Jump to content

Malwarebytes keeps closing on run--any ideas?


ROIGuy
 Share

Recommended Posts

Hello all,


 


I've just registered here and followed the instructions for new posters.


I began to suspect that my laptop may be infected with a virus/trojan/malware when I would periodically see the browser screen jump while browsing the internet.


Currently the only antivirus that I am using is from Microsoft (Security Essentials) but it never finds anything so I don't know if it is of much use.


 


I'm trying to use the free version of Malwarebytes and it keeps closing when I:


 


1. try to update automatically


2. try to update manually


3. try to run to do a full scan


 


Any suggestions?  I have downloaded and run DDS.SCR  based on the instructions from the page here .   I do have the dds and attach log files and have pasted them below.    If there is anyone who can readily see a problem with any infected files, please let me know.


I'm open to other suggestions.   I'd really like to see if Malwarebytes can find anything but I cannot use it as it keeps closing whenever I try to run it.


 


PS---- I went through and tried all 12 of the configurations on 'Chameleon' but it didn't work either.


Regards and thanks in advance,


 


DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.15.2

Run by Prime at 14:30:29 on 2013-09-12

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.1209 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\agrsmsvc.exe

C:\apache2triad\bin\httpd.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\HPSIsvc.exe

C:\apache2triad\mysql\bin\mysqld.exe

C:\apache2triad\bin\httpd.exe

C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe

C:\Toshiba\IVP\ISM\pinger.exe

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\apache2triad\mail\bin\XMail.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe

C:\Users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\apache2triad\bin\ApacheMonitor.exe

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

 

BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: &Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart

uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart

uRun: [HP Officejet 6700 (NET)] "c:\program files\hp\hp officejet 6700\bin\ScanToPCActivationApp.exe" -deviceID "CN2BS9SJ0P05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1

uRun: [DEA93BB65AB2469C8FA1BFF92906E324E7BAEC8E._service_run] "c:\users\prime\appdata\local\google\chrome\application\chrome.exe" --type=service

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE

mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe

mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [Talk] "c:\program files\nch software\talk\talk.exe" -logon

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

StartupFolder: c:\users\prime\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\apache2triad\bin\ApacheMonitor.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - <orphaned>

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

 

 

 

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{3B116DE3-149F-4E6A-ACDF-FCA09C67589E} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{76E1A31E-DFAA-408F-88E6-C39C4F8DD1FC} : DHCPNameServer = 68.28.146.92 68.28.154.92

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\prime\appdata\roaming\mozilla\firefox\profiles\hcsxmvrr.default\

FF - prefs.js: browser.search.selectedEngine - Google

 

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\prime\appdata\local\citrix\plugins\94\npappdetector.dll

FF - plugin: c:\users\prime\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\users\prime\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\prime\appdata\roaming\mozilla\firefox\profiles\hcsxmvrr.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - plugin: c:\windows\system32\NPSWF32.dll

FF - ExtSQL: !HIDDEN! 2010-02-03 08:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=120812_bandext_3212_1

FF - user.js: extensions.BabylonToolbar_i.babExt - 

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

 

FF - user.js: extensions.BabylonToolbar.id - 7c60cc900000000000000013e8104483

FF - user.js: extensions.BabylonToolbar.instlDay - 15565

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.621:59:21

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

user_pref(places.frecency.bookmarkVisitBonus,0);

user_pref(places.frecency.unvisitedBookmarkBonus,0);

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-5-8 913752]

R2 Apache2.2;Apache2.2;c:\apache2triad\bin\httpd.exe [2008-1-18 24635]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-2-27 21504]

R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-9 99896]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-8-15 47640]

R2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\xmail.exe [2008-3-7 339968]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-2-28 7168]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-9-12 77528]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-12 40776]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c985c8e5b5ef0;Google Update Service (gupdate1c985c8e5b5ef0);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]

S2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-6-24 136704]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S2 SlimFTPd;Apache2Triad SlimFTPd Server;c:\apache2triad\ftp\SlimFTPd.exe [2008-3-7 54272]

S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [2008-1-18 24635]

S3 FIWORYN;FIWORYN;c:\users\prime\appdata\local\temp\fiworyn.exe --> c:\users\prime\appdata\local\temp\FIWORYN.exe [?]

S3 FJRO;FJRO;c:\users\prime\appdata\local\temp\fjro.exe --> c:\users\prime\appdata\local\temp\FJRO.exe [?]

S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-9-7 17408]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 107392]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-9-6 13824]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-4-19 99200]

S3 NWVNDIS;Novatel Wireless Virtual Network Adapter;c:\windows\system32\drivers\NWVNdis.sys [2007-4-19 225280]

S3 OPIKF;OPIKF;c:\users\prime\appdata\local\temp\opikf.exe --> c:\users\prime\appdata\local\temp\OPIKF.exe [?]

S3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [2008-3-7 75207]

S3 SSELOJYCHTJI;SSELOJYCHTJI;c:\users\prime\appdata\local\temp\sselojychtji.exe --> c:\users\prime\appdata\local\temp\SSELOJYCHTJI.exe [?]

S3 SUHVAER;SUHVAER;c:\users\prime\appdata\local\temp\suhvaer.exe --> c:\users\prime\appdata\local\temp\SUHVAER.exe [?]

S3 TBGWJOQ;TBGWJOQ;c:\users\prime\appdata\local\temp\tbgwjoq.exe --> c:\users\prime\appdata\local\temp\TBGWJOQ.exe [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]

S4 OUX;OUX;c:\users\prime\appdata\local\temp\oux.exe --> c:\users\prime\appdata\local\temp\OUX.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

S4 ZEKCIAPSH;ZEKCIAPSH;c:\users\prime\appdata\local\temp\zekciapsh.exe --> c:\users\prime\appdata\local\temp\ZEKCIAPSH.exe [?]

.

=============== File Associations ===============

.

ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"

ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"

ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"

.

=============== Created Last 30 ================

.

2013-09-12 17:51:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-09-12 17:36:28 77528 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-09-12 15:47:15 -------- d-----w- C:\$RECYCLE.BIN

2013-09-12 15:44:23 -------- d-----w- c:\users\prime\appdata\local\temp

2013-09-11 20:24:17 -------- d-----w- c:\programdata\Malwarebytes

2013-09-11 20:24:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-09-11 05:49:28 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eae643f8-9761-4dcf-a735-b936ce1c806c}\mpengine.dll

2013-09-10 13:18:29 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-09-09 20:02:56 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-09-06 13:29:37 718712 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{89c7c82e-9f00-4e5e-8332-1f1bb601defa}\gapaengine.dll

2013-08-14 22:03:59 104448 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll

2013-08-14 22:03:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll

2013-08-14 22:03:58 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll

2013-08-14 22:03:54 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-08-14 21:57:20 783360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-14 21:57:14 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-14 21:56:58 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-14 21:56:58 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2013-08-14 21:56:38 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-14 21:56:38 15872 ----a-w- c:\windows\system32\icaapi.dll

2013-08-14 21:56:33 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-14 21:56:32 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-14 21:56:32 1205168 ----a-w- c:\windows\system32\ntdll.dll

2013-08-14 21:53:35 992768 ----a-w- c:\windows\system32\crypt32.dll

2013-08-14 21:53:35 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-14 21:53:34 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-14 21:53:34 172544 ----a-w- c:\windows\system32\wintrust.dll

.

==================== Find3M  ====================

.

2013-09-11 13:50:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-11 13:50:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-06-19 02:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-19 02:50:08 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

============= FINISH: 14:32:24.06 ===============

 


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium 

Boot Device: \Device\HarddiskVolume2

Install Date: 3/3/2008 11:07:53 AM

System Uptime: 9/12/2013 10:45:42 AM (4 hours ago)

.

Motherboard: Intel Corporation |  | CAPELL VALLEY(NAPA) CRB

Processor: Intel® Core2 CPU         T5300  @ 1.73GHz | U2E1 | 800/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 185 GiB total, 55.292 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0011

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\*ISATAP\0011

Service: tunnel

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Chicony USB 2.0 Camera

Device ID: USB\VID_04F2&PID_B008&MI_00\6&298DA7B3&0&0000

Manufacturer: Chicony

Name: Chicony USB 2.0 Camera

PNP Device ID: USB\VID_04F2&PID_B008&MI_00\6&298DA7B3&0&0000

Service: usbvideo

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro L7700

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet Pro L7700

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 7400 series

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Officejet 7400 series

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: hp LaserJet 1320 series

Device ID: ROOT\MULTIFUNCTION\0002

Manufacturer: Hewlett-Packard

Name: hp LaserJet 1320 series

PNP Device ID: ROOT\MULTIFUNCTION\0002

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet P2035n

Device ID: ROOT\MULTIFUNCTION\0003

Manufacturer: Hewlett-Packard

Name: HP LaserJet P2035n

PNP Device ID: ROOT\MULTIFUNCTION\0003

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: DesignJet 800 (C7779B)

Device ID: ROOT\MULTIFUNCTION\0004

Manufacturer: Hewlett-Packard

Name: DesignJet 800 (C7779B)

PNP Device ID: ROOT\MULTIFUNCTION\0004

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C7200 series

Device ID: ROOT\MULTIFUNCTION\0005

Manufacturer: HP

Name: Photosmart C7200 series

PNP Device ID: ROOT\MULTIFUNCTION\0005

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8000 A809

Device ID: ROOT\MULTIFUNCTION\0006

Manufacturer: HP

Name: Officejet Pro 8000 A809

PNP Device ID: ROOT\MULTIFUNCTION\0006

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A909a

Device ID: ROOT\MULTIFUNCTION\0007

Manufacturer: HP

Name: Officejet Pro 8500 A909a

PNP Device ID: ROOT\MULTIFUNCTION\0007

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet P2015 Series

Device ID: ROOT\MULTIFUNCTION\0008

Manufacturer: Hewlett-Packard

Name: HP LaserJet P2015 Series

PNP Device ID: ROOT\MULTIFUNCTION\0008

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: hp LaserJet 4250

Device ID: ROOT\MULTIFUNCTION\0009

Manufacturer: Hewlett-Packard

Name: hp LaserJet 4250

PNP Device ID: ROOT\MULTIFUNCTION\0009

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet Professional P1102w

Device ID: ROOT\MULTIFUNCTION\0010

Manufacturer: Hewlett-Packard

Name: HP LaserJet Professional P1102w

PNP Device ID: ROOT\MULTIFUNCTION\0010

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet Professional P1102w

Device ID: ROOT\MULTIFUNCTION\0011

Manufacturer: Hewlett-Packard

Name: HP LaserJet Professional P1102w

PNP Device ID: ROOT\MULTIFUNCTION\0011

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A910

Device ID: ROOT\MULTIFUNCTION\0012

Manufacturer: HP

Name: Officejet Pro 8500 A910

PNP Device ID: ROOT\MULTIFUNCTION\0012

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet M2727nf MFP

Device ID: ROOT\MULTIFUNCTION\0013

Manufacturer: Hewlett-Packard

Name: HP LaserJet M2727nf MFP

PNP Device ID: ROOT\MULTIFUNCTION\0013

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP Color LaserJet CP3525

Device ID: ROOT\MULTIFUNCTION\0014

Manufacturer: Hewlett-Packard

Name: HP Color LaserJet CP3525

PNP Device ID: ROOT\MULTIFUNCTION\0014

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: hp LaserJet 4350

Device ID: ROOT\MULTIFUNCTION\0015

Manufacturer: Hewlett-Packard

Name: hp LaserJet 4350

PNP Device ID: ROOT\MULTIFUNCTION\0015

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A909g

Device ID: ROOT\MULTIFUNCTION\0016

Manufacturer: HP

Name: Officejet Pro 8500 A909g

PNP Device ID: ROOT\MULTIFUNCTION\0016

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 6700

Device ID: ROOT\MULTIFUNCTION\0017

Manufacturer: HP

Name: Officejet 6700

PNP Device ID: ROOT\MULTIFUNCTION\0017

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart 6510 series

Device ID: ROOT\MULTIFUNCTION\0018

Manufacturer: HP

Name: Photosmart 6510 series

PNP Device ID: ROOT\MULTIFUNCTION\0018

Service: 

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A910

Device ID: ROOT\MULTIFUNCTION\0019

Manufacturer: HP

Name: Officejet Pro 8500 A910

PNP Device ID: ROOT\MULTIFUNCTION\0019

Service: 

.

==== System Restore Points ===================

.

RP1213: 8/15/2013 9:50:38 AM - Scheduled Checkpoint

RP1214: 8/16/2013 12:01:03 AM - Scheduled Checkpoint

RP1215: 8/17/2013 12:11:50 AM - Scheduled Checkpoint

RP1216: 8/18/2013 11:33:24 PM - Windows Update

RP1217: 8/21/2013 4:49:53 PM - Scheduled Checkpoint

RP1218: 8/22/2013 10:16:13 PM - Windows Update

RP1219: 8/26/2013 9:26:50 AM - Windows Update

RP1220: 8/27/2013 3:43:22 PM - Scheduled Checkpoint

RP1221: 8/29/2013 10:01:03 PM - Windows Update

RP1222: 8/30/2013 3:17:32 PM - Scheduled Checkpoint

RP1223: 8/31/2013 11:49:39 AM - Scheduled Checkpoint

RP1224: 9/1/2013 12:00:12 AM - Scheduled Checkpoint

RP1225: 9/2/2013 10:48:43 AM - Windows Update

RP1226: 9/6/2013 8:19:23 AM - Windows Update

RP1227: 9/9/2013 3:03:03 PM - Windows Update

RP1228: 9/11/2013 6:58:08 PM - Scheduled Checkpoint

RP1229: 9/12/2013 11:42:49 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

7-Zip 4.57

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Add or Remove Adobe Creative Suite 3 Master Collection

Adobe Acrobat 8 Professional

Adobe After Effects CS3

Adobe After Effects CS3 Presets

Adobe After Effects CS3 Third Party Content

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Contribute CS3

Adobe Creative Suite 3 Master Collection

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe Encore CS3

Adobe Encore CS3 Codecs

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Fireworks CS3

Adobe Flash CS3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Premiere Pro CS3

Adobe Premiere Pro CS3 Functional Content

Adobe Premiere Pro CS3 Third Party Content

Adobe Reader X (10.1.6)

Adobe Setup

Adobe Shockwave Player 11

Adobe SING CS3

Adobe Soundbooth CS3

Adobe Soundbooth CS3 Codecs

Adobe Stock Photos CS3

Adobe Type Manager 4.1

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Version Cue CS3 Server

Adobe Video Profiles

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

Advanced PDF Password Recovery

Advanced SystemCare 5

AHV content for Acrobat and Flash

AnyDVD

Apache HTTP Server 2.2.8

Apache2Triad: apache server bundle

Apple Application Support

Apple Software Update

AT&T Connect Participant Application v8.8.53

AT&T Self Support Tool

Audacity 1.3.12 (Unicode)

Avanquest update

avast! BART CD Manager

AviSynth 2.5

Bejeweled 2 Deluxe

Blackhawk Striker 2

Blasterball 3

Bluetooth Stack for Windows by Toshiba

BPD_HPSU

BPD_Scan

BPDSoftware

BPDSoftware_Ini

BufferChm

Camera Assistant Software for Toshiba

CCleaner

CD/DVD Drive Acoustic Silencer

Chat Dashboard

Chuzzle Deluxe

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

CoffeeCup Flash Menu Builder

CoffeeCup Web Form Builder - Registered

Compatibility Pack for the 2007 Office system

CustomerResearchQFolder

CutePDF Writer 2.8

D3DX10

D6100_D7100_D7300_Help

D7300

Destination Component

DeviceDiscovery

DivX Setup

DivX Web Player

DocProc

DocProcQFolder

Dropbox

DVD MovieFactory for TOSHIBA

DVD Shrink 3.2

eSupportQFolder

Express Talk

FATE

Fax

FileZilla Client 3.1.1.1

Flashation Menu Builder

FLVPlayer

Garmin Communicator Plugin

Garmin USB Drivers

Garmin WebUpdater

GnuWin32: OpenSSL-0.9.8h-1

Google AdWords Editor

Google Calendar Sync

Google Chrome

Google Drive

Google Earth Plug-in

Google Gears

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.5.0.1132

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 8.0

HP Deskjet & Photosmart Printer Driver Software 8.0.A

HP Imaging Device Functions 8.0

HP LaserJet P2030 Series

HP LaserJet Professional P1100-P1560-P1600 Series

HP OCR Software 8.0

HP Officejet 6700 Basic Device Software

HP Officejet 6700 Help

HP Officejet 6700 Product Improvement Study

HP Officejet Pro 8500 A910 Basic Device Software

HP Officejet Pro 8500 A910 Help

HP Officejet Pro 8500 A910 Product Improvement Study

HP Officejet Pro All-In-One Series

HP Photosmart Essential

HP Product Assistant

HP Solution Center 8.0

HP Update

HP_Network_UserGuide

hppLaserJetService

hppP1100P1560P1600SeriesLaserJetService

HPProductAssistant

hppusgP1100P1560P1600Series

hppusgP2030

HPSSupply

I.R.I.S. OCR

ImgBurn

InFlac 1.1.1

Intel® Graphics Media Accelerator Driver

Internet Offers

Java 7 Update 15

Java Auto Updater

Java 6 Update 27

Java SE Development Kit 7

JEOPARDY

Magic ISO Maker v5.5 (build 0272)

MagicDisc 2.7.105

magicJack

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Marvell Miniport Driver

MediaCoder 0.6.1

Memoryze

Mesh Runtime

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Money Essentials

Microsoft Money Shared Libraries

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office File Validation Add-In

Microsoft Office Live Meeting 2007

Microsoft Office Outlook Connector

Microsoft Office Professional Edition 2003

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Backward compatibility

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Native Client

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft XML Parser

Mobilink

Motorola Driver Installation 3.7.0

Motorola Phone Tools

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service

MPM

MrvlUsgTracking

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network

Notepad App

Ogg Codecs 0.81.15562

Oregon Trail® 5

PC Inspector File Recovery

PDF Settings

Penguins!

Polar Bowler

Polar Golfer

PremiumSoft Navicat MySQL 7.2

QuickBooks Remote Access

QuickTime

Realtek High Definition Audio Driver

Scan

SCRABBLE

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2845142)

Segoe UI

SF_CDA_ProductContext

SF_CDA_Software

Skype Toolbars

Skype™ 5.10

SlpCatalogues

SolutionCenter

Sothink SWF Decompiler

Sothink SWF Quicker

Sprint Mobile Broadband (Novatel Wireless)

Status

SUPERAntiSpyware

SWFKit 3.1

Synaptics Pointing Device Driver

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

Toolbox

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Hardware Setup

TOSHIBA Media Center Game Console

Toshiba Registration

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TrayApp

Trivial Pursuit Digital Choice v1.2.5 for Windows XP/Vista

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC 9.0 Runtime

VC80CRTRedist - 8.0.50727.6195

VirtualCloneDrive

Vista Codec Package

Visual Studio Tools for the Office system 3.0 Runtime

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)

VRE Toolbar

Web Dumper 2.4.1

WebReg

Winamp

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

WinDVD for TOSHIBA

Yahoo! Music Jukebox

ZoneAlarm LTD Toolbar

.

==== Event Viewer Messages From Past Week ========

.

9/7/2013 11:17:26 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

9/5/2013 9:47:26 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD ctxusbm DfsC ElbyCDIO MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL SCDEmu Smb spldr tdx Wanarpv6 ws2ifsl

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:  A device attached to the system is not functioning.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.

9/5/2013 9:47:12 AM, Error: Service Control Manager [7001]  - The Apache2.2 service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.

9/5/2013 9:46:44 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/5/2013 9:46:44 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/12/2013 8:49:16 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.1649.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

9/12/2013 8:39:23 AM, Error: Service Control Manager [7024]  - The Apache2.2 service terminated with service-specific error 1 (0x1).

9/12/2013 8:24:44 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.1649.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

9/12/2013 2:32:25 PM, Error: mbamchameleon [61703]  - 

9/12/2013 12:48:11 PM, Error: Service Control Manager [7034]  - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly.  It has done this 1 time(s).

9/12/2013 10:59:00 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.1649.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

9/12/2013 10:53:44 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.

9/12/2013 10:48:07 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SCDEmu

9/12/2013 10:48:06 AM, Error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.

9/12/2013 10:47:49 AM, Error: Service Control Manager [7038]  - The SlimFTPd service was unable to log on as .\apache2triad with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

9/12/2013 10:47:49 AM, Error: Service Control Manager [7024]  - The Apache2Triad Apache2 Service service terminated with service-specific error 1 (0x1).

9/12/2013 10:47:49 AM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

9/12/2013 10:47:49 AM, Error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.

9/12/2013 10:47:49 AM, Error: Service Control Manager [7000]  - The avast! iAVS4 Control Service service failed to start due to the following error:  The system cannot find the path specified.

9/12/2013 10:47:49 AM, Error: Service Control Manager [7000]  - The Apache2Triad SlimFTPd Server service failed to start due to the following error:  The service did not start due to a logon failure.

9/12/2013 10:44:56 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

9/12/2013 10:32:51 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.1649.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 

9/12/2013 10:32:51 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

9/12/2013 10:28:54 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

9/12/2013 10:22:55 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ctxusbm ElbyCDIO MpFilter SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6

9/12/2013 10:22:55 AM, Error: Service Control Manager [7001]  - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.

9/12/2013 10:22:55 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.

9/12/2013 10:22:55 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.

9/12/2013 10:22:12 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

9/12/2013 10:22:08 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/12/2013 10:21:59 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/12/2013 10:21:45 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048]  - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

9/12/2013 10:21:45 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

9/12/2013 10:17:51 AM, Error: Service Control Manager [7000]  - The NEWDRIVER service failed to start due to the following error:  The system cannot find the file specified.

9/12/2013 10:16:33 AM, Error: EventLog [6008]  - The previous system shutdown at 10:13:52 AM on 9/12/2013 was unexpected.

9/11/2013 8:49:24 AM, Error: Application Popup [56]  - Driver USB returned invalid ID for a child device (SN0001).

9/10/2013 10:33:42 PM, Error: yukonwlh [101]  - Driver has encountered an internal error

.

==== End Of File ===========================

 


 

 


Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

MrCharlie,

Thank you for helping me out and sorry about the double post.

 

Here are the results of the RogueKiller scan:

 

RogueKiller V8.6.11 [sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Prime [Admin rights]
Mode : Scan -- Date : 09/12/2013 15:34:26
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job : C:\Users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.job : C:\Users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core : C:\Users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA : C:\Users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[iRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x887AB140)
[Address] IRP[iRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x887AB140)
[Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x88799A5A)
[Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x88799A2C)
[Address] IRP[iRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x88799A88)
[Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x887A6B70)
[Address] IRP[iRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x887A6B3C)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: TOSHIBA MK2035GSS ATA Device +++++
--- User ---
[MBR] f5d642222efc67075ab9bdd584fcbb72
[bSP] cd56eac472e5bfd04cf8dadeb20be8b5 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 189281 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_09122013_153426.txt >>
Link to post
Share on other sites

Lets run some scans:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

You can run this in safe mode if needed:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

The Addition.txt file results are attached as requested.

Here are the results of the FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2013
Ran by Prime (administrator) on PRIME-PC on 12-09-2013 16:40:47
Running from C:\Users\Prime\Desktop\Downloads\fubar
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Apache Software Foundation) C:\apache2triad\bin\httpd.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(HP) C:\Windows\system32\HPSIsvc.exe
() C:\apache2triad\mysql\bin\mysqld.exe
(Apache Software Foundation) C:\apache2triad\bin\httpd.exe
(Sprint Spectrum, L.L.C) C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
() C:\Toshiba\IVP\ISM\pinger.exe
() c:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\apache2triad\mail\bin\XMail.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Apache Software Foundation) C:\apache2triad\bin\ApacheMonitor.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Google Inc.) C:\Users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [405504 2007-02-13] (Chicony)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4374528 2007-02-06] (Realtek Semiconductor)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411768 2006-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe_ID0EYTHM] - C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [HPUsageTracking] - C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2008-02-11] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [HPUsageTrackingLEDM] - C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM\...\Run: [Talk] - C:\Program Files\NCH Software\Talk\talk.exe [1420292 2012-12-14] (NCH Software)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-24] (Google Inc.)
HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe [574296 2012-03-06] (IObit)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKCU\...\Run: [DEA93BB65AB2469C8FA1BFF92906E324E7BAEC8E._service_run] - C:\Users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5703920 2013-08-30] (SUPERAntiSpyware)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\apache2triad\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\apache2triad\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-10] (TOSHIBA)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-10] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-10] (TOSHIBA)
Startup: C:\Users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7F39B232DE04CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {469BC50C-B69A-478B-BA0B-385A950CABD1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp&p={searchTerms}
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM - &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {4064EA35-578D-4073-A834-C96D82CBCF40} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default
FF user.js: detected! => C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\user.js
FF SearchEngineOrder.1: Search the web (Babylon)
FF SelectedSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @soe.sony.com/installer,version=1.0.3 - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Prime\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Prime\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Prime\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Prime\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\searchplugins\alexa.xml
FF SearchPlugin: C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\searchplugins\live-search.xml
FF SearchPlugin: C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\searchplugins\mycroft-project.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Visualisateur 3D de 20-20 - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\2020Player_IKEA@2020Technologies.com
FF Extension: Firebug - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\firebug@software.joehewitt(112).com
FF Extension: HTTPS-Everywhere - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\https-everywhere@eff.org
FF Extension: IE Tab Plus - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\ietab@ip.cn
FF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\kgen@elitwork.com
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\LogMeInClient@logmein.com
FF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\seo4firefox@seobook(113).com
FF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\seotoolbar@seobook(114).com
FF Extension: TinEye Reverse Image Search - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\tineye@ideeinc(115).com
FF Extension:     <em:name>SOE Web Installer - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF Extension: FlashGot - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(116)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: seolinkanalysis - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{2c7bf5d2-2002-4912-95b2-7c2ee8a9ce7c}
FF Extension: SeoQuake - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}(117)
FF Extension: IE Tab - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(118)
FF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}(119)
FF Extension: DownloadHelper - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Cookies Manager+ - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF Extension: Window Resizer - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{C1273352-9340-4d54-A6D7-17DC157EC0B9}
FF Extension: Page Speed - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}(120)
FF Extension: Page Speed - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}(73)
FF Extension: alertcheck - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\alertcheck@mike.conley.xpi
FF Extension: jid1-ZAdIEUB7XOzOJw - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
FF Extension: rankchecker - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\rankchecker@seobook.com.xpi
FF Extension: savedpasswordeditor - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\savedpasswordeditor@daniel.dawson.xpi
FF Extension: seo4firefox - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\seo4firefox@seobook.com.xpi
FF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\sfStatistics.xml
FF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{f1ac39e3-5cd4-4b04-902f-e1add0245a11}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files\Google\Google Gears\Firefox\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Prime\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Prime\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Prime\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Prime\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.94) - C:\Users\Prime\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Update) - C:\Users\Prime\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (SOE Web Installer) - C:\Users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Prime\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Prime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Prime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_1
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)
S2 Apache2; C:\apache2triad\bin\httpd.exe [24635 2008-01-18] (Apache Software Foundation)
R2 Apache2.2; C:\apache2triad\bin\httpd.exe [24635 2008-01-18] (Apache Software Foundation)
S3 Apache2SSL; C:\apache2triad\bin\httpd.exe [24635 2008-01-18] (Apache Software Foundation)
S4 ATMsrvc; C:\Windows\System32\ATMsrvc.exe [15360 2000-05-24] (Adobe Systems Incorporated)
S2 gupdate1c985c8e5b5ef0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R2 MySql; C:\apache2triad\mysql\bin\mysqld.exe [3960832 2008-03-07] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 OSCM Utility Service; C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe [155648 2007-12-12] (Sprint Spectrum, L.L.C)
S3 PgSql; C:\apache2triad\pgsql\bin\pg_ctl.exe [75207 2008-03-07] (PostgreSQL Global Development Group)
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
S2 SlimFTPd; C:\apache2triad\ftp\SlimFTPd.exe [54272 2008-03-07] ()
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
R2 XMail; C:\apache2triad\mail\bin\XMail.exe [339968 2008-03-07] ()
S2 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [x]
S3 FIWORYN; C:\Users\Prime\AppData\Local\Temp\FIWORYN.exe [x]
S3 FJRO; C:\Users\Prime\AppData\Local\Temp\FJRO.exe [x]
S3 OPIKF; C:\Users\Prime\AppData\Local\Temp\OPIKF.exe [x]
S4 OUX; C:\Users\Prime\AppData\Local\Temp\OUX.exe [x]
S3 SSELOJYCHTJI; C:\Users\Prime\AppData\Local\Temp\SSELOJYCHTJI.exe [x]
S3 SUHVAER; C:\Users\Prime\AppData\Local\Temp\SUHVAER.exe [x]
S3 TBGWJOQ; C:\Users\Prime\AppData\Local\Temp\TBGWJOQ.exe [x]
S4 ZEKCIAPSH; C:\Users\Prime\AppData\Local\Temp\ZEKCIAPSH.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-19] (Microsoft Corporation)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121248 2012-08-26] (SlySoft, Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R2 LMIRfsDriver; C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2008-07-24] (LogMeIn, Inc.)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [77528 2013-09-12] (MalwareBytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-09-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [19712 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [18304 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 NWUSBCDFIL; C:\Windows\System32\DRIVERS\NwUsbCdFil.sys [13824 2007-09-06] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [99200 2007-04-19] (Novatel Wireless Inc.)
S3 NWVNDIS; C:\Windows\System32\DRIVERS\NWVNdis.sys [225280 2007-04-19] (Novatel Wireless, Inc.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2007-04-19] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 UVCFTR; C:\Windows\System32\DRIVERS\UVCFTR_S.SYS [17712 2007-01-26] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [x]
S1 SCDEmu; No ImagePath
S3 Tosrfcom; No ImagePath
S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-12 16:40 - 2013-09-12 16:40 - 00000000 ____D C:\FRST
2013-09-12 16:01 - 2013-09-12 16:01 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Prime\yy\mbar-1.07.0.1005.exe
2013-09-12 15:34 - 2013-09-12 15:34 - 00003421 _____ C:\Users\Prime\yy\RKreport[0]_S_09122013_153426.txt
2013-09-12 15:26 - 2013-09-12 15:26 - 00918016 _____ C:\Users\Prime\yy\RogueKiller (1).exe
2013-09-12 12:51 - 2013-09-12 12:52 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-12 12:36 - 2013-09-12 16:01 - 00000000 ____D C:\Users\Prime\yy\mbar
2013-09-12 12:36 - 2013-09-12 12:36 - 00077528 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-09-12 11:02 - 2013-09-12 11:02 - 00025919 _____ C:\ComboFix.txt
2013-09-12 10:28 - 2013-09-12 11:03 - 00000000 ____D C:\Qoobox
2013-09-12 10:16 - 2013-09-12 10:16 - 00142880 _____ C:\Windows\Minidump\Mini091213-01.dmp
2013-09-11 16:42 - 2013-09-12 15:19 - 00000000 ____D C:\Users\Prime\yy\RK_Quarantine
2013-09-11 15:38 - 2013-09-11 15:38 - 00000000 _____ C:\Users\Prime\yy\settings.dat
2013-09-11 15:37 - 2009-08-13 11:14 - 00472064 _____ ( ) C:\Users\Prime\yy\RootRepeal.exe
2013-09-11 15:24 - 2013-09-11 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 15:24 - 2013-09-11 15:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 15:02 - 2013-08-01 23:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-28 14:21 - 2013-08-28 14:21 - 00142880 _____ C:\Windows\Minidump\Mini082813-01.dmp
2013-08-24 20:45 - 2013-08-24 20:46 - 00142880 _____ C:\Windows\Minidump\Mini082413-01.dmp
2013-08-14 17:04 - 2013-07-24 21:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 17:04 - 2013-07-24 21:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 17:04 - 2013-07-24 21:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 17:04 - 2013-07-24 21:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 17:04 - 2013-07-24 21:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 17:04 - 2013-07-24 21:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 17:04 - 2013-07-24 21:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-14 17:04 - 2013-07-24 21:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-14 17:04 - 2013-07-24 21:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 17:04 - 2013-07-24 21:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 17:04 - 2013-07-24 21:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 17:03 - 2013-07-24 21:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 17:03 - 2013-07-24 21:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 17:03 - 2013-07-24 21:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 17:03 - 2013-07-24 21:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-14 17:03 - 2013-07-24 21:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 16:57 - 2013-07-17 14:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 16:57 - 2013-07-10 04:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 16:56 - 2013-07-09 07:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 16:56 - 2013-07-07 23:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 16:56 - 2013-07-07 23:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 16:56 - 2013-07-04 22:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 16:56 - 2013-07-04 20:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-08-14 16:56 - 2013-06-15 08:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 16:56 - 2013-06-15 06:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 16:53 - 2013-07-07 23:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 16:53 - 2013-07-07 23:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 16:53 - 2013-07-07 23:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 16:53 - 2013-07-07 23:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 16:30 - 2013-08-14 16:31 - 00142880 _____ C:\Windows\Minidump\Mini081413-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2013-09-12 16:40 - 2013-09-12 16:40 - 00000000 ____D C:\FRST
2013-09-12 16:39 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 16:39 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 16:37 - 2008-03-03 12:08 - 01314527 _____ C:\Windows\WindowsUpdate.log
2013-09-12 16:01 - 2013-09-12 16:01 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Prime\yy\mbar-1.07.0.1005.exe
2013-09-12 16:01 - 2013-09-12 12:36 - 00000000 ____D C:\Users\Prime\yy\mbar
2013-09-12 16:01 - 2008-03-03 10:51 - 00000000 ___RD C:\Users\Prime\yy
2013-09-12 15:34 - 2013-09-12 15:34 - 00003421 _____ C:\Users\Prime\yy\RKreport[0]_S_09122013_153426.txt
2013-09-12 15:26 - 2013-09-12 15:26 - 00918016 _____ C:\Users\Prime\yy\RogueKiller (1).exe
2013-09-12 15:19 - 2013-09-11 16:42 - 00000000 ____D C:\Users\Prime\yy\RK_Quarantine
2013-09-12 15:11 - 2012-04-25 11:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 14:49 - 2009-06-30 08:49 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job
2013-09-12 14:49 - 2009-06-30 08:49 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.job
2013-09-12 14:47 - 2009-06-29 22:36 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-12 14:41 - 2009-06-29 22:36 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-12 14:39 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-12 14:37 - 2006-11-02 08:01 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-12 13:50 - 2011-09-28 22:24 - 00000000 ____D C:\Users\Prime\Documents\Alvaro Cub Scouts
2013-09-12 12:52 - 2013-09-12 12:51 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-12 12:36 - 2013-09-12 12:36 - 00077528 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-09-12 11:03 - 2013-09-12 10:28 - 00000000 ____D C:\Qoobox
2013-09-12 11:02 - 2013-09-12 11:02 - 00025919 _____ C:\ComboFix.txt
2013-09-12 10:47 - 2006-11-02 05:23 - 00000215 _____ C:\Windows\system.ini
2013-09-12 10:46 - 2013-07-16 13:44 - 00008432 _____ C:\Windows\PFRO.log
2013-09-12 10:45 - 2006-11-02 05:22 - 65273856 _____ C:\Windows\system32\config\software.bak
2013-09-12 10:45 - 2006-11-02 05:22 - 35328000 _____ C:\Windows\system32\config\COMPON~3.bak
2013-09-12 10:45 - 2006-11-02 05:22 - 33816576 _____ C:\Windows\system32\config\system.bak
2013-09-12 10:45 - 2006-11-02 05:22 - 00376832 _____ C:\Windows\system32\config\default.bak
2013-09-12 10:45 - 2006-11-02 05:22 - 00061440 _____ C:\Windows\system32\config\sam.bak
2013-09-12 10:45 - 2006-11-02 05:22 - 00036864 _____ C:\Windows\system32\config\security.bak
2013-09-12 10:44 - 2012-05-02 13:36 - 00000000 ____D C:\Windows\ERDNT
2013-09-12 10:16 - 2013-09-12 10:16 - 00142880 _____ C:\Windows\Minidump\Mini091213-01.dmp
2013-09-12 10:16 - 2013-07-21 12:10 - 253417238 _____ C:\Windows\MEMORY.DMP
2013-09-12 10:16 - 2008-03-18 17:32 - 00000000 ____D C:\Windows\Minidump
2013-09-11 15:38 - 2013-09-11 15:38 - 00000000 _____ C:\Users\Prime\yy\settings.dat
2013-09-11 15:24 - 2013-09-11 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 15:24 - 2013-09-11 15:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-11 14:54 - 2013-07-03 10:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-11 08:50 - 2012-04-25 11:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 08:50 - 2011-12-13 18:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 17:29 - 2008-03-06 12:41 - 00000000 ____D C:\Users\Prime\Documents\Alejo
2013-09-09 22:11 - 2008-03-03 22:14 - 00000000 ____D C:\Users\Prime\Documents\Alejandro's school
2013-09-09 09:07 - 2008-03-07 13:57 - 00000000 ____D C:\Users\Prime\AppData\Roaming\FileZilla
2013-09-05 08:23 - 2008-03-06 12:48 - 00000000 ____D C:\Users\Prime\Documents\Computer
2013-08-30 13:52 - 2012-02-27 21:59 - 00000000 ____D C:\pirates-2
2013-08-30 13:42 - 2013-07-02 12:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-28 14:21 - 2013-08-28 14:21 - 00142880 _____ C:\Windows\Minidump\Mini082813-01.dmp
2013-08-26 09:05 - 2006-11-02 05:33 - 00006118 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-24 20:46 - 2013-08-24 20:45 - 00142880 _____ C:\Windows\Minidump\Mini082413-01.dmp
2013-08-18 22:22 - 2009-02-15 23:23 - 00000000 ____D C:\Users\Prime\AppData\Roaming\Winamp
2013-08-14 19:08 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 18:50 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2013-08-14 17:59 - 2013-08-09 17:42 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 17:56 - 2008-12-09 10:22 - 00000000 ____D C:\Users\Prime\Documents\Google
2013-08-14 17:18 - 2009-04-01 00:15 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 17:03 - 2006-11-02 05:23 - 00000361 _____ C:\Windows\win.ini
2013-08-14 16:31 - 2013-08-14 16:30 - 00142880 _____ C:\Windows\Minidump\Mini081413-01.dmp
2013-08-14 13:38 - 2013-07-21 11:54 - 00000034 _____ C:\Windows\setupact.log
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-12 14:47
 
==================== End Of Log ============================
 
 
 
 

Addition.txt

Link to post
Share on other sites

Sure. Here are the results below:

 

ComboFix 13-09-12.01 - Prime 09/12/2013  10:32:04.4.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.1391 [GMT -5:00]
Running from: F:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Prime\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Service_J
-------\Service_NEWDRIVER
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-12 to 2013-09-12  )))))))))))))))))))))))))))))))
.
.
2013-09-12 15:44 . 2013-09-12 15:48 -------- d-----w- c:\users\Prime\AppData\Local\temp
2013-09-12 15:44 . 2013-09-12 15:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-12 15:44 . 2013-09-12 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-12 15:44 . 2013-09-12 15:44 -------- d-----w- c:\users\apache2triad\AppData\Local\temp
2013-09-11 20:24 . 2013-09-11 20:24 -------- d-----w- c:\programdata\Malwarebytes
2013-09-11 20:24 . 2013-09-11 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-11 05:49 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAE643F8-9761-4DCF-A735-B936CE1C806C}\mpengine.dll
2013-09-10 13:18 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-09 20:02 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-06 13:29 . 2013-09-06 13:21 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89C7C82E-9F00-4E5E-8332-1F1BB601DEFA}\gapaengine.dll
2013-08-14 22:03 . 2013-07-25 02:25 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-08-14 22:03 . 2013-07-25 02:25 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-08-14 22:03 . 2013-07-25 02:25 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-08-14 22:03 . 2013-07-25 02:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-14 21:57 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 21:57 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 21:56 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 21:56 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-14 21:56 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 21:56 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 21:56 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 21:56 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 21:56 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 21:53 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 21:53 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 21:53 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 21:53 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-12 15:24 . 2009-10-01 20:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-09-11 13:50 . 2012-04-25 16:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-11 13:50 . 2011-12-13 23:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-23 03:17 . 2012-06-12 18:26 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-19 02:50 . 2013-06-19 02:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 02:50 . 2012-03-21 01:44 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2010-03-11 06:01 . 2013-07-03 15:00 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-11 06:40 . 2013-07-03 15:00 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-11 06:02 . 2013-07-03 15:00 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-11 06:01 . 2013-07-03 15:00 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-11 06:01 . 2013-07-03 15:00 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-11 06:00 . 2013-07-03 15:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-11 06:01 . 2013-07-03 15:00 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-11 06:01 . 2013-07-03 15:00 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-10-05 19:49 . 2013-07-03 15:00 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-11 06:02 . 2013-07-03 15:00 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 39408]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
"DEA93BB65AB2469C8FA1BFF92906E324E7BAEC8E._service_run"="c:\users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-09-02 829392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-30 5703920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]
"NDSTray.exe"="NDSTray.exe" [bU]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-02-11 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"Talk"="c:\program files\NCH Software\Talk\talk.exe" [2012-12-14 1420292]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet 6700 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2BS9SJ0P05RQ;CONNECTION=NW;MONITOR=1; [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Monitor Apache Servers.lnk - c:\apache2triad\bin\ApacheMonitor.exe [2008-1-18 41041]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Quick View.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
backup=c:\windows\pss\WD Quick View.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Prime^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-01-17 21:46 534648 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-01-19 06:24 448632 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 15:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2006-04-29 13:21 94208 ----a-w- c:\program files\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2533579671-3271529956-2011735840-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 13:50]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 06:24]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 06:24]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.job
- c:\users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-26 06:58]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job
- c:\users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-26 06:58]
.
.
------- Supplementary Scan -------
.
Trusted Zone: myps.com\portal
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-02-03 08:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=120812_bandext_3212_1
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.id - 7c60cc900000000000000013e8104483
FF - user.js: extensions.BabylonToolbar.instlDay - 15565
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.621:59
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
user_pref(places.frecency.bookmarkVisitBonus,0);
user_pref(places.frecency.unvisitedBookmarkBonus,0);
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-12 10:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\users\Prime\AppData\Local\Temp\CSCCADC.tmp 676 bytes
c:\users\Prime\AppData\Local\Temp\RESCB3B.tmp 0 bytes
c:\users\Prime\AppData\Local\Temp\vsuouv56.0.cs 61849 bytes
c:\users\Prime\AppData\Local\Temp\vsuouv56.cmdline 394 bytes
c:\users\Prime\AppData\Local\Temp\vsuouv56.dll 0 bytes
c:\users\Prime\AppData\Local\Temp\vsuouv56.err 0 bytes
c:\users\Prime\AppData\Local\Temp\vsuouv56.out 477 bytes
c:\users\Prime\AppData\Local\Temp\vsuouv56.tmp 0 bytes
.
scan completed successfully
hidden files: 8
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
   55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{4064EA35-578D-4073-A834-C96D82CBCF40}"=hex:51,66,7a,6c,4c,1d,38,12,5b,e9,77,
   44,bf,19,1d,05,d7,22,8a,2d,87,95,8b,54
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,
   ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
   03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,
   8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
   ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,
   cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}"=hex:51,66,7a,6c,4c,1d,38,12,2e,fd,ed,
   e4,cb,b5,c0,07,c5,4e,3a,0c,a2,bd,bf,47
"{E16DC1FE-7C34-43F2-B754-F3AD12DDF97C}"=hex:51,66,7a,6c,4c,1d,38,12,90,c2,7e,
   e5,06,32,9c,06,c8,42,b0,ed,17,83,bd,68
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e2,5a,10,f9,2e,3f,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e,
   dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e,
   dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\apache2triad\bin\httpd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\HPSIsvc.exe
c:\apache2triad\mysql\bin\mysqld.exe
c:\apache2triad\bin\httpd.exe
c:\program files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\apache2triad\mail\bin\XMail.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-09-12  11:02:53 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-12 16:02
.
Pre-Run: 61,375,877,120 bytes free
Post-Run: 61,318,258,688 bytes free
.
- - End Of File - - EA91C5BEB51E34993C14A2853A27171B
5B5E648D12FCADC244C1EC30318E1EB9
Link to post
Share on other sites

When did this start? Is it just Malwarebytes and Malwarebytes Anti-rootkit?

Clean these up:

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

File::

c:\users\Prime\AppData\Local\Temp\CSCCADC.tmp

c:\users\Prime\AppData\Local\Temp\RESCB3B.tmp

c:\users\Prime\AppData\Local\Temp\vsuouv56.0.cs

c:\users\Prime\AppData\Local\Temp\vsuouv56.cmdline

c:\users\Prime\AppData\Local\Temp\vsuouv56.dll

c:\users\Prime\AppData\Local\Temp\vsuouv56.err

c:\users\Prime\AppData\Local\Temp\vsuouv56.out

c:\users\Prime\AppData\Local\Temp\vsuouv56.tmp

C:\Users\Prime\AppData\Local\Temp\FJRO.exe

C:\Users\Prime\AppData\Local\Temp\OPIKF.exe

C:\Users\Prime\AppData\Local\Temp\OUX.exe

C:\Users\Prime\AppData\Local\Temp\SSELOJYCHTJI.exe

C:\Users\Prime\AppData\Local\Temp\SUHVAER.exe

C:\Users\Prime\AppData\Local\Temp\TBGWJOQ.exe

C:\Users\Prime\AppData\Local\Temp\ZEKCIAPSH.exe

Driver::

FIWORYN

FJRO

OPIKF

OUX

SSELOJYCHTJI

SUHVAER

TBGWJOQ

ZEKCIAPSH

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

The symptoms have been happening for many months so I'm not sure when it started.

My antivirus (if that is what Microsoft calls it {Microsoft Security Essentials}) never finds anything so if the computer is infected maybe it is blocking it somehow.

Thanks.... I'll get on this after dinner tonight and post the results.

Link to post
Share on other sites

Here we are MrCharlie:

 

Ran Combofix as specified above.   Logfile below-- Let me know next steps when you can (thank you):

 

ComboFix 13-09-12.01 - Prime 09/12/2013  22:11:15.5.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.952 [GMT -5:00]
Running from: c:\users\Prime\Desktop\Downloads\ComboFix.exe
Command switches used :: c:\users\Prime\Desktop\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Prime\AppData\Local\Temp\CSCCADC.tmp"
"c:\users\Prime\AppData\Local\Temp\FJRO.exe"
"c:\users\Prime\AppData\Local\Temp\OPIKF.exe"
"c:\users\Prime\AppData\Local\Temp\OUX.exe"
"c:\users\Prime\AppData\Local\Temp\RESCB3B.tmp"
"c:\users\Prime\AppData\Local\Temp\SSELOJYCHTJI.exe"
"c:\users\Prime\AppData\Local\Temp\SUHVAER.exe"
"c:\users\Prime\AppData\Local\Temp\TBGWJOQ.exe"
"c:\users\Prime\AppData\Local\Temp\vsuouv56.0.cs"
"c:\users\Prime\AppData\Local\Temp\vsuouv56.cmdline"
"c:\users\Prime\AppData\Local\Temp\vsuouv56.dll"
"c:\users\Prime\AppData\Local\Temp\vsuouv56.err"
"c:\users\Prime\AppData\Local\Temp\vsuouv56.out"
"c:\users\Prime\AppData\Local\Temp\vsuouv56.tmp"
"c:\users\Prime\AppData\Local\Temp\ZEKCIAPSH.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSELOJYCHTJI
-------\Legacy_TBGWJOQ
-------\Legacy_ZEKCIAPSH
-------\Service_FIWORYN
-------\Service_FJRO
-------\Service_OPIKF
-------\Service_OUX
-------\Service_SSELOJYCHTJI
-------\Service_SUHVAER
-------\Service_TBGWJOQ
-------\Service_ZEKCIAPSH
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-13 to 2013-09-13  )))))))))))))))))))))))))))))))
.
.
2013-09-13 03:38 . 2013-09-13 03:44 -------- d-----w- c:\users\Prime\AppData\Local\temp
2013-09-13 03:38 . 2013-09-13 03:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-13 03:38 . 2013-09-13 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-13 03:38 . 2013-09-13 03:38 -------- d-----w- c:\users\apache2triad\AppData\Local\temp
2013-09-12 21:40 . 2013-09-12 21:40 -------- d-----w- C:\FRST
2013-09-12 20:01 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB6B00EC-9006-4D67-BED2-88F7ABC83659}\mpengine.dll
2013-09-12 17:51 . 2013-09-12 17:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-09-12 17:36 . 2013-09-12 17:36 77528 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-09-11 20:24 . 2013-09-11 20:24 -------- d-----w- c:\programdata\Malwarebytes
2013-09-11 20:24 . 2013-09-11 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-11 05:49 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-09 20:02 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-06 13:29 . 2013-09-06 13:21 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89C7C82E-9F00-4E5E-8332-1F1BB601DEFA}\gapaengine.dll
2013-08-14 22:03 . 2013-07-25 02:25 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-08-14 22:03 . 2013-07-25 02:25 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-08-14 22:03 . 2013-07-25 02:25 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-08-14 22:03 . 2013-07-25 02:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-14 21:57 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 21:57 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 21:56 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 21:56 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-14 21:56 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 21:56 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 21:56 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 21:56 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 21:56 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 21:53 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 21:53 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 21:53 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 21:53 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 13:50 . 2012-04-25 16:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-11 13:50 . 2011-12-13 23:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-23 03:17 . 2012-06-12 18:26 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-19 02:50 . 2013-06-19 02:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 02:50 . 2012-03-21 01:44 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2010-03-11 06:01 . 2013-07-03 15:00 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-11 06:40 . 2013-07-03 15:00 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-11 06:02 . 2013-07-03 15:00 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-11 06:01 . 2013-07-03 15:00 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-11 06:01 . 2013-07-03 15:00 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-11 06:00 . 2013-07-03 15:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-11 06:01 . 2013-07-03 15:00 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-11 06:01 . 2013-07-03 15:00 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-10-05 19:49 . 2013-07-03 15:00 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-11 06:02 . 2013-07-03 15:00 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 39408]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
"DEA93BB65AB2469C8FA1BFF92906E324E7BAEC8E._service_run"="c:\users\Prime\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-09-02 829392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-30 5703920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]
"NDSTray.exe"="NDSTray.exe" [bU]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-02-11 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"Talk"="c:\program files\NCH Software\Talk\talk.exe" [2012-12-14 1420292]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet 6700 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2BS9SJ0P05RQ;CONNECTION=NW;MONITOR=1; [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Monitor Apache Servers.lnk - c:\apache2triad\bin\ApacheMonitor.exe [2008-1-18 41041]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Quick View.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
backup=c:\windows\pss\WD Quick View.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Prime^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-01-17 21:46 534648 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-01-19 06:24 448632 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 15:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2006-04-29 13:21 94208 ----a-w- c:\program files\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2533579671-3271529956-2011735840-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 13:50]
.
2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 06:24]
.
2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 06:24]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.job
- c:\users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-26 06:58]
.
2013-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job
- c:\users\Prime\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-26 06:58]
.
.
------- Supplementary Scan -------
.
Trusted Zone: myps.com\portal
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-02-03 08:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=120812_bandext_3212_1
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.id - 7c60cc900000000000000013e8104483
FF - user.js: extensions.BabylonToolbar.instlDay - 15565
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.621:59
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
user_pref(places.frecency.bookmarkVisitBonus,0);
user_pref(places.frecency.unvisitedBookmarkBonus,0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-12 22:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
   55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{4064EA35-578D-4073-A834-C96D82CBCF40}"=hex:51,66,7a,6c,4c,1d,38,12,5b,e9,77,
   44,bf,19,1d,05,d7,22,8a,2d,87,95,8b,54
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,
   ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
   03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,
   8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
   ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,
   cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}"=hex:51,66,7a,6c,4c,1d,38,12,2e,fd,ed,
   e4,cb,b5,c0,07,c5,4e,3a,0c,a2,bd,bf,47
"{E16DC1FE-7C34-43F2-B754-F3AD12DDF97C}"=hex:51,66,7a,6c,4c,1d,38,12,90,c2,7e,
   e5,06,32,9c,06,c8,42,b0,ed,17,83,bd,68
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e2,5a,10,f9,2e,3f,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e,
   dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e,
   dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\apache2triad\bin\httpd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\HPSIsvc.exe
c:\apache2triad\mysql\bin\mysqld.exe
c:\apache2triad\bin\httpd.exe
c:\program files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\apache2triad\mail\bin\XMail.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
c:\program files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-09-12  22:56:19 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-13 03:56
ComboFix2.txt  2013-09-12 16:02
.
Pre-Run: 58,933,772,288 bytes free
Post-Run: 58,742,874,112 bytes free
.
- - End Of File - - 7D279432F8AEF76DB1EA4765CCA9EDBE
5B5E648D12FCADC244C1EC30318E1EB9
Link to post
Share on other sites

You have SAS running, unless you have the paid version of SAS you shouldn't have this.

If you open up SAS there should be a place in the settings that says "Start with Windows"

Uncheck it please.

HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5703920 2013-08-30] (SUPERAntiSpyware)

There's a lot of adware/spyware in the logs......

Lets clean out any adware while you're here: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Thank you MrC.

 

Actions taken:

1. I unchecked the SAS Start with Windows option

2. I downloaded and ran the AdwCleaner program and ran it again just to look at the logs and it appears clean of adware

3. I opened Malwarebytes and tried to update manually.  The program closed soon after the small GUI appears showing its trying to connect to a download server.

 

Looks like something must still be preventing me from using Malwarebytes.

Should I run another Combofix report?  I await your instructions.

Link to post
Share on other sites

I downloaded and ran the AdwCleaner program and ran it again just to look at the logs and it appears clean of adware

 

 

 
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=120812_bandext_3212_1
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.id - 7c60cc900000000000000013e8104483
FF - user.js: extensions.BabylonToolbar.instlDay - 15565
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.621:59
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
 

 

 

It can't be clean....look at all the Babylon showing.

 

http://www.systemlookup.com/search.php?type=name&search=BabylonToolba&s=

 

????????????  MrC

 

 

Link to post
Share on other sites

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

This one is:

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

09:35:53.0085 0x16a4 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:35:53.0085 0x16a4 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Let me know if there's any improvement...MrC

Link to post
Share on other sites

Thanks MrC.

 

Done with the above delete procedure but no joy running Malwarebytes.

Still opens up then slams closed when either trying to update or when I try to run the program without updating.

 

Thank you for being patient with me. I guess this can be a long process determining what is going on.  Let me know what I need to do next.

Kind regards,

Link to post
Share on other sites

Download and run rkill first and then see if MB will run:
http://www.bleepingcomputer.com/download/rkill/

If not........

Lets do a complete re-install of the program:

If you have the pro version of MB....make sure you have your license and key


Go to your control panels add/remove programs and uninstall MalwareBytes Anti-Malware > reboot

Download and run this cleaner:
mbam-clean.exe


Reboot <---very important

Now download and see if you can install the latest version of MB from here: (disable any malware/anti-virus programs running first)

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

If no difference......

Create an mbam-check log:
Download mbam-check.exe from here and save it to your desktop
http://downloads.malwarebytes.org/file/mbam_check
Double-click on mbam-check.exe to run it, it should then open a log file
Please copy and paste the entire contents of the log into your next post


Let me know, MrC

Link to post
Share on other sites

Ok  Thanks MrC.   Here are the results of implementing all of the procedures above in your post:

 

1. Downloaded and ran rkill----> Tried to run Malwarebytes to no effect.

2. Uninstalled Malwarebytes, rebooted, downloaded mbam-clean, ran it, Rebooted again.

3. downloaded MBAM from the beta link you provided, installed, Tried to update :::MBAM closed.    Opened Malwarebytes and tried to update manually, whereupon the program CLOSED again.

4. Downloaded MBAM check.  Ran program and below are the results.  thank you again for your diligence.

 

mbam-check result log version: 2.0.0.1000
 
Malwarebytes Version: REG_SZ 1.75.0.1300
 
Date Log Created: 09/13/13
Time Log Created: 13:07:51
 
User Account type: Administrator
 
32 bit Operating System
 
Product Name: REG_SZ Windows Vista Home Premium
 
Current Build Number: 6002
 
Current Version Number: 6.0
 
Current CSDVersion: Service Pack 2
 
Proxy Status: No proxy is Set
 
LAN Settings:
=============
 
No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
TERMService:
==============
Type : 32
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
TermService Start is set to: 2 (Automatic Startup)
 
Compatibility Flag Settings (Any MBAM file listings should be removed):
=======================================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\ProgramData\WebEx\mwcliun.exeREG_SZ WINXPSP2
C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exeREG_SZ WINXPSP2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Users\Prime\Documents\RootkitRevealer\RootkitRevealer.exeREG_SZ WINXPSP2
C:\Program Files\Motorola Phone Tools\mPhonetools.exeREG_SZ WINXPSP2
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEREG_SZ WINXPSP2
 
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
 
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Malwarebytes Anti-Malware     REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
 
Service and Driver Status:
==========================
 
<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
 
 
<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
 
 
<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
 
 
<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
 
 
MBAMProtector Registry Values:
==============================
 
 
MBAMService Registry Values:
============================
 
 
MBAMScheduler Registry Values:
==============================
 
 
 
MBAM DLL's and Runtime Files:
=============================
 
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid
(Default):                    REG_SZ vbAccelerator Grid Control
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid
(Default):                    REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}
 
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid
(Default):                    REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}
 
HKEY_CLASSES_ROOT\SSubTimer6.CTimer
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid
(Default):                    REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}
 
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid
(Default):                    REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}
 
 
 
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default):                    REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default):                    REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
 
 
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default):                    REG_SZ vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default):                    REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default):                    REG_SZ 2
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default):                    REG_SZ C:\Program Files\Malwarebytes' Anti-Malware
 
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default):                    REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files\Malwarebytes' Anti-Malware
 
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ ISubclass
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
 
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ CTimer
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
 
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default):                    REG_SZ vbalGrid
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default):                    REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version                       REG_SZ 1.1
 
MBAM Registry Settings and License Info:
========================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware
advancedheuristics            REG_DWORD 1
downloadprogram               REG_DWORD 1
hidereg                       REG_DWORD 0
detectp2p                     REG_DWORD 0
detectpum                     REG_DWORD 1
detectpup                     REG_DWORD 2
updatewarn                    REG_DWORD 1
updatewarndays                REG_DWORD 7
useproxy                      REG_DWORD 0
useauthentication             REG_DWORD 0
contextmenu                   REG_DWORD 1
reportthreats                 REG_DWORD 1
startwithwindows              REG_DWORD 1
startfsdisabled               REG_DWORD 0
startipdisabled               REG_DWORD 0
silentipmode                  REG_DWORD 0
autoquarantine                REG_DWORD 1
notifyinstallprogram          REG_DWORD 1
trialpromptshown              REG_DWORD 0
autoquarantinenotify          REG_DWORD 1
alwaysscanarchives            REG_DWORD 1
InstallPath                   REG_SZ C:\Program Files\Malwarebytes' Anti-Malware
dbdate                        REG_SZ Thu, 04 Apr 2013 18:41:20 GMT
dbversion                     REG_SZ v2013.04.04.07
programversion                REG_SZ 1.75.0.1300
programbuild                  REG_SZ consumer
 
 
 
HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
autosavelog                   REG_DWORD 1
openlog                       REG_DWORD 1
defaultscan                   REG_DWORD 1
terminateie                   REG_DWORD 0
Language                      REG_SZ English.lng
selectedrives                 REG_SZ C:\|F:\|
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
Inno Setup: Setup Version     REG_SZ 5.5.3-dev (a)
Inno Setup: App Path          REG_SZ C:\Program Files\Malwarebytes' Anti-Malware
InstallLocation               REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\
Inno Setup: Icon Group        REG_SZ Malwarebytes' Anti-Malware
Inno Setup: User              REG_SZ Prime
Inno Setup: Selected Tasks    REG_DWORD 0
Inno Setup: Deselected Tasks  REG_SZ desktopicon,quicklaunchicon
Inno Setup: Language          REG_SZ English
DisplayName                   REG_SZ Malwarebytes Anti-Malware version 1.75.0.1300
DisplayIcon                   REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
UninstallString               REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
QuietUninstallString          REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT
DisplayVersion                REG_SZ 1.75.0.1300
Publisher                     REG_SZ Malwarebytes Corporation
URLInfoAbout                  REG_SZ http://www.malwarebytes.org
NoModify                      REG_DWORD 1
NoRepair                      REG_DWORD 1
InstallDate                   REG_SZ 20130913
MajorVersion                  REG_DWORD 1
MinorVersion                  REG_DWORD 75
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
 
Scheduler Queue:
================
 
 
 
Context Menu Entries:
=====================
 
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
 
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
(Default):                    REG_SZ IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
(Default):                    REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt
 
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files\Malwarebytes' Anti-Malware
 
 
 
MBAM Drivers:
=============
 
C:\Windows\system32\drivers\mbam.sys File Size: 22856     BYTES FileVersion: 1.60.2.0
C:\Windows\system32\drivers\mbamswissarmy.sys File Size: 40776     BYTES FileVersion: 1.60.0.0
 
 
Required Dependencies:
======================
 
BFE:
==============
Type : 32
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ErrorControl                  REG_DWORD 1
Start                         REG_DWORD 2
Type                          REG_DWORD 32
DependOnService               REG_MULTI_SZ RpcSs
 
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data
 
{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data
 
{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data
 
{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data
 
{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data
 
{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data
 
{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data
 
{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data
 
{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data
 
{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data
 
{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data
 
{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data
 
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data
 
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data
 
fltmgr:
==============
Type : 2
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ FltMgr
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description                   REG_SZ File System Filter Manager Driver
ErrorControl                  REG_DWORD 3
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
C:\Windows\system32\drivers\fltmgr.sys File Size: 190424    BYTES FileVersion: 6.0.6002.18005
C:\Windows\system32\mscomctl.ocx File Size: 1070152   BYTES FileVersion: 6.1.98.34
C:\Windows\system32\olepro32.dll File Size: 88576     BYTES FileVersion: 6.0.6002.18005
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files\Malwarebytes' Anti-Malware
7z.dll                         File Size:    914432 BYTES FileVersion: 9.20.0.0
changes.txt                   File Size:       200 BYTES
license.rtf                   File Size:     17916 BYTES
mbam.chm                       File Size:    474148 BYTES
mbam.dll                       File Size:    527944 BYTES FileVersion: 1.70.0.0
mbam.exe                       File Size:    887432 BYTES FileVersion: 1.75.0.1
mbamcore.dll                   File Size:   1127496 BYTES FileVersion: 1.70.0.0
mbamext.dll                   File Size:     80968 BYTES FileVersion: 1.70.0.0
mbamgui.exe                   File Size:    532040 BYTES FileVersion: 1.70.0.0
mbamnet.dll                   File Size:   2191944 BYTES FileVersion: 1.70.0.0
mbampt.exe                     File Size:     40008 BYTES FileVersion: 1.70.0.0
mbamscheduler.exe             File Size:    418376 BYTES FileVersion: 1.70.0.0
mbamservice.exe               File Size:    701512 BYTES FileVersion: 1.70.0.0
ssubtmr6.dll                   File Size:     46416 BYTES FileVersion: 1.1.0.3
unins000.dat                   File Size:     14952 BYTES
unins000.exe                   File Size:    712264 BYTES FileVersion: 51.52.0.0
unins000.msg                   File Size:     11277 BYTES
vbalsgrid6.ocx                 File Size:    496976 BYTES FileVersion: 2.0.0.40
 
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon
chameleon.chm                 File Size:    186068 BYTES
firefox.com                   File Size:    218184 BYTES
firefox.exe                   File Size:    218184 BYTES
firefox.pif                   File Size:    218184 BYTES
firefox.scr                   File Size:    218184 BYTES
iexplore.exe                   File Size:    218184 BYTES
mbam-chameleon.com             File Size:    218184 BYTES
mbam-chameleon.exe             File Size:    218184 BYTES
mbam-chameleon.pif             File Size:    218184 BYTES
mbam-chameleon.scr             File Size:    218184 BYTES
mbam-killer.exe               File Size:    896072 BYTES
rundll32.exe                   File Size:    218184 BYTES
svchost.exe                   File Size:    218184 BYTES
winlogon.exe                   File Size:    218184 BYTES
 
C:\Program Files\Malwarebytes' Anti-Malware\Languages
arabic.lng                     File Size:     21894 BYTES
belarusian.lng                 File Size:     26884 BYTES
bosnian.lng                   File Size:     27108 BYTES
bulgarian.lng                 File Size:     27574 BYTES
catalan.lng                   File Size:     28252 BYTES
chineseSI.lng                 File Size:     11024 BYTES
chineseTR.lng                 File Size:     11952 BYTES
croatian.lng                   File Size:     26670 BYTES
czech.lng                     File Size:     24874 BYTES
danish.lng                     File Size:     26582 BYTES
dutch.lng                     File Size:     28342 BYTES
english.lng                   File Size:     24542 BYTES
estonian.lng                   File Size:     25146 BYTES
finnish.lng                   File Size:     25950 BYTES
french.lng                     File Size:     29830 BYTES
german.lng                     File Size:     29894 BYTES
greek.lng                     File Size:     29300 BYTES
hebrew.lng                     File Size:     19362 BYTES
hungarian.lng                 File Size:     28666 BYTES
indonesian.lng                 File Size:     26854 BYTES
italian.lng                   File Size:     28194 BYTES
japanese.lng                   File Size:     16266 BYTES
korean.lng                     File Size:     14188 BYTES
latvian.lng                   File Size:     27100 BYTES
lithuanian.lng                 File Size:     27838 BYTES
norwegian.lng                 File Size:     25116 BYTES
polish.lng                     File Size:     26644 BYTES
portugueseBR.lng               File Size:     28654 BYTES
portuguesePT.lng               File Size:     29062 BYTES
romanian.lng                   File Size:     28290 BYTES
russian.lng                   File Size:     27302 BYTES
serbian.lng                   File Size:     26804 BYTES
slovak.lng                     File Size:     25644 BYTES
slovenian.lng                 File Size:     24852 BYTES
spanish.lng                   File Size:     30060 BYTES
swedish.lng                   File Size:     25992 BYTES
thai.lng                       File Size:     26092 BYTES
turkish.lng                   File Size:     25876 BYTES
vietnamese.lng                 File Size:     29528 BYTES
 
C:\Users\Prime\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware
 
C:\Users\Prime\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
 
C:\Users\Prime\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware
rules.ref                     File Size:   6302342 BYTES
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration
build.conf                     File Size:       140 BYTES
config.conf                   File Size:      4076 BYTES
custom.conf                   File Size:        20 BYTES
database.conf                 File Size:       432 BYTES
html.conf                     File Size:      2762 BYTES
local.conf                     File Size:       420 BYTES
manifest.conf                 File Size:       184 BYTES
messaging.conf                 File Size:      1430 BYTES
news.conf                     File Size:       379 BYTES
 
===============================================================
END OF FILE
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.