Jump to content

nocharge

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ok, installed SP2 & all 91 updates (important ones)...downloaded & ran MBAM cleanup tool, downloaded and installed Malwarebytes from link provided. Still "App crashes" when it opens & tries to update.
  2. Took me a while to find them: 2 ComboFix 14-07-17.03 - John 07/17/2014 18:21:50.2.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3582.2468 [GMT -5:00]Running from: c:\users\John\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-06-17 to 2014-07-17 )))))))))))))))))))))))))))))))..2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\John\AppData\Local\temp2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\UpdatusUser(55)\AppData\Local\temp2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp2014-07-17 12:31 . 2014-07-17 12:31 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-07-17 12:30 . 2014-07-17 12:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware2014-07-17 12:30 . 2014-07-17 12:30 -------- d-----w- c:\programdata\Malwarebytes2014-07-17 12:30 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys2014-07-17 12:30 . 2014-05-12 12:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-07-17 12:30 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys2014-07-17 12:10 . 2014-07-17 12:10 -------- d-----w- c:\program files\Common Files\Java2014-07-17 12:10 . 2014-07-11 08:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2014-07-17 03:23 . 2014-07-14 09:12 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B31A51CC-7285-4584-857D-4D6F5B0D4EE8}\mpengine.dll2014-07-16 13:45 . 2014-07-16 15:57 -------- d-----w- c:\users\John\AppData\Roaming\ImgBurn2014-07-16 03:44 . 2014-07-16 03:44 -------- d-----w- C:\Vista Ultimate x86 SP12014-07-16 03:23 . 2014-07-09 21:34 55232 ----a-w- c:\windows\system32\drivers\{5178f938-0bd5-47c1-8242-71f6e3e72925}Gt.sys2014-07-16 02:25 . 2014-07-16 02:25 -------- d-----w- c:\program files\ImgBurn2014-07-16 02:20 . 2014-07-16 02:20 -------- d-----w- c:\program files\7-Zip2014-07-15 22:30 . 2014-07-17 02:59 -------- d-----w- C:\MGADiagToolOutput2014-07-15 22:29 . 2014-07-15 22:29 -------- d-----w- c:\programdata\Office Genuine Advantage2014-07-15 14:50 . 2014-07-15 14:53 -------- d-----w- c:\users\user12014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- c:\programdata\iolo2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- c:\users\John\AppData\Roaming\iolo2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- C:\dell2014-07-10 23:21 . 2014-07-10 23:21 -------- d-----w- c:\program files\Windows Kits2014-07-10 17:20 . 2014-07-10 17:20 -------- d-----w- c:\program files\ToniArts2014-07-10 16:58 . 2014-07-10 16:58 -------- d-----w- c:\users\John\AppData\Roaming\SparkTrust2014-07-10 16:57 . 2014-07-10 17:05 -------- d-----w- c:\programdata\SparkTrust2014-07-10 16:17 . 2014-07-10 16:17 -------- d-----w- c:\program files\Enigma Software Group2014-07-10 01:19 . 2014-07-10 01:19 -------- d-----w- C:\ca12041aa2ab28e8fee2522014-07-10 00:00 . 2014-07-10 00:00 -------- d-----w- c:\users\John\AppData\Roaming\Dell2014-07-10 00:00 . 2014-07-10 00:00 -------- d-----w- c:\programdata\PCDr2014-07-09 23:59 . 2014-07-10 21:09 -------- d-----w- c:\program files\My Dell2014-07-09 23:58 . 2014-07-09 23:58 -------- d-----w- c:\users\John\AppData\Roaming\PCDr2014-07-09 15:58 . 2014-07-15 21:56 -------- d-----w- C:\FRST2014-07-09 14:03 . 2014-07-15 18:21 -------- d-----w- C:\AdwCleaner...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-29 12:20 . 2013-01-14 14:14 48392 ----a-w- c:\windows\system32\certsentry.dll2014-05-10 12:57 . 2012-08-23 17:11 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-05-10 12:57 . 2012-08-23 17:11 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"HideSCAHealth"= 1 (0x1).S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.Contents of the 'Scheduled Tasks' folder.2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24].2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]..------- Supplementary Scan -------.uStart Page = hxxp://johnspatch.blogspot.com/uDefault_Search_URL = hxxp://google.inklineglobal.comuSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.2.1..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-07-17 18:25Windows 6.0.6001 Service Pack 1 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.Completion time: 2014-07-17 18:26:41ComboFix-quarantined-files.txt 2014-07-17 23:26ComboFix2.txt 2014-07-15 19:35ComboFix3.txt 2014-07-15 19:14ComboFix4.txt 2014-07-09 22:44ComboFix5.txt 2014-07-17 23:21.Pre-Run: 240,011,317,248 bytes freePost-Run: 240,060,403,712 bytes free.- - End Of File - - C0A9ABD1117134424F636B36B2BDEA38239841E1AE8E4843C0676F3681A7D6BE ___________________________________________________________________________________________ 3: ComboFix 14-07-15.04 - John 07/15/2014 14:29:03.2.2 - x86 NETWORKMicrosoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3582.3137 [GMT -5:00]Running from: c:\users\John\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-06-15 to 2014-07-15 )))))))))))))))))))))))))))))))..2014-07-15 19:34 . 2014-07-15 19:34 -------- d-----w- c:\users\John\AppData\Local\temp2014-07-15 19:34 . 2014-07-15 19:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2014-07-15 19:34 . 2014-07-15 19:34 -------- d-----w- c:\users\UpdatusUser(55)\AppData\Local\temp2014-07-15 19:34 . 2014-07-15 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp2014-07-15 17:13 . 2014-07-15 17:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{345001E6-868B-49A1-A274-4CF698ABD7AA}\offreg.dll2014-07-15 17:05 . 2014-07-15 18:55 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-07-15 17:05 . 2014-07-15 18:55 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-07-15 17:05 . 2014-07-15 17:05 -------- d-----w- c:\program files\Malwarebytes Anti-Malware2014-07-15 17:05 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys2014-07-15 17:05 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys2014-07-15 15:28 . 2014-07-15 15:28 -------- d-----w- c:\programdata\Malwarebytes2014-07-15 14:50 . 2014-07-15 14:53 -------- d-----w- c:\users\user12014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- c:\programdata\iolo2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- c:\users\John\AppData\Roaming\iolo2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- C:\dell2014-07-10 23:21 . 2014-07-10 23:21 -------- d-----w- c:\program files\Windows Kits2014-07-10 17:20 . 2014-07-10 17:20 -------- d-----w- c:\program files\ToniArts2014-07-10 16:58 . 2014-07-10 16:58 -------- d-----w- c:\users\John\AppData\Roaming\SparkTrust2014-07-10 16:57 . 2014-07-10 17:05 -------- d-----w- c:\programdata\SparkTrust2014-07-10 16:17 . 2014-07-10 16:17 -------- d-----w- c:\program files\Enigma Software Group2014-07-10 01:19 . 2014-07-10 01:19 -------- d-----w- C:\ca12041aa2ab28e8fee2522014-07-10 00:00 . 2014-07-10 00:00 -------- d-----w- c:\users\John\AppData\Roaming\Dell2014-07-10 00:00 . 2014-07-10 00:00 -------- d-----w- c:\programdata\PCDr2014-07-09 23:59 . 2014-07-10 21:09 -------- d-----w- c:\program files\My Dell2014-07-09 23:58 . 2014-07-09 23:58 -------- d-----w- c:\users\John\AppData\Roaming\PCDr2014-07-09 15:58 . 2014-07-15 18:48 -------- d-----w- C:\FRST2014-07-09 15:17 . 2014-07-09 15:17 -------- d-----w- c:\program files\ESET2014-07-09 14:03 . 2014-07-15 18:21 -------- d-----w- C:\AdwCleaner...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-29 12:20 . 2013-01-14 14:14 48392 ----a-w- c:\windows\system32\certsentry.dll2014-05-10 12:57 . 2012-08-23 17:11 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-05-10 12:57 . 2012-08-23 17:11 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-04-30 23:37 . 2014-06-01 06:34 8073384 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{345001E6-868B-49A1-A274-4CF698ABD7AA}\mpengine.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"HideSCAHealth"= 1 (0x1).R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]..Contents of the 'Scheduled Tasks' folder.2014-07-15 c:\windows\Tasks\At1.job- c:\program files\pcmax\service.exe [2014-05-29 11:16].2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24].2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24].2014-07-15 c:\windows\Tasks\pcreg.job- c:\program files\pcmax\service.exe [2014-05-29 11:16]..------- Supplementary Scan -------.uStart Page = hxxp://johnspatch.blogspot.com/uDefault_Search_URL = hxxp://google.inklineglobal.comuSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.2.1..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-07-15 14:34Windows 6.0.6001 Service Pack 1 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.Completion time: 2014-07-15 14:35:45ComboFix-quarantined-files.txt 2014-07-15 19:35ComboFix2.txt 2014-07-15 19:14ComboFix3.txt 2014-07-09 22:44ComboFix4.txt 2014-07-09 22:04.Pre-Run: 243,762,589,696 bytes freePost-Run: 243,662,098,432 bytes free.- - End Of File - - D27101DAC2D5496202D60350D722A04E239841E1AE8E4843C0676F3681A7D6BE ____________________________________________________________________________________________ 5: ComboFix 14-07-08.01 - John 07/09/2014 16:58:29.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3582.2385 [GMT -5:00]Running from: c:\users\John\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\John\battlelog-web-plugins_2.1.7_115.exec:\users\John\TG_PCOptimizer.exe..((((((((((((((((((((((((( Files Created from 2014-06-09 to 2014-07-09 )))))))))))))))))))))))))))))))..2014-07-09 15:58 . 2014-07-09 21:31 -------- d-----w- C:\FRST2014-07-09 15:17 . 2014-07-09 15:17 -------- d-----w- c:\program files\ESET2014-07-09 14:05 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll2014-07-09 14:03 . 2014-07-09 20:37 -------- d-----w- C:\AdwCleaner2014-07-09 13:53 . 2014-07-09 13:53 -------- d-----w- c:\windows\ERUNT2014-07-09 03:17 . 2014-07-09 03:17 -------- d-----w- c:\users\John\AppData\Local\ElevatedDiagnostics2014-07-08 19:15 . 2014-07-08 19:15 -------- d-----w- c:\users\John\AppData\Roaming\AVAST Software2014-07-08 19:14 . 2014-07-08 19:14 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys2014-07-08 19:14 . 2014-07-08 19:14 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-07-08 19:14 . 2014-07-08 19:14 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys2014-07-08 19:14 . 2014-07-08 19:14 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-07-08 19:14 . 2014-07-08 19:14 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-07-08 19:14 . 2014-07-08 19:14 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-07-08 19:14 . 2014-07-08 19:14 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys2014-07-08 19:14 . 2014-07-08 19:14 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys2014-07-08 19:14 . 2014-07-08 19:14 43152 ----a-w- c:\windows\avastSS.scr...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-08 19:14 . 2011-08-10 12:18 276432 ----a-w- c:\windows\system32\aswBoot.exe2014-05-29 12:20 . 2013-01-14 14:14 48392 ----a-w- c:\windows\system32\certsentry.dll2014-05-10 12:57 . 2012-08-23 17:11 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-05-10 12:57 . 2012-08-23 17:11 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-04-30 23:37 . 2014-06-01 06:34 8073384 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{345001E6-868B-49A1-A274-4CF698ABD7AA}\mpengine.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-07-08 19:14 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-08 4086432].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 0 (0x0)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"HideSCAHealth"= 1 (0x1).S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]..Contents of the 'Scheduled Tasks' folder.2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24].2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]..------- Supplementary Scan -------.uStart Page = hxxp://johnspatch.blogspot.com/uDefault_Search_URL = hxxp://google.inklineglobal.comuSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.2.1..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-07-09 17:03Windows 6.0.6001 Service Pack 1 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... ..c:\users\John\AppData\Local\Temp\catchme.dll 53248 bytes executable.scan completed successfullyhidden files: 1.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.Completion time: 2014-07-09 17:04:51ComboFix-quarantined-files.txt 2014-07-09 22:04.Pre-Run: 246,961,356,800 bytes freePost-Run: 247,117,848,576 bytes free.- - End Of File - - 52CEFDAC6D5127507B5F554BB62F24CA5C616939100B85E558DA92B899A0FC36ComboFix 14-07-08.01 - John 07/09/2014 17:39:32.2.2 - x86 MINIMALMicrosoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3582.3004 [GMT -5:00]Running from: c:\users\John\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files\Java\jre7\bin\jp2ssv.dll..((((((((((((((((((((((((( Files Created from 2014-06-09 to 2014-07-09 )))))))))))))))))))))))))))))))..2014-07-09 22:43 . 2014-07-09 22:43 -------- d-----w- c:\users\John\AppData\Local\temp2014-07-09 22:43 . 2014-07-09 22:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2014-07-09 22:43 . 2014-07-09 22:43 -------- d-----w- c:\users\UpdatusUser(55)\AppData\Local\temp2014-07-09 22:43 . 2014-07-09 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp2014-07-09 15:58 . 2014-07-09 21:31 -------- d-----w- C:\FRST2014-07-09 15:17 . 2014-07-09 15:17 -------- d-----w- c:\program files\ESET2014-07-09 14:05 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll2014-07-09 14:03 . 2014-07-09 20:37 -------- d-----w- C:\AdwCleaner2014-07-09 13:53 . 2014-07-09 13:53 -------- d-----w- c:\windows\ERUNT2014-07-09 03:17 . 2014-07-09 03:17 -------- d-----w- c:\users\John\AppData\Local\ElevatedDiagnostics2014-07-08 19:15 . 2014-07-08 19:15 -------- d-----w- c:\users\John\AppData\Roaming\AVAST Software2014-07-08 19:14 . 2014-07-08 19:14 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys2014-07-08 19:14 . 2014-07-08 19:14 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-07-08 19:14 . 2014-07-08 19:14 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys2014-07-08 19:14 . 2014-07-08 19:14 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-07-08 19:14 . 2014-07-08 19:14 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-07-08 19:14 . 2014-07-08 19:14 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-07-08 19:14 . 2014-07-08 19:14 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys2014-07-08 19:14 . 2014-07-08 19:14 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys2014-07-08 19:14 . 2014-07-08 19:14 43152 ----a-w- c:\windows\avastSS.scr...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-08 19:14 . 2011-08-10 12:18 276432 ----a-w- c:\windows\system32\aswBoot.exe2014-05-29 12:20 . 2013-01-14 14:14 48392 ----a-w- c:\windows\system32\certsentry.dll2014-05-10 12:57 . 2012-08-23 17:11 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-05-10 12:57 . 2012-08-23 17:11 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-04-30 23:37 . 2014-06-01 06:34 8073384 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{345001E6-868B-49A1-A274-4CF698ABD7AA}\mpengine.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-07-08 19:14 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-08 4086432].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 0 (0x0)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"HideSCAHealth"= 1 (0x1).R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - ECACHE.Contents of the 'Scheduled Tasks' folder.2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24].2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]..------- Supplementary Scan -------.uStart Page = hxxp://johnspatch.blogspot.com/uDefault_Search_URL = hxxp://google.inklineglobal.comuSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.2.1..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-07-09 17:43Windows 6.0.6001 Service Pack 1 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.Completion time: 2014-07-09 17:44:37ComboFix-quarantined-files.txt 2014-07-09 22:44ComboFix2.txt 2014-07-09 22:04.Pre-Run: 247,145,312,256 bytes freePost-Run: 247,111,520,256 bytes free.- - End Of File - - 002F0802E6D8F4ABB564DDB56CBBBF485C616939100B85E558DA92B899A0FC36_______________________________________________________________________________________________ Quarantined Files: 2014-07-15 19:14:31 . 2014-07-15 19:14:31 129 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CmPCIaudio.reg.dat2014-07-15 19:12:40 . 2014-07-18 02:24:19 3,859 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg2014-07-09 21:58:26 . 2014-07-18 02:21:35 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr2014-07-09 21:56:43 . 2014-07-18 02:21:37 545 ----a-w- C:\Qoobox\Quarantine\catchme.log2014-02-18 02:34:30 . 2014-02-18 02:34:37 4,015,280 ----a-w- C:\Qoobox\Quarantine\C\Users\John\TG_PCOptimizer.exe.vir2013-10-17 11:36:02 . 2014-03-18 03:05:14 171,944 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Java\jre7\bin\jp2ssv.dll.vir2013-08-17 19:35:01 . 2013-08-17 19:35:01 3,820,480 ----a-w- C:\Qoobox\Quarantine\C\Users\John\battlelog-web-plugins_2.1.7_115.exe.vir
  3. Combofix ran without any hiccups, report below: ComboFix 14-07-17.03 - John 07/17/2014 18:21:50.2.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3582.2468 [GMT -5:00]Running from: c:\users\John\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-06-17 to 2014-07-17 )))))))))))))))))))))))))))))))..2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\John\AppData\Local\temp2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\UpdatusUser(55)\AppData\Local\temp2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp2014-07-17 12:31 . 2014-07-17 12:31 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-07-17 12:30 . 2014-07-17 12:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware2014-07-17 12:30 . 2014-07-17 12:30 -------- d-----w- c:\programdata\Malwarebytes2014-07-17 12:30 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys2014-07-17 12:30 . 2014-05-12 12:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-07-17 12:30 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys2014-07-17 12:10 . 2014-07-17 12:10 -------- d-----w- c:\program files\Common Files\Java2014-07-17 12:10 . 2014-07-11 08:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2014-07-17 03:23 . 2014-07-14 09:12 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B31A51CC-7285-4584-857D-4D6F5B0D4EE8}\mpengine.dll2014-07-16 13:45 . 2014-07-16 15:57 -------- d-----w- c:\users\John\AppData\Roaming\ImgBurn2014-07-16 03:44 . 2014-07-16 03:44 -------- d-----w- C:\Vista Ultimate x86 SP12014-07-16 03:23 . 2014-07-09 21:34 55232 ----a-w- c:\windows\system32\drivers\{5178f938-0bd5-47c1-8242-71f6e3e72925}Gt.sys2014-07-16 02:25 . 2014-07-16 02:25 -------- d-----w- c:\program files\ImgBurn2014-07-16 02:20 . 2014-07-16 02:20 -------- d-----w- c:\program files\7-Zip2014-07-15 22:30 . 2014-07-17 02:59 -------- d-----w- C:\MGADiagToolOutput2014-07-15 22:29 . 2014-07-15 22:29 -------- d-----w- c:\programdata\Office Genuine Advantage2014-07-15 14:50 . 2014-07-15 14:53 -------- d-----w- c:\users\user12014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- c:\programdata\iolo2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- c:\users\John\AppData\Roaming\iolo2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- C:\dell2014-07-10 23:21 . 2014-07-10 23:21 -------- d-----w- c:\program files\Windows Kits2014-07-10 17:20 . 2014-07-10 17:20 -------- d-----w- c:\program files\ToniArts2014-07-10 16:58 . 2014-07-10 16:58 -------- d-----w- c:\users\John\AppData\Roaming\SparkTrust2014-07-10 16:57 . 2014-07-10 17:05 -------- d-----w- c:\programdata\SparkTrust2014-07-10 16:17 . 2014-07-10 16:17 -------- d-----w- c:\program files\Enigma Software Group2014-07-10 01:19 . 2014-07-10 01:19 -------- d-----w- C:\ca12041aa2ab28e8fee2522014-07-10 00:00 . 2014-07-10 00:00 -------- d-----w- c:\users\John\AppData\Roaming\Dell2014-07-10 00:00 . 2014-07-10 00:00 -------- d-----w- c:\programdata\PCDr2014-07-09 23:59 . 2014-07-10 21:09 -------- d-----w- c:\program files\My Dell2014-07-09 23:58 . 2014-07-09 23:58 -------- d-----w- c:\users\John\AppData\Roaming\PCDr2014-07-09 15:58 . 2014-07-15 21:56 -------- d-----w- C:\FRST2014-07-09 14:03 . 2014-07-15 18:21 -------- d-----w- C:\AdwCleaner...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-29 12:20 . 2013-01-14 14:14 48392 ----a-w- c:\windows\system32\certsentry.dll2014-05-10 12:57 . 2012-08-23 17:11 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-05-10 12:57 . 2012-08-23 17:11 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"HideSCAHealth"= 1 (0x1).S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.Contents of the 'Scheduled Tasks' folder.2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24].2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]..------- Supplementary Scan -------.uStart Page = hxxp://johnspatch.blogspot.com/uDefault_Search_URL = hxxp://google.inklineglobal.comuSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.2.1..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-07-17 18:25Windows 6.0.6001 Service Pack 1 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.Completion time: 2014-07-17 18:26:41ComboFix-quarantined-files.txt 2014-07-17 23:26ComboFix2.txt 2014-07-15 19:35ComboFix3.txt 2014-07-15 19:14ComboFix4.txt 2014-07-09 22:44ComboFix5.txt 2014-07-17 23:21.Pre-Run: 240,011,317,248 bytes freePost-Run: 240,060,403,712 bytes free.- - End Of File - - C0A9ABD1117134424F636B36B2BDEA38239841E1AE8E4843C0676F3681A7D6BE Thanks for the help
  4. Also had a Java update fail this am (saying a file is missing..a file similar was found) Just thought it might be a piece of the puzzle, that might be of interest.
  5. No luck....uninstalled, ran removal tool, downloaded from provided link, reinstalled & ran as admin. Upon launch it checks for updates and crashes: Problem signature: Problem Event Name: APPCRASH Application Name: mbam.exe Application Version: 1.0.0.532 Application Timestamp: 53518532 Fault Module Name: MSVCR100.dll Fault Module Version: 10.0.40219.325 Fault Module Timestamp: 4df2be1e Exception Code: 40000015 Exception Offset: 0008d6fd OS Version: 6.0.6001.2.1.0.768.3 Locale ID: 1033 Additional Information 1: e18a Additional Information 2: a082e0273bd50d17691dce48e194d12c Additional Information 3: 2346 Additional Information 4: 3a01c46a877eebc21576261e2c9eae67
  6. Was able to get Microsoft to authorize ang get Vista genuine again, thanks so much for your help Kevin! Uninstalled and redownloaded Malwarebytes with firewall off, but it still will not work. whenever I try to initiate a scan, it checks for updates and App crashes. Checked online for solution and the it just closes. Latest Log from MGA : Diagnostic Report (1.9.0027.0):-----------------------------------------Windows Validation Data-->Validation Status: GenuineValidation Code: 0Cached Online Validation Code: N/A, hr = 0xc004f012Windows Product Key: *****-*****-8HWFP-9B389-T4PH8Windows Product Key Hash: GqiePE3NJUfl1kJglOlKLXLiTEQ=Windows Product ID: 89578-OEM-7249373-83924Windows Product ID Type: 8Windows License Type: COA SLPWindows OS version: 6.0.6001.2.00010300.1.0.003ID: {5AC5947B-38AE-4326-98B1-BBD892F8ED74}(3)Is Admin: YesTestCab: 0x0LegitcheckControl ActiveX: N/A, hr = 0x80070002Signed By: N/A, hr = 0x80070002Product Name: Windows Vista Home PremiumArchitecture: 0x00000000Build lab: 6001.vistasp1_gdr.101014-0432TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data-->ThreatID(s): N/A, hr = 0x80070002Version: N/A, hr = 0x80070002 Windows XP Notifications Data-->Cached Result: N/A, hr = 0x80070002File Exists: NoVersion: N/A, hr = 0x80070002WgaTray.exe Signed By: N/A, hr = 0x80070002WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data-->Cached Result: N/A, hr = 0x80070002Version: N/A, hr = 0x80070002OGAExec.exe Signed By: N/A, hr = 0x80070002OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data-->Office Status: 100 GenuineMicrosoft Office XP Professional - 100 GenuineOGA Version: N/A, 0x80070002Signed By: N/A, hr = 0x80070002Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005 Browser Data-->Proxy settings: N/AUser Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)Default Browser: C:\Program Files\Internet Explorer\iexplore.exeDownload signed ActiveX controls: PromptDownload unsigned ActiveX controls: DisabledRun ActiveX controls and plug-ins: AllowedInitialize and script ActiveX controls not marked as safe: DisabledAllow scripting of Internet Explorer Webbrowser control: DisabledActive scripting: AllowedScript ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data-->Office Details: <GenuineResults><MachineData><UGUID>{5AC5947B-38AE-4326-98B1-BBD892F8ED74}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-T4PH8</PKey><PID>89578-OEM-7249373-83924</PID><PIDType>8</PIDType><SID>S-1-5-21-1644604338-3084827026-502906143</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 531</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.7</Version><SMBIOSVersion major="2" minor="5"/><Date>20071109000000.000000+000</Date></BIOS><HWID>6B333507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>AS09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>6352C75D3973DFC</Val><Hash>UvCZq229pFCrzmb5UR2fXFhG9T8=</Hash><Pid>54186-701-2103663-17889</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data-->Software licensing service version: 6.0.6001.18000Name: Windows Vista, HomePremium editionDescription: Windows Operating System - Vista, OEM_COA_SLP channelActivation ID: a4eec485-e375-48b4-8f51-80d13a4086b6Application ID: 55c92734-d682-4d71-983e-d6ec3f16059fExtended PID: 89578-00144-493-783924-02-1033-6001.0000-1972014Installation ID: 015460542392664665296855981786515625164506489151199135Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475Partial Product Key: T4PH8License Status: Licensed Windows Activation Technologies-->N/A HWID Data-->HWID Hash Current: MgAAAAEAAwABAAEAAQABAAAAAgABAAEA6GEoSmGqilRSnZIAHicGP/L0xIhiM6xWyPQ= OEM Activation 1.0 Data-->N/A OEM Activation 2.0 Data-->BIOS valid for OA 2.0: yesWindows marker version: 0x20000OEMID and OEMTableID Consistent: yesBIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC DELL AS09 FACP DELL AS09 HPET DELL AS09 MCFG DELL AS09 SLIC DELL AS09 SSDT DELL AS09
  7. MGA: Diagnostic Report (1.9.0027.0):-----------------------------------------Windows Validation Data-->Validation Status: Invalid LicenseValidation Code: 50Cached Online Validation Code: N/A, hr = 0xc004f012Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=Windows Product ID: 89578-OEM-7332157-00204Windows Product ID Type: 2Windows License Type: OEM SLPWindows OS version: 6.0.6001.2.00010300.1.0.003ID: {5AC5947B-38AE-4326-98B1-BBD892F8ED74}(1)Is Admin: YesTestCab: 0x0LegitcheckControl ActiveX: N/A, hr = 0x80070002Signed By: N/A, hr = 0x80070002Product Name: Windows Vista Home PremiumArchitecture: 0x00000000Build lab: 6001.vistasp1_gdr.101014-0432TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data-->ThreatID(s): N/A, hr = 0x80070002Version: N/A, hr = 0x80070002 Windows XP Notifications Data-->Cached Result: N/A, hr = 0x80070002File Exists: NoVersion: N/A, hr = 0x80070002WgaTray.exe Signed By: N/A, hr = 0x80070002WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data-->Cached Result: N/A, hr = 0x80070002Version: N/A, hr = 0x80070002OGAExec.exe Signed By: N/A, hr = 0x80070002OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data-->Office Status: 100 GenuineMicrosoft Office XP Professional - 100 GenuineOGA Version: N/A, 0x80070002Signed By: N/A, hr = 0x80070002Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005 Browser Data-->Proxy settings: N/AUser Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)Default Browser: C:\Program Files\Internet Explorer\iexplore.exeDownload signed ActiveX controls: PromptDownload unsigned ActiveX controls: DisabledRun ActiveX controls and plug-ins: AllowedInitialize and script ActiveX controls not marked as safe: DisabledAllow scripting of Internet Explorer Webbrowser control: DisabledActive scripting: AllowedScript ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data-->Office Details: <GenuineResults><MachineData><UGUID>{5AC5947B-38AE-4326-98B1-BBD892F8ED74}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-1644604338-3084827026-502906143</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 531</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.7</Version><SMBIOSVersion major="2" minor="5"/><Date>20071109000000.000000+000</Date></BIOS><HWID>6B333507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>AS09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>6352C75D3973DFC</Val><Hash>UvCZq229pFCrzmb5UR2fXFhG9T8=</Hash><Pid>54186-701-2103663-17889</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data-->Software licensing service version: 6.0.6001.18000Name: Windows Vista, HomePremium editionDescription: Windows Operating System - Vista, OEM_SLP channelActivation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895fApplication ID: 55c92734-d682-4d71-983e-d6ec3f16059fExtended PID: 89578-00146-321-500204-02-1033-6000.0000-2212011Installation ID: 013064918753623984291824935101608722720486795852974080Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475Partial Product Key: B9HD2License Status: NotificationNotification Reason: 0xC004F02A. Windows Activation Technologies-->N/A HWID Data-->HWID Hash Current: MgAAAAEAAwABAAEAAQABAAAAAgABAAEA6GEoSmGqilRSnZIAHicGP/L0xIhiM6xWyPQ= OEM Activation 1.0 Data-->N/A OEM Activation 2.0 Data-->BIOS valid for OA 2.0: yesWindows marker version: 0x20000OEMID and OEMTableID Consistent: yesBIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC DELL AS09 FACP DELL AS09 HPET DELL AS09 MCFG DELL AS09 SLIC DELL AS09 SSDT DELL AS09
  8. Ran Farbar w/fixlog (see below) moved to & installed Malware, ran but crashes upon trying to update....then shut down Malware Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01Ran by John at 2014-07-15 16:56:23 Run:1Running from C:\Users\John\DesktopBoot Mode: Normal ============================================== Content of fixlist:*****************StartHKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()C:\Program Files\pcmaxHKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\MountPoints2: {b2cf79db-af51-11e3-a868-001aa07f9b3b} - G:\LaunchU3.exe -aHKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\MountPoints2: {c973569f-c735-11e0-950f-001aa07f9b3b} - G:\LaunchU3.exe -aS2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [X]C:\Windows\Tasks\pcreg.jobC:\Users\John\.hemsFavorites.datC:\Users\John\battlelog-web-plugins_2.1.7_115.exeC:\Users\John\battlelog-web-plugins_2.3.0_119.exeC:\Users\John\battlelog-web-plugins_2.3.1_125.exeC:\Users\John\battlelog-web-plugins_2.3.2_129.exeC:\Users\John\battlelog-web-plugins_2.3.2_130.exeC:\Users\John\ccsetup411.exeC:\Users\John\install_flashplayer11x32_mssd_aaa_aih.exeC:\Users\John\mxsetup.exeC:\Users\John\Silverlight.exeC:\Users\John\SpeedMaxpc_installer.exeC:\Users\John\TeamSpeak3-Client-win32-3.0.13.1.exeC:\Users\John\TG_PCOptimizer.exeC:\Windows\Tasks\At1.jobC:\Users\user1\AppData\Local\temp\Quarantine.exeTask: {20D0029C-009B-486D-B843-4409E0152BBE} - System32\Tasks\At1 => c:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTIONTask: {A99FEFEA-1D2B-4B11-8DBB-A7FECDB8D6A9} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTIONTask: C:\Windows\Tasks\At1.job => c:\Program Files\pcmax\service.exeTask: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcmax\service.exe <==== ATTENTIONTask: C:\Windows\Tasks\RegInOut on user logon - John.job => C:\Program Files\RegInOut System Utilities\RegInOut.exeC:\Program Files\RegInOut System UtilitiesEnd***************** HKU\S-1-5-21-1644604338-3084827026-502906143-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.C:\Program Files\pcmax => Moved successfully.'HKU\S-1-5-21-1644604338-3084827026-502906143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2cf79db-af51-11e3-a868-001aa07f9b3b}'=> Key not found.'HKCR\CLSID\{b2cf79db-af51-11e3-a868-001aa07f9b3b}'=> Key not found.'HKU\S-1-5-21-1644604338-3084827026-502906143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c973569f-c735-11e0-950f-001aa07f9b3b}'=> Key not found.'HKCR\CLSID\{c973569f-c735-11e0-950f-001aa07f9b3b}'=> Key not found.pcmaxservice => Service deleted successfully.C:\Windows\Tasks\pcreg.job => Moved successfully.C:\Users\John\.hemsFavorites.dat => Moved successfully."C:\Users\John\battlelog-web-plugins_2.1.7_115.exe" => File/Directory not found.C:\Users\John\battlelog-web-plugins_2.3.0_119.exe => Moved successfully.C:\Users\John\battlelog-web-plugins_2.3.1_125.exe => Moved successfully.C:\Users\John\battlelog-web-plugins_2.3.2_129.exe => Moved successfully.C:\Users\John\battlelog-web-plugins_2.3.2_130.exe => Moved successfully.C:\Users\John\ccsetup411.exe => Moved successfully.C:\Users\John\install_flashplayer11x32_mssd_aaa_aih.exe => Moved successfully.C:\Users\John\mxsetup.exe => Moved successfully.C:\Users\John\Silverlight.exe => Moved successfully.C:\Users\John\SpeedMaxpc_installer.exe => Moved successfully.C:\Users\John\TeamSpeak3-Client-win32-3.0.13.1.exe => Moved successfully."C:\Users\John\TG_PCOptimizer.exe" => File/Directory not found.C:\Windows\Tasks\At1.job => Moved successfully."C:\Users\user1\AppData\Local\temp\Quarantine.exe" => File/Directory not found.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20D0029C-009B-486D-B843-4409E0152BBE}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20D0029C-009B-486D-B843-4409E0152BBE}' => Key deleted successfully.C:\Windows\System32\Tasks\At1 => Moved successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A99FEFEA-1D2B-4B11-8DBB-A7FECDB8D6A9}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A99FEFEA-1D2B-4B11-8DBB-A7FECDB8D6A9}' => Key deleted successfully.C:\Windows\System32\Tasks\pcreg => Moved successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg' => Key deleted successfully.C:\Windows\Tasks\At1.job not found.C:\Windows\Tasks\pcreg.job not found.C:\Windows\Tasks\RegInOut on user logon - John.job not found."C:\Program Files\RegInOut System Utilities" => File/Directory not found. ==== End of Fixlog ====
  9. I keep seeing something to do with pcmax in the results, but can't remember ever downloading it
  10. Have been battling this problem for a week now! Am at wits end. Have read & tried everything I could find on this forum and countless others, to no avail. I know Vista is Genuine as it came from Dell on this pc, I did reformat about a year ago and think the pre installed "tool" probably are not on hard drive, and cant get the OEM Vista disk to repair or ever reformat. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01Ran by John (administrator) on JOHN-PC on 15-07-2014 13:46:28Running from C:\Users\John\DesktopPlatform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 7Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe() C:\Program Files\Comodo\Dragon\dragon_updater.exe( ) C:\Windows\System32\lxdmcoms.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)HKLM\...\Run: [CmPCIaudio] => RunDll32 CMICNFG3.cpl,CMICtrlWndHKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)HKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()HKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\MountPoints2: {b2cf79db-af51-11e3-a868-001aa07f9b3b} - G:\LaunchU3.exe -aHKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\MountPoints2: {c973569f-c735-11e0-950f-001aa07f9b3b} - G:\LaunchU3.exe -aHKU\S-1-5-21-1644604338-3084827026-502906143-1002\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.inklineglobal.comHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://johnspatch.blogspot.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Before = http://johnspatch.com/jp/HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.inklineglobal.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.inklineglobal.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.inklineglobal.com/google_mb.htmlHKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmSearchScopes: HKLM - DefaultScope value is missing.BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CABDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No FileFF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-05-25]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-09] Chrome: =======CHR HomePage: hxxp://search.b1.org/?bsrc=4hcxr&chid=c167991CHR RestoreOnStartup: "hxxp://search.b1.org/?bsrc=4hcxr&chid=c167991"CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-04]CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-04]CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-04] ========================== Services (Whitelisted) ================= R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()S2 lxdmCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdmserv.exe [99248 2007-06-08] (Lexmark International, Inc.)R2 lxdm_device; C:\Windows\system32\lxdmcoms.exe [598960 2007-06-08] ( )R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [X] ==================== Drivers (Whitelisted) ==================== S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-19] (Microsoft Corporation)R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2008-01-19] (Microsoft Corporation)S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1878528 2008-12-03] (C-Media Inc)R3 ICAM5USB; C:\Windows\System32\Drivers\Icam5USB.sys [100992 2001-08-17] (Microsoft Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-15] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\DRIVERS\61883.sys 585E64BB6DFBC0A2F1F0B554DED012DFC:\Windows\System32\drivers\acpi.sys FCB8C7210F0135E24C6580F7F649C73CC:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legitC:\Windows\system32\drivers\adpahci.sys ==> MD5 is legitC:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legitC:\Windows\system32\drivers\adpu320.sys ==> MD5 is legitC:\Windows\system32\drivers\afd.sys 48EB99503533C27AC6135648E5474457C:\Windows\system32\drivers\agp440.sys ==> MD5 is legitC:\Windows\system32\drivers\djsvs.sys ==> MD5 is legitC:\Windows\system32\drivers\aliide.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\null.sys C5DBBCDA07D780BDA9B685DF333BB41EC:\Windows\system32\drivers\amdagp.sys ==> MD5 is legitC:\Windows\system32\drivers\amdide.sys ==> MD5 is legitC:\Windows\system32\drivers\amdk7.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442DC:\Windows\system32\drivers\arc.sys ==> MD5 is legitC:\Windows\system32\drivers\arcsas.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1C:\Windows\System32\drivers\atapi.sys 2D9C903DC76A66813D350A562DE40ED9C:\Windows\System32\DRIVERS\avc.sys F4B56425A00BEB32F5FA6603FF7B0EA2C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6C:\Windows\System32\DRIVERS\bowser.sys 8153396D5551276227FA146900F734E6C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legitC:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legitC:\Windows\system32\drivers\brserid.sys ==> MD5 is legitC:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legitC:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legitC:\Windows\system32\drivers\brusbser.sys ==> MD5 is legitC:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840AC:\Windows\System32\DRIVERS\cdrom.sys 1EC25CEA0DE6AC4718BF89F9E1778B57C:\Windows\system32\drivers\circlass.sys ==> MD5 is legitC:\Windows\System32\CLFS.sys 465745561C832B29F7C48B488AAB3842C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legitC:\Windows\System32\drivers\cmudax3.sys 3313A81353E711BF6406584A22CE7CD3C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legitC:\Windows\system32\drivers\cpuz135_x32.sys C2EB4539A4F6AB6EDD01BDC191619975C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legitC:\Windows\system32\drivers\crusoe.sys ==> MD5 is legitC:\Windows\System32\Drivers\dfsc.sys A3E9FA213F443AC77C7746119D13FEECC:\Windows\System32\drivers\disk.sys 64109E623ABD6955C8FB110B592E68B7C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80C:\Windows\System32\drivers\dxgkrnl.sys 85F33880B8CFB554BD3D9CCDB486845AC:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legitC:\Windows\System32\drivers\ecache.sys DD2CD259D83D8B72C02C5F2331FF9D68C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legitC:\Windows\system32\Drivers\exfat.sys 0D858EB20589A34EFB25695ACAA6AA2DC:\Windows\system32\Drivers\fastfat.sys 3C489390C2E2064563727752AF8EAB9EC:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legitC:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9FC:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AEC:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitC:\Windows\System32\drivers\fltmgr.sys 05EA53AFE985443011E36DAB07343B46C:\Windows\system32\Drivers\Fs_Rec.sys 65EA8B77B5851854F0C55C43FA51A198C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legitC:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\HDAudBus.sys C87B1EE051C0464491C1A7B03FA0BC99C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legitC:\Windows\system32\drivers\hidir.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\hidusb.sys 854CA287AB7FAF949617A788306D967EC:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legitC:\Windows\System32\drivers\HTTP.sys 96E241624C71211A79C84F50A8E71CABC:\Windows\system32\drivers\i2omp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BDC:\Windows\system32\drivers\iastorv.sys ==> MD5 is legitC:\Windows\System32\Drivers\Icam5USB.sys 0A8A464D0DFD3257B72792248B44FC93C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legitC:\Windows\System32\drivers\RTKVHDA.sys F8F53C5449F15B23D4C61D51D2701DA8C:\Windows\system32\drivers\intelide.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\msiscsi.sys F247EEC28317F6C739C16DE420097301C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legitC:\Windows\system32\drivers\iteraid.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6EC:\Windows\System32\DRIVERS\kbdhid.sys 18247836959BA67E3511B62846B9C2E0C:\Windows\System32\Drivers\ksecdd.sys 7A0CF7908B6824D6A2A1D313E5AE3DCAC:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legitC:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legitC:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legitC:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CCC:\Windows\system32\drivers\mbam.sys 8683C1B450F4B3872839308D836E0F92C:\Windows\system32\drivers\MBAMSwissArmy.sys 12E71DA845D76665B56753AD149E32B3C:\Windows\system32\drivers\mwac.sys 799613BA73D25641402AA81B6403EFF8C:\Windows\system32\drivers\megasas.sys ==> MD5 is legitC:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BAC:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876FC:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600C:\Windows\system32\drivers\mpio.sys ==> MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2EC:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legitC:\Windows\system32\drivers\mrxdav.sys AE3DE84536B6799D2267443CEC8EDBB9C:\Windows\System32\DRIVERS\mrxsmb.sys 5734A0F2BE7E495F7D3ED6EFD4B9F5A1C:\Windows\System32\DRIVERS\mrxsmb10.sys 6B5FA5ADFACAC9DBBE0991F4566D7D55C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C80D8159181C7ABF1B14BA703B01E0BC:\Windows\system32\drivers\msahci.sys ==> MD5 is legitC:\Windows\system32\drivers\msdsm.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\msdv.sys 343291A4DFD7C923C3F71F550830EC1CC:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65EC:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505BC:\Windows\system32\Drivers\MsRPC.sys B5614AECB05A9340AA0FB55BF561CC63C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646CC:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58AC:\Windows\System32\Drivers\mup.sys 6DFD1D322DE55B0B7DB7D21B90BEC49CC:\Windows\System32\DRIVERS\nwifi.sys 3C21CE48FF529BB73DADB98770B54025C:\Windows\System32\drivers\ndis.sys 9BDC71790FA08F0A0B5F10462B1BD0B1C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389C:\Windows\System32\DRIVERS\ndiswan.sys 3D14C3B3496F88890D431E8AA022A411C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78C:\Windows\System32\DRIVERS\netbt.sys 7C5FEE5B1C5728507CD96FB4A13E7A02C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legitC:\Windows\system32\Drivers\Npfs.sys ECB5003F484F9ED6C608D6D6C7886CBBC:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCFC:\Windows\system32\Drivers\Ntfs.sys B4EFFE29EB4F15538FD8A9681108492DC:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legitC:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41EC:\Windows\System32\DRIVERS\nvm60x32.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\nvlddmkm.sys E891B3979F0CF2740C1B073F834221FEC:\Windows\System32\DRIVERS\nvmfdx32.sys 1EFEC38A852AB35883BFFF3427B92B3FC:\Windows\system32\drivers\nvraid.sys ==> MD5 is legitC:\Windows\System32\drivers\nvstor.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\nvstor32.sys DC5F166422BEEBF195E3E4BB8AB4EE22C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ohci1394.sys 790E27C3DB53410B40FF9EF2FD10A1D9C:\Windows\system32\drivers\parport.sys ==> MD5 is legitC:\Windows\System32\drivers\partmgr.sys 3B38467E7C3DAED009DFE359E17F139FC:\Windows\system32\drivers\parvdm.sys ==> MD5 is legitC:\Windows\System32\drivers\pci.sys 01B94418DEB235DFF777CC80076354B4C:\Windows\System32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626FC:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legitC:\Windows\System32\drivers\peauth.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1C:\Windows\system32\drivers\processr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\pacer.sys BFEF604508A0ED1EAE2A73E872555FFBC:\Windows\system32\drivers\ql2300.sys ==> MD5 is legitC:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legitC:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0C:\Windows\System32\DRIVERS\raspppoe.sys 3E9D9B048107B40D87B97DF2E48E0744C:\Windows\System32\DRIVERS\rassstp.sys A7D141684E9500AC928A772ED8E6B671C:\Windows\System32\DRIVERS\rdbss.sys 6E1C5D0457622F9EE35F683110E93D14C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legitC:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710CC:\Windows\system32\Drivers\RDPWD.sys E1C18F4097A5ABCEC941DC4B2F99DB7EC:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FADC:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legitC:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\serenum.sys ==> MD5 is legitC:\Windows\system32\drivers\serial.sys ==> MD5 is legitC:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legitC:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legitC:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legitC:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legitC:\Windows\system32\drivers\sisagp.sys ==> MD5 is legitC:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legitC:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\smb.sys 031E6BCD53C9B2B9ACE111EAFEC347B6C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFFC:\Windows\System32\DRIVERS\srv.sys 2252AEF839B1093D16761189F45AF885C:\Windows\System32\DRIVERS\srv2.sys B7FF59408034119476B00A81BB53D5D1C:\Windows\System32\DRIVERS\srvnet.sys 2ACCC9B12AF02030F531E6CCA6F8B76EC:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legitC:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legitC:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legitC:\Windows\System32\drivers\tcpip.sys 782568AB6A43160A159B6215B70BCCE9C:\Windows\System32\DRIVERS\tcpip.sys 782568AB6A43160A159B6215B70BCCE9C:\Windows\System32\drivers\tcpipreg.sys D4A2E4A4B011F3A883AF77315A5AE76BC:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021C:\Windows\System32\DRIVERS\tdx.sys D09276B1FAB033CE1D40DCBDF303D10FC:\Windows\System32\DRIVERS\termdd.sys A048056F5E1A96A9BF3071B91741A5AAC:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38C:\Windows\System32\DRIVERS\tunnel.sys 6042505FF6FA9AC1EF7684D0E03B6940C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\udfs.sys 8B5088058FA1D1CD897A2113CCFF6C58C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legitC:\Windows\system32\drivers\uliahci.sys ==> MD5 is legitC:\Windows\system32\drivers\ulsata.sys ==> MD5 is legitC:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\usbehci.sys CEBE90821810E76320155BEBA722FCF9C:\Windows\System32\DRIVERS\usbhub.sys CC6B28E4CE39951357963119CE47B143C:\Windows\System32\DRIVERS\usbohci.sys 7BDB7B0E7D45AC0402D78B90789EF47CC:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9C:\Windows\System32\DRIVERS\USBSTOR.SYS 87BA6B83C5D19B69160968D07D6E2982C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legitC:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636CC:\Windows\system32\drivers\viaagp.sys ==> MD5 is legitC:\Windows\system32\drivers\viac7.sys ==> MD5 is legitC:\Windows\system32\drivers\viaide.sys ==> MD5 is legitC:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43C:\Windows\System32\drivers\volmgrx.sys 98F5FFE6316BD74E9E2C97206C190196C:\Windows\System32\drivers\volsnap.sys D8B4A53DD2769F226B3EB374374987C9C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\VSTBS23.SYS ==> MD5 is legitC:\Windows\System32\DRIVERS\VSTDPV3.SYS ==> MD5 is legitC:\Windows\system32\drivers\wacompen.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26C:\Windows\system32\drivers\wd.sys ==> MD5 is legitC:\Windows\System32\drivers\Wdf01000.sys B6F0A7AD6D4BD325FBCD8BAC96CD8D96C:\Windows\System32\DRIVERS\VSTCNXT3.SYS ==> MD5 is legitC:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legitC:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389CC:\Windows\System32\DRIVERS\WUDFRd.sys AC13CB789D93412106B0FB6C7EB2BCB6 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-15 13:46 - 2014-07-15 13:46 - 01077248 _____ (Farbar) C:\Users\John\Desktop\FRST.exe2014-07-15 13:46 - 2014-07-15 13:46 - 00025874 _____ () C:\Users\John\Desktop\FRST.txt2014-07-15 13:42 - 2014-07-15 13:42 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\uSeRiNiT.exe2014-07-15 13:38 - 2014-07-15 13:38 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\WiNlOgOn.exe2014-07-15 12:42 - 2014-07-15 12:42 - 00000000 ____D () C:\Users\user1\AppData\Local\VirtualStore2014-07-15 12:28 - 2014-07-15 12:56 - 00024810 _____ () C:\Users\user1\Desktop\FRST.txt2014-07-15 12:25 - 2014-07-15 12:25 - 01077248 _____ (Farbar) C:\Users\user1\Desktop\FRST.exe2014-07-15 12:06 - 2014-07-15 12:06 - 00068224 _____ () C:\Users\user1\AppData\Local\GDIPFONTCACHEV1.DAT2014-07-15 12:05 - 2014-07-15 13:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-15 12:05 - 2014-07-15 12:05 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-15 12:05 - 2014-07-15 12:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-07-15 12:05 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-15 12:05 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-15 12:05 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-07-15 11:43 - 2014-07-15 13:18 - 00013726 _____ () C:\Users\user1\Desktop\aswMBR.txt2014-07-15 11:43 - 2014-07-15 13:18 - 00000512 _____ () C:\Users\user1\Desktop\MBR.dat2014-07-15 11:33 - 2014-07-15 11:33 - 05185536 _____ (AVAST Software) C:\Users\user1\Desktop\aswmbr.exe2014-07-15 11:20 - 2014-07-15 11:20 - 01348263 _____ () C:\Users\user1\Desktop\adwcleaner_3.215.exe2014-07-15 10:28 - 2014-07-15 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-15 10:26 - 2014-07-15 10:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user1\Desktop\mbam-setup-2.0.2.1012.exe2014-07-15 10:08 - 2014-07-15 10:08 - 00000042 _____ () C:\Users\user1\Desktop\mbam-clean.txt2014-07-15 10:05 - 2014-07-15 10:05 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Macromedia2014-07-15 10:05 - 2014-07-15 10:05 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Adobe2014-07-15 09:53 - 2014-07-15 10:18 - 00000944 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-07-15 09:53 - 2014-07-15 09:53 - 00000949 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-07-15 09:53 - 2014-07-15 09:53 - 00000915 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2014-07-15 09:53 - 2014-07-15 09:53 - 00000000 _____ () C:\Windows\setuperr.log2014-07-15 09:53 - 2014-07-15 09:53 - 00000000 _____ () C:\Windows\setupact.log2014-07-15 09:50 - 2014-07-15 09:53 - 00000000 ____D () C:\Users\user12014-07-15 09:50 - 2014-07-15 09:50 - 00000020 ___SH () C:\Users\user1\ntuser.ini2014-07-15 09:50 - 2011-08-13 11:15 - 00000000 ___RD () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-15 09:50 - 2011-08-13 11:15 - 00000000 ___RD () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-15 09:28 - 2014-07-15 09:28 - 00000000 ____D () C:\Users\John\Desktop\mbam-chameleon-3.1.4.02014-07-15 09:26 - 2014-07-15 09:26 - 04872677 _____ () C:\Users\John\Desktop\mbam-chameleon-3.1.4.0.zip2014-07-15 09:22 - 2014-07-15 13:22 - 00013050 _____ () C:\Windows\PFRO.log2014-07-15 09:00 - 2014-07-15 13:44 - 00002208 _____ () C:\Users\John\Desktop\Rkill.txt2014-07-15 08:59 - 2014-07-15 08:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\rkill.exe2014-07-15 08:56 - 2014-07-15 08:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Desktop\mbam-setup-2.0.2.1012(1).exe2014-07-15 08:44 - 2014-07-15 13:25 - 00048515 _____ () C:\Windows\WindowsUpdate.log2014-07-15 08:42 - 2014-07-15 08:42 - 00282360 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-15 07:07 - 2014-07-15 07:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Desktop\mbam-setup-2.0.2.1012.exe2014-07-11 08:48 - 2014-07-11 08:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\iolo2014-07-11 08:48 - 2014-07-11 08:48 - 00000000 ____D () C:\ProgramData\iolo2014-07-11 08:48 - 2014-07-11 08:48 - 00000000 ____D () C:\dell2014-07-10 18:21 - 2014-07-10 18:21 - 00000000 ____D () C:\Program Files\Windows Kits2014-07-10 18:08 - 2014-07-10 18:21 - 00000000 ____D () C:\Users\John\Documents\AvastPEToolkit2014-07-10 12:20 - 2014-07-10 12:20 - 00000000 ____D () C:\Program Files\ToniArts2014-07-10 11:58 - 2014-07-10 11:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\SparkTrust2014-07-10 11:57 - 2014-07-10 12:05 - 00000000 ____D () C:\ProgramData\SparkTrust2014-07-10 11:17 - 2014-07-10 11:17 - 00000000 ____D () C:\Program Files\Enigma Software Group2014-07-09 20:19 - 2014-07-09 20:19 - 00000000 ____D () C:\ca12041aa2ab28e8fee2522014-07-09 19:00 - 2014-07-09 19:00 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dell2014-07-09 19:00 - 2014-07-09 19:00 - 00000000 ____D () C:\ProgramData\PCDr2014-07-09 18:59 - 2014-07-10 16:09 - 00000000 ____D () C:\Program Files\My Dell2014-07-09 18:58 - 2014-07-09 18:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\PCDr2014-07-09 17:44 - 2014-07-09 17:44 - 00006414 _____ () C:\ComboFix.txt2014-07-09 16:56 - 2014-07-09 17:44 - 00000000 ____D () C:\Qoobox2014-07-09 10:58 - 2014-07-15 13:46 - 00000000 ____D () C:\FRST2014-07-09 10:17 - 2014-07-09 10:17 - 00000000 ____D () C:\Program Files\ESET2014-07-09 09:03 - 2014-07-15 13:21 - 00000000 ____D () C:\AdwCleaner2014-07-08 22:03 - 2014-07-08 22:03 - 02949120 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl2014-07-08 14:09 - 2014-07-08 14:09 - 00000000 ____D () C:\Users\John\Documents\Avast2014-07-08 13:04 - 2014-07-11 15:07 - 00000000 ____D () C:\Windows\pss2014-06-23 06:47 - 2014-06-23 06:57 - 00000003 _____ () C:\Users\John\AppData\Local\proxy.log ==================== One Month Modified Files and Folders ======= 2014-07-15 13:46 - 2014-07-15 13:46 - 01077248 _____ (Farbar) C:\Users\John\Desktop\FRST.exe2014-07-15 13:46 - 2014-07-15 13:46 - 00025874 _____ () C:\Users\John\Desktop\FRST.txt2014-07-15 13:46 - 2014-07-09 10:58 - 00000000 ____D () C:\FRST2014-07-15 13:44 - 2014-07-15 09:00 - 00002208 _____ () C:\Users\John\Desktop\Rkill.txt2014-07-15 13:43 - 2014-07-15 12:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-15 13:42 - 2014-07-15 13:42 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\uSeRiNiT.exe2014-07-15 13:38 - 2014-07-15 13:38 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\WiNlOgOn.exe2014-07-15 13:28 - 2012-11-20 08:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-15 13:27 - 2006-11-02 05:33 - 00716194 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-15 13:25 - 2014-07-15 08:44 - 00048515 _____ () C:\Windows\WindowsUpdate.log2014-07-15 13:25 - 2014-06-03 14:19 - 00000270 _____ () C:\Windows\Tasks\pcreg.job2014-07-15 13:25 - 2011-08-09 18:42 - 00000944 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-07-15 13:24 - 2012-11-20 08:24 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-15 13:23 - 2014-02-17 20:19 - 00000370 _____ () C:\Windows\Tasks\RegInOut on user logon - John.job2014-07-15 13:22 - 2014-07-15 09:22 - 00013050 _____ () C:\Windows\PFRO.log2014-07-15 13:22 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-15 13:22 - 2006-11-02 07:47 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-07-15 13:22 - 2006-11-02 07:47 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-07-15 13:21 - 2014-07-09 09:03 - 00000000 ____D () C:\AdwCleaner2014-07-15 13:21 - 2006-11-02 08:01 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-07-15 13:18 - 2014-07-15 11:43 - 00013726 _____ () C:\Users\user1\Desktop\aswMBR.txt2014-07-15 13:18 - 2014-07-15 11:43 - 00000512 _____ () C:\Users\user1\Desktop\MBR.dat2014-07-15 12:56 - 2014-07-15 12:28 - 00024810 _____ () C:\Users\user1\Desktop\FRST.txt2014-07-15 12:42 - 2014-07-15 12:42 - 00000000 ____D () C:\Users\user1\AppData\Local\VirtualStore2014-07-15 12:25 - 2014-07-15 12:25 - 01077248 _____ (Farbar) C:\Users\user1\Desktop\FRST.exe2014-07-15 12:06 - 2014-07-15 12:06 - 00068224 _____ () C:\Users\user1\AppData\Local\GDIPFONTCACHEV1.DAT2014-07-15 12:05 - 2014-07-15 12:05 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-15 12:05 - 2014-07-15 12:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-07-15 11:33 - 2014-07-15 11:33 - 05185536 _____ (AVAST Software) C:\Users\user1\Desktop\aswmbr.exe2014-07-15 11:20 - 2014-07-15 11:20 - 01348263 _____ () C:\Users\user1\Desktop\adwcleaner_3.215.exe2014-07-15 11:13 - 2014-06-03 14:19 - 00000000 ____D () C:\Program Files\pcmax2014-07-15 11:13 - 2011-08-09 18:41 - 00000000 ____D () C:\Users\John2014-07-15 10:28 - 2014-07-15 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-15 10:27 - 2014-07-15 10:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user1\Desktop\mbam-setup-2.0.2.1012.exe2014-07-15 10:18 - 2014-07-15 09:53 - 00000944 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-07-15 10:08 - 2014-07-15 10:08 - 00000042 _____ () C:\Users\user1\Desktop\mbam-clean.txt2014-07-15 10:05 - 2014-07-15 10:05 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Macromedia2014-07-15 10:05 - 2014-07-15 10:05 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Adobe2014-07-15 09:53 - 2014-07-15 09:53 - 00000949 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-07-15 09:53 - 2014-07-15 09:53 - 00000915 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2014-07-15 09:53 - 2014-07-15 09:53 - 00000000 _____ () C:\Windows\setuperr.log2014-07-15 09:53 - 2014-07-15 09:53 - 00000000 _____ () C:\Windows\setupact.log2014-07-15 09:53 - 2014-07-15 09:50 - 00000000 ____D () C:\Users\user12014-07-15 09:50 - 2014-07-15 09:50 - 00000020 ___SH () C:\Users\user1\ntuser.ini2014-07-15 09:42 - 2011-08-09 18:42 - 00001356 _____ () C:\Users\John\AppData\Local\d3d9caps.dat2014-07-15 09:28 - 2014-07-15 09:28 - 00000000 ____D () C:\Users\John\Desktop\mbam-chameleon-3.1.4.02014-07-15 09:26 - 2014-07-15 09:26 - 04872677 _____ () C:\Users\John\Desktop\mbam-chameleon-3.1.4.0.zip2014-07-15 08:59 - 2014-07-15 08:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\rkill.exe2014-07-15 08:56 - 2014-07-15 08:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Desktop\mbam-setup-2.0.2.1012(1).exe2014-07-15 08:42 - 2014-07-15 08:42 - 00282360 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-15 08:33 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles2014-07-15 07:07 - 2014-07-15 07:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Desktop\mbam-setup-2.0.2.1012.exe2014-07-14 22:59 - 2011-11-01 06:46 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes2014-07-14 22:51 - 2014-01-01 15:36 - 00000000 ____D () C:\Users\John\AppData\Roaming\TS3Client2014-07-14 20:12 - 2011-08-10 08:14 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype2014-07-14 20:11 - 2014-06-03 14:19 - 00000354 _____ () C:\Windows\Tasks\At1.job2014-07-14 20:04 - 2012-08-23 08:05 - 00000000 ____D () C:\Program Files\CCleaner2014-07-14 10:04 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool2014-07-14 10:04 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc2014-07-14 10:04 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache2014-07-14 10:04 - 2006-11-02 05:22 - 38273024 _____ () C:\Windows\system32\config\components_previous2014-07-14 10:04 - 2006-11-02 05:22 - 28573696 _____ () C:\Windows\system32\config\software_previous2014-07-14 10:04 - 2006-11-02 05:22 - 24903680 _____ () C:\Windows\system32\config\system_previous2014-07-14 10:04 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous2014-07-14 10:04 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous2014-07-14 10:04 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default_previous2014-07-14 10:03 - 2013-08-17 14:35 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins2014-07-14 10:03 - 2012-09-10 15:08 - 00000000 ____D () C:\Users\John\Documents\misc2014-07-14 10:03 - 2012-01-26 19:55 - 00000000 ____D () C:\Users\John\AppData\Roaming\KompoZer2014-07-14 10:03 - 2011-08-12 13:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\5000 Series2014-07-14 10:03 - 2011-08-12 13:42 - 00000000 ____D () C:\ProgramData\Lx_cats2014-07-14 10:03 - 2011-08-10 07:18 - 00000000 ____D () C:\Program Files\AVAST Software2014-07-14 10:03 - 2011-08-09 19:01 - 00000000 ____D () C:\ProgramData\NVIDIA2014-07-14 10:03 - 2011-08-09 18:42 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-14 10:03 - 2011-08-09 18:42 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-14 10:03 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default2014-07-14 10:03 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration2014-07-14 08:29 - 2014-03-05 16:00 - 00000000 ____D () C:\Windows\system32\MRT2014-07-14 08:10 - 2011-08-10 07:18 - 00000000 ____D () C:\ProgramData\AVAST Software2014-07-14 07:12 - 2012-12-10 16:18 - 00000000 ____D () C:\Users\John\Desktop\screenshots2014-07-11 15:07 - 2014-07-08 13:04 - 00000000 ____D () C:\Windows\pss2014-07-11 15:04 - 2011-08-10 09:22 - 00000000 ____D () C:\Users\John\AppData\Local\Deployment2014-07-11 10:56 - 2011-09-04 14:06 - 00009130 _____ () C:\ProgramData\lxdm2014-07-11 08:48 - 2014-07-11 08:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\iolo2014-07-11 08:48 - 2014-07-11 08:48 - 00000000 ____D () C:\ProgramData\iolo2014-07-11 08:48 - 2014-07-11 08:48 - 00000000 ____D () C:\dell2014-07-10 18:21 - 2014-07-10 18:21 - 00000000 ____D () C:\Program Files\Windows Kits2014-07-10 18:21 - 2014-07-10 18:08 - 00000000 ____D () C:\Users\John\Documents\AvastPEToolkit2014-07-10 16:10 - 2014-06-04 15:59 - 00000000 ____D () C:\temp2014-07-10 16:09 - 2014-07-09 18:59 - 00000000 ____D () C:\Program Files\My Dell2014-07-10 12:20 - 2014-07-10 12:20 - 00000000 ____D () C:\Program Files\ToniArts2014-07-10 12:20 - 2011-08-17 07:21 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information2014-07-10 12:05 - 2014-07-10 11:57 - 00000000 ____D () C:\ProgramData\SparkTrust2014-07-10 11:58 - 2014-07-10 11:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\SparkTrust2014-07-10 11:17 - 2014-07-10 11:17 - 00000000 ____D () C:\Program Files\Enigma Software Group2014-07-09 20:19 - 2014-07-09 20:19 - 00000000 ____D () C:\ca12041aa2ab28e8fee2522014-07-09 19:00 - 2014-07-09 19:00 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dell2014-07-09 19:00 - 2014-07-09 19:00 - 00000000 ____D () C:\ProgramData\PCDr2014-07-09 18:58 - 2014-07-09 18:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\PCDr2014-07-09 17:44 - 2014-07-09 17:44 - 00006414 _____ () C:\ComboFix.txt2014-07-09 17:44 - 2014-07-09 16:56 - 00000000 ____D () C:\Qoobox2014-07-09 17:04 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public2014-07-09 10:17 - 2014-07-09 10:17 - 00000000 ____D () C:\Program Files\ESET2014-07-08 22:12 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET2014-07-08 22:03 - 2014-07-08 22:03 - 02949120 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl2014-07-08 14:14 - 2006-11-02 07:37 - 00000000 ____D () C:\Program Files\Windows Sidebar2014-07-08 14:09 - 2014-07-08 14:09 - 00000000 ____D () C:\Users\John\Documents\Avast2014-06-24 19:55 - 2014-01-01 15:35 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client2014-06-23 07:06 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\L2Schemas2014-06-23 06:57 - 2014-06-23 06:47 - 00000003 _____ () C:\Users\John\AppData\Local\proxy.log2014-06-15 18:16 - 2014-01-13 22:55 - 00000000 ____D () C:\Users\John\Documents\vggcaddypro-v5.0 Files to move or delete:====================C:\Users\John\.hemsFavorites.datC:\Users\John\battlelog-web-plugins_2.1.7_115.exeC:\Users\John\battlelog-web-plugins_2.3.0_119.exeC:\Users\John\battlelog-web-plugins_2.3.1_125.exeC:\Users\John\battlelog-web-plugins_2.3.2_129.exeC:\Users\John\battlelog-web-plugins_2.3.2_130.exeC:\Users\John\ccsetup411.exeC:\Users\John\install_flashplayer11x32_mssd_aaa_aih.exeC:\Users\John\mxsetup.exeC:\Users\John\Silverlight.exeC:\Users\John\SpeedMaxpc_installer.exeC:\Users\John\TeamSpeak3-Client-win32-3.0.13.1.exeC:\Users\John\TG_PCOptimizer.exeC:\Windows\Tasks\At1.job Some content of TEMP:====================C:\Users\user1\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows Boot Manager--------------------identifier {bootmgr}device partition=C:description Windows Boot Managerlocale en-USinherit {globalsettings}default {current}resumeobject {b7d9438c-c2f8-11e0-be3f-ad2c60df1caf}displayorder {current}toolsdisplayorder {memdiag}timeout 30 Windows Boot Loader-------------------identifier {current}device partition=C:path \Windows\system32\winload.exedescription Microsoft Windows Vistalocale en-USinherit {bootloadersettings}osdevice partition=C:systemroot \Windowsresumeobject {b7d9438c-c2f8-11e0-be3f-ad2c60df1caf}nx OptIn Resume from Hibernate---------------------identifier {b7d9438c-c2f8-11e0-be3f-ad2c60df1caf}device partition=C:path \Windows\system32\winresume.exedescription Windows Resume Applicationlocale en-USinherit {resumeloadersettings}filedevice partition=C:filepath \hiberfil.syspae Yesdebugoptionenabled No Windows Memory Tester---------------------identifier {memdiag}device partition=C:path \boot\memtest.exedescription Windows Memory Diagnosticlocale en-USinherit {globalsettings}badmemoryaccess Yes Windows Legacy OS Loader------------------------identifier {ntldr}device partition=C:path \ntldrdescription Earlier Version of Windows EMS Settings------------identifier {emssettings}bootems Yes Debugger Settings-----------------identifier {dbgsettings}debugtype Serialdebugport 1baudrate 115200 RAM Defects-----------identifier {badmemory} Global Settings---------------identifier {globalsettings}inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings--------------------identifier {bootloadersettings}inherit {globalsettings} Resume Loader Settings----------------------identifier {resumeloadersettings}inherit {globalsettings} LastRegBack: 2014-07-15 13:28 _____________________________________________________________________________ _____________________________________________________________________________ Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01Ran by John at 2014-07-15 13:46:53Running from C:\Users\John\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)CPUID CPU-Z 1.58 (HKLM\...\CPUID CPU-Z_is1) (Version: - )ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )ESN Sonar (HKLM\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)Google Update Helper (Version: 1.3.24.15 - Google Inc.) HiddenGreenshot (HKLM\...\Greenshot_is1) (Version: - )iWisoft Free Video Converter 1.2 (HKLM\...\iWisoft Free Video Converter_is1) (Version: 1.2 - www.easy-video-converter.com)Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenLexmark 5000 Series (HKLM\...\Lexmark 5000 Series) (Version: - Lexmark International, Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.3.2.1000 - Maxthon International Limited)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NVIDIA 3D Vision Controller Driver (Version: 280.19 - NVIDIA Corporation) HiddenNVIDIA 3D Vision Controller Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)NVIDIA Control Panel 296.10 (Version: 296.10 - NVIDIA Corporation) HiddenNVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9728 - NVIDIA Corporation)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)NVIDIA Graphics Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.10 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) HiddenNVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)NVIDIA Update 1.7.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.11 - NVIDIA Corporation)NVIDIA Update Components (Version: 1.7.11 - NVIDIA Corporation) HiddenPVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) HiddenRealtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )SdBoxTrades (HKLM\...\ST5UNST #1) (Version: - )Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)Yahoo! Detect (HKLM\...\YTdetect) (Version: - ) ==================== Restore Points ========================= 20-06-2014 14:09:19 Scheduled Checkpoint21-06-2014 15:12:16 Scheduled Checkpoint22-06-2014 13:58:03 Scheduled Checkpoint23-06-2014 13:40:16 Scheduled Checkpoint24-06-2014 16:50:26 Scheduled Checkpoint25-06-2014 14:03:11 Scheduled Checkpoint26-06-2014 14:00:56 Scheduled Checkpoint27-06-2014 16:25:02 Scheduled Checkpoint29-06-2014 03:19:04 Scheduled Checkpoint29-06-2014 21:19:28 Scheduled Checkpoint30-06-2014 17:59:15 Scheduled Checkpoint01-07-2014 16:53:26 Scheduled Checkpoint02-07-2014 15:01:12 Scheduled Checkpoint03-07-2014 14:58:37 Scheduled Checkpoint04-07-2014 16:08:30 Scheduled Checkpoint05-07-2014 05:00:01 Scheduled Checkpoint05-07-2014 20:38:34 Scheduled Checkpoint06-07-2014 16:22:49 Scheduled Checkpoint08-07-2014 19:10:54 avast! antivirus system restore point09-07-2014 03:03:44 Windows Update10-07-2014 12:59:51 avast! antivirus system restore point10-07-2014 16:17:23 Installed SpyHunter10-07-2014 16:46:29 Removed SpyHunter10-07-2014 17:20:41 Installed EasyCleaner11-07-2014 17:52:33 Scheduled Checkpoint12-07-2014 14:54:55 Scheduled Checkpoint13-07-2014 12:39:24 Scheduled Checkpoint14-07-2014 13:08:19 avast! antivirus system restore point14-07-2014 13:27:54 Windows Update ==================== Hosts content: ========================== 2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {171A66DF-16F1-4D2B-AF59-5B55CB7B70B0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {20D0029C-009B-486D-B843-4409E0152BBE} - System32\Tasks\At1 => c:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTIONTask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)Task: {5D83E39A-A176-49D3-A5AF-7BC1985C257F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-20] (Google Inc.)Task: {668F8EA6-2F0A-4D6E-9155-2293D257DE20} - System32\Tasks\ModemBooster_notification => C:\Program Files\inKline Global\Modem Booster\ModemBooster.exeTask: {7D56298A-06FE-4BEE-B59C-2E3F191DFE75} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {91610B38-9521-4E1F-A8B7-E2256D7E209E} - System32\Tasks\ModemBooster_Run => C:\Program Files\inKline Global\Modem Booster\ModemBooster.exeTask: {A4666641-8619-4557-A7AA-D259827C50A1} - System32\Tasks\ModemBooster_networkMonitor => C:\Program Files\inKline Global\Modem Booster\mbtray.exeTask: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntriesTask: {A99FEFEA-1D2B-4B11-8DBB-A7FECDB8D6A9} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTIONTask: {AC047D51-1040-4C2B-8ACE-7AADC2F1E931} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\mxup.exe [2014-06-03] (Maxthon International ltd.)Task: {D4C97088-63E6-4C11-B952-9D203E8E9517} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-08-09] ()Task: {F817DA77-2F42-4633-8088-6CFD018F2593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-20] (Google Inc.)Task: {FDE7986A-1324-4920-9891-4A231DF5FC5B} - System32\Tasks\RegInOut on user logon - John => C:\Program Files\RegInOut System Utilities\RegInOut.exeTask: C:\Windows\Tasks\At1.job => c:\Program Files\pcmax\service.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcmax\service.exe <==== ATTENTIONTask: C:\Windows\Tasks\RegInOut on user logon - John.job => C:\Program Files\RegInOut System Utilities\RegInOut.exe ==================== Loaded Modules (whitelisted) ============= 2011-08-12 13:35 - 2007-06-07 08:38 - 00045056 _____ () C:\Windows\System32\LXDMPMON.DLL2011-08-12 13:35 - 2007-04-09 17:59 - 00069632 _____ () C:\Windows\System32\LXDMOEM.DLL2011-08-12 13:35 - 2007-06-07 08:35 - 00032768 _____ () C:\Program Files\Lexmark 5000 Series\ipcmt.dll2011-08-12 13:39 - 2007-05-03 06:38 - 00113664 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdmdrpp.dll2014-05-21 05:22 - 2014-05-21 05:22 - 02135232 _____ () C:\Program Files\Comodo\Dragon\dragon_updater.exe2007-05-23 01:59 - 2007-05-23 01:59 - 00692224 _____ () C:\Windows\system32\lxdmdrs.dll2007-05-22 17:10 - 2007-05-22 17:10 - 00065536 _____ () C:\Windows\system32\lxdmcaps.dll2007-04-17 17:17 - 2007-04-17 17:17 - 00069632 _____ () C:\Windows\system32\lxdmcnv4.dll2014-04-07 10:48 - 2013-11-17 20:18 - 00258944 _____ () C:\Program Files\Maxthon\bin\Maxzlib.dll2014-04-07 10:48 - 2014-06-03 04:37 - 00247096 _____ () C:\Program Files\Maxthon\Addons\Mobile\MxMobile.dll2014-04-07 10:48 - 2013-11-17 20:18 - 00258944 _____ () C:\Program Files\Maxthon\Bin\maxzlib.dll2014-04-07 10:48 - 2013-11-21 01:37 - 00887064 _____ () C:\Program Files\Maxthon\Core\Webkit\libglesv2.dll2014-04-07 10:48 - 2013-11-21 01:37 - 00109336 _____ () C:\Program Files\Maxthon\Core\Webkit\libegl.dll2014-06-24 06:42 - 2014-06-03 04:37 - 04055504 _____ () C:\Program Files\Maxthon\Core\Webkit\pdf.dll2014-06-24 06:42 - 2014-06-03 04:37 - 16361136 _____ () C:\Program Files\Maxthon\Core\Webkit\Npplugins\NPSWF32_13_0_0_214.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/15/2014 01:44:22 PM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (07/15/2014 01:43:48 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x129c, application start time 0xmbam.exe0. Error: (07/15/2014 01:41:39 PM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (07/15/2014 01:41:29 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x240, application start time 0xmbam.exe0. Error: (07/15/2014 01:31:16 PM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (07/15/2014 00:55:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x7ac, application start time 0xmbam.exe0. Error: (07/15/2014 00:54:27 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (07/15/2014 00:37:25 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x414, application start time 0xmbam.exe0. Error: (07/15/2014 00:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x534, application start time 0xmbam.exe0. Error: (07/15/2014 00:23:03 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x268, application start time 0xmbam.exe0. System errors:=============Error: (07/15/2014 01:23:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: Null Error: (07/15/2014 01:23:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: pcmaxservice Service%%2 Error: (07/15/2014 01:23:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: lxdmCATSCustConnectService%%1053 Error: (07/15/2014 01:23:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: 30000lxdmCATSCustConnectService Error: (07/15/2014 01:23:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Error: (07/15/2014 01:22:22 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)Description: Provider\Microsoft.Base.Publication/Publication/Computer Error: (07/15/2014 01:22:13 PM) (Source: HTTP) (EventID: 15016) (User: )Description: \Device\Http\ReqQueueKerberos Error: (07/15/2014 01:11:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: Null Error: (07/15/2014 01:11:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: pcmaxservice Service%%2 Error: (07/15/2014 01:11:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: lxdmCATSCustConnectService%%1053 Microsoft Office Sessions:=========================Error: (07/15/2014 01:44:22 PM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (07/15/2014 01:43:48 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd129c01cfa05cb3e744e5 Error: (07/15/2014 01:41:39 PM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (07/15/2014 01:41:29 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd24001cfa059ec76f155 Error: (07/15/2014 01:31:16 PM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (07/15/2014 00:55:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7ac01cfa055dcb88567 Error: (07/15/2014 00:54:27 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (07/15/2014 00:37:25 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd41401cfa0536d1ede78 Error: (07/15/2014 00:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd53401cfa052ef989778 Error: (07/15/2014 00:23:03 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd26801cfa051395055d8 CodeIntegrity Errors:=================================== Date: 2014-07-15 13:46:48.259 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-15 13:46:48.192 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-15 13:46:48.117 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-15 13:46:48.052 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-15 13:46:37.062 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-15 13:46:36.996 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-15 13:46:36.929 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-15 13:46:36.862 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-15 13:46:36.762 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-15 13:46:36.695 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 33%Total physical RAM: 3581.57 MBAvailable physical RAM: 2386.84 MBTotal Pagefile: 7391.63 MBAvailable Pagefile: 6257.12 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1901.93 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.09 GB) (Free:227.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 298 GB) (Disk ID: 60000000)Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS) ==================== End Of Log ============================ I would appreciate any help you could offer
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.