ROIGuy
-
Posts
38 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by ROIGuy
-
-
The symptoms have been happening for many months so I'm not sure when it started.
My antivirus (if that is what Microsoft calls it {Microsoft Security Essentials}) never finds anything so if the computer is infected maybe it is blocking it somehow.
Thanks.... I'll get on this after dinner tonight and post the results.
-
Sure. Here are the results below:
ComboFix 13-09-12.01 - Prime 09/12/2013 10:32:04.4.2 - x86 NETWORKMicrosoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1391 [GMT -5:00]Running from: F:\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}* Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Prime\AppData\Local\Google\Chrome\User Data\Default\Preferences..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NEWDRIVER-------\Service_J-------\Service_NEWDRIVER..((((((((((((((((((((((((( Files Created from 2013-08-12 to 2013-09-12 )))))))))))))))))))))))))))))))..2013-09-12 15:44 . 2013-09-12 15:48 -------- d-----w- c:\users\Prime\AppData\Local\temp2013-09-12 15:44 . 2013-09-12 15:44 -------- d-----w- c:\users\Public\AppData\Local\temp2013-09-12 15:44 . 2013-09-12 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-12 15:44 . 2013-09-12 15:44 -------- d-----w- c:\users\apache2triad\AppData\Local\temp2013-09-11 20:24 . 2013-09-11 20:24 -------- d-----w- c:\programdata\Malwarebytes2013-09-11 20:24 . 2013-09-11 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-11 05:49 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAE643F8-9761-4DCF-A735-B936CE1C806C}\mpengine.dll2013-09-10 13:18 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-09 20:02 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-09-06 13:29 . 2013-09-06 13:21 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89C7C82E-9F00-4E5E-8332-1F1BB601DEFA}\gapaengine.dll2013-08-14 22:03 . 2013-07-25 02:25 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll2013-08-14 22:03 . 2013-07-25 02:25 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll2013-08-14 22:03 . 2013-07-25 02:25 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll2013-08-14 22:03 . 2013-07-25 02:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-08-14 21:57 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll2013-08-14 21:57 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll2013-08-14 21:56 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-08-14 21:56 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2013-08-14 21:56 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll2013-08-14 21:56 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys2013-08-14 21:56 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-14 21:56 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll2013-08-14 21:56 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-08-14 21:53 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll2013-08-14 21:53 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll2013-08-14 21:53 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll2013-08-14 21:53 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-12 15:24 . 2009-10-01 20:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-09-11 13:50 . 2012-04-25 16:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-11 13:50 . 2011-12-13 23:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-08-23 03:17 . 2012-06-12 18:26 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-06-19 02:50 . 2013-06-19 02:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-06-19 02:50 . 2012-03-21 01:44 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2010-03-11 06:01 . 2013-07-03 15:00 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll2010-03-11 06:40 . 2013-07-03 15:00 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll2010-03-11 06:02 . 2013-07-03 15:00 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll2010-03-11 06:01 . 2013-07-03 15:00 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll2010-03-11 06:01 . 2013-07-03 15:00 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll2010-03-11 06:00 . 2013-07-03 15:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll2010-03-11 06:01 . 2013-07-03 15:00 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll2010-03-11 06:01 . 2013-07-03 15:00 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll2009-10-05 19:49 . 2013-07-03 15:00 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll2010-03-11 06:02 . 2013-07-03 15:00 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 39408]"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]"DEA93BB65AB2469C8FA1BFF92906E324E7BAEC8E._service_run"="c:\users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-09-02 829392]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-30 5703920].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]"NDSTray.exe"="NDSTray.exe" [bU]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-02-11 36864]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]"Talk"="c:\program files\NCH Software\Talk\talk.exe" [2012-12-14 1420292]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952].c:\users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2BS9SJ0P05RQ;CONNECTION=NW;MONITOR=1; [2006-11-2 44544].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]Monitor Apache Servers.lnk - c:\apache2triad\bin\ApacheMonitor.exe [2008-1-18 41041].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux4"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Quick View.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnkbackup=c:\windows\pss\WD Quick View.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^Users^Prime^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]path=c:\users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnkbackup=c:\windows\pss\MagicDisc.lnk.StartupbackupExtension=.Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]2007-01-17 21:46 534648 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]2007-01-19 06:24 448632 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]2008-08-14 15:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]2006-04-29 13:21 94208 ----a-w- c:\program files\VirtualCloneDrive\VCDDaemon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2533579671-3271529956-2011735840-1000]"EnableNotificationsRef"=dword:00000001.S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcLocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.Contents of the 'Scheduled Tasks' folder.2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 13:50].2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 06:24].2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 06:24].2013-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.job- c:\users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-26 06:58].2013-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job- c:\users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-26 06:58]..------- Supplementary Scan -------.Trusted Zone: myps.com\portalTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: network.proxy.type - 0FF - ExtSQL: !HIDDEN! 2010-02-03 08:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - user.js: yahoo.homepage.dontask - trueFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=120812_bandext_3212_1FF - user.js: extensions.BabylonToolbar_i.babExt -FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.BabylonToolbar.id - 7c60cc900000000000000013e8104483FF - user.js: extensions.BabylonToolbar.instlDay - 15565FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.621:59FF - user.js: extensions.BabylonToolbar.prtnrId - babylonFF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar.tlbrId - tb9FF - user.js: extensions.BabylonToolbar.instlRef - sstFF - user.js: extensions.BabylonToolbar.dfltLng - enFF - user.js: extensions.BabylonToolbar.excTlbr - falseFF - user.js: extensions.BabylonToolbar.admin - falseuser_pref(places.frecency.bookmarkVisitBonus,0);user_pref(places.frecency.unvisitedBookmarkBonus,0);.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)SafeBoot-WudfPfSafeBoot-WudfRd...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-09-12 10:48Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ....scanning hidden autostart entries ....scanning hidden files .....c:\users\Prime\AppData\Local\Temp\CSCCADC.tmp 676 bytesc:\users\Prime\AppData\Local\Temp\RESCB3B.tmp 0 bytesc:\users\Prime\AppData\Local\Temp\vsuouv56.0.cs 61849 bytesc:\users\Prime\AppData\Local\Temp\vsuouv56.cmdline 394 bytesc:\users\Prime\AppData\Local\Temp\vsuouv56.dll 0 bytesc:\users\Prime\AppData\Local\Temp\vsuouv56.err 0 bytesc:\users\Prime\AppData\Local\Temp\vsuouv56.out 477 bytesc:\users\Prime\AppData\Local\Temp\vsuouv56.tmp 0 bytes.scan completed successfullyhidden files: 8.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b"{4064EA35-578D-4073-A834-C96D82CBCF40}"=hex:51,66,7a,6c,4c,1d,38,12,5b,e9,77,44,bf,19,1d,05,d7,22,8a,2d,87,95,8b,54"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}"=hex:51,66,7a,6c,4c,1d,38,12,2e,fd,ed,e4,cb,b5,c0,07,c5,4e,3a,0c,a2,bd,bf,47"{E16DC1FE-7C34-43F2-B754-F3AD12DDF97C}"=hex:51,66,7a,6c,4c,1d,38,12,90,c2,7e,e5,06,32,9c,06,c8,42,b0,ed,17,83,bd,68.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:e2,5a,10,f9,2e,3f,cd,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e,dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\.[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e,dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000001.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.------------------------ Other Running Processes ------------------------.c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exec:\program files\Microsoft Security Client\MsMpEng.exec:\program files\Common Files\Adobe\ARM\1.0\armsvc.exec:\windows\system32\agrsmsvc.exec:\apache2triad\bin\httpd.exec:\program files\Bonjour\mDNSResponder.exec:\program files\TOSHIBA\ConfigFree\CFSvcs.exec:\windows\system32\HPSIsvc.exec:\apache2triad\mysql\bin\mysqld.exec:\apache2triad\bin\httpd.exec:\program files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exec:\toshiba\IVP\ISM\pinger.exec:\toshiba\IVP\swupdate\swupdtmr.exec:\windows\system32\TODDSrv.exec:\program files\Toshiba\Power Saver\TosCoSrv.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exec:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\apache2triad\mail\bin\XMail.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\windows\System32\WUDFHost.exec:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exec:\windows\RtHDVCpl.exec:\program files\Toshiba\ConfigFree\NDSTray.exec:\windows\system32\RunDll32.exec:\windows\system32\igfxsrvc.exec:\windows\ehome\ehmsas.exec:\program files\Citrix\ICA Client\wfcrun32.exec:\program files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exec:\program files\Toshiba\ConfigFree\CFSwMgr.exec:\program files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exec:\program files\Windows Media Player\wmpnetwk.exec:\windows\servicing\TrustedInstaller.exe.**************************************************************************.Completion time: 2013-09-12 11:02:53 - machine was rebootedComboFix-quarantined-files.txt 2013-09-12 16:02.Pre-Run: 61,375,877,120 bytes freePost-Run: 61,318,258,688 bytes free.- - End Of File - - EA91C5BEB51E34993C14A2853A27171B5B5E648D12FCADC244C1EC30318E1EB9 -
The Addition.txt file results are attached as requested.
Here are the results of the FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2013Ran by Prime (administrator) on PRIME-PC on 12-09-2013 16:40:47Running from C:\Users\Prime\Desktop\Downloads\fubarMicrosoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal==================== Processes (Whitelisted) ===================(IObit) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE(Agere Systems) C:\Windows\system32\agrsmsvc.exe(Apache Software Foundation) C:\apache2triad\bin\httpd.exe(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe(HP) C:\Windows\system32\HPSIsvc.exe() C:\apache2triad\mysql\bin\mysqld.exe(Apache Software Foundation) C:\apache2triad\bin\httpd.exe(Sprint Spectrum, L.L.C) C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe() C:\Toshiba\IVP\ISM\pinger.exe() c:\Toshiba\IVP\swupdate\swupdtmr.exe(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE() C:\apache2triad\mail\bin\XMail.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe(Google Inc.) C:\Users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe(Apache Software Foundation) C:\apache2triad\bin\ApacheMonitor.exe(Intel Corporation) C:\Windows\system32\igfxsrvc.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe(Microsoft Corporation) C:\Windows\system32\wuauclt.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe(Google Inc.) C:\Users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [405504 2007-02-13] (Chicony)HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4374528 2007-02-06] (Realtek Semiconductor)HKLM\...\Run: [NDSTray.exe] - NDSTray.exeHKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411768 2006-12-20] (TOSHIBA Corporation)HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)HKLM\...\Run: [Adobe_ID0EYTHM] - C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)HKLM\...\Run: [HPUsageTracking] - C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2008-02-11] ()HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()HKLM\...\Run: [HPUsageTrackingLEDM] - C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)HKLM\...\Run: [Talk] - C:\Program Files\NCH Software\Talk\talk.exe [1420292 2012-12-14] (NCH Software)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()HKLM\...\Policies\Explorer: [NoCDBurning] 0HKLM\...\Policies\Explorer: [NoDrives] 0HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-24] (Google Inc.)HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe [574296 2012-03-06] (IObit)HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)HKCU\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)HKCU\...\Run: [DEA93BB65AB2469C8FA1BFF92906E324E7BAEC8E._service_run] - C:\Users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.)HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5703920 2013-08-30] (SUPERAntiSpyware)HKCU\...\Policies\Explorer: [NoDrives] 0HKU\apache2triad\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\apache2triad\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-10] (TOSHIBA)HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-10] (TOSHIBA)HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-10] (TOSHIBA)Startup: C:\Users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnkShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\bin\HPStatusBL.dll (Hewlett-Packard Co.)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7F39B232DE04CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=homeSearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}SearchScopes: HKCU - {469BC50C-B69A-478B-BA0B-385A950CABD1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp&p={searchTerms}BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)Toolbar: HKLM - &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - No Name - {4064EA35-578D-4073-A834-C96D82CBCF40} - No FileDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.defaultFF user.js: detected! => C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\user.jsFF SearchEngineOrder.1: Search the web (Babylon)FF SelectedSearchEngine: GoogleFF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)FF Plugin: @soe.sony.com/installer,version=1.0.3 - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Prime\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Prime\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Prime\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Prime\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF SearchPlugin: C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\searchplugins\alexa.xmlFF SearchPlugin: C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\searchplugins\duckduckgo.xmlFF SearchPlugin: C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\searchplugins\live-search.xmlFF SearchPlugin: C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\searchplugins\mycroft-project.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xmlFF Extension: Visualisateur 3D de 20-20 - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\2020Player_IKEA@2020Technologies.comFF Extension: Firebug - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\firebug@software.joehewitt(112).comFF Extension: HTTPS-Everywhere - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\https-everywhere@eff.orgFF Extension: IE Tab Plus - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\ietab@ip.cnFF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\kgen@elitwork.comFF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\LogMeInClient@logmein.comFF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\seo4firefox@seobook(113).comFF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\seotoolbar@seobook(114).comFF Extension: TinEye Reverse Image Search - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\tineye@ideeinc(115).comFF Extension: <em:name>SOE Web Installer - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}FF Extension: FlashGot - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(116)FF Extension: Microsoft .NET Framework Assistant - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}FF Extension: seolinkanalysis - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{2c7bf5d2-2002-4912-95b2-7c2ee8a9ce7c}FF Extension: SeoQuake - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}(117)FF Extension: IE Tab - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(118)FF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}(119)FF Extension: DownloadHelper - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}FF Extension: Cookies Manager+ - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}FF Extension: Window Resizer - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{C1273352-9340-4d54-A6D7-17DC157EC0B9}FF Extension: Page Speed - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}(120)FF Extension: Page Speed - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}(73)FF Extension: alertcheck - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\alertcheck@mike.conley.xpiFF Extension: jid1-ZAdIEUB7XOzOJw - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpiFF Extension: rankchecker - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\rankchecker@seobook.com.xpiFF Extension: savedpasswordeditor - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\savedpasswordeditor@daniel.dawson.xpiFF Extension: seo4firefox - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\seo4firefox@seobook.com.xpiFF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\sfStatistics.xmlFF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpiFF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpiFF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{f1ac39e3-5cd4-4b04-902f-e1add0245a11}FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF HKLM\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files\Google\Google Gears\Firefox\FF Extension: Google Gears - C:\Program Files\Google\Google Gears\Firefox\FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5Chrome:=======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Users\Prime\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Prime\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Prime\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Java Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Unity Player) - C:\Users\Prime\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.94) - C:\Users\Prime\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)CHR Plugin: (Google Update) - C:\Users\Prime\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (SOE Web Installer) - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Extension: (Google Drive) - C:\Users\Prime\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1CHR Extension: (Chrome In-App Payments service) - C:\Users\Prime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Prime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_1CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crxCHR StartMenuInternet: Google Chrome - C:\Users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe========================== Services (Whitelisted) =================R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)R2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)S2 Apache2; C:\apache2triad\bin\httpd.exe [24635 2008-01-18] (Apache Software Foundation)R2 Apache2.2; C:\apache2triad\bin\httpd.exe [24635 2008-01-18] (Apache Software Foundation)S3 Apache2SSL; C:\apache2triad\bin\httpd.exe [24635 2008-01-18] (Apache Software Foundation)S4 ATMsrvc; C:\Windows\System32\ATMsrvc.exe [15360 2000-05-24] (Adobe Systems Incorporated)S2 gupdate1c985c8e5b5ef0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)R2 MySql; C:\apache2triad\mysql\bin\mysqld.exe [3960832 2008-03-07] ()S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)R2 OSCM Utility Service; C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe [155648 2007-12-12] (Sprint Spectrum, L.L.C)S3 PgSql; C:\apache2triad\pgsql\bin\pg_ctl.exe [75207 2008-03-07] (PostgreSQL Global Development Group)R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()S2 SlimFTPd; C:\apache2triad\ftp\SlimFTPd.exe [54272 2008-03-07] ()R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)R2 XMail; C:\apache2triad\mail\bin\XMail.exe [339968 2008-03-07] ()S2 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [x]S3 FIWORYN; C:\Users\Prime\AppData\Local\Temp\FIWORYN.exe [x]S3 FJRO; C:\Users\Prime\AppData\Local\Temp\FJRO.exe [x]S3 OPIKF; C:\Users\Prime\AppData\Local\Temp\OPIKF.exe [x]S4 OUX; C:\Users\Prime\AppData\Local\Temp\OUX.exe [x]S3 SSELOJYCHTJI; C:\Users\Prime\AppData\Local\Temp\SSELOJYCHTJI.exe [x]S3 SUHVAER; C:\Users\Prime\AppData\Local\Temp\SUHVAER.exe [x]S3 TBGWJOQ; C:\Users\Prime\AppData\Local\Temp\TBGWJOQ.exe [x]S4 ZEKCIAPSH; C:\Users\Prime\AppData\Local\Temp\ZEKCIAPSH.exe [x]==================== Drivers (Whitelisted) ====================S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-19] (Microsoft Corporation)R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121248 2012-08-26] (SlySoft, Inc.)R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)R2 LMIRfsDriver; C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2008-07-24] (LogMeIn, Inc.)R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [77528 2013-09-12] (MalwareBytes)S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-09-12] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [19712 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [18304 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA))S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)S3 NWUSBCDFIL; C:\Windows\System32\DRIVERS\NwUsbCdFil.sys [13824 2007-09-06] (Novatel Wireless Inc.)S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [99200 2007-04-19] (Novatel Wireless Inc.)S3 NWVNDIS; C:\Windows\System32\DRIVERS\NWVNdis.sys [225280 2007-04-19] (Novatel Wireless, Inc.)S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2007-04-19] (Printing Communications Assoc., Inc. (PCAUSA))R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 UVCFTR; C:\Windows\System32\DRIVERS\UVCFTR_S.SYS [17712 2007-01-26] (Chicony Electronics Co., Ltd.)U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]S3 catchme; \??\C:\ComboFix\catchme.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [x]S4 LMIRfsClientNP; No ImagePathS3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]S3 pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [x]S1 SCDEmu; No ImagePathS3 Tosrfcom; No ImagePathS3 WDC_SAM; system32\DRIVERS\wdcsam.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-09-12 16:40 - 2013-09-12 16:40 - 00000000 ____D C:\FRST2013-09-12 16:01 - 2013-09-12 16:01 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Prime\yy\mbar-1.07.0.1005.exe2013-09-12 15:34 - 2013-09-12 15:34 - 00003421 _____ C:\Users\Prime\yy\RKreport[0]_S_09122013_153426.txt2013-09-12 15:26 - 2013-09-12 15:26 - 00918016 _____ C:\Users\Prime\yy\RogueKiller (1).exe2013-09-12 12:51 - 2013-09-12 12:52 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys2013-09-12 12:36 - 2013-09-12 16:01 - 00000000 ____D C:\Users\Prime\yy\mbar2013-09-12 12:36 - 2013-09-12 12:36 - 00077528 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys2013-09-12 11:02 - 2013-09-12 11:02 - 00025919 _____ C:\ComboFix.txt2013-09-12 10:28 - 2013-09-12 11:03 - 00000000 ____D C:\Qoobox2013-09-12 10:16 - 2013-09-12 10:16 - 00142880 _____ C:\Windows\Minidump\Mini091213-01.dmp2013-09-11 16:42 - 2013-09-12 15:19 - 00000000 ____D C:\Users\Prime\yy\RK_Quarantine2013-09-11 15:38 - 2013-09-11 15:38 - 00000000 _____ C:\Users\Prime\yy\settings.dat2013-09-11 15:37 - 2009-08-13 11:14 - 00472064 _____ ( ) C:\Users\Prime\yy\RootRepeal.exe2013-09-11 15:24 - 2013-09-11 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes2013-09-11 15:24 - 2013-09-11 15:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-09-09 15:02 - 2013-08-01 23:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2013-08-28 14:21 - 2013-08-28 14:21 - 00142880 _____ C:\Windows\Minidump\Mini082813-01.dmp2013-08-24 20:45 - 2013-08-24 20:46 - 00142880 _____ C:\Windows\Minidump\Mini082413-01.dmp2013-08-14 17:04 - 2013-07-24 21:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-08-14 17:04 - 2013-07-24 21:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-08-14 17:04 - 2013-07-24 21:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2013-08-14 17:04 - 2013-07-24 21:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-08-14 17:04 - 2013-07-24 21:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-08-14 17:04 - 2013-07-24 21:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-08-14 17:04 - 2013-07-24 21:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2013-08-14 17:04 - 2013-07-24 21:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2013-08-14 17:04 - 2013-07-24 21:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-08-14 17:04 - 2013-07-24 21:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-08-14 17:04 - 2013-07-24 21:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2013-08-14 17:03 - 2013-07-24 21:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-08-14 17:03 - 2013-07-24 21:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-08-14 17:03 - 2013-07-24 21:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-08-14 17:03 - 2013-07-24 21:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2013-08-14 17:03 - 2013-07-24 21:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-08-14 16:57 - 2013-07-17 14:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2013-08-14 16:57 - 2013-07-10 04:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2013-08-14 16:56 - 2013-07-09 07:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2013-08-14 16:56 - 2013-07-07 23:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe2013-08-14 16:56 - 2013-07-07 23:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2013-08-14 16:56 - 2013-07-04 22:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2013-08-14 16:56 - 2013-07-04 20:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys2013-08-14 16:56 - 2013-06-15 08:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll2013-08-14 16:56 - 2013-06-15 06:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2013-08-14 16:53 - 2013-07-07 23:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2013-08-14 16:53 - 2013-07-07 23:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2013-08-14 16:53 - 2013-07-07 23:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2013-08-14 16:53 - 2013-07-07 23:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll2013-08-14 16:30 - 2013-08-14 16:31 - 00142880 _____ C:\Windows\Minidump\Mini081413-01.dmp==================== One Month Modified Files and Folders =======2013-09-12 16:40 - 2013-09-12 16:40 - 00000000 ____D C:\FRST2013-09-12 16:39 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-09-12 16:39 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-09-12 16:37 - 2008-03-03 12:08 - 01314527 _____ C:\Windows\WindowsUpdate.log2013-09-12 16:01 - 2013-09-12 16:01 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Prime\yy\mbar-1.07.0.1005.exe2013-09-12 16:01 - 2013-09-12 12:36 - 00000000 ____D C:\Users\Prime\yy\mbar2013-09-12 16:01 - 2008-03-03 10:51 - 00000000 ___RD C:\Users\Prime\yy2013-09-12 15:34 - 2013-09-12 15:34 - 00003421 _____ C:\Users\Prime\yy\RKreport[0]_S_09122013_153426.txt2013-09-12 15:26 - 2013-09-12 15:26 - 00918016 _____ C:\Users\Prime\yy\RogueKiller (1).exe2013-09-12 15:19 - 2013-09-11 16:42 - 00000000 ____D C:\Users\Prime\yy\RK_Quarantine2013-09-12 15:11 - 2012-04-25 11:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-09-12 14:49 - 2009-06-30 08:49 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job2013-09-12 14:49 - 2009-06-30 08:49 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.job2013-09-12 14:47 - 2009-06-29 22:36 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-09-12 14:41 - 2009-06-29 22:36 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-09-12 14:39 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-12 14:37 - 2006-11-02 08:01 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-09-12 13:50 - 2011-09-28 22:24 - 00000000 ____D C:\Users\Prime\Documents\Alvaro Cub Scouts2013-09-12 12:52 - 2013-09-12 12:51 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys2013-09-12 12:36 - 2013-09-12 12:36 - 00077528 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys2013-09-12 11:03 - 2013-09-12 10:28 - 00000000 ____D C:\Qoobox2013-09-12 11:02 - 2013-09-12 11:02 - 00025919 _____ C:\ComboFix.txt2013-09-12 10:47 - 2006-11-02 05:23 - 00000215 _____ C:\Windows\system.ini2013-09-12 10:46 - 2013-07-16 13:44 - 00008432 _____ C:\Windows\PFRO.log2013-09-12 10:45 - 2006-11-02 05:22 - 65273856 _____ C:\Windows\system32\config\software.bak2013-09-12 10:45 - 2006-11-02 05:22 - 35328000 _____ C:\Windows\system32\config\COMPON~3.bak2013-09-12 10:45 - 2006-11-02 05:22 - 33816576 _____ C:\Windows\system32\config\system.bak2013-09-12 10:45 - 2006-11-02 05:22 - 00376832 _____ C:\Windows\system32\config\default.bak2013-09-12 10:45 - 2006-11-02 05:22 - 00061440 _____ C:\Windows\system32\config\sam.bak2013-09-12 10:45 - 2006-11-02 05:22 - 00036864 _____ C:\Windows\system32\config\security.bak2013-09-12 10:44 - 2012-05-02 13:36 - 00000000 ____D C:\Windows\ERDNT2013-09-12 10:16 - 2013-09-12 10:16 - 00142880 _____ C:\Windows\Minidump\Mini091213-01.dmp2013-09-12 10:16 - 2013-07-21 12:10 - 253417238 _____ C:\Windows\MEMORY.DMP2013-09-12 10:16 - 2008-03-18 17:32 - 00000000 ____D C:\Windows\Minidump2013-09-11 15:38 - 2013-09-11 15:38 - 00000000 _____ C:\Users\Prime\yy\settings.dat2013-09-11 15:24 - 2013-09-11 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes2013-09-11 15:24 - 2013-09-11 15:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-09-11 14:54 - 2013-07-03 10:00 - 00000000 ____D C:\Program Files\Mozilla Firefox2013-09-11 08:50 - 2012-04-25 11:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2013-09-11 08:50 - 2011-12-13 18:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2013-09-10 17:29 - 2008-03-06 12:41 - 00000000 ____D C:\Users\Prime\Documents\Alejo2013-09-09 22:11 - 2008-03-03 22:14 - 00000000 ____D C:\Users\Prime\Documents\Alejandro's school2013-09-09 09:07 - 2008-03-07 13:57 - 00000000 ____D C:\Users\Prime\AppData\Roaming\FileZilla2013-09-05 08:23 - 2008-03-06 12:48 - 00000000 ____D C:\Users\Prime\Documents\Computer2013-08-30 13:52 - 2012-02-27 21:59 - 00000000 ____D C:\pirates-22013-08-30 13:42 - 2013-07-02 12:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-08-28 14:21 - 2013-08-28 14:21 - 00142880 _____ C:\Windows\Minidump\Mini082813-01.dmp2013-08-26 09:05 - 2006-11-02 05:33 - 00006118 _____ C:\Windows\system32\PerfStringBackup.INI2013-08-24 20:46 - 2013-08-24 20:45 - 00142880 _____ C:\Windows\Minidump\Mini082413-01.dmp2013-08-18 22:22 - 2009-02-15 23:23 - 00000000 ____D C:\Users\Prime\AppData\Roaming\Winamp2013-08-14 19:08 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET2013-08-14 18:50 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache2013-08-14 17:59 - 2013-08-09 17:42 - 00000000 ____D C:\Windows\system32\MRT2013-08-14 17:56 - 2008-12-09 10:22 - 00000000 ____D C:\Users\Prime\Documents\Google2013-08-14 17:18 - 2009-04-01 00:15 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-08-14 17:03 - 2006-11-02 05:23 - 00000361 _____ C:\Windows\win.ini2013-08-14 16:31 - 2013-08-14 16:30 - 00142880 _____ C:\Windows\Minidump\Mini081413-01.dmp2013-08-14 13:38 - 2013-07-21 11:54 - 00000034 _____ C:\Windows\setupact.log==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-09-12 14:47==================== End Of Log ============================ -
Ok.. I'll report back with the results.
thanks
-
THanks MrC
I've downloaded and run the Anti-Rootkit program from the link provided.
However, the GUI opens and closes immediately.
I've tried it 4 times with the same result. (begins to open and slams shut).
...frustrating...
-
-
MrCharlie,
Thank you for helping me out and sorry about the double post.
Here are the results of the RogueKiller scan:
RogueKiller V8.6.11 [sep 11 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Prime [Admin rights]Mode : Scan -- Date : 09/12/2013 15:34:26| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 4 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job : C:\Users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.job : C:\Users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core : C:\Users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA : C:\Users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤[Address] IRP[iRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x887AB140)[Address] IRP[iRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x887AB140)[Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x88799A5A)[Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x88799A2C)[Address] IRP[iRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x88799A88)[Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x887A6B70)[Address] IRP[iRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x887A6B3C)¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: TOSHIBA MK2035GSS ATA Device +++++--- User ---[MBR] f5d642222efc67075ab9bdd584fcbb72[bSP] cd56eac472e5bfd04cf8dadeb20be8b5 : Windows Vista MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 189281 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_09122013_153426.txt >> -
thank you. I accidentally double posted because the server timed out.
I think I followed all of the instructions and I copied and pasted the dds output log files to the thread.
thanks for your help. I'm following the topic and will reply when someone replies to me.
-
Hello all,
I've just registered here and followed the instructions for new posters.
I began to suspect that my laptop may be infected with a virus/trojan/malware when I would periodically see the browser screen jump while browsing the internet.
Currently the only antivirus that I am using is from Microsoft (Security Essentials) but it never finds anything so I don't know if it is of much use.
I'm trying to use the free version of Malwarebytes and it keeps closing when I:
1. try to update automatically
2. try to update manually
3. try to run to do a full scan
Any suggestions? I have downloaded and run DDS.SCR based on the instructions from the page here . I do have the dds and attach log files and have pasted them below. If there is anyone who can readily see a problem with any infected files, please let me know.
I'm open to other suggestions. I'd really like to see if Malwarebytes can find anything but I cannot use it as it keeps closing whenever I try to run it.
PS---- I went through and tried all 12 of the configurations on 'Chameleon' but it didn't work either.
Regards and thanks in advance,
DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.15.2Run by Prime at 14:30:29 on 2013-09-12Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1209 [GMT -5:00].AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\IObit\Advanced SystemCare 5\ASCService.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\SLsvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\agrsmsvc.exeC:\apache2triad\bin\httpd.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Windows\system32\HPSIsvc.exeC:\apache2triad\mysql\bin\mysqld.exeC:\apache2triad\bin\httpd.exeC:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exeC:\Toshiba\IVP\ISM\pinger.exec:\Toshiba\IVP\swupdate\swupdtmr.exeC:\Program Files\Toshiba\Power Saver\TosCoSrv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\apache2triad\mail\bin\XMail.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\Program Files\Toshiba\Power Saver\TPwrMain.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Citrix\ICA Client\concentr.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exeC:\Users\Prime\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\apache2triad\bin\ApacheMonitor.exeC:\Windows\system32\RunDll32.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Citrix\ICA Client\wfcrun32.exeC:\Program Files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exeC:\Program Files\Toshiba\ConfigFree\CFSwMgr.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wuauclt.exeC:\Windows\Explorer.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dllBHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllTB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dllTB: &Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dlluRun: [sidebar] c:\program files\windows sidebar\sidebar.exeuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStartuRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostartuRun: [HP Officejet 6700 (NET)] "c:\program files\hp\hp officejet 6700\bin\ScanToPCActivationApp.exe" -deviceID "CN2BS9SJ0P05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1uRun: [DEA93BB65AB2469C8FA1BFF92906E324E7BAEC8E._service_run] "c:\users\prime\appdata\local\google\chrome\application\chrome.exe" --type=serviceuRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exemRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"mRun: [RtHDVCpl] RtHDVCpl.exemRun: [NDSTray.exe] NDSTray.exemRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXEmRun: [HSON] c:\program files\toshiba\tbs\HSON.exemRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXEmRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startupmRun: [Talk] "c:\program files\nch software\talk\talk.exe" -logonmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exemRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWStartupFolder: c:\users\prime\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\apache2triad\bin\ApacheMonitor.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - <orphaned>IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.1.254TCP: Interfaces\{3B116DE3-149F-4E6A-ACDF-FCA09C67589E} : DHCPNameServer = 192.168.1.254TCP: Interfaces\{76E1A31E-DFAA-408F-88E6-C39C4F8DD1FC} : DHCPNameServer = 68.28.146.92 68.28.154.92Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: igfxcui - igfxdev.dllSEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLLLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg.================= FIREFOX ===================.FF - ProfilePath - c:\users\prime\appdata\roaming\mozilla\firefox\profiles\hcsxmvrr.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: network.proxy.type - 0FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dllFF - plugin: c:\program files\divx\divx plus web player\npdivx32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dllFF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dllFF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\users\prime\appdata\local\citrix\plugins\94\npappdetector.dllFF - plugin: c:\users\prime\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: c:\users\prime\appdata\locallow\unity\webplayer\loader\npUnity3D32.dllFF - plugin: c:\users\prime\appdata\roaming\mozilla\firefox\profiles\hcsxmvrr.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dllFF - plugin: c:\windows\system32\npDeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dllFF - plugin: c:\windows\system32\NPSWF32.dllFF - ExtSQL: !HIDDEN! 2010-02-03 08:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension.---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - trueFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=120812_bandext_3212_1FF - user.js: extensions.BabylonToolbar_i.babExt -FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.BabylonToolbar.id - 7c60cc900000000000000013e8104483FF - user.js: extensions.BabylonToolbar.instlDay - 15565FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.621:59:21FF - user.js: extensions.BabylonToolbar.prtnrId - babylonFF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar.tlbrId - tb9FF - user.js: extensions.BabylonToolbar.instlRef - sstFF - user.js: extensions.BabylonToolbar.dfltLng - enFF - user.js: extensions.BabylonToolbar.excTlbr - falseFF - user.js: extensions.BabylonToolbar.admin - falseuser_pref(places.frecency.bookmarkVisitBonus,0);user_pref(places.frecency.unvisitedBookmarkBonus,0);.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-5-8 913752]R2 Apache2.2;Apache2.2;c:\apache2triad\bin\httpd.exe [2008-1-18 24635]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-2-27 21504]R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-9 99896]R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-8-15 47640]R2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\xmail.exe [2008-3-7 339968]R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-2-28 7168]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-9-12 77528]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-12 40776]R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate1c985c8e5b5ef0;Google Update Service (gupdate1c985c8e5b5ef0);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]S2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-6-24 136704]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]S2 SlimFTPd;Apache2Triad SlimFTPd Server;c:\apache2triad\ftp\SlimFTPd.exe [2008-3-7 54272]S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [2008-1-18 24635]S3 FIWORYN;FIWORYN;c:\users\prime\appdata\local\temp\fiworyn.exe --> c:\users\prime\appdata\local\temp\FIWORYN.exe [?]S3 FJRO;FJRO;c:\users\prime\appdata\local\temp\fjro.exe --> c:\users\prime\appdata\local\temp\FJRO.exe [?]S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-9-7 17408]S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 107392]S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-9-6 13824]S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-4-19 99200]S3 NWVNDIS;Novatel Wireless Virtual Network Adapter;c:\windows\system32\drivers\NWVNdis.sys [2007-4-19 225280]S3 OPIKF;OPIKF;c:\users\prime\appdata\local\temp\opikf.exe --> c:\users\prime\appdata\local\temp\OPIKF.exe [?]S3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [2008-3-7 75207]S3 SSELOJYCHTJI;SSELOJYCHTJI;c:\users\prime\appdata\local\temp\sselojychtji.exe --> c:\users\prime\appdata\local\temp\SSELOJYCHTJI.exe [?]S3 SUHVAER;SUHVAER;c:\users\prime\appdata\local\temp\suhvaer.exe --> c:\users\prime\appdata\local\temp\SUHVAER.exe [?]S3 TBGWJOQ;TBGWJOQ;c:\users\prime\appdata\local\temp\tbgwjoq.exe --> c:\users\prime\appdata\local\temp\TBGWJOQ.exe [?]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]S4 OUX;OUX;c:\users\prime\appdata\local\temp\oux.exe --> c:\users\prime\appdata\local\temp\OUX.exe [?]S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]S4 ZEKCIAPSH;ZEKCIAPSH;c:\users\prime\appdata\local\temp\zekciapsh.exe --> c:\users\prime\appdata\local\temp\ZEKCIAPSH.exe [?].=============== File Associations ===============.ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1".=============== Created Last 30 ================.2013-09-12 17:51:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-09-12 17:36:28 77528 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-09-12 15:47:15 -------- d-----w- C:\$RECYCLE.BIN2013-09-12 15:44:23 -------- d-----w- c:\users\prime\appdata\local\temp2013-09-11 20:24:17 -------- d-----w- c:\programdata\Malwarebytes2013-09-11 20:24:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-11 05:49:28 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eae643f8-9761-4dcf-a735-b936ce1c806c}\mpengine.dll2013-09-10 13:18:29 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2013-09-09 20:02:56 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-09-06 13:29:37 718712 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{89c7c82e-9f00-4e5e-8332-1f1bb601defa}\gapaengine.dll2013-08-14 22:03:59 104448 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll2013-08-14 22:03:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll2013-08-14 22:03:58 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll2013-08-14 22:03:54 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-08-14 21:57:20 783360 ----a-w- c:\windows\system32\rpcrt4.dll2013-08-14 21:57:14 2048 ----a-w- c:\windows\system32\tzres.dll2013-08-14 21:56:58 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-08-14 21:56:58 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2013-08-14 21:56:38 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys2013-08-14 21:56:38 15872 ----a-w- c:\windows\system32\icaapi.dll2013-08-14 21:56:33 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-14 21:56:32 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-08-14 21:56:32 1205168 ----a-w- c:\windows\system32\ntdll.dll2013-08-14 21:53:35 992768 ----a-w- c:\windows\system32\crypt32.dll2013-08-14 21:53:35 133120 ----a-w- c:\windows\system32\cryptsvc.dll2013-08-14 21:53:34 98304 ----a-w- c:\windows\system32\cryptnet.dll2013-08-14 21:53:34 172544 ----a-w- c:\windows\system32\wintrust.dll.==================== Find3M ====================.2013-09-11 13:50:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-11 13:50:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-06-19 02:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-06-19 02:50:08 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys.============= FINISH: 14:32:24.06 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 3/3/2008 11:07:53 AMSystem Uptime: 9/12/2013 10:45:42 AM (4 hours ago).Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRBProcessor: Intel® Core2 CPU T5300 @ 1.73GHz | U2E1 | 800/mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 185 GiB total, 55.292 GiB free.D: is CDROM ()E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0011Manufacturer: MicrosoftName: Microsoft ISATAP AdapterPNP Device ID: ROOT\*ISATAP\0011Service: tunnel.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: Chicony USB 2.0 CameraDevice ID: USB\VID_04F2&PID_B008&MI_00\6&298DA7B3&0&0000Manufacturer: ChiconyName: Chicony USB 2.0 CameraPNP Device ID: USB\VID_04F2&PID_B008&MI_00\6&298DA7B3&0&0000Service: usbvideo.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet Pro L7700Device ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Officejet Pro L7700PNP Device ID: ROOT\MULTIFUNCTION\0000Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet 7400 seriesDevice ID: ROOT\MULTIFUNCTION\0001Manufacturer: HPName: Officejet 7400 seriesPNP Device ID: ROOT\MULTIFUNCTION\0001Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: hp LaserJet 1320 seriesDevice ID: ROOT\MULTIFUNCTION\0002Manufacturer: Hewlett-PackardName: hp LaserJet 1320 seriesPNP Device ID: ROOT\MULTIFUNCTION\0002Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: HP LaserJet P2035nDevice ID: ROOT\MULTIFUNCTION\0003Manufacturer: Hewlett-PackardName: HP LaserJet P2035nPNP Device ID: ROOT\MULTIFUNCTION\0003Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: DesignJet 800 (C7779B)Device ID: ROOT\MULTIFUNCTION\0004Manufacturer: Hewlett-PackardName: DesignJet 800 (C7779B)PNP Device ID: ROOT\MULTIFUNCTION\0004Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Photosmart C7200 seriesDevice ID: ROOT\MULTIFUNCTION\0005Manufacturer: HPName: Photosmart C7200 seriesPNP Device ID: ROOT\MULTIFUNCTION\0005Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet Pro 8000 A809Device ID: ROOT\MULTIFUNCTION\0006Manufacturer: HPName: Officejet Pro 8000 A809PNP Device ID: ROOT\MULTIFUNCTION\0006Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet Pro 8500 A909aDevice ID: ROOT\MULTIFUNCTION\0007Manufacturer: HPName: Officejet Pro 8500 A909aPNP Device ID: ROOT\MULTIFUNCTION\0007Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: HP LaserJet P2015 SeriesDevice ID: ROOT\MULTIFUNCTION\0008Manufacturer: Hewlett-PackardName: HP LaserJet P2015 SeriesPNP Device ID: ROOT\MULTIFUNCTION\0008Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: hp LaserJet 4250Device ID: ROOT\MULTIFUNCTION\0009Manufacturer: Hewlett-PackardName: hp LaserJet 4250PNP Device ID: ROOT\MULTIFUNCTION\0009Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: HP LaserJet Professional P1102wDevice ID: ROOT\MULTIFUNCTION\0010Manufacturer: Hewlett-PackardName: HP LaserJet Professional P1102wPNP Device ID: ROOT\MULTIFUNCTION\0010Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: HP LaserJet Professional P1102wDevice ID: ROOT\MULTIFUNCTION\0011Manufacturer: Hewlett-PackardName: HP LaserJet Professional P1102wPNP Device ID: ROOT\MULTIFUNCTION\0011Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet Pro 8500 A910Device ID: ROOT\MULTIFUNCTION\0012Manufacturer: HPName: Officejet Pro 8500 A910PNP Device ID: ROOT\MULTIFUNCTION\0012Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: HP LaserJet M2727nf MFPDevice ID: ROOT\MULTIFUNCTION\0013Manufacturer: Hewlett-PackardName: HP LaserJet M2727nf MFPPNP Device ID: ROOT\MULTIFUNCTION\0013Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: HP Color LaserJet CP3525Device ID: ROOT\MULTIFUNCTION\0014Manufacturer: Hewlett-PackardName: HP Color LaserJet CP3525PNP Device ID: ROOT\MULTIFUNCTION\0014Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: hp LaserJet 4350Device ID: ROOT\MULTIFUNCTION\0015Manufacturer: Hewlett-PackardName: hp LaserJet 4350PNP Device ID: ROOT\MULTIFUNCTION\0015Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet Pro 8500 A909gDevice ID: ROOT\MULTIFUNCTION\0016Manufacturer: HPName: Officejet Pro 8500 A909gPNP Device ID: ROOT\MULTIFUNCTION\0016Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet 6700Device ID: ROOT\MULTIFUNCTION\0017Manufacturer: HPName: Officejet 6700PNP Device ID: ROOT\MULTIFUNCTION\0017Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Photosmart 6510 seriesDevice ID: ROOT\MULTIFUNCTION\0018Manufacturer: HPName: Photosmart 6510 seriesPNP Device ID: ROOT\MULTIFUNCTION\0018Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet Pro 8500 A910Device ID: ROOT\MULTIFUNCTION\0019Manufacturer: HPName: Officejet Pro 8500 A910PNP Device ID: ROOT\MULTIFUNCTION\0019Service:.==== System Restore Points ===================.RP1213: 8/15/2013 9:50:38 AM - Scheduled CheckpointRP1214: 8/16/2013 12:01:03 AM - Scheduled CheckpointRP1215: 8/17/2013 12:11:50 AM - Scheduled CheckpointRP1216: 8/18/2013 11:33:24 PM - Windows UpdateRP1217: 8/21/2013 4:49:53 PM - Scheduled CheckpointRP1218: 8/22/2013 10:16:13 PM - Windows UpdateRP1219: 8/26/2013 9:26:50 AM - Windows UpdateRP1220: 8/27/2013 3:43:22 PM - Scheduled CheckpointRP1221: 8/29/2013 10:01:03 PM - Windows UpdateRP1222: 8/30/2013 3:17:32 PM - Scheduled CheckpointRP1223: 8/31/2013 11:49:39 AM - Scheduled CheckpointRP1224: 9/1/2013 12:00:12 AM - Scheduled CheckpointRP1225: 9/2/2013 10:48:43 AM - Windows UpdateRP1226: 9/6/2013 8:19:23 AM - Windows UpdateRP1227: 9/9/2013 3:03:03 PM - Windows UpdateRP1228: 9/11/2013 6:58:08 PM - Scheduled CheckpointRP1229: 9/12/2013 11:42:49 AM - Scheduled Checkpoint.==== Installed Programs ======================.32 Bit HP CIO Components Installer7-Zip 4.57Acrobat.comActivation Assistant for the 2007 Microsoft Office suitesAdd or Remove Adobe Creative Suite 3 Master CollectionAdobe Acrobat 8 ProfessionalAdobe After Effects CS3Adobe After Effects CS3 PresetsAdobe After Effects CS3 Third Party ContentAdobe AIRAdobe Anchor Service CS3Adobe Asset Services CS3Adobe Bridge CS3Adobe Bridge Start MeetingAdobe BridgeTalk Plugin CS3Adobe Camera Raw 4.0Adobe CMapsAdobe Color - Photoshop SpecificAdobe Color Common SettingsAdobe Color EU Extra SettingsAdobe Color JA Extra SettingsAdobe Color NA Recommended SettingsAdobe Contribute CS3Adobe Creative Suite 3 Master CollectionAdobe Default Language CS3Adobe Device Central CS3Adobe Dreamweaver CS3Adobe Encore CS3Adobe Encore CS3 CodecsAdobe ExtendScript Toolkit 2Adobe Extension Manager CS3Adobe Fireworks CS3Adobe Flash CS3Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Flash Video EncoderAdobe Fonts AllAdobe Help Viewer CS3Adobe Illustrator CS3Adobe InDesign CS3Adobe InDesign CS3 Icon HandlerAdobe Linguistics CS3Adobe MotionPicture Color FilesAdobe PDF Library FilesAdobe Photoshop CS3Adobe Premiere Pro CS3Adobe Premiere Pro CS3 Functional ContentAdobe Premiere Pro CS3 Third Party ContentAdobe Reader X (10.1.6)Adobe SetupAdobe Shockwave Player 11Adobe SING CS3Adobe Soundbooth CS3Adobe Soundbooth CS3 CodecsAdobe Stock Photos CS3Adobe Type Manager 4.1Adobe Type SupportAdobe Update Manager CS3Adobe Version Cue CS3 ClientAdobe Version Cue CS3 ServerAdobe Video ProfilesAdobe WAS CS3Adobe WinSoft Linguistics PluginAdobe XMP DVA Panels CS3Adobe XMP Panels CS3Advanced PDF Password RecoveryAdvanced SystemCare 5AHV content for Acrobat and FlashAnyDVDApache HTTP Server 2.2.8Apache2Triad: apache server bundleApple Application SupportApple Software UpdateAT&T Connect Participant Application v8.8.53AT&T Self Support ToolAudacity 1.3.12 (Unicode)Avanquest updateavast! BART CD ManagerAviSynth 2.5Bejeweled 2 DeluxeBlackhawk Striker 2Blasterball 3Bluetooth Stack for Windows by ToshibaBPD_HPSUBPD_ScanBPDSoftwareBPDSoftware_IniBufferChmCamera Assistant Software for ToshibaCCleanerCD/DVD Drive Acoustic SilencerChat DashboardChuzzle DeluxeCitrix online plug-in - webCitrix online plug-in (DV)Citrix online plug-in (HDX)Citrix online plug-in (USB)Citrix online plug-in (Web)CoffeeCup Flash Menu BuilderCoffeeCup Web Form Builder - RegisteredCompatibility Pack for the 2007 Office systemCustomerResearchQFolderCutePDF Writer 2.8D3DX10D6100_D7100_D7300_HelpD7300Destination ComponentDeviceDiscoveryDivX SetupDivX Web PlayerDocProcDocProcQFolderDropboxDVD MovieFactory for TOSHIBADVD Shrink 3.2eSupportQFolderExpress TalkFATEFaxFileZilla Client 3.1.1.1Flashation Menu BuilderFLVPlayerGarmin Communicator PluginGarmin USB DriversGarmin WebUpdaterGnuWin32: OpenSSL-0.9.8h-1Google AdWords EditorGoogle Calendar SyncGoogle ChromeGoogle DriveGoogle Earth Plug-inGoogle GearsGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToMeeting 5.5.0.1132Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Customer Participation Program 8.0HP Deskjet & Photosmart Printer Driver Software 8.0.AHP Imaging Device Functions 8.0HP LaserJet P2030 SeriesHP LaserJet Professional P1100-P1560-P1600 SeriesHP OCR Software 8.0HP Officejet 6700 Basic Device SoftwareHP Officejet 6700 HelpHP Officejet 6700 Product Improvement StudyHP Officejet Pro 8500 A910 Basic Device SoftwareHP Officejet Pro 8500 A910 HelpHP Officejet Pro 8500 A910 Product Improvement StudyHP Officejet Pro All-In-One SeriesHP Photosmart EssentialHP Product AssistantHP Solution Center 8.0HP UpdateHP_Network_UserGuidehppLaserJetServicehppP1100P1560P1600SeriesLaserJetServiceHPProductAssistanthppusgP1100P1560P1600SerieshppusgP2030HPSSupplyI.R.I.S. OCRImgBurnInFlac 1.1.1Intel® Graphics Media Accelerator DriverInternet OffersJava 7 Update 15Java Auto UpdaterJava 6 Update 27Java SE Development Kit 7JEOPARDYMagic ISO Maker v5.5 (build 0272)MagicDisc 2.7.105magicJackMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMarvell Miniport DriverMediaCoder 0.6.1MemoryzeMesh RuntimeMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2833941)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Money EssentialsMicrosoft Money Shared LibrariesMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office File Validation Add-InMicrosoft Office Live Meeting 2007Microsoft Office Outlook ConnectorMicrosoft Office Professional Edition 2003Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bitMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Backward compatibilityMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server Native ClientMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMicrosoft XML ParserMobilinkMotorola Driver Installation 3.7.0Motorola Phone ToolsMozilla Firefox 19.0 (x86 en-US)Mozilla Maintenance ServiceMPMMrvlUsgTrackingMSVCRTMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NetworkNotepad AppOgg Codecs 0.81.15562Oregon Trail® 5PC Inspector File RecoveryPDF SettingsPenguins!Polar BowlerPolar GolferPremiumSoft Navicat MySQL 7.2QuickBooks Remote AccessQuickTimeRealtek High Definition Audio DriverScanSCRABBLESecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Windows Media Encoder (KB2447961)Security Update for Windows Media Encoder (KB954156)Security Update for Windows Media Encoder (KB979332)Security Update for Windows Media Player (KB2845142)Segoe UISF_CDA_ProductContextSF_CDA_SoftwareSkype ToolbarsSkype™ 5.10SlpCataloguesSolutionCenterSothink SWF DecompilerSothink SWF QuickerSprint Mobile Broadband (Novatel Wireless)StatusSUPERAntiSpywareSWFKit 3.1Synaptics Pointing Device DriverTexas Instruments PCIxx21/x515/xx12 drivers.TIPCIToolboxTOSHIBA AssistTOSHIBA ConfigFreeTOSHIBA Disc CreatorTOSHIBA Extended Tiles for Windows Mobility CenterTOSHIBA Hardware SetupTOSHIBA Media Center Game ConsoleToshiba RegistrationTOSHIBA SD Memory UtilitiesTOSHIBA Software ModemTOSHIBA Software UpgradesTOSHIBA Speech System ApplicationsTOSHIBA Speech System SR Engine(U.S.) Version1.0TOSHIBA Speech System TTS Engine(U.S.) Version1.0TOSHIBA Supervisor PasswordTOSHIBA Value Added PackageTrayAppTrivial Pursuit Digital Choice v1.2.5 for Windows XP/VistaUnloadSupportUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)VC 9.0 RuntimeVC80CRTRedist - 8.0.50727.6195VirtualCloneDriveVista Codec PackageVisual Studio Tools for the Office system 3.0 RuntimeVisual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)VRE ToolbarWeb Dumper 2.4.1WebRegWinampWindows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Encoder 9 SeriesWindows Media Player Firefox PluginWinDVD for TOSHIBAYahoo! Music JukeboxZoneAlarm LTD Toolbar.==== Event Viewer Messages From Past Week ========.9/7/2013 11:17:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.9/5/2013 9:47:26 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.9/5/2013 9:47:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm DfsC ElbyCDIO MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL SCDEmu Smb spldr tdx Wanarpv6 ws2ifsl9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.9/5/2013 9:47:12 AM, Error: Service Control Manager [7001] - The Apache2.2 service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.9/5/2013 9:46:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}9/5/2013 9:46:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}9/12/2013 8:49:16 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.157.1649.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9800.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.9/12/2013 8:39:23 AM, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).9/12/2013 8:24:44 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.157.1649.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9800.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.9/12/2013 2:32:25 PM, Error: mbamchameleon [61703] -9/12/2013 12:48:11 PM, Error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).9/12/2013 10:59:00 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.157.1649.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9800.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.9/12/2013 10:53:44 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.9/12/2013 10:48:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SCDEmu9/12/2013 10:48:06 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.9/12/2013 10:47:49 AM, Error: Service Control Manager [7038] - The SlimFTPd service was unable to log on as .\apache2triad with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).9/12/2013 10:47:49 AM, Error: Service Control Manager [7024] - The Apache2Triad Apache2 Service service terminated with service-specific error 1 (0x1).9/12/2013 10:47:49 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.9/12/2013 10:47:49 AM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.9/12/2013 10:47:49 AM, Error: Service Control Manager [7000] - The avast! iAVS4 Control Service service failed to start due to the following error: The system cannot find the path specified.9/12/2013 10:47:49 AM, Error: Service Control Manager [7000] - The Apache2Triad SlimFTPd Server service failed to start due to the following error: The service did not start due to a logon failure.9/12/2013 10:44:56 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.9/12/2013 10:32:51 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.157.1649.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9800.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode9/12/2013 10:32:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}9/12/2013 10:28:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}9/12/2013 10:22:55 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm ElbyCDIO MpFilter SASDIFSV SASKUTIL SCDEmu spldr Wanarpv69/12/2013 10:22:55 AM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.9/12/2013 10:22:55 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.9/12/2013 10:22:55 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.9/12/2013 10:22:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}9/12/2013 10:22:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}9/12/2013 10:21:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}9/12/2013 10:21:45 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .9/12/2013 10:21:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}9/12/2013 10:17:51 AM, Error: Service Control Manager [7000] - The NEWDRIVER service failed to start due to the following error: The system cannot find the file specified.9/12/2013 10:16:33 AM, Error: EventLog [6008] - The previous system shutdown at 10:13:52 AM on 9/12/2013 was unexpected.9/11/2013 8:49:24 AM, Error: Application Popup [56] - Driver USB returned invalid ID for a child device (SN0001).9/10/2013 10:33:42 PM, Error: yukonwlh [101] - Driver has encountered an internal error.==== End Of File ===========================
-
-
Ok.. I'll check the link you posted.
Do I respond in that thread or this one?
thanks
-
Hello all,
I began to suspect that my laptop may be infected with a virus/trojan/malware when I would periodically see the browser screen jump while browsing the internet.
Currently the only antivirus that I am using is from Microsoft (Security Essentials) but it never finds anything so I don't know if it is of much use.
I'm trying to use the free version of Malwarebytes and it keeps closing when I:
1. try to update automatically
2. try to update manually
3. try to run to do a full scan
Any suggestions? I have downloaded and run Combofix based on suggestions that I have seen with others experiencing the same problem, but it didn't fix anything that I can see. I do have the LOG file and have posted it below. If there is anyone who can readily see a problem with any infected files, please let me know.
I'm open to other suggestions. I'd really like to see if Malwarebytes can find anything but I cannot use it as it keeps closing whenever I try to run it.
PS---- I went through and tried all 12 of the configurations on 'Chameleon' but it didn't work either.
Regards,
ComboFix 13-09-12.01 - Prime 09/12/2013 10:32:04.4.2 - x86 NETWORKMicrosoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1391 [GMT -5:00]Running from: F:\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}* Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Prime\AppData\Local\Google\Chrome\User Data\Default\Preferences..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NEWDRIVER-------\Service_J-------\Service_NEWDRIVER..((((((((((((((((((((((((( Files Created from 2013-08-12 to 2013-09-12 )))))))))))))))))))))))))))))))..2013-09-12 15:44 . 2013-09-12 15:48 -------- d-----w- c:\users\Prime\AppData\Local\temp2013-09-12 15:44 . 2013-09-12 15:44 -------- d-----w- c:\users\Public\AppData\Local\temp2013-09-12 15:44 . 2013-09-12 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-12 15:44 . 2013-09-12 15:44 -------- d-----w- c:\users\apache2triad\AppData\Local\temp2013-09-11 20:24 . 2013-09-11 20:24 -------- d-----w- c:\programdata\Malwarebytes2013-09-11 20:24 . 2013-09-11 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-11 05:49 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAE643F8-9761-4DCF-A735-B936CE1C806C}\mpengine.dll2013-09-10 13:18 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-09 20:02 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-09-06 13:29 . 2013-09-06 13:21 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89C7C82E-9F00-4E5E-8332-1F1BB601DEFA}\gapaengine.dll2013-08-14 22:03 . 2013-07-25 02:25 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll2013-08-14 22:03 . 2013-07-25 02:25 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll2013-08-14 22:03 . 2013-07-25 02:25 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll2013-08-14 22:03 . 2013-07-25 02:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-08-14 21:57 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll2013-08-14 21:57 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll2013-08-14 21:56 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-08-14 21:56 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2013-08-14 21:56 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll2013-08-14 21:56 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys2013-08-14 21:56 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-14 21:56 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll2013-08-14 21:56 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-08-14 21:53 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll2013-08-14 21:53 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll2013-08-14 21:53 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll2013-08-14 21:53 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-12 15:24 . 2009-10-01 20:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-09-11 13:50 . 2012-04-25 16:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-11 13:50 . 2011-12-13 23:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-08-23 03:17 . 2012-06-12 18:26 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-06-19 02:50 . 2013-06-19 02:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-06-19 02:50 . 2012-03-21 01:44 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2010-03-11 06:01 . 2013-07-03 15:00 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll2010-03-11 06:40 . 2013-07-03 15:00 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll2010-03-11 06:02 . 2013-07-03 15:00 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll2010-03-11 06:01 . 2013-07-03 15:00 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll2010-03-11 06:01 . 2013-07-03 15:00 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll2010-03-11 06:00 . 2013-07-03 15:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll2010-03-11 06:01 . 2013-07-03 15:00 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll2010-03-11 06:01 . 2013-07-03 15:00 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll2009-10-05 19:49 . 2013-07-03 15:00 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll2010-03-11 06:02 . 2013-07-03 15:00 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 39408]"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]"DEA93BB65AB2469C8FA1BFF92906E324E7BAEC8E._service_run"="c:\users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-09-02 829392]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-30 5703920].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]"NDSTray.exe"="NDSTray.exe" [bU]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-02-11 36864]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]"Talk"="c:\program files\NCH Software\Talk\talk.exe" [2012-12-14 1420292]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952].c:\users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2BS9SJ0P05RQ;CONNECTION=NW;MONITOR=1; [2006-11-2 44544].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]Monitor Apache Servers.lnk - c:\apache2triad\bin\ApacheMonitor.exe [2008-1-18 41041].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux4"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Quick View.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnkbackup=c:\windows\pss\WD Quick View.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^Users^Prime^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]path=c:\users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnkbackup=c:\windows\pss\MagicDisc.lnk.StartupbackupExtension=.Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]2007-01-17 21:46 534648 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]2007-01-19 06:24 448632 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]2008-08-14 15:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]2006-04-29 13:21 94208 ----a-w- c:\program files\VirtualCloneDrive\VCDDaemon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2533579671-3271529956-2011735840-1000]"EnableNotificationsRef"=dword:00000001.S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcLocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.Contents of the 'Scheduled Tasks' folder.2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 13:50].2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 06:24].2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 06:24].2013-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.job- c:\users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-26 06:58].2013-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job- c:\users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-26 06:58]..------- Supplementary Scan -------.Trusted Zone: myps.com\portalTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: network.proxy.type - 0FF - ExtSQL: !HIDDEN! 2010-02-03 08:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - user.js: yahoo.homepage.dontask - trueFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=120812_bandext_3212_1FF - user.js: extensions.BabylonToolbar_i.babExt -FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.BabylonToolbar.id - 7c60cc900000000000000013e8104483FF - user.js: extensions.BabylonToolbar.instlDay - 15565FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.621:59FF - user.js: extensions.BabylonToolbar.prtnrId - babylonFF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar.tlbrId - tb9FF - user.js: extensions.BabylonToolbar.instlRef - sstFF - user.js: extensions.BabylonToolbar.dfltLng - enFF - user.js: extensions.BabylonToolbar.excTlbr - falseFF - user.js: extensions.BabylonToolbar.admin - falseuser_pref(places.frecency.bookmarkVisitBonus,0);user_pref(places.frecency.unvisitedBookmarkBonus,0);.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)SafeBoot-WudfPfSafeBoot-WudfRd...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-09-12 10:48Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ....scanning hidden autostart entries ....scanning hidden files .....c:\users\Prime\AppData\Local\Temp\CSCCADC.tmp 676 bytesc:\users\Prime\AppData\Local\Temp\RESCB3B.tmp 0 bytesc:\users\Prime\AppData\Local\Temp\vsuouv56.0.cs 61849 bytesc:\users\Prime\AppData\Local\Temp\vsuouv56.cmdline 394 bytesc:\users\Prime\AppData\Local\Temp\vsuouv56.dll 0 bytesc:\users\Prime\AppData\Local\Temp\vsuouv56.err 0 bytesc:\users\Prime\AppData\Local\Temp\vsuouv56.out 477 bytesc:\users\Prime\AppData\Local\Temp\vsuouv56.tmp 0 bytes.scan completed successfullyhidden files: 8.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b"{4064EA35-578D-4073-A834-C96D82CBCF40}"=hex:51,66,7a,6c,4c,1d,38,12,5b,e9,77,44,bf,19,1d,05,d7,22,8a,2d,87,95,8b,54"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}"=hex:51,66,7a,6c,4c,1d,38,12,2e,fd,ed,e4,cb,b5,c0,07,c5,4e,3a,0c,a2,bd,bf,47"{E16DC1FE-7C34-43F2-B754-F3AD12DDF97C}"=hex:51,66,7a,6c,4c,1d,38,12,90,c2,7e,e5,06,32,9c,06,c8,42,b0,ed,17,83,bd,68.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:e2,5a,10,f9,2e,3f,cd,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e,dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\.[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e,dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000001.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.------------------------ Other Running Processes ------------------------.c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exec:\program files\Microsoft Security Client\MsMpEng.exec:\program files\Common Files\Adobe\ARM\1.0\armsvc.exec:\windows\system32\agrsmsvc.exec:\apache2triad\bin\httpd.exec:\program files\Bonjour\mDNSResponder.exec:\program files\TOSHIBA\ConfigFree\CFSvcs.exec:\windows\system32\HPSIsvc.exec:\apache2triad\mysql\bin\mysqld.exec:\apache2triad\bin\httpd.exec:\program files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exec:\toshiba\IVP\ISM\pinger.exec:\toshiba\IVP\swupdate\swupdtmr.exec:\windows\system32\TODDSrv.exec:\program files\Toshiba\Power Saver\TosCoSrv.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exec:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\apache2triad\mail\bin\XMail.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\windows\System32\WUDFHost.exec:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exec:\windows\RtHDVCpl.exec:\program files\Toshiba\ConfigFree\NDSTray.exec:\windows\system32\RunDll32.exec:\windows\system32\igfxsrvc.exec:\windows\ehome\ehmsas.exec:\program files\Citrix\ICA Client\wfcrun32.exec:\program files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exec:\program files\Toshiba\ConfigFree\CFSwMgr.exec:\program files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exec:\program files\Windows Media Player\wmpnetwk.exec:\windows\servicing\TrustedInstaller.exe.**************************************************************************.Completion time: 2013-09-12 11:02:53 - machine was rebootedComboFix-quarantined-files.txt 2013-09-12 16:02.Pre-Run: 61,375,877,120 bytes freePost-Run: 61,318,258,688 bytes free.- - End Of File - - EA91C5BEB51E34993C14A2853A27171B5B5E648D12FCADC244C1EC30318E1EB9
ok
Malwarebytes keeps closing on run--any ideas?
in Resolved Malware Removal Logs
Posted
Here we are MrCharlie:
Ran Combofix as specified above. Logfile below-- Let me know next steps when you can (thank you):