery (Version: 110.0.180.000)DivX Setup (Version: 2.6.1.41)DivX Web Player (Version: 1.5.0)DocProc (Version: 8.1.0.0)DocProcQFolder (Version: 1.00.0000)Dropbox (Version: 1.6.18)DVD MovieFactory for TOSHIBA (Version: 5.3)DVD Shrink 3.2eSupportQFolder (Version: 1.00.0000)Express TalkFATE (Version: WT017800)Fax (Version: 120.0.194.000)FileZilla Client 3.1.1.1 (Version: 3.1.1.1)Flashation Menu BuilderFLVPlayer (Version: 1.0.0)Garmin Communicator Plugin (Version: 2.9.3)Garmin USB Drivers (Version: 2.3.1.0)Garmin WebUpdater (Version: 2.5.6)GnuWin32: OpenSSL-0.9.8h-1 (Version: 0.9.8h-1)Google AdWords Editor (Version: 8.5.2)Google Calendar SyncGoogle Chrome (Version: 29.0.1547.66)Google Drive (Version: 1.11.4865.2530)Google Earth Plug-in (Version: 7.1.1.1888)Google Gears (Version: 0.5.3600)Google Toolbar for Internet ExplorerGoogle Update Helper (Version: 1.3.21.153)GoToMeeting 5.5.0.1132 (Version: 5.5.0.1132)HP Customer Participation Program 8.0 (Version: 8.0)HP Deskjet & Photosmart Printer Driver Software 8.0.A (Version: 8.0)HP Imaging Device Functions 8.0 (Version: 8.0)HP LaserJet P2030 SeriesHP LaserJet Professional P1100-P1560-P1600 SeriesHP OCR Software 8.0 (Version: 8.0)HP Officejet 6700 Basic Device Software (Version: 25.0.619.0)HP Officejet 6700 Help (Version: 140.0.2.2)HP Officejet 6700 Product Improvement Study (Version: 25.0.619.0)HP Officejet Pro 8500 A910 Basic Device Software (Version: 22.0.334.0)HP Officejet Pro 8500 A910 Help (Version: 140.0.2.2)HP Officejet Pro 8500 A910 Product Improvement Study (Version: 22.0.334.0)HP Officejet Pro All-In-One Series (Version: 1.0)HP Photosmart Essential (Version: 1.12.0.46)HP Product Assistant (Version: 100.000.001.000)HP Solution Center 8.0 (Version: 8.0)HP Update (Version: 5.003.000.004)HP_Network_UserGuide (Version: 1.00.0000)hppLaserJetService (Version: 001.001.0.0)hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0)HPProductAssistant (Version: 82.0.173.000)hppusgP1100P1560P1600Series (Version: 1.0.0.1)hppusgP2030 (Version: 000.000.00003)HPSSupply (Version: 2.1.3.0000)I.R.I.S. OCR (Version: 12.3.4)ImgBurn (Version: 2.5.5.0)InFlac 1.1.1 (Version: 1.1.1)Intel® Graphics Media Accelerator DriverInternet Offers (Version: 6.2)Java 7 Update 15 (Version: 7.0.150)Java Auto Updater (Version: 2.1.9.0)Java 6 Update 27 (Version: 6.0.270)Java SE Development Kit 7 (Version: 1.7.0.0)JEOPARDY (Version: WT017840)Magic ISO Maker v5.5 (build 0272)MagicDisc 2.7.105magicJack (Version: 2.0.5703.3988)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)MarketResearch (Version: 130.0.374.000)Marvell Miniport Driver (Version: 10.0.4.3)MediaCoder 0.6.1 (Version: 0.6.1)Memoryze (Version: 2.0.0)Mesh Runtime (Version: 15.4.5722.2)Microsoft .NET Framework 1.1 (Version: 1.1.4322)Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2833941)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Money Essentials (Version: 16)Microsoft Money Shared Libraries (Version: 16.0.0.705)Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)Microsoft Office Live Meeting 2007 (Version: 8.0.6362.149)Microsoft Office Outlook Connector (Version: 14.0.5118.5000)Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)Microsoft Security Client (Version: 4.3.0215.0)Microsoft Security Essentials (Version: 4.3.215.0)Microsoft Silverlight (Version: 5.1.20513.0)Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.2004)Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)Microsoft SQL Server Native Client (Version: 9.00.5000.00)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Works (Version: 08.05.0818)Microsoft XML Parser (Version: 8.20.8730.4)Mobilink (Version: 2.02.19.007)Motorola Driver Installation 3.7.0 (Version: 3.7.0)Motorola Phone Tools (Version: 4.30)Motorola Phone Tools (Version: 4.5.1c 3/20/2007)Mozilla Firefox 19.0 (x86 en-US) (Version: 19.0)Mozilla Maintenance Service (Version: 22.0)MPM (Version: 1.00.0000)MrvlUsgTracking (Version: 1.0.7)MSVCRT (Version: 15.4.2862.0708)MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)Network (Version: 110.0.180.000)Notepad AppOgg Codecs 0.81.15562 (Version: 0.81.15562)Oregon Trail® 5PC Inspector File Recovery (Version: 4.0)PDF Settings (Version: 1.0)Penguins! (Version: WT017910)Polar Bowler (Version: WT017930)Polar Golfer (Version: WT017940)PremiumSoft Navicat MySQL 7.2QuickBooks Remote AccessQuickTime (Version: 7.72.80.56)Realtek High Definition Audio Driver (Version: 6.0.1.5371)Scan (Version: 8.1.0.0)SCRABBLE (Version: WT017980)Segoe UI (Version: 15.4.2271.0615)SF_CDA_ProductContext (Version: 82.0.233.000)SF_CDA_Software (Version: 82.0.233.000)Skype Toolbars (Version: 1.0.4051)Skype™ 5.10 (Version: 5.10.116)SlpCatalogues (Version: 1.0.0)SolutionCenter (Version: 82.0.188.000)Sothink SWF Decompiler (Version: 4.4)Sothink SWF Quicker (Version: 3.0)Sprint Mobile Broadband (Novatel Wireless) (Version: 3.10.014)Status (Version: 110.0.180.000)SUPERAntiSpyware (Version: 5.6.1020)SWFKit 3.1Synaptics Pointing Device Driver (Version: 11.2.4.0)Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0001)TIPCI (Version: 2.00.0001)Toolbox (Version: 82.0.173.000)TOSHIBA Assist (Version: 2.00.03)TOSHIBA ConfigFree (Version: 7.00.24)TOSHIBA Disc Creator (Version: 2.0.0.6)TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)TOSHIBA Hardware Setup (Version: 2.00.02MWM)TOSHIBA Media Center Game ConsoleToshiba Registration (Version: 1.00.0000)TOSHIBA SD Memory Utilities (Version: 1.7.0.2)TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD03))TOSHIBA Software Upgrades (Version: 4.2)TOSHIBA Speech System ApplicationsTOSHIBA Speech System SR Engine(U.S.) Version1.0TOSHIBA Speech System TTS Engine(U.S.) Version1.0TOSHIBA Supervisor Password (Version: 2.00.01MWM)TOSHIBA Value Added Package (Version: 1.0.13)TrayApp (Version: 110.0.180.000)Trivial Pursuit Digital Choice v1.2.5 for Windows XP/VistaUnloadSupport (Version: 1.00.0000)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)VC 9.0 Runtime (Version: 1.0.0)VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)VirtualCloneDriveVista Codec Package (Version: 4.5.9)Visual Studio Tools for the Office system 3.0 RuntimeVisual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)VRE ToolbarWeb Dumper 2.4.1WebReg (Version: 82.0.173.000)Winamp (Version: 5.541 )Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)Windows Live Communications Platform (Version: 15.4.3502.0922)Windows Live Essentials (Version: 15.4.3502.0922)Windows Live Essentials (Version: 15.4.3555.0308)Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)Windows Live Installer (Version: 15.4.3502.0922)Windows Live Mesh (Version: 15.4.3502.0922)Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)Windows Live Movie Maker (Version: 15.4.3502.0922)Windows Live Photo Common (Version: 15.4.3502.0922)Windows Live Photo Gallery (Version: 15.4.3502.0922)Windows Live PIMT Platform (Version: 15.4.3508.1109)Windows Live Remote Client (Version: 15.4.5722.2)Windows Live Remote Client Resources (Version: 15.4.5722.2)Windows Live Remote Service (Version: 15.4.5722.2)Windows Live Remote Service Resources (Version: 15.4.5722.2)Windows Live SOXE (Version: 15.4.3502.0922)Windows Live SOXE Definitions (Version: 15.4.3502.0922)Windows Live UX Platform (Version: 15.4.3502.0922)Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)Windows Live Writer (Version: 15.4.3502.0922)Windows Live Writer Resources (Version: 15.4.3502.0922)Windows Media Encoder 9 SeriesWindows Media Encoder 9 Series (Version: 9.00.3374)Windows Media Player Firefox Plugin (Version: 1.0.0.8)WinDVD for TOSHIBA (Version: 8.0-B6.108)Yahoo! Music Jukebox========================= Devices: ================================Name: Microsoft ISATAP AdapterDescription: Microsoft ISATAP AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driverName: Officejet Pro L7700Description: Officejet Pro L7700Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Officejet 7400 seriesDescription: Officejet 7400 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: hp LaserJet 1320 seriesDescription: hp LaserJet 1320 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: HP LaserJet P2035nDescription: HP LaserJet P2035nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: DesignJet 800 (C7779B)Description: DesignJet 800 (C7779B)Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Photosmart C7200 seriesDescription: Photosmart C7200 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Officejet Pro 8000 A809Description: Officejet Pro 8000 A809Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Officejet Pro 8500 A909aDescription: Officejet Pro 8500 A909aClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: HP LaserJet P2015 SeriesDescription: HP LaserJet P2015 SeriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: hp LaserJet 4250Description: hp LaserJet 4250Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: HP LaserJet Professional P1102wDescription: HP LaserJet Professional P1102wClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: HP LaserJet Professional P1102wDescription: HP LaserJet Professional P1102wClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Officejet Pro 8500 A910Description: Officejet Pro 8500 A910Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: HP LaserJet M2727nf MFPDescription: HP LaserJet M2727nf MFPClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: HP Color LaserJet CP3525Description: HP Color LaserJet CP3525Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: hp LaserJet 4350Description: hp LaserJet 4350Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Officejet Pro 8500 A909gDescription: Officejet Pro 8500 A909gClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Officejet 6700Description: Officejet 6700Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Photosmart 6510 seriesDescription: Photosmart 6510 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Officejet Pro 8500 A910Description: Officejet Pro 8500 A910Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.========================= Memory info: ===================================Percentage of memory in use: 48%Total physical RAM: 2037.32 MBAvailable physical RAM: 1042.52 MBTotal Pagefile: 4311.93 MBAvailable Pagefile: 3075.27 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1944.66 MB========================= Partitions: =====================================1 Drive c: (SQ004328V04) (Fixed) (Total:184.84 GB) (Free:53.82 GB) NTFS========================= Users: ========================================User accounts for \\PRIME-PCAdministrator apache2triad GuestPrime========================= Minidump Files ==================================C:\Windows\Minidump\Mini072113-01.dmpC:\Windows\Minidump\Mini072313-01.dmpC:\Windows\Minidump\Mini081413-01.dmpC:\Windows\Minidump\Mini082413-01.dmpC:\Windows\Minidump\Mini082813-01.dmpC:\Windows\Minidump\Mini091213-01.dmp**** End of log **** -
MrCharlie asked me to post the problem that we are experiencing here with a snippet of the mbam-check log file.
Here is the thread where we discuss fully what the symptoms are and what I have done in coordination with MrC's directions to try to solve the problems. (Synopsis--- The Malwarebytes program is not running. It shuts down whenever I try to update it or when I try to run the program).
Please let us know what we can do to solve the problems in running the Malwarebytes program.
thanks in advance.
http://forums.malwarebytes.org/index.php?showtopic=133113&p=729082
Service and Driver Status:
==========================
<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon -
-
The link above that you provide is a FAQ topic which is locked.
Is there another one that isn't locked that I can make the post you told me to ?
thanks in advance.
-
Ok Thanks MrC. Here are the results of implementing all of the procedures above in your post:
1. Downloaded and ran rkill----> Tried to run Malwarebytes to no effect.
2. Uninstalled Malwarebytes, rebooted, downloaded mbam-clean, ran it, Rebooted again.
3. downloaded MBAM from the beta link you provided, installed, Tried to update :::MBAM closed. Opened Malwarebytes and tried to update manually, whereupon the program CLOSED again.
4. Downloaded MBAM check. Ran program and below are the results. thank you again for your diligence.
mbam-check result log version: 2.0.0.1000Malwarebytes Version: REG_SZ 1.75.0.1300Date Log Created: 09/13/13Time Log Created: 13:07:51User Account type: Administrator32 bit Operating SystemProduct Name: REG_SZ Windows Vista Home PremiumCurrent Build Number: 6002Current Version Number: 6.0Current CSDVersion: Service Pack 2Proxy Status: No proxy is SetLAN Settings:=============No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLYSystemPartition:================HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition REG_SZ \Device\HarddiskVolume2Balloon Tips Status:====================EnabledTime Format Settings:=====================Should be:h:mm:ss ttAMPM:Currently:REG_SZ h:mm:ss ttREG_SZ AMREG_SZ PMREG_SZ :Language and Regional Settings:===============================ACP: Language is English (United States)MACCP: Language is English (United States)OEMCP: Language is English (United States)Startup Folders for Error_Expanding_Variables Check:====================================================All Users Startup Folder Exists.Current User's Startup Folder Exists.Terminal Services Status for (null) entries in PM logs and GetUserToken errors:===============================================================================TERMService:==============Type : 32State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0TermService Start is set to: 2 (Automatic Startup)Compatibility Flag Settings (Any MBAM file listings should be removed):=======================================================================HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\LayersC:\ProgramData\WebEx\mwcliun.exeREG_SZ WINXPSP2C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exeREG_SZ WINXPSP2HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\LayersC:\Users\Prime\Documents\RootkitRevealer\RootkitRevealer.exeREG_SZ WINXPSP2C:\Program Files\Motorola Phone Tools\mPhonetools.exeREG_SZ WINXPSP2C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEREG_SZ WINXPSP2Malwarebytes Anti-Malware Shell Extension Block Check:======================================================MBAM Startup Entries:=====================HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceMalwarebytes Anti-Malware REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentService and Driver Status:==========================<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleonMBAMProtector Registry Values:==============================MBAMService Registry Values:============================MBAMScheduler Registry Values:==============================MBAM DLL's and Runtime Files:=============================HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid(Default): REG_SZ vbAccelerator Grid ControlHKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}HKEY_CLASSES_ROOT\SSubTimer6.GSubclass(Default): REG_SZ SSubTimer6.GSubclassHKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\SSubTimer6.CTimer(Default): REG_SZ SSubTimer6.CTimerHKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\SSubTimer6.ISubclass(Default): REG_SZ SSubTimer6.ISubclassHKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ SSubTimer6.ISubclassHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID(Default): REG_SZ SSubTimer6.ISubclassHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION(Default): REG_SZ 1.0HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ SSubTimer6.GSubclassHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllThreadingModel REG_SZ ApartmentHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID(Default): REG_SZ SSubTimer6.GSubclassHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION(Default): REG_SZ 1.0HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ SSubTimer6.CTimerHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllThreadingModel REG_SZ ApartmentHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID(Default): REG_SZ SSubTimer6.CTimerHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION(Default): REG_SZ 1.0HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocxHKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS(Default): REG_SZ 2HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-MalwareHKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllHKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS(Default): REG_SZ 0HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-MalwareHKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ ISubclassHKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}Version REG_SZ 1.0HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ CTimerHKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}Version REG_SZ 1.0HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}(Default): REG_SZ vbalGridHKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}Version REG_SZ 1.1MBAM Registry Settings and License Info:========================================HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malwareadvancedheuristics REG_DWORD 1downloadprogram REG_DWORD 1hidereg REG_DWORD 0detectp2p REG_DWORD 0detectpum REG_DWORD 1detectpup REG_DWORD 2updatewarn REG_DWORD 1updatewarndays REG_DWORD 7useproxy REG_DWORD 0useauthentication REG_DWORD 0contextmenu REG_DWORD 1reportthreats REG_DWORD 1startwithwindows REG_DWORD 1startfsdisabled REG_DWORD 0startipdisabled REG_DWORD 0silentipmode REG_DWORD 0autoquarantine REG_DWORD 1notifyinstallprogram REG_DWORD 1trialpromptshown REG_DWORD 0autoquarantinenotify REG_DWORD 1alwaysscanarchives REG_DWORD 1InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malwaredbdate REG_SZ Thu, 04 Apr 2013 18:41:20 GMTdbversion REG_SZ v2013.04.04.07programversion REG_SZ 1.75.0.1300programbuild REG_SZ consumerHKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malwarealwaysscanfiles REG_DWORD 1alwaysscanheuristics REG_DWORD 1alwaysscanmemory REG_DWORD 1alwaysscanregistry REG_DWORD 1alwaysscanstartups REG_DWORD 1autosavelog REG_DWORD 1openlog REG_DWORD 1defaultscan REG_DWORD 1terminateie REG_DWORD 0Language REG_SZ English.lngselectedrives REG_SZ C:\|F:\|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1Inno Setup: Setup Version REG_SZ 5.5.3-dev (a)Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-MalwareInstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-MalwareInno Setup: User REG_SZ PrimeInno Setup: Selected Tasks REG_DWORD 0Inno Setup: Deselected Tasks REG_SZ desktopicon,quicklaunchiconInno Setup: Language REG_SZ EnglishDisplayName REG_SZ Malwarebytes Anti-Malware version 1.75.0.1300DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENTDisplayVersion REG_SZ 1.75.0.1300Publisher REG_SZ Malwarebytes CorporationURLInfoAbout REG_SZ http://www.malwarebytes.orgNoModify REG_DWORD 1NoRepair REG_DWORD 1InstallDate REG_SZ 20130913MajorVersion REG_DWORD 1MinorVersion REG_DWORD 75Pending File Rename Operations:================================If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.Scheduler Queue:================Context Menu Entries:=====================HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt(Default): REG_SZ MBAMShlExt ClassHKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer(Default): REG_SZ MBAMExt.MBAMShlExt.1HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1(Default): REG_SZ MBAMShlExt ClassHKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}(Default): REG_SZ IMBAMShlExtHKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}Version REG_SZ 1.0HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}(Default): REG_SZ MBAMShlExt ClassHKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dllThreadingModel REG_SZ ApartmentHKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID(Default): REG_SZ MBAMExt.MBAMShlExt.1HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID(Default): REG_SZ MBAMExt.MBAMShlExtHKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0(Default): REG_SZ MBAMExt 1.0 Type LibraryHKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dllHKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS(Default): REG_SZ 0HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-MalwareMBAM Drivers:=============C:\Windows\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0C:\Windows\system32\drivers\mbamswissarmy.sys File Size: 40776 BYTES FileVersion: 1.60.0.0Required Dependencies:======================BFE:==============Type : 32State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFEDisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001Group REG_SZ NetworkProviderImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetworkDescription REG_SZ @%SystemRoot%\system32\bfe.dll,-1002ObjectName REG_SZ NT AUTHORITY\LocalServiceErrorControl REG_DWORD 1Start REG_DWORD 2Type REG_DWORD 32DependOnService REG_MULTI_SZ RpcSsServiceSidType REG_DWORD 3RequiredPrivileges REG_MULTI_SZ SeAuditPrivilegeFailureActions REG_BINARY Binary DataHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\ParametersServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dllServiceDllUnloadOnStop REG_DWORD 1ServiceMain REG_SZ BfeServiceMainHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\PolicyHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTimeHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary DataHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\PersistentHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\CalloutHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary DataHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary DataHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Datafltmgr:==============Type : 2State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgrAttachWhenLoaded REG_DWORD 1DisplayName REG_SZ FltMgrGroup REG_SZ FSFilter InfrastructureImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sysDescription REG_SZ File System Filter Manager DriverErrorControl REG_DWORD 3Start REG_DWORD 0Tag REG_DWORD 1Type REG_DWORD 2HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum0 REG_SZ Root\LEGACY_FLTMGR\0000Count REG_DWORD 1NextInstance REG_DWORD 1C:\Windows\system32\drivers\fltmgr.sys File Size: 190424 BYTES FileVersion: 6.0.6002.18005C:\Windows\system32\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34C:\Windows\system32\olepro32.dll File Size: 88576 BYTES FileVersion: 6.0.6002.18005List of MBAM Related Directories:=================================C:\Program Files\Malwarebytes' Anti-Malware7z.dll File Size: 914432 BYTES FileVersion: 9.20.0.0changes.txt File Size: 200 BYTESlicense.rtf File Size: 17916 BYTESmbam.chm File Size: 474148 BYTESmbam.dll File Size: 527944 BYTES FileVersion: 1.70.0.0mbam.exe File Size: 887432 BYTES FileVersion: 1.75.0.1mbamcore.dll File Size: 1127496 BYTES FileVersion: 1.70.0.0mbamext.dll File Size: 80968 BYTES FileVersion: 1.70.0.0mbamgui.exe File Size: 532040 BYTES FileVersion: 1.70.0.0mbamnet.dll File Size: 2191944 BYTES FileVersion: 1.70.0.0mbampt.exe File Size: 40008 BYTES FileVersion: 1.70.0.0mbamscheduler.exe File Size: 418376 BYTES FileVersion: 1.70.0.0mbamservice.exe File Size: 701512 BYTES FileVersion: 1.70.0.0ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3unins000.dat File Size: 14952 BYTESunins000.exe File Size: 712264 BYTES FileVersion: 51.52.0.0unins000.msg File Size: 11277 BYTESvbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40C:\Program Files\Malwarebytes' Anti-Malware\Chameleonchameleon.chm File Size: 186068 BYTESfirefox.com File Size: 218184 BYTESfirefox.exe File Size: 218184 BYTESfirefox.pif File Size: 218184 BYTESfirefox.scr File Size: 218184 BYTESiexplore.exe File Size: 218184 BYTESmbam-chameleon.com File Size: 218184 BYTESmbam-chameleon.exe File Size: 218184 BYTESmbam-chameleon.pif File Size: 218184 BYTESmbam-chameleon.scr File Size: 218184 BYTESmbam-killer.exe File Size: 896072 BYTESrundll32.exe File Size: 218184 BYTESsvchost.exe File Size: 218184 BYTESwinlogon.exe File Size: 218184 BYTESC:\Program Files\Malwarebytes' Anti-Malware\Languagesarabic.lng File Size: 21894 BYTESbelarusian.lng File Size: 26884 BYTESbosnian.lng File Size: 27108 BYTESbulgarian.lng File Size: 27574 BYTEScatalan.lng File Size: 28252 BYTESchineseSI.lng File Size: 11024 BYTESchineseTR.lng File Size: 11952 BYTEScroatian.lng File Size: 26670 BYTESczech.lng File Size: 24874 BYTESdanish.lng File Size: 26582 BYTESdutch.lng File Size: 28342 BYTESenglish.lng File Size: 24542 BYTESestonian.lng File Size: 25146 BYTESfinnish.lng File Size: 25950 BYTESfrench.lng File Size: 29830 BYTESgerman.lng File Size: 29894 BYTESgreek.lng File Size: 29300 BYTEShebrew.lng File Size: 19362 BYTEShungarian.lng File Size: 28666 BYTESindonesian.lng File Size: 26854 BYTESitalian.lng File Size: 28194 BYTESjapanese.lng File Size: 16266 BYTESkorean.lng File Size: 14188 BYTESlatvian.lng File Size: 27100 BYTESlithuanian.lng File Size: 27838 BYTESnorwegian.lng File Size: 25116 BYTESpolish.lng File Size: 26644 BYTESportugueseBR.lng File Size: 28654 BYTESportuguesePT.lng File Size: 29062 BYTESromanian.lng File Size: 28290 BYTESrussian.lng File Size: 27302 BYTESserbian.lng File Size: 26804 BYTESslovak.lng File Size: 25644 BYTESslovenian.lng File Size: 24852 BYTESspanish.lng File Size: 30060 BYTESswedish.lng File Size: 25992 BYTESthai.lng File Size: 26092 BYTESturkish.lng File Size: 25876 BYTESvietnamese.lng File Size: 29528 BYTESC:\Users\Prime\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-MalwareC:\Users\Prime\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\LogsC:\Users\Prime\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\QuarantineC:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malwarerules.ref File Size: 6302342 BYTESC:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configurationbuild.conf File Size: 140 BYTESconfig.conf File Size: 4076 BYTEScustom.conf File Size: 20 BYTESdatabase.conf File Size: 432 BYTEShtml.conf File Size: 2762 BYTESlocal.conf File Size: 420 BYTESmanifest.conf File Size: 184 BYTESmessaging.conf File Size: 1430 BYTESnews.conf File Size: 379 BYTES===============================================================END OF FILE -
Thanks MrC.
Done with the above delete procedure but no joy running Malwarebytes.
Still opens up then slams closed when either trying to update or when I try to run the program without updating.
Thank you for being patient with me. I guess this can be a long process determining what is going on. Let me know what I need to do next.
Kind regards,
-
Here is the report. (Attached).
Says 29 'threats' but I'm not sure if any are REALLY threats or just files that the program doesn't recognize.
the log is pretty long so I attached it instead of copy and pasting.TDSSKiller-report.txt
-
Ok... I'll report back after scan and post results.
thanks.
-
MrC
I think you are looking at the log that was posted PRIOR to my using the adware removal software.
What program should I run to double check the log (I'll post it to my next post so you can see a fresh log file)?
thanks
-
Thank you MrC.
Actions taken:
1. I unchecked the SAS Start with Windows option
2. I downloaded and ran the AdwCleaner program and ran it again just to look at the logs and it appears clean of adware
3. I opened Malwarebytes and tried to update manually. The program closed soon after the small GUI appears showing its trying to connect to a download server.
Looks like something must still be preventing me from using Malwarebytes.
Should I run another Combofix report? I await your instructions.
Malwarebytes keeps closing on run--any ideas?
in Resolved Malware Removal Logs
Posted
Wow... fantastic.
I've done everything that you put on the list except for removing ESET which I didn't have installed.
I'll turn on the malwarebytes program and my antivirus.
Let me know if there is somewhere I can post a favorable review for you (or your business).
Thanks for all of your assistance.