Jump to content

I think we have a RAT (Remote Access Trojan) Problem


Recommended Posts

Hello  I think our computers are infected with a RAT (Remote Access Trojan) amongst other things :(  I have seen IP Address conflict many times on our computers.  Others receiving email from long forgotten or unused email addresses.  I have seen "Set Impersonate" in our registery files.  There are programs we have not installed on our computers as well.  We are even denied making any changes getting the "Access Denied" box is a real pain!!  Our firefox was set for a proxy!!! 

 

The only changes I have made prior to using this forum and its tools have been:  I changed the firefox setting back to "no proxy" and I have deleted ftp and telnet in the registery area.

 

I'd appreciate some help and thank you for this forum :)  Here is the log from Malwarebyets and from Frst:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/30/2014
Scan Time: 11:03:08 AM
Logfile: malwar.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.30.07
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Nasser

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 251669
Time Elapsed: 14 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
Adware.GameVance, HKLM\SOFTWARE\CLASSES\APPID\GamevanceText.DLL, Quarantined, [dcb38ccbf388dc5a6488c41305fd04fc],
Adware.GameVance, HKU\S-1-5-21-3812318559-1686137163-1967442444-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\gvtl, Quarantined, [503f2037720922148566c80f59a95fa1],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-05-2014
Ran by Nasser (administrator) on NASSER-PC on 30-05-2014 11:29:53
Running from C:\Users\Nasser\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.2.0.38\n360.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.2.0.38\n360.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
SearchScopes: HKLM - DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7
SearchScopes: HKLM - {B5F099C4-BFA8-4583-9FA5-E80C8E8040D5} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {E9D4E014-3CA2-4E2F-A41D-82B294BAE6A8} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.pogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.pogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKCU - {82FAFD94-437F-4B91-A7E6-0232679AD8AF} URL = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=26dbcb55-3075-4cbb-99ad-d918c2034458&apn_sauid=CBEBF7C2-6D35-4CA6-B78C-380BC677E7B5
SearchScopes: HKCU - {B5F099C4-BFA8-4583-9FA5-E80C8E8040D5} URL =
SearchScopes: HKCU - {E9D4E014-3CA2-4E2F-A41D-82B294BAE6A8} URL =
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\Nasser\AppData\Roaming\Mozilla\Firefox\Profiles\bageisl1.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll (America Online, Inc.)
FF SearchPlugin: C:\Users\Nasser\AppData\Roaming\Mozilla\Firefox\Profiles\bageisl1.default\searchplugins\askcom.xml
FF Extension: DownloadHelper - C:\Users\Nasser\AppData\Roaming\Mozilla\Firefox\Profiles\bageisl1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Nasser\AppData\Roaming\Mozilla\Firefox\Profiles\bageisl1.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Nasser\AppData\Roaming\Mozilla\Firefox\Profiles\bageisl1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-09]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-30]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx []
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\Exts\Chrome.crx [2014-04-03]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2014-04-03]

========================== Services (Whitelisted) =================

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 N360; C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe [265040 2014-03-14] (Symantec Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx86.sys [1098968 2014-03-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-29] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-29] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140514.001\IDSvix86.sys [395992 2014-03-25] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-12-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1502000.026\SYMTDIV.SYS [384728 2014-02-17] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140529.016\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140529.016\NAVEX15.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 11:29 - 2014-05-30 11:30 - 00015256 _____ () C:\Users\Nasser\Downloads\FRST.txt
2014-05-30 11:29 - 2014-05-30 11:29 - 00000000 ____D () C:\FRST
2014-05-30 11:28 - 2014-05-30 11:28 - 01056256 _____ (Farbar) C:\Users\Nasser\Downloads\FRST.exe
2014-05-30 11:02 - 2014-05-30 11:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 11:01 - 2014-05-30 11:01 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 11:01 - 2014-05-30 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 11:01 - 2014-05-30 11:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 11:01 - 2014-05-30 11:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-30 11:01 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-30 11:01 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-30 11:01 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 11:00 - 2014-05-30 11:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nasser\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 23:09 - 2014-05-29 23:10 - 00000000 ____D () C:\NPE
2014-05-29 23:05 - 2014-05-29 23:19 - 00000000 ____D () C:\Users\Nasser\AppData\Local\NPE
2014-05-09 15:54 - 2014-05-09 15:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-06 17:17 - 2014-05-14 16:38 - 00001590 _____ () C:\Windows\setupact.log
2014-05-06 17:17 - 2014-05-06 17:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-02 18:48 - 2014-04-29 16:18 - 06020608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 18:48 - 2014-04-29 15:28 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

==================== One Month Modified Files and Folders =======

2014-05-30 11:30 - 2014-05-30 11:29 - 00015256 _____ () C:\Users\Nasser\Downloads\FRST.txt
2014-05-30 11:30 - 2009-10-11 14:31 - 00000000 ____D () C:\Users\Nasser\AppData\Local\Temp
2014-05-30 11:29 - 2014-05-30 11:29 - 00000000 ____D () C:\FRST
2014-05-30 11:28 - 2014-05-30 11:28 - 01056256 _____ (Farbar) C:\Users\Nasser\Downloads\FRST.exe
2014-05-30 11:28 - 2014-04-16 12:04 - 00000000 ____D () C:\Users\Nasser\Desktop\lila
2014-05-30 11:23 - 2012-04-11 23:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 11:09 - 2012-09-09 00:09 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 11:03 - 2014-05-30 11:02 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 11:02 - 2009-08-19 13:26 - 01184719 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 11:01 - 2014-05-30 11:01 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 11:01 - 2014-05-30 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 11:01 - 2014-05-30 11:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 11:01 - 2014-05-30 11:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-30 11:01 - 2014-05-30 11:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nasser\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-30 10:56 - 2006-11-02 06:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 10:50 - 2012-09-09 00:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 10:50 - 2012-01-15 21:56 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-30 10:50 - 2009-11-15 22:32 - 00063174 _____ () C:\ProgramData\nvModes.dat
2014-05-30 10:50 - 2009-11-15 22:32 - 00063174 _____ () C:\ProgramData\nvModes.001
2014-05-30 10:50 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 10:49 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 10:49 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 07:37 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-05-30 07:37 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-05-30 07:37 - 2006-11-02 06:22 - 45875200 _____ () C:\Windows\system32\config\software_previous
2014-05-30 07:37 - 2006-11-02 06:22 - 25165824 _____ () C:\Windows\system32\config\system_previous
2014-05-30 07:36 - 2012-04-26 15:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-30 07:36 - 2011-10-04 19:29 - 00000000 ____D () C:\Users\Nasser\AppData\Local\QuickPlay
2014-05-30 07:36 - 2009-08-19 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
2014-05-30 07:36 - 2009-08-19 13:36 - 00000000 ____D () C:\Program Files\NetWaiting
2014-05-30 07:36 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-05-30 07:35 - 2014-04-23 11:46 - 00000000 ____D () C:\Users\dub_cm_auto
2014-05-30 07:29 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-05-30 07:29 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-05-30 04:06 - 2006-11-02 09:01 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-30 03:59 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\tracing
2014-05-30 03:41 - 2009-08-19 14:07 - 00000246 _____ () C:\ProgramData\hpqp.ini
2014-05-30 03:38 - 2009-10-11 14:31 - 00000000 ____D () C:\Users\Nasser
2014-05-30 03:27 - 2006-11-02 06:22 - 41943040 _____ () C:\Windows\system32\config\components_previous
2014-05-30 03:27 - 2006-11-02 06:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-05-30 01:56 - 2009-10-20 15:17 - 00007808 _____ () C:\Users\Nasser\AppData\Local\d3d9caps.dat
2014-05-29 23:19 - 2014-05-29 23:05 - 00000000 ____D () C:\Users\Nasser\AppData\Local\NPE
2014-05-29 23:10 - 2014-05-29 23:09 - 00000000 ____D () C:\NPE
2014-05-29 23:08 - 2008-01-20 22:47 - 00572660 _____ () C:\Windows\PFRO.log
2014-05-29 23:05 - 2009-04-20 16:17 - 00000000 ____D () C:\ProgramData\Norton
2014-05-29 22:48 - 2009-11-07 17:33 - 00000000 ____D () C:\Users\Nasser\AppData\Local\CrashDumps
2014-05-29 22:44 - 2009-04-20 16:14 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-20 18:28 - 2011-11-18 06:16 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-15 14:32 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:59 - 2013-08-14 21:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 00:56 - 2012-04-22 20:07 - 00000000 ____D () C:\Users\Nasser\Documents\FFOutput
2014-05-14 16:38 - 2014-05-06 17:17 - 00001590 _____ () C:\Windows\setupact.log
2014-05-13 15:23 - 2012-04-11 23:36 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 15:23 - 2011-06-26 14:52 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 07:26 - 2014-05-30 11:01 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-30 11:01 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-30 11:01 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 15:55 - 2014-05-09 15:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-06 17:17 - 2014-05-06 17:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 17:17 - 2009-10-11 16:27 - 00088576 _____ () C:\Users\Nasser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-30 10:55

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-05-2014
Ran by Nasser at 2014-05-30 11:31:05
Running from C:\Users\Nasser\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Security Suite (Enabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{0C34B801-6AEC-4667-B053-03A67E2D0415}) (Version: 1.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
Canon MP495 series User Registration (HKLM\...\Canon MP495 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2203 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (HKLM\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3618 - CyberLink Corp.)
CyberLink PhotoDirector 3 (Version: 3.0.3618 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2328 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2328 - CyberLink Corp.) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.2.1.2 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FormatFactory 2.96 (HKLM\...\FormatFactory) (Version: 2.96 - Free Time)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
iTunes (HKLM\...\{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}) (Version: 9.0.1.8 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)
LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Norton Security Suite (HKLM\...\N360) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM\...\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}) (Version: 7.64.17.73 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Tri Peaks 2 Quest For The Ruby Ring (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114079860}) (Version:  - Oberon Media)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Word Riot Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114780403}) (Version:  - Oberon Media)

==================== Restore Points  =========================

25-12-2013 21:57:32 Scheduled Checkpoint
16-01-2014 03:16:09 Windows Update
18-01-2014 20:17:27 Installed Java 7 Update 51
22-01-2014 17:04:23 Scheduled Checkpoint
02-02-2014 02:29:51 Norton Security Suite Registry
04-02-2014 19:40:43 Scheduled Checkpoint
11-02-2014 21:08:49 Windows Update
25-02-2014 17:15:52 Windows Update
27-02-2014 06:18:18 Windows Update
27-02-2014 23:31:00 Scheduled Checkpoint
13-03-2014 23:20:31 Windows Update
18-03-2014 19:37:56 Windows Update
11-04-2014 19:36:53 Windows Update
17-04-2014 18:27:35 Installed Java 7 Update 55
27-04-2014 23:22:01 Scheduled Checkpoint
03-05-2014 00:47:46 Windows Update
15-05-2014 17:46:17 Windows Update
30-05-2014 02:15:47 Norton Security Suite Registry
30-05-2014 02:17:23 Installed Akamai NetSession Interface
30-05-2014 02:43:01 Removed NetWaiting
30-05-2014 02:44:07 Removed NetWaiting
30-05-2014 02:46:19 Removed Microsoft Visual C++ 2005 Redistributable
30-05-2014 02:47:12 Removed Spelling Dictionaries Support For Adobe Reader 9.
30-05-2014 02:49:58 Removed RTC Client API v1.2

==================== Hosts content: ==========================

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CE777C2-D56F-4184-B515-692F1AD873D5} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files\Norton Security Suite\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {4424F644-A638-473E-AEFB-47E2A5962A7C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {6EAA0FB0-2F15-4299-AD44-28A744C260AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-09] (Google Inc.)
Task: {8098070C-11C1-403B-9C69-B25DF0B26E06} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security Suite\Engine\21.2.0.38\WSCStub.exe [2014-03-11] (Symantec Corporation)
Task: {A7246DDC-5EBE-4018-8209-C4A924C3D9E7} - System32\Tasks\RunAsStdUser Task => C:\Program Files\Pogo Games\PogoDGC.exe <==== ATTENTION
Task: {A8A133DD-6E07-4E41-899E-3A6A17B5580D} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files\Norton Security Suite\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {AC4AD27B-AE5A-4A3E-923E-6E1F46EC676B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-09] (Google Inc.)
Task: {BBB97974-8CD4-4DFA-8EA9-B7C4344EA003} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {BFA56EF7-4F97-4491-9370-AF4C429B1EDB} - System32\Tasks\{D4CEB320-8559-4788-9EBB-42BB9FB78EE5} => Firefox.exe http://ui.skype.com/ui/0/4.1.0.179/en/abandoninstall?source=lightinstaller&page=tsInstall&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {C1C15C2E-B7C1-4612-8952-428A4CC2FB5D} - System32\Tasks\{F7755542-4E32-47AA-A906-B147476BDA1D} => Firefox.exe http://ui.skype.com/ui/0/4.2.0.169/en/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {C8F7FB51-3B4A-48FB-A6F4-FFE3E5F3278C} - System32\Tasks\{51A9BD4A-AB7C-4E8A-BEA6-D0A904496E58} => C:\Program Files\Skype\Phone\Skype.exe
Task: {D59FF432-E3AC-4657-8BC9-3FEF77732985} - System32\Tasks\{6E5A995C-D73E-4026-A60B-CB9211A546FF} => Firefox.exe http://ui.skype.com/ui/0/4.1.0.179/en/abandoninstall?source=lightinstaller&page=tsInstall&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F9928CBF-8E1E-4AE8-8E2D-AF23430F0AA4} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-11-18 12:36 - 2010-04-05 15:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2009-04-20 17:42 - 2008-10-06 12:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2009-04-20 17:42 - 2008-10-06 12:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2009-04-20 17:34 - 2008-09-15 10:13 - 00241734 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-05-09 15:54 - 2014-05-09 15:55 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:3E996AD9
AlternateDataStreams: C:\ProgramData\Temp:5EC637CB
AlternateDataStreams: C:\ProgramData\Temp:A73EAFFB
AlternateDataStreams: C:\Users\Nasser\Downloads\JibJab_Order_4045454_Movie.mpg:TOC.WMV

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Nasser^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SystemPerfSync => C:\Windows\diskperfm.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdcBase.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2014 10:51:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 03:59:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 03:44:57 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={282A3628-4613-412F-BEAE-9B1D3D0C63DA}: The user Nasser-PC\Nasser dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (05/30/2014 03:40:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 03:26:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 03:09:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 03:09:02 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/30/2014 02:53:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 02:48:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 02:19:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/30/2014 10:51:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: BHDrvx86
SRTSP

Error: (05/30/2014 10:51:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/30/2014 10:49:38 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.

Error: (05/30/2014 03:59:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: BHDrvx86
SRTSP

Error: (05/30/2014 03:59:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/30/2014 03:58:10 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.

Error: (05/30/2014 03:40:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: BHDrvx86

Error: (05/30/2014 03:40:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/30/2014 03:26:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IPsec Policy AgentBase Filtering Engine%%1058

Error: (05/30/2014 03:26:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBase Filtering Engine%%1058


Microsoft Office Sessions:
=========================
Error: (04/17/2010 08:01:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 289 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-30 11:30:56.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-30 11:30:55.340
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-30 11:30:53.985
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-30 11:30:52.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-30 11:30:51.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-30 11:30:50.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-30 11:30:48.692
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-30 11:30:47.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-30 11:30:45.871
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-30 11:30:44.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 2813.69 MB
Available physical RAM: 1617.26 MB
Total Pagefile: 5855.85 MB
Available Pagefile: 4749.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.17 GB) (Free:152.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: D610896A)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

 

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

 

STEP 03

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Thank you
Link to post
Share on other sites

Thank you in advance!!!!  You all are super in this forum!!

 

Well let me add a few things: 

 

1) I have no clue how this computer is a "workgroup" and I don't have the ability to change it. 

2) being with Windows NT  and .Netframework.  How can I remove this?  Should I remove it?

3) I changed in Firefox a proxy setting, only to learn tonight it got changed to "system proxy"

4) Some programs have a windows "shield" on them, others do not.

5) I don't like the "Access denied" :( when I am trying to access files or delete something from the registery.

6) I think this computer is being used a server?  When I am using Disk Clean up I am asked from this user or all users of this computer-FREAKED me out!!

7) There is a "Non Active Partition"  I don't know what that's about.

8) No, we have not used any bit torrent or peer 2 peer programs, not that I am aware of??

 

Here are the logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/4/2014
Scan Time: 1:13:54 AM
Logfile: malwarebyteslog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.04.01
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Nasser

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 254633
Time Elapsed: 22 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

RogueKiller V9.0.1.0 [Jun  2 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Nasser [Admin rights]
Mode : Scan -- Date : 06/04/2014  01:51:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SystemPerfSync : C:\Windows\diskperfm.exe  -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-3812318559-1686137163-1967442444-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 167 ¤¤¤
[sSDT:Addr] NtAlertResumeThread[13] : Unknown @ 0x888496d8
[sSDT:Addr] NtAlertThread[14] : Unknown @ 0x88849750
[sSDT:Addr] NtAllocateVirtualMemory[18] : Unknown @ 0x883680e0
[sSDT:Addr] NtAlpcConnectPort[21] : Unknown @ 0x8820ac30
[sSDT:Addr] NtAssignProcessToJobObject[42] : Unknown @ 0x88849150
[sSDT:Addr] NtCreateMutant[67] : Unknown @ 0x88849500
[sSDT:Addr] NtCreateSymbolicLinkObject[77] : Unknown @ 0x882fbf80
[sSDT:Addr] NtCreateThread[78] : Unknown @ 0x88465108
[sSDT:Addr] NtDebugActiveProcess[116] : Unknown @ 0x888491e8
[sSDT:Addr] NtDuplicateObject[129] : Unknown @ 0x886ed8e8
[sSDT:Addr] NtFreeVirtualMemory[147] : Unknown @ 0x88349d58
[sSDT:Addr] NtImpersonateAnonymousToken[156] : Unknown @ 0x888495a8
[sSDT:Addr] NtImpersonateThread[158] : Unknown @ 0x88849640
[sSDT:Addr] NtLoadDriver[165] : Unknown @ 0x8820abb8
[sSDT:Addr] NtMapViewOfSection[177] : Unknown @ 0x88349cc0
[sSDT:Addr] NtOpenEvent[184] : Unknown @ 0x88849468
[sSDT:Addr] NtOpenProcess[194] : Unknown @ 0x88465080
[sSDT:Addr] NtOpenProcessToken[195] : Unknown @ 0x88368168
[sSDT:Addr] NtOpenSection[197] : Unknown @ 0x88849338
[sSDT:Addr] NtOpenThread[201] : Unknown @ 0x886ed970
[sSDT:Addr] NtProtectVirtualMemory[210] : Unknown @ 0x888490a8
[sSDT:Addr] NtResumeThread[282] : Unknown @ 0x886ed300
[sSDT:Addr] NtSetContextThread[289] : Unknown @ 0x886ed4c8
[sSDT:Addr] NtSetInformationProcess[305] : Unknown @ 0x886ed560
[sSDT:Addr] NtSetSystemInformation[317] : Unknown @ 0x88849280
[sSDT:Addr] NtSuspendProcess[330] : Unknown @ 0x888493d0
[sSDT:Addr] NtSuspendThread[331] : Unknown @ 0x886ed398
[sSDT:Addr] NtTerminateProcess[334] : Unknown @ 0x88349b88
[sSDT:Addr] unknown[335] : Unknown @ 0x886ed430
[sSDT:Addr] NtUnmapViewOfSection[348] : Unknown @ 0x88349c68
[sSDT:Addr] NtWriteVirtualMemory[358] : Unknown @ 0x88349de0
[sSDT:Addr] NtCreateThreadEx[382] : Unknown @ 0x882fb008
[shwSSDT:Addr] NtUserAttachThreadInput[317] : Unknown @ 0x88af2128
[shwSSDT:Addr] NtUserGetAsyncKeyState[397] : Unknown @ 0x88b9f430
[shwSSDT:Addr] NtUserGetKeyboardState[428] : Unknown @ 0x88b9f3b8
[shwSSDT:Addr] NtUserGetKeyState[430] : Unknown @ 0x88b9f4a8
[shwSSDT:Addr] NtUserGetRawInputData[442] : Unknown @ 0x88b56558
[shwSSDT:Addr] NtUserMessageCall[479] : Unknown @ 0x88ba1a80
[shwSSDT:Addr] NtUserPostMessage[497] : Unknown @ 0x88b9f330
[shwSSDT:Addr] NtUserPostThreadMessage[498] : Unknown @ 0x88b9f2a8
[shwSSDT:Addr] NtUserSetWindowsHookEx[573] : Unknown @ 0x88b56620
[shwSSDT:Addr] NtUserSetWinEventHook[576] : Unknown @ 0x88ba0b48
[EAT:Addr] (explorer.exe) comctl32.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7511152c
[EAT:Addr] (explorer.exe) comctl32.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x7511c80a
[EAT:Addr] (explorer.exe) comctl32.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x7510dd2c
[EAT:Addr] (explorer.exe) comctl32.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x75117041
[EAT:Addr] (explorer.exe) comctl32.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x7511c9a7
[EAT:Addr] (explorer.exe) comctl32.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x75111135
[EAT:Addr] (explorer.exe) comctl32.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x75117131
[EAT:Addr] (explorer.exe) comctl32.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x7511118c
[EAT:Addr] (explorer.exe) comctl32.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x75107339
[EAT:Addr] (explorer.exe) comctl32.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x75105197
[EAT:Addr] (explorer.exe) comctl32.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x7511c83a
[EAT:Addr] (explorer.exe) comctl32.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x7511b7e8
[EAT:Addr] (explorer.exe) comctl32.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x7511c776
[EAT:Addr] (explorer.exe) comctl32.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x7511c7b9
[EAT:Addr] (explorer.exe) comctl32.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x7511b81e
[EAT:Addr] (explorer.exe) comctl32.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x7511b9c1
[EAT:Addr] (explorer.exe) comctl32.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x7511c6e7
[EAT:Addr] (explorer.exe) comctl32.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x75110020
[EAT:Addr] (explorer.exe) comctl32.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x75110096
[EAT:Addr] (explorer.exe) comctl32.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x751178fd
[EAT:Addr] (explorer.exe) comctl32.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x7511c7c9
[EAT:Addr] (explorer.exe) comctl32.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x75117908
[EAT:Addr] (explorer.exe) comctl32.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x75117913
[EAT:Addr] (explorer.exe) comctl32.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x7511791e
[EAT:Addr] (explorer.exe) comctl32.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x7511c735
[EAT:Addr] (explorer.exe) comctl32.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x7510630f
[EAT:Addr] (explorer.exe) comctl32.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x7511b639
[EAT:Addr] (explorer.exe) comctl32.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x7510a5b1
[EAT:Addr] (explorer.exe) comctl32.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x75109f93
[EAT:Addr] (explorer.exe) comctl32.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x7510b046
[EAT:Addr] (explorer.exe) comctl32.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x75103258
[EAT:Addr] (explorer.exe) comctl32.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x7511b5b0
[EAT:Addr] (explorer.exe) comctl32.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x751184e4
[EAT:Addr] (explorer.exe) comctl32.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x75103ef8
[EAT:Addr] (explorer.exe) comctl32.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x7510657d
[EAT:Addr] (explorer.exe) comctl32.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x751076f9
[EAT:Addr] (explorer.exe) comctl32.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x7511c646
[EAT:Addr] (explorer.exe) comctl32.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x7511ca90
[EAT:Addr] (explorer.exe) comctl32.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x7511c30f
[EAT:Addr] (explorer.exe) comctl32.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x75106da8
[EAT:Addr] (explorer.exe) comctl32.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7511c19d
[EAT:Addr] (explorer.exe) comctl32.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x7510dc66
[EAT:Addr] (explorer.exe) comctl32.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7511c06b
[EAT:Addr] (explorer.exe) comctl32.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x75111cb5
[EAT:Addr] (explorer.exe) comctl32.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7511cb05
[EAT:Addr] (explorer.exe) comctl32.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x7511705d
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x7511c527
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x75107083
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x75112d45
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7511be6f
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7510ce28
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x7511c5ba
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x75107135
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x75102d8e
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x7510540a
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7511bfbb
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7511bd35
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7511bbe9
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x7511c3ca
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x7511232c
[EAT:Addr] (explorer.exe) comctl32.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7510c94f
[EAT:Addr] (explorer.exe) comctl32.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x7510f459
[EAT:Addr] (explorer.exe) comctl32.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x7511b6c3
[EAT:Addr] (explorer.exe) comctl32.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x7511cbea
[EAT:Addr] (explorer.exe) comctl32.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x75102c3b
[EAT:Addr] (explorer.exe) comctl32.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x7511ce45
[EAT:Addr] (explorer.exe) comctl32.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x7510faf7
[EAT:Addr] (explorer.exe) comctl32.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x7511cd46
[EAT:Addr] (explorer.exe) comctl32.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x7511ccd2
[EAT:Addr] (explorer.exe) comctl32.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x7511cc5e
[EAT:Addr] (explorer.exe) comctl32.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x7511b82e
[EAT:Addr] (explorer.exe) comctl32.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x7511c933
[EAT:Addr] (explorer.exe) comctl32.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7511b8be
[EAT:Addr] (explorer.exe) comctl32.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x7510e373
[EAT:Addr] (explorer.exe) comctl32.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x75103de5
[EAT:Addr] (explorer.exe) comctl32.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x7511ba7f
[EAT:Addr] (explorer.exe) comctl32.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x7511b56c
[EAT:Addr] (explorer.exe) comctl32.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x7511121d
[EAT:Addr] (explorer.exe) comctl32.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7511cdbc
[EAT:Addr] (explorer.exe) comctl32.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x75113861
[EAT:Addr] (explorer.exe) comctl32.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x7511b710
[EAT:Addr] (explorer.exe) comctl32.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x7511b75e
[EAT:Addr] (explorer.exe) comctl32.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x7511c8b0
[EAT:Addr] (explorer.exe) comctl32.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x7511ca1c
[EAT:Addr] (explorer.exe) comctl32.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x75107ba3
[EAT:Addr] (explorer.exe) comctl32.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7511c149
[EAT:Addr] (explorer.exe) comctl32.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x75107d5d
[EAT:Addr] (explorer.exe) comctl32.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7511c21a
[EAT:Addr] (explorer.exe) comctl32.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x75110dee
[EAT:Addr] (explorer.exe) comctl32.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7511cb82
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x75112c09
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7511bf0a
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x7511bb47
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x75112149
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7510cebb
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x75113188
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x75105a70
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x7511c45d
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x751055f8
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x75111284
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x75105305
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7510e857
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7511bdc9
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7511bc84
[EAT:Addr] (explorer.exe) comctl32.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x75104c48
[EAT:Addr] (explorer.exe) comctl32.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7511b93f
[EAT:Addr] (explorer.exe) comctl32.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7511c171
[EAT:Addr] (explorer.exe) comctl32.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7511c149
[EAT:Addr] (explorer.exe) comctl32.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7511c2e3
[EAT:Addr] (explorer.exe) comctl32.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x7511b83a
[EAT:Addr] (explorer.exe) comctl32.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x7511b84a
[EAT:Addr] (explorer.exe) comctl32.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x7511b85a
[EAT:Addr] (explorer.exe) comctl32.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x7511b86a
[EAT:Addr] (explorer.exe) comctl32.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x7511cd78
[EAT:Addr] (explorer.exe) comctl32.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x7511b7ac
[EAT:Addr] (firefox.exe) ieframe.dll - AdviseHook : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x68acaf09
[EAT:Addr] (firefox.exe) ieframe.dll - DllCanUnloadNow : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x68ac1a6f
[EAT:Addr] (firefox.exe) ieframe.dll - DllGetClassObject : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x68ac9cd3
[EAT:Addr] (firefox.exe) ieframe.dll - DllRegisterServer : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x68ad8625
[EAT:Addr] (firefox.exe) ieframe.dll - DllUnregisterServer : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x68ad8649
[EAT:Addr] (firefox.exe) ieframe.dll - EndCaretTracking : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x68ad8cb9
[EAT:Addr] (firefox.exe) ieframe.dll - ProcessCaretEvents : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x68ac1b73
[EAT:Addr] (firefox.exe) ieframe.dll - ProcessCiceroCaretEvent : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x68acb7f3
[EAT:Addr] (firefox.exe) ieframe.dll - StartCaretTracking : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x68acaf76
[EAT:Addr] (firefox.exe) ieframe.dll - UnadviseHook : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x68ad23f6

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] bageisl1.default : DVDVideoSoft YouTube MP3 and Video Download [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
[MBR] 3242d0468a5769d93f1807cdf5a13f95
[bSP] 13b484dd8adbb19d3e93f75c1b7c36b1 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 294059 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 602234880 | Size: 11182 MB
User = LL1 ... OK
User = LL2 ... OK
 

Link to post
Share on other sites

  • Root Admin

1. Don't worry about it
2. Those are valid programs, leave them alone
3. We'll get to it and get you fixed up
4. Programs that have a manifest file and require elevated admin rights to run have that shield and it is normal.
5. You should not be playing around int he Registry - one can very easily delete important entries that could even potentially prevent the computer from running again. Only remove what you've been instructed to remove and then only after a backup of the Registry
6. All Windows computers have multiple user accounts as the computer itself has a couple that it uses and is normal.
7. Having non active partitions is also typically normal. We'll review what's going and get you fixed up as needed. Don't overthink and self-medicate the issues. We're here to help you.
8. Not a problem - that's just a generic basic warning is all.


Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

I'll check back on you again sometime tomorrow as it's already getting late here and I'm still behind schedule with many other users to help as well.
 

If you don't hear back from me by tomorrow night and you've posted your log then send me a PM reminder.

Thanks

Link to post
Share on other sites

Thank you again.  Yes, I know you are here to help and the help is much appreciated :))  I've learned the hard way about the Registery.  But, now I only delete entries of programs I have uninstalled, I don't know of any programs that remove the left overs, I have tried Piriformis and Wise Care, but it does not seem to really delete. 

 

I had to uninstall Norton in order to have combofix run.  Although I disabled it, it still came up as running in Combo Fix.  When I tried to end the process through task manager, told me Access Denied, so I did uninstall it.  I will re-install though.

 

ComboFix 14-05-29.01 - Nasser 06/04/2014   9:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2814.1731 [GMT -4:00]
Running from: c:\users\Nasser\Desktop\lila\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nasser\AppData\Roaming\Local
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\csf6irwip2wdb.avi(2).ddr
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\csf6irwip2wdb.avi.ddr
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\ezqtju8src559.avi.ddr
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\Hereafter__2010__CAM.XViD-IMAGiNE_ns.avi.ddr
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\Hereafter_CAM_XViD_-_IMAGiNE_ns.avi.ddr
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\csf6irwip2wdb.avi(2).ddp
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\csf6irwip2wdb.avi.ddp
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ezqtju8src559.avi.ddp
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Hereafter__2010__CAM.XViD-IMAGiNE_ns.avi.ddp
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Hereafter_CAM_XViD_-_IMAGiNE_ns.avi.ddp
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\www.filmikz.net-Hereafter_2010_CAM_XViD_IMAGiNE_cd1_ns.avi.ddp
c:\users\Nasser\AppData\Roaming\Local\Temp\DDM\Settings\www.filmikz.net-Hereafter_2010_CAM_XViD_IMAGiNE_cd1_ns.avi.ddr
c:\windows\PFRO.log
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.txt
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-04 to 2014-06-04  )))))))))))))))))))))))))))))))
.
.
2014-06-04 13:23 . 2014-06-04 13:26    --------    d-----w-    c:\users\Nasser\AppData\Local\temp
2014-06-04 13:23 . 2014-06-04 13:23    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-04 05:41 . 2014-06-04 05:41    26624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-06-04 05:40 . 2014-06-04 05:41    --------    d-----w-    c:\programdata\RogueKiller
2014-06-04 05:12 . 2014-06-04 13:25    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-04 05:11 . 2014-06-04 05:12    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-06-04 05:11 . 2014-06-04 05:11    --------    d-----w-    c:\programdata\Malwarebytes
2014-06-04 05:11 . 2014-05-12 11:26    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-04 05:11 . 2014-05-12 11:25    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-04 05:11 . 2014-05-12 11:25    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-06-04 04:57 . 2014-06-04 04:57    --------    d-----w-    c:\program files\ERUNT
2014-06-03 22:26 . 2014-06-03 22:26    --------    d-----w-    c:\program files\Realtek
2014-06-03 21:13 . 2014-06-03 21:26    --------    d-----w-    c:\windows\system32\catroot2
2014-06-03 19:23 . 2014-06-04 13:25    --------    d-----w-    c:\windows\system32\wbem\repository
2014-06-03 16:53 . 2014-06-03 16:53    --------    d-----w-    c:\windows\system32\drivers\hu-HU
2014-06-03 13:23 . 2014-06-03 14:33    --------    d-----w-    C:\AdwCleaner
2014-06-03 12:29 . 2014-06-03 12:29    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-06-03 11:09 . 2014-06-03 11:46    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-06-02 03:25 . 2011-08-22 00:13    2204160    ----a-w-    c:\windows\system32\drivers\athr.sys
2014-06-02 03:25 . 2014-06-02 03:25    --------    d-----w-    c:\windows\system32\nn-NO
2014-06-02 03:25 . 2011-09-01 03:09    64672    ----a-w-    c:\windows\system32\athihvui.dll
2014-06-02 03:25 . 2011-09-01 03:09    400544    ----a-w-    c:\windows\system32\athihvs.dll
2014-06-02 03:25 . 2014-06-02 03:25    --------    d-----w-    c:\program files\Cisco
2014-06-02 01:27 . 2014-06-02 03:26    --------    d-----w-    c:\program files\Atheros
2014-06-02 01:27 . 2014-06-02 01:27    --------    d-----w-    c:\windows\Options
2014-06-02 01:27 . 2007-05-30 19:40    735232    ----a-w-    c:\windows\system32\athr.sys
2014-06-02 01:26 . 2006-02-07 19:45    757760    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2014-06-02 01:26 . 2006-02-07 19:40    204800    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2014-06-02 01:26 . 2006-02-07 19:40    69715    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2014-06-02 01:26 . 2006-02-07 19:40    274432    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2014-06-02 01:26 . 2005-11-14 03:19    5632    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2014-06-02 01:26 . 2014-06-02 01:26    331908    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2014-06-02 01:26 . 2014-06-02 01:26    200836    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2014-06-01 20:40 . 2014-06-01 20:40    --------    d-----w-    c:\users\Nasser\AppData\Local\BVRP Software
2014-06-01 20:38 . 2014-06-01 20:40    --------    d-----w-    c:\program files\NetWaiting
2014-06-01 20:38 . 2014-06-01 20:38    --------    d-----w-    c:\users\Nasser\AppData\Roaming\InstallShield
2014-06-01 20:28 . 2014-06-03 19:38    181064    ----a-w-    c:\windows\PSEXESVC.EXE
2014-06-01 20:25 . 2014-06-01 20:25    --------    d-----w-    C:\RegBackup
2014-06-01 20:23 . 2014-06-01 20:23    --------    d-----w-    c:\program files\Tweaking.com
2014-06-01 19:32 . 2014-06-01 19:32    --------    d-----w-    c:\users\Nasser\AppData\Roaming\GTek
2014-05-31 19:22 . 2014-05-05 18:47    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-30 15:29 . 2014-05-30 15:34    --------    d-----w-    C:\FRST
2014-05-30 03:09 . 2014-06-03 08:48    --------    d-----w-    C:\NPE
2014-05-30 03:05 . 2014-06-03 08:55    --------    d-----w-    c:\users\Nasser\AppData\Local\NPE
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-13 19:23 . 2012-04-12 03:36    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-13 19:23 . 2011-06-26 18:52    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-15 00:13 . 2014-04-17 18:30    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-12-11 19:47 . 2013-12-11 19:47    49940480    ----a-w-    c:\program files\GUTC8F.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"SystemPerfSync"="c:\windows\diskperfm.exe" [2009-07-14 749568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Nasser^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Nasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20    41056    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 01:50    2516296    ----a-w-    c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 15:18    1185112    ----a-w-    c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-02-18 18:49    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16    2363392    ----a-w-    c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 13:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 20:21    648072    ----a-w-    c:\windows\WindowsMobile\wmdcBase.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile    REG_MULTI_SZ       wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ       WcesComm RapiMgr
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:24]
.
2014-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-09 04:09]
.
2014-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-09 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Nasser\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Nasser\AppData\Roaming\Mozilla\Firefox\Profiles\bageisl1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-20486416.sys
SafeBoot-82610964.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Windows Mobile Device Center - c:\windows\WindowsMobile\wmdc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-04 09:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,88,48,ee,54,e3,ab,4b,88,c4,3f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,88,48,ee,54,e3,ab,4b,88,c4,3f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4080)
c:\windows\mdiwindb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehsched.exe
c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files\SMINST\BLService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\stivendor.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-06-04  09:32:50 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-04 13:32
.
Pre-Run: 199,541,714,944 bytes free
Post-Run: 199,392,931,840 bytes free
.
- - End Of File - - 49771FD7DAABF0AC890EC446D3616998
588AE8F0C685C02BA11F30D9CD7E61A0
 

Link to post
Share on other sites

  • Root Admin

You do not need to do manual or automated repairs/cleanup of the Registry.  Please read the following.
Do I need a Windows Registry Cleaner?
 
Please also read the following article and set MSCONFIG back to Normal and reboot the computer.

Msconfig Is Not A Startup Manager

 
 
Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

Hi again.

 

The main problem is removing Windows NT.  We did not install it, however, we are some how connected to someones network. 

 

So my question now is, how do I remove Windows NT and possibly the Windows 2000/2003 servers attached to this computer?

 

Thank you for your help, it is much appreciated :)

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.