Malwarebytes keeps closing on run--any ideas?

[MrCharlie]

There's some problems with the log, I highlighted them below.

I suggest you run this by the people from Malwarebytes, post the problem here:

http://forums.malwarebytes.org/index.php?showtopic=10138

Include a link to this post:
 

http://forums.malwarebytes.org/index.php?showtopic=133113&p=729082

I'll leave this post open until it's resolved.......MrC
 

No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY


Service and Driver Status:
==========================

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector


<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService


<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler


<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

 

 

[ROIGuy]

The link above that you provide is a FAQ topic which is locked.

Is there another one that isn't locked that I can make the post you told me to ?

 

thanks in advance.

[MrCharlie]

I'm sorry, here it is:

http://forums.malwarebytes.org/index.php?showforum=41

MrC

[ROIGuy]

Thank you.

[AdvancedSetup]

Hello ROIGuy

 

 

Please run RKill and then immediately after run the MiniToolBox below.

 

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1
Link 2

• On Windows XP double-click on the Rkill desktop icon to run the tool.
• On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
• Do not reboot the computer, you will need to run the application again.

 

 

 

 

 

 

 

 

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

 

[ROIGuy]

Hello Advanced and MrCharlie

 

Here is the 'Results' log from running MiniToolBox:

 

 

MiniToolBox by Farbar  Version: 13-07-2013

Ran by Prime (administrator) on 13-09-2013 at 15:19:29

Running from "C:\Users\Prime\yy"

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ============================== 

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ============================== 

 

"network.proxy.type", 0

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

========================= Hosts content: =================================

 

127.0.0.1       localhost

 

========================= IP Configuration: ================================

 

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)

Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : Prime-PC

   Primary Dns Suffix  . . . . . . . : 

   Node Type . . . . . . . . . . . . : Broadcast

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : gateway.2wire.net

 

Wireless LAN adapter Wireless Network Connection:

 

   Connection-specific DNS Suffix  . : gateway.2wire.net

   Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN

   Physical Address. . . . . . . . . : 00-13-E8-10-44-83

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::6d06:ff7d:4d3e:64b5%9(Preferred) 

   IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Friday, September 13, 2013 1:00:10 PM

   Lease Expires . . . . . . . . . . : Saturday, September 14, 2013 3:04:49 PM

   Default Gateway . . . . . . . . . : 192.168.1.254

   DHCP Server . . . . . . . . . . . : 192.168.1.254

   DHCPv6 IAID . . . . . . . . . . . : 218108904

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-5D-E8-6B-00-A0-D1-74-70-2B

   DNS Servers . . . . . . . . . . . : 192.168.1.254

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Local Area Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller

   Physical Address. . . . . . . . . : 00-A0-D1-74-70-2B

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 9:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 02-00-54-55-4E-01

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 12:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 16:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : isatap.gateway.2wire.net

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 17:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : isatap.{3B116DE3-149F-4E6A-ACDF-FCA09C67589E}

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 19:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : gateway.2wire.net

   Description . . . . . . . . . . . : isatap.gateway.2wire.net

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 20:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : isatap.{5CF63800-A8B9-4061-BFD6-E01C4FF176F2}

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

Server:  homeportal

Address:  192.168.1.254

 

Name:    google.com

Addresses:  2607:f8b0:4000:803::100e

 173.194.46.3

 173.194.46.2

 173.194.46.8

 173.194.46.1

 173.194.46.6

 173.194.46.9

 173.194.46.4

 173.194.46.5

 173.194.46.0

 173.194.46.7

 173.194.46.14

 

 

 

Pinging google.com [173.194.46.8] with 32 bytes of data:

 

Reply from 173.194.46.8: bytes=32 time=48ms TTL=50

 

Reply from 173.194.46.8: bytes=32 time=47ms TTL=50

 

 

 

Ping statistics for 173.194.46.8:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 47ms, Maximum = 48ms, Average = 47ms

 

Server:  homeportal

Address:  192.168.1.254

 

Name:    yahoo.com

Addresses:  206.190.36.45

 98.139.183.24

 98.138.253.109

 

 

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

 

Reply from 98.138.253.109: bytes=32 time=62ms TTL=49

 

Reply from 98.138.253.109: bytes=32 time=78ms TTL=49

 

 

 

Ping statistics for 98.138.253.109:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 62ms, Maximum = 78ms, Average = 70ms

 

 

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

 

 

Ping statistics for 127.0.0.1:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

===========================================================================

Interface List

  9 ...00 13 e8 10 44 83 ...... Intel® Wireless WiFi Link 4965AGN

  8 ...00 a0 d1 74 70 2b ...... Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller

  1 ........................... Software Loopback Interface 1

 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface

 15 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #3

 24 ...00 00 00 00 00 00 00 e0  isatap.gateway.2wire.net

 21 ...00 00 00 00 00 00 00 e0  isatap.{3B116DE3-149F-4E6A-ACDF-FCA09C67589E}

 25 ...00 00 00 00 00 00 00 e0  isatap.gateway.2wire.net

 23 ...00 00 00 00 00 00 00 e0  isatap.{5CF63800-A8B9-4061-BFD6-E01C4FF176F2}

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.67     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link      192.168.1.67    281

     192.168.1.67  255.255.255.255         On-link      192.168.1.67    281

    192.168.1.255  255.255.255.255         On-link      192.168.1.67    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link      192.168.1.67    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link      192.168.1.67    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  1    306 ::1/128                  On-link

  9    281 fe80::/64                On-link

  9    281 fe80::6d06:ff7d:4d3e:64b5/128

                                    On-link

  1    306 ff00::/8                 On-link

  9    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)

Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)

Catalog5 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog5 07 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)

Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (09/13/2013 01:00:08 PM) (Source: Apache Service) (User: )

Description: The Apache service named Apache2Triad Apache2 Service reported the following error:

>>> Unable to open logs     .

 

Error: (09/13/2013 01:00:08 PM) (Source: Apache Service) (User: )

Description: The Apache service named Apache2Triad Apache2 Service reported the following error:

>>> no listening sockets available, shutting down     .

 

Error: (09/13/2013 01:00:08 PM) (Source: Apache Service) (User: )

Description: The Apache service named Apache2Triad Apache2 Service reported the following error:

>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted.  : make_sock: could not bind to address 0.0.0.0:80     .

 

Error: (09/13/2013 11:54:37 AM) (Source: Apache Service) (User: )

Description: The Apache service named  reported the following error:

>>> no listening sockets available, shutting down     .

 

Error: (09/13/2013 11:54:37 AM) (Source: Apache Service) (User: )

Description: The Apache service named  reported the following error:

>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted.  : make_sock: could not bind to address 0.0.0.0:80     .

 

Error: (09/13/2013 11:45:58 AM) (Source: Apache Service) (User: )

Description: The Apache service named Apache2Triad Apache2 Service reported the following error:

>>> Unable to open logs     .

 

Error: (09/13/2013 11:45:58 AM) (Source: Apache Service) (User: )

Description: The Apache service named Apache2Triad Apache2 Service reported the following error:

>>> no listening sockets available, shutting down     .

 

Error: (09/13/2013 11:45:58 AM) (Source: Apache Service) (User: )

Description: The Apache service named Apache2Triad Apache2 Service reported the following error:

>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted.  : make_sock: could not bind to address 0.0.0.0:80     .

 

Error: (09/13/2013 09:24:29 AM) (Source: Apache Service) (User: )

Description: The Apache service named Apache2Triad Apache2 Service reported the following error:

>>> Unable to open logs     .

 

Error: (09/13/2013 09:24:29 AM) (Source: Apache Service) (User: )

Description: The Apache service named Apache2Triad Apache2 Service reported the following error:

>>> no listening sockets available, shutting down     .

 

 

System errors:

=============

Error: (09/13/2013 03:13:35 PM) (Source: Service Control Manager) (User: )

Description: TOSHIBA Optical Disc Drive Service1

 

Error: (09/13/2013 02:05:52 PM) (Source: Service Control Manager) (User: )

Description: 30000Netman

 

Error: (09/13/2013 01:01:41 PM) (Source: Service Control Manager) (User: )

Description: SCDEmu

 

Error: (09/13/2013 01:01:40 PM) (Source: Service Control Manager) (User: )

Description: HP CUE DeviceDiscovery Service

 

Error: (09/13/2013 01:01:08 PM) (Source: Service Control Manager) (User: )

Description: Apache2Triad SlimFTPd Server%%1069

 

Error: (09/13/2013 01:01:08 PM) (Source: Service Control Manager) (User: )

Description: SlimFTPd.\apache2triad%%1330

 

Error: (09/13/2013 01:01:08 PM) (Source: Service Control Manager) (User: )

Description: LogMeIn Kernel Information Provider%%3

 

Error: (09/13/2013 01:01:08 PM) (Source: Service Control Manager) (User: )

Description: Apache2Triad Apache2 Service1 (0x1)

 

Error: (09/13/2013 01:01:08 PM) (Source: Service Control Manager) (User: )

Description: Parallel port driver%%1058

 

Error: (09/13/2013 01:01:08 PM) (Source: Service Control Manager) (User: )

Description: avast! iAVS4 Control Service%%3

 

 

Microsoft Office Sessions:

=========================

Error: (09/13/2013 01:00:08 PM) (Source: Apache Service)(User: )

Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:

>>>Unable to open logs

 

Error: (09/13/2013 01:00:08 PM) (Source: Apache Service)(User: )

Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:

>>>no listening sockets available, shutting down

 

Error: (09/13/2013 01:00:08 PM) (Source: Apache Service)(User: )

Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:

>>>(OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted.  : make_sock: could not bind to address 0.0.0.0:80

 

Error: (09/13/2013 11:54:37 AM) (Source: Apache Service)(User: )

Description: The Apache service namedreported the following error:

>>>no listening sockets available, shutting down

 

Error: (09/13/2013 11:54:37 AM) (Source: Apache Service)(User: )

Description: The Apache service namedreported the following error:

>>>(OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted.  : make_sock: could not bind to address 0.0.0.0:80

 

Error: (09/13/2013 11:45:58 AM) (Source: Apache Service)(User: )

Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:

>>>Unable to open logs

 

Error: (09/13/2013 11:45:58 AM) (Source: Apache Service)(User: )

Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:

>>>no listening sockets available, shutting down

 

Error: (09/13/2013 11:45:58 AM) (Source: Apache Service)(User: )

Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:

>>>(OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted.  : make_sock: could not bind to address 0.0.0.0:80

 

Error: (09/13/2013 09:24:29 AM) (Source: Apache Service)(User: )

Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:

>>>Unable to open logs

 

Error: (09/13/2013 09:24:29 AM) (Source: Apache Service)(User: )

Description: The Apache service namedApache2Triad Apache2 Servicereported the following error:

>>>no listening sockets available, shutting down

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-09-12 14:32:37.949

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-12 14:32:37.372

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-12 00:00:04.269

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-12 00:00:03.678

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-12 00:00:03.136

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-12 00:00:02.544

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-11 23:45:36.107

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-11 23:45:35.524

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-11 23:45:34.894

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-11 23:45:34.242

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

 

=========================== Installed Programs ============================

 

32 Bit HP CIO Components Installer (Version: 1.0.0)

7-Zip 4.57

Acrobat.com (Version: 0.0.0)

Acrobat.com (Version: 1.1.377)

Activation Assistant for the 2007 Microsoft Office suites

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)

Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0)

Adobe Acrobat 8 Professional (Version: 8.1.0)

Adobe After Effects CS3 (Version: 8)

Adobe After Effects CS3 Presets (Version: 8)

Adobe After Effects CS3 Third Party Content (Version: 3)

Adobe AIR (Version: 1.5.3.9130)

Adobe Anchor Service CS3 (Version: 1.0)

Adobe Asset Services CS3 (Version: 3)

Adobe Bridge CS3 (Version: 2)

Adobe Bridge Start Meeting (Version: 1.0)

Adobe BridgeTalk Plugin CS3 (Version: 1.0)

Adobe Camera Raw 4.0 (Version: 4.0)

Adobe CMaps (Version: 1.0)

Adobe Color - Photoshop Specific (Version: 1.0)

Adobe Color Common Settings (Version: 1.0)

Adobe Color EU Extra Settings (Version: 1.0)

Adobe Color JA Extra Settings (Version: 1.0)

Adobe Color NA Recommended Settings (Version: 1.0)

Adobe Contribute CS3 (Version: 4.1)

Adobe Default Language CS3 (Version: 1.0)

Adobe Device Central CS3 (Version: 1.0)

Adobe Dreamweaver CS3 (Version: 9)

Adobe Encore CS3 (Version: 3)

Adobe Encore CS3 Codecs (Version: 3)

Adobe ExtendScript Toolkit 2 (Version: 2.0)

Adobe Extension Manager CS3 (Version: 1.8)

Adobe Fireworks CS3 (Version: 9.0)

Adobe Flash CS3 (Version: 9.0)

Adobe Flash Player 11 ActiveX (Version: 11.8.800.174)

Adobe Flash Player 11 Plugin (Version: 11.8.800.168)

Adobe Flash Video Encoder (Version: 2.0)

Adobe Fonts All (Version: 1.0)

Adobe Help Viewer CS3 (Version: 1)

Adobe Illustrator CS3 (Version: 13.0)

Adobe InDesign CS3 (Version: 5.0)

Adobe InDesign CS3 Icon Handler (Version: 5.0)

Adobe Linguistics CS3 (Version: 3.0.0)

Adobe MotionPicture Color Files (Version: 1.0)

Adobe PDF Library Files (Version: 8.0)

Adobe Photoshop CS3 (Version: 10)

Adobe Premiere Pro CS3 (Version: 3)

Adobe Premiere Pro CS3 Functional Content (Version: 8)

Adobe Premiere Pro CS3 Third Party Content (Version: 3)

Adobe Reader X (10.1.6) (Version: 10.1.6)

Adobe Setup (Version: 1.0)

Adobe Shockwave Player 11 (Version: 11)

Adobe SING CS3 (Version: 0.1)

Adobe Soundbooth CS3 (Version: 1)

Adobe Soundbooth CS3 Codecs (Version: 3)

Adobe Stock Photos CS3 (Version: 1.5)

Adobe Type Manager 4.1

Adobe Type Support (Version: 1.0)

Adobe Update Manager CS3 (Version: 5.1.0)

Adobe Version Cue CS3 Client (Version: 3)

Adobe Version Cue CS3 Server (Version: 3.0)

Adobe Video Profiles (Version: 1.0)

Adobe WAS CS3 (Version: 1.0)

Adobe WinSoft Linguistics Plugin (Version: 1.0)

Adobe XMP DVA Panels CS3 (Version: 1.0)

Adobe XMP Panels CS3 (Version: 1.0)

Advanced PDF Password Recovery (Version: 4.0)

Advanced SystemCare 5 (Version: 5.2.0)

AHV content for Acrobat and Flash (Version: 1)

AnyDVD (Version: 7.1.2.0)

Apache HTTP Server 2.2.8 (Version: 2.2.8)

Apache2Triad: apache server bundle

Apple Application Support (Version: 2.1.7)

Apple Software Update (Version: 2.1.3.127)

AT&T Connect Participant Application v8.8.53 (Version: 8.8.53)

AT&T Self Support Tool

Audacity 1.3.12 (Unicode)

Avanquest update (Version: 1.19)

avast! BART CD Manager (Version: 2.0)

AviSynth 2.5

Bejeweled 2 Deluxe (Version: WT017700)

Blackhawk Striker 2 (Version: WT017710)

Blasterball 3 (Version: WT017720)

Bluetooth Stack for Windows by Toshiba (Version: v5.10.04(T))

BPD_HPSU (Version: 1.00.0000)

BPD_Scan (Version: 3.00.0000)

BPDSoftware (Version: 82.0.173.000)

BPDSoftware_Ini (Version: 1.00.0000)

BufferChm (Version: 82.0.173.000)

Camera Assistant Software for Toshiba (Version: 1.7.115.0213)

CCleaner (Version: 4.01)

CD/DVD Drive Acoustic Silencer (Version: 2.00.02)

Chat Dashboard (Version: 0.6.4)

Chat Dashboard (Version: 0.6.4b)

Chuzzle Deluxe (Version: WT017760)

Citrix online plug-in - web (Version: 12.0.0.6410)

Citrix online plug-in (DV) (Version: 12.0.0.6410)

Citrix online plug-in (HDX) (Version: 12.0.0.6410)

Citrix online plug-in (USB) (Version: 12.0.0.6410)

Citrix online plug-in (Web) (Version: 12.0.0.6410)

CoffeeCup Flash Menu Builder

CoffeeCup Web Form Builder - Registered

Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)

CustomerResearchQFolder (Version: 1.00.0000)

CutePDF Writer 2.8

D3DX10 (Version: 15.4.2368.0902)

D6100_D7100_D7300_Help (Version: 82.0.233.000)

D7300 (Version: 82.0.233.000)

Destination Component (Version: 090.000.091.086)

DeviceDiscovery (Version: 110.0.180.000)

DivX Setup (Version: 2.6.1.41)

DivX Web Player (Version: 1.5.0)

DocProc (Version: 8.1.0.0)

DocProcQFolder (Version: 1.00.0000)

Dropbox (Version: 1.6.18)

DVD MovieFactory for TOSHIBA (Version: 5.3)

DVD Shrink 3.2

eSupportQFolder (Version: 1.00.0000)

Express Talk

FATE (Version: WT017800)

Fax (Version: 120.0.194.000)

FileZilla Client 3.1.1.1 (Version: 3.1.1.1)

Flashation Menu Builder

FLVPlayer (Version: 1.0.0)

Garmin Communicator Plugin (Version: 2.9.3)

Garmin USB Drivers (Version: 2.3.1.0)

Garmin WebUpdater (Version: 2.5.6)

GnuWin32: OpenSSL-0.9.8h-1 (Version: 0.9.8h-1)

Google AdWords Editor (Version: 8.5.2)

Google Calendar Sync

Google Chrome (Version: 29.0.1547.66)

Google Drive (Version: 1.11.4865.2530)

Google Earth Plug-in (Version: 7.1.1.1888)

Google Gears (Version: 0.5.3600)

Google Toolbar for Internet Explorer

Google Update Helper (Version: 1.3.21.153)

GoToMeeting 5.5.0.1132 (Version: 5.5.0.1132)

HP Customer Participation Program 8.0 (Version: 8.0)

HP Deskjet & Photosmart Printer Driver Software 8.0.A (Version: 8.0)

HP Imaging Device Functions 8.0 (Version: 8.0)

HP LaserJet P2030 Series

HP LaserJet Professional P1100-P1560-P1600 Series

HP OCR Software 8.0 (Version: 8.0)

HP Officejet 6700 Basic Device Software (Version: 25.0.619.0)

HP Officejet 6700 Help (Version: 140.0.2.2)

HP Officejet 6700 Product Improvement Study (Version: 25.0.619.0)

HP Officejet Pro 8500 A910 Basic Device Software (Version: 22.0.334.0)

HP Officejet Pro 8500 A910 Help (Version: 140.0.2.2)

HP Officejet Pro 8500 A910 Product Improvement Study (Version: 22.0.334.0)

HP Officejet Pro All-In-One Series (Version: 1.0)

HP Photosmart Essential (Version: 1.12.0.46)

HP Product Assistant (Version: 100.000.001.000)

HP Solution Center 8.0 (Version: 8.0)

HP Update (Version: 5.003.000.004)

HP_Network_UserGuide (Version: 1.00.0000)

hppLaserJetService (Version: 001.001.0.0)

hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0)

HPProductAssistant (Version: 82.0.173.000)

hppusgP1100P1560P1600Series (Version: 1.0.0.1)

hppusgP2030 (Version: 000.000.00003)

HPSSupply (Version: 2.1.3.0000)

I.R.I.S. OCR (Version: 12.3.4)

ImgBurn (Version: 2.5.5.0)

InFlac 1.1.1 (Version: 1.1.1)

Intel® Graphics Media Accelerator Driver

Internet Offers (Version: 6.2)

Java 7 Update 15 (Version: 7.0.150)

Java Auto Updater (Version: 2.1.9.0)

Java 6 Update 27 (Version: 6.0.270)

Java SE Development Kit 7 (Version: 1.7.0.0)

JEOPARDY (Version: WT017840)

Magic ISO Maker v5.5 (build 0272)

MagicDisc 2.7.105

magicJack (Version: 2.0.5703.3988)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

MarketResearch (Version: 130.0.374.000)

Marvell Miniport Driver (Version: 10.0.4.3)

MediaCoder 0.6.1 (Version: 0.6.1)

Memoryze (Version: 2.0.0)

Mesh Runtime (Version: 15.4.5722.2)

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Money Essentials (Version: 16)

Microsoft Money Shared Libraries (Version: 16.0.0.705)

Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Live Meeting 2007 (Version: 8.0.6362.149)

Microsoft Office Outlook Connector (Version: 14.0.5118.5000)

Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)

Microsoft Security Client (Version: 4.3.0215.0)

Microsoft Security Essentials (Version: 4.3.215.0)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.2004)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft SQL Server Native Client (Version: 9.00.5000.00)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Works (Version: 08.05.0818)

Microsoft XML Parser (Version: 8.20.8730.4)

Mobilink (Version: 2.02.19.007)

Motorola Driver Installation 3.7.0 (Version: 3.7.0)

Motorola Phone Tools (Version: 4.30)

Motorola Phone Tools (Version: 4.5.1c 3/20/2007)

Mozilla Firefox 19.0 (x86 en-US) (Version: 19.0)

Mozilla Maintenance Service (Version: 22.0)

MPM (Version: 1.00.0000)

MrvlUsgTracking (Version: 1.0.7)

MSVCRT (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Network (Version: 110.0.180.000)

Notepad App

Ogg Codecs 0.81.15562 (Version: 0.81.15562)

Oregon Trail® 5

PC Inspector File Recovery (Version: 4.0)

PDF Settings (Version: 1.0)

Penguins! (Version: WT017910)

Polar Bowler (Version: WT017930)

Polar Golfer (Version: WT017940)

PremiumSoft Navicat MySQL 7.2

QuickBooks Remote Access

QuickTime (Version: 7.72.80.56)

Realtek High Definition Audio Driver (Version: 6.0.1.5371)

Scan (Version: 8.1.0.0)

SCRABBLE (Version: WT017980)

Segoe UI (Version: 15.4.2271.0615)

SF_CDA_ProductContext (Version: 82.0.233.000)

SF_CDA_Software (Version: 82.0.233.000)

Skype Toolbars (Version: 1.0.4051)

Skype™ 5.10 (Version: 5.10.116)

SlpCatalogues (Version: 1.0.0)

SolutionCenter (Version: 82.0.188.000)

Sothink SWF Decompiler (Version: 4.4)

Sothink SWF Quicker (Version: 3.0)

Sprint Mobile Broadband (Novatel Wireless) (Version: 3.10.014)

Status (Version: 110.0.180.000)

SUPERAntiSpyware (Version: 5.6.1020)

SWFKit 3.1

Synaptics Pointing Device Driver (Version: 11.2.4.0)

Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0001)

TIPCI (Version: 2.00.0001)

Toolbox (Version: 82.0.173.000)

TOSHIBA Assist (Version: 2.00.03)

TOSHIBA ConfigFree (Version: 7.00.24)

TOSHIBA Disc Creator (Version: 2.0.0.6)

TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)

TOSHIBA Hardware Setup (Version: 2.00.02MWM)

TOSHIBA Media Center Game Console

Toshiba Registration (Version: 1.00.0000)

TOSHIBA SD Memory Utilities (Version: 1.7.0.2)

TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD03))

TOSHIBA Software Upgrades (Version: 4.2)

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password (Version: 2.00.01MWM)

TOSHIBA Value Added Package (Version: 1.0.13)

TrayApp (Version: 110.0.180.000)

Trivial Pursuit Digital Choice v1.2.5 for Windows XP/Vista

UnloadSupport (Version: 1.00.0000)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

VC 9.0 Runtime (Version: 1.0.0)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)

VirtualCloneDrive

Vista Codec Package (Version: 4.5.9)

Visual Studio Tools for the Office system 3.0 Runtime

Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)

VRE Toolbar

Web Dumper 2.4.1

WebReg (Version: 82.0.173.000)

Winamp (Version: 5.541 )

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Media Encoder 9 Series

Windows Media Encoder 9 Series (Version: 9.00.3374)

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

WinDVD for TOSHIBA (Version: 8.0-B6.108)

Yahoo! Music Jukebox

 

========================= Devices: ================================

 

Name: Microsoft ISATAP Adapter

Description: Microsoft ISATAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

Name: Officejet Pro L7700

Description: Officejet Pro L7700

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Officejet 7400 series

Description: Officejet 7400 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: hp LaserJet 1320 series

Description: hp LaserJet 1320 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet P2035n

Description: HP LaserJet P2035n

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: DesignJet 800 (C7779B)

Description: DesignJet 800 (C7779B)

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C7200 series

Description: Photosmart C7200 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Officejet Pro 8000 A809

Description: Officejet Pro 8000 A809

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Officejet Pro 8500 A909a

Description: Officejet Pro 8500 A909a

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet P2015 Series

Description: HP LaserJet P2015 Series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: hp LaserJet 4250

Description: hp LaserJet 4250

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet Professional P1102w

Description: HP LaserJet Professional P1102w

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet Professional P1102w

Description: HP LaserJet Professional P1102w

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Officejet Pro 8500 A910

Description: Officejet Pro 8500 A910

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet M2727nf MFP

Description: HP LaserJet M2727nf MFP

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP Color LaserJet CP3525

Description: HP Color LaserJet CP3525

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: hp LaserJet 4350

Description: hp LaserJet 4350

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Officejet Pro 8500 A909g

Description: Officejet Pro 8500 A909g

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Officejet 6700

Description: Officejet 6700

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart 6510 series

Description: Photosmart 6510 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Officejet Pro 8500 A910

Description: Officejet Pro 8500 A910

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 48%

Total physical RAM: 2037.32 MB

Available physical RAM: 1042.52 MB

Total Pagefile: 4311.93 MB

Available Pagefile: 3075.27 MB

Total Virtual: 2047.88 MB

Available Virtual: 1944.66 MB

 

========================= Partitions: =====================================

 

1 Drive c: (SQ004328V04) (Fixed) (Total:184.84 GB) (Free:53.82 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\PRIME-PC

 

Administrator            apache2triad             Guest                    

Prime                    

 

========================= Minidump Files ==================================

 

C:\Windows\Minidump\Mini072113-01.dmp

C:\Windows\Minidump\Mini072313-01.dmp

C:\Windows\Minidump\Mini081413-01.dmp

C:\Windows\Minidump\Mini082413-01.dmp

C:\Windows\Minidump\Mini082813-01.dmp

C:\Windows\Minidump\Mini091213-01.dmp

 

**** End of log ****

 

[AdvancedSetup]

Please do not use code tags when posting logs unless requested.

 

Please zip this file up and upload it.

 

C:\Windows\Minidump\Mini091213-01.dmp

 

Then please run a FULL Disk Check on your C: drive.

How to Run Check Disk at Startup in Vista or Windows 7
 

[ROIGuy]

Ok.. Sorry about the post.

 

I tried to attach the minidump file and it says "You aren't permitted to upload this kind of file"

Can I rename it to a text file?  like: Mini091213-01.txt

Would that work?

[ROIGuy]

Mini091213-01.zip

 

I forgot to zip the file. Attached.

[AdvancedSetup]

You got a bug check error PAGE_FAULT_IN_NONPAGED_AREA

 

This could be many different things causing it.

 

Please run a full disk check on your system and then let me know when it's done and we'll run some other tools.

 

How to Run Check Disk at Startup in Vista or Windows 7
 

 

[ROIGuy]

thanks.... in progress.

Will there be a report that I can upload from it?

[AdvancedSetup]

The Vista check disk log can be found as follows: Go to Start, Control Panel,
Administrative Tools, Event Viewer, Windows Logs, Application. Scroll down
the Application Events looking for Wininit in the Source Column.

 

 

You can then click the little book type icon to copy to the clipboard and paste back here.

 

 

I'm going to be on the road but will try to check back with you a bit later tonight.

[ROIGuy]

Thank you AdvancedSetup.

I've searched for the Wininit in the source column and the only ones that I see are over a year old.

 

Strange....

[AdvancedSetup]

How long did it take for Check Disk to run?  It should have run at least 10 minutes and possibly hours in a blue DOS screen.

 

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8

[ROIGuy]

It took about 20 minutes or so to run

I ran it at startup.

 

I followed the instructions that you posted to find the Check Disk log by using the event viewer to no avail. I'll see if there is another reason I can't find it or if there is a physical location of the log file that I can open and paste so you can review it.

[AdvancedSetup]

Okay no worries about it.  If it ran for 20 minutes then it did it's job.

 

Let's run Combofix again now and make sure you delete your current copy and download a new fresh copy to use.

 

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[ROIGuy]

Combofix.txtThank you AdvancedSetup (Ron)

 

I've downloaded and ran the Combofix and attached the log to this post.

 

[AdvancedSetup]

Please save the attached file CFScript.txt to your computer next to Combofix.exe

 

Then quit your browser and any other open applications and drag and drop CFScript.txt onto Combofix.exe to run it and when it's done please post back the new log.

 

CFScript.txt

[ROIGuy]

Thanks Advanced:.. Here is the new log:

 

ComboFix 13-09-14.01 - Prime 09/16/2013   8:13.8.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.1110 [GMT -5:00]

Running from: c:\users\Prime\Desktop\Downloads\ComboFix.exe

Command switches used :: c:\users\Prime\yy\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk"

"c:\windows\Tasks\Adobe Flash Player Updater.job"

"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"

"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"

"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.job"

"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk

c:\windows\Tasks\Adobe Flash Player Updater.job

c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000Core.job

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533579671-3271529956-2011735840-1000UA.job

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-16 to 2013-09-16  )))))))))))))))))))))))))))))))

.

.

2013-09-16 13:31 . 2013-09-16 13:31 -------- d-----w- c:\users\Prime\AppData\Local\temp

2013-09-16 13:31 . 2013-09-16 13:31 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-09-16 13:31 . 2013-09-16 13:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-16 13:31 . 2013-09-16 13:31 -------- d-----w- c:\users\apache2triad\AppData\Local\temp

2013-09-14 16:39 . 2013-09-14 17:08 -------- d-----w- C:\pirates-2

2013-09-13 19:15 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EF77C8D-CF57-4143-AF0D-0FABC9227DCF}\mpengine.dll

2013-09-13 19:09 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-09-13 18:05 . 2013-09-14 02:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-09-13 18:05 . 2013-09-13 18:05 -------- d-----w- c:\users\Prime\AppData\Roaming\Malwarebytes

2013-09-13 18:05 . 2013-09-13 18:05 -------- d-----w- c:\programdata\Malwarebytes

2013-09-13 18:04 . 2013-09-13 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-09-13 18:04 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-09-13 16:41 . 2013-09-13 16:41 -------- d-----w- C:\TDSSKiller_Quarantine

2013-09-13 12:37 . 2013-09-13 12:58 -------- d-----w- C:\AdwCleaner

2013-09-12 21:40 . 2013-09-12 21:40 -------- d-----w- C:\FRST

2013-09-09 20:02 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-09-06 13:29 . 2013-09-06 13:21 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89C7C82E-9F00-4E5E-8332-1F1BB601DEFA}\gapaengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-13 15:11 . 2012-04-25 16:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-13 15:11 . 2011-12-13 23:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-23 03:17 . 2012-06-12 18:26 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-07-31 11:23 . 2013-07-31 11:23 121688 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2013-07-25 02:32 . 2013-08-14 22:04 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-07-25 02:26 . 2013-08-14 22:04 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-07-25 02:25 . 2013-08-14 22:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-25 02:23 . 2013-08-14 22:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-25 02:23 . 2013-08-14 22:04 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-07-25 02:22 . 2013-08-14 22:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-17 19:41 . 2013-08-14 21:57 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-10 09:47 . 2013-08-14 21:57 783360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-07-09 12:10 . 2013-08-14 21:56 1205168 ----a-w- c:\windows\system32\ntdll.dll

2013-07-08 04:55 . 2013-08-14 21:56 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-08 04:55 . 2013-08-14 21:56 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-07-08 04:20 . 2013-08-14 21:53 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-07-08 04:16 . 2013-08-14 21:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-08 04:16 . 2013-08-14 21:53 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-08 04:16 . 2013-08-14 21:53 992768 ----a-w- c:\windows\system32\crypt32.dll

2013-07-05 03:20 . 2013-08-14 21:56 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-07-05 01:43 . 2013-08-14 21:56 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2013-07-02 13:27 . 2013-07-02 13:27 97176 ----a-w- c:\windows\system32\ElbyCDIO.dll

2013-06-19 02:50 . 2013-06-19 02:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-19 02:50 . 2012-03-21 01:44 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 21:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]

"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]

"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]

"NDSTray.exe"="NDSTray.exe" [bU]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-02-11 36864]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"Talk"="c:\program files\NCH Software\Talk\talk.exe" [2012-12-14 1420292]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]

.

c:\users\Prime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Ink Alerts - HP Officejet 6700 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2BS9SJ0P05RQ;CONNECTION=NW;MONITOR=1; [2006-11-2 44544]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2533579671-3271529956-2011735840-1000]

"EnableNotificationsRef"=dword:00000001

.

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - ctxusbm

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ   HPSLPSVC

hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache

.

.

------- Supplementary Scan -------

.

Trusted Zone: myps.com\portal

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Prime\AppData\Roaming\Mozilla\Firefox\Profiles\hcsxmvrr.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - ExtSQL: !HIDDEN! 2010-02-03 08:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-09-16 08:31

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:e2,5a,10,f9,2e,3f,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,e0,ab,b1,3f,46,9a,4e,a1,b7,0c,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e,

   dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:22,31,a9,90,84,c0,37,7a,52,25,d1,b5,38,48,89,a2,99,79,35,c7,4e,

   dd,0d,ce,51,89,bd,d6,d1,ea,82,25,1b,f3,c7,d9,6f,4e,41,a2,ab,61,77,35,90,39,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2013-09-16  08:37:22

ComboFix-quarantined-files.txt  2013-09-16 13:37

ComboFix2.txt  2013-09-15 20:51

ComboFix3.txt  2013-09-15 20:12

ComboFix4.txt  2013-09-13 03:56

ComboFix5.txt  2013-09-16 13:11

.

Pre-Run: 49,904,750,592 bytes free

Post-Run: 49,863,467,008 bytes free

.

- - End Of File - - 564B64FB782BE3CF0175AAC301C74838

5B5E648D12FCADC244C1EC30318E1EB9

[AdvancedSetup]

Great, thanks.  Okay let me have you run this tool for me so we can check a few other items.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

 

 

 

Then run this one again.

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

 

 

 

[ROIGuy]

Ok... will do.

thanks.

[ROIGuy]

Here is the log from the Farbar Service Scanner:

 

Farbar Service Scanner Version: 13-09-2013

Ran by Prime (administrator) on 16-09-2013 at 18:05:52

Running from "C:\Users\Prime\Desktop\Downloads"

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Security Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2013-08-14 16:56] - [2013-07-04 22:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

 

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

[ROIGuy]

Result.txtI've attached the reulsts.txt of the minitoolbox to this post  

[AdvancedSetup]

Did you install and setup Apache Web Server at some point in time? Are you using it or even know what it is for? It is installed and was running (I stopped it from running on startup)

Apache HTTP Server 2.2.8
Apache2Triad: apache server bundle


Please uninstall versions of Java and reboot the computer then run the following to help remove any left over elements of Java.

Please download JavaRa-1.16 and save it to your computer.

• Double click to open the zip file and then select all and choose Copy.
• Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
• Quit all browsers and other running applications.
• Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

When that's all done please let me know about Apache and if you're not using it then you should uninstall it too.

 

 

 

Then reboot the computer one more time and delete any current logs for FRST as well as the program and download a new fresh copy to run.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

[ROIGuy]

Thanks Advanced,

 

The apache server software was used on this computer for website development for a php testing server environment.

I can get rid of it.

 

I've deleted all of the Java software and used the cleaner that you have posted.  Ugh, unfortunately I didn't capture the log file before closing the text file.  It did remove 2 pieces of java but I cannot remember which.

 

I've attached the logs from when I just used the Farbar Recovery Scan Tool.  I hope that helps.

 

Let me know when you think I should give the Malwarbytes software another try.

Regards,Addition.txtFRST.txt