Jump to content

Vista not genuine Beating my head against wall


Recommended Posts

Have been battling this problem for a week now! Am at wits end. Have read & tried everything I could find on this forum and countless others, to no avail.

I know Vista is Genuine as it came from Dell on this pc, I did reformat about a year ago and think the pre installed "tool" probably are not on hard drive, and cant get the OEM Vista disk to repair or ever reformat.
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by John (administrator) on JOHN-PC on 15-07-2014 13:46:28
Running from C:\Users\John\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
( ) C:\Windows\System32\lxdmcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [CmPCIaudio] => RunDll32 CMICNFG3.cpl,CMICtrlWnd
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\MountPoints2: {b2cf79db-af51-11e3-a868-001aa07f9b3b} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\MountPoints2: {c973569f-c735-11e0-950f-001aa07f9b3b} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1644604338-3084827026-502906143-1002\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.inklineglobal.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://johnspatch.blogspot.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Before = http://johnspatch.com/jp/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.inklineglobal.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.inklineglobal.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.inklineglobal.com/google_mb.html
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-05-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-09]
 
Chrome: 
=======
CHR HomePage: hxxp://search.b1.org/?bsrc=4hcxr&chid=c167991
CHR RestoreOnStartup: "hxxp://search.b1.org/?bsrc=4hcxr&chid=c167991"
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-04]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-04]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-04]
 
========================== Services (Whitelisted) =================
 
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
S2 lxdmCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdmserv.exe [99248 2007-06-08] (Lexmark International, Inc.)
R2 lxdm_device; C:\Windows\system32\lxdmcoms.exe [598960 2007-06-08] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-19] (Microsoft Corporation)
R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2008-01-19] (Microsoft Corporation)
S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1878528 2008-12-03] (C-Media Inc)
R3 ICAM5USB; C:\Windows\System32\Drivers\Icam5USB.sys [100992 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\DRIVERS\61883.sys 585E64BB6DFBC0A2F1F0B554DED012DF
C:\Windows\System32\drivers\acpi.sys FCB8C7210F0135E24C6580F7F649C73C
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 48EB99503533C27AC6135648E5474457
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\DRIVERS\avc.sys F4B56425A00BEB32F5FA6603FF7B0EA2
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\System32\DRIVERS\bowser.sys 8153396D5551276227FA146900F734E6
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 1EC25CEA0DE6AC4718BF89F9E1778B57
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 465745561C832B29F7C48B488AAB3842
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\drivers\cmudax3.sys 3313A81353E711BF6406584A22CE7CD3
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cpuz135_x32.sys C2EB4539A4F6AB6EDD01BDC191619975
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys A3E9FA213F443AC77C7746119D13FEEC
C:\Windows\System32\drivers\disk.sys 64109E623ABD6955C8FB110B592E68B7
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 85F33880B8CFB554BD3D9CCDB486845A
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\drivers\ecache.sys DD2CD259D83D8B72C02C5F2331FF9D68
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys 0D858EB20589A34EFB25695ACAA6AA2D
C:\Windows\system32\Drivers\fastfat.sys 3C489390C2E2064563727752AF8EAB9E
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 05EA53AFE985443011E36DAB07343B46
C:\Windows\system32\Drivers\Fs_Rec.sys 65EA8B77B5851854F0C55C43FA51A198
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys C87B1EE051C0464491C1A7B03FA0BC99
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys 854CA287AB7FAF949617A788306D967E
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 96E241624C71211A79C84F50A8E71CAB
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Icam5USB.sys 0A8A464D0DFD3257B72792248B44FC93
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys F8F53C5449F15B23D4C61D51D2701DA8
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys F247EEC28317F6C739C16DE420097301
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys 18247836959BA67E3511B62846B9C2E0
C:\Windows\System32\Drivers\ksecdd.sys 7A0CF7908B6824D6A2A1D313E5AE3DCA
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\mbam.sys 8683C1B450F4B3872839308D836E0F92
C:\Windows\system32\drivers\MBAMSwissArmy.sys 12E71DA845D76665B56753AD149E32B3
C:\Windows\system32\drivers\mwac.sys 799613BA73D25641402AA81B6403EFF8
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3DE84536B6799D2267443CEC8EDBB9
C:\Windows\System32\DRIVERS\mrxsmb.sys 5734A0F2BE7E495F7D3ED6EFD4B9F5A1
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6B5FA5ADFACAC9DBBE0991F4566D7D55
C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C80D8159181C7ABF1B14BA703B01E0B
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msdv.sys 343291A4DFD7C923C3F71F550830EC1C
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B5614AECB05A9340AA0FB55BF561CC63
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6DFD1D322DE55B0B7DB7D21B90BEC49C
C:\Windows\System32\DRIVERS\nwifi.sys 3C21CE48FF529BB73DADB98770B54025
C:\Windows\System32\drivers\ndis.sys 9BDC71790FA08F0A0B5F10462B1BD0B1
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 3D14C3B3496F88890D431E8AA022A411
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ECB5003F484F9ED6C608D6D6C7886CBB
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys B4EFFE29EB4F15538FD8A9681108492D
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\DRIVERS\nvm60x32.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys E891B3979F0CF2740C1B073F834221FE
C:\Windows\System32\DRIVERS\nvmfdx32.sys 1EFEC38A852AB35883BFFF3427B92B3F
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvstor32.sys DC5F166422BEEBF195E3E4BB8AB4EE22
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys 790E27C3DB53410B40FF9EF2FD10A1D9
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3B38467E7C3DAED009DFE359E17F139F
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 01B94418DEB235DFF777CC80076354B4
C:\Windows\System32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys BFEF604508A0ED1EAE2A73E872555FFB
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 3E9D9B048107B40D87B97DF2E48E0744
C:\Windows\System32\DRIVERS\rassstp.sys A7D141684E9500AC928A772ED8E6B671
C:\Windows\System32\DRIVERS\rdbss.sys 6E1C5D0457622F9EE35F683110E93D14
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys E1C18F4097A5ABCEC941DC4B2F99DB7E
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys 031E6BCD53C9B2B9ACE111EAFEC347B6
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 2252AEF839B1093D16761189F45AF885
C:\Windows\System32\DRIVERS\srv2.sys B7FF59408034119476B00A81BB53D5D1
C:\Windows\System32\DRIVERS\srvnet.sys 2ACCC9B12AF02030F531E6CCA6F8B76E
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\DRIVERS\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\drivers\tcpipreg.sys D4A2E4A4B011F3A883AF77315A5AE76B
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys D09276B1FAB033CE1D40DCBDF303D10F
C:\Windows\System32\DRIVERS\termdd.sys A048056F5E1A96A9BF3071B91741A5AA
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 6042505FF6FA9AC1EF7684D0E03B6940
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 8B5088058FA1D1CD897A2113CCFF6C58
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys CEBE90821810E76320155BEBA722FCF9
C:\Windows\System32\DRIVERS\usbhub.sys CC6B28E4CE39951357963119CE47B143
C:\Windows\System32\DRIVERS\usbohci.sys 7BDB7B0E7D45AC0402D78B90789EF47C
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS 87BA6B83C5D19B69160968D07D6E2982
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 98F5FFE6316BD74E9E2C97206C190196
C:\Windows\System32\drivers\volsnap.sys D8B4A53DD2769F226B3EB374374987C9
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTBS23.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTDPV3.SYS ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys B6F0A7AD6D4BD325FBCD8BAC96CD8D96
C:\Windows\System32\DRIVERS\VSTCNXT3.SYS ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WUDFRd.sys AC13CB789D93412106B0FB6C7EB2BCB6
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-15 13:46 - 2014-07-15 13:46 - 01077248 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-07-15 13:46 - 2014-07-15 13:46 - 00025874 _____ () C:\Users\John\Desktop\FRST.txt
2014-07-15 13:42 - 2014-07-15 13:42 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\uSeRiNiT.exe
2014-07-15 13:38 - 2014-07-15 13:38 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\WiNlOgOn.exe
2014-07-15 12:42 - 2014-07-15 12:42 - 00000000 ____D () C:\Users\user1\AppData\Local\VirtualStore
2014-07-15 12:28 - 2014-07-15 12:56 - 00024810 _____ () C:\Users\user1\Desktop\FRST.txt
2014-07-15 12:25 - 2014-07-15 12:25 - 01077248 _____ (Farbar) C:\Users\user1\Desktop\FRST.exe
2014-07-15 12:06 - 2014-07-15 12:06 - 00068224 _____ () C:\Users\user1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 12:05 - 2014-07-15 13:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 12:05 - 2014-07-15 12:05 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 12:05 - 2014-07-15 12:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 12:05 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-15 12:05 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-15 12:05 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-15 11:43 - 2014-07-15 13:18 - 00013726 _____ () C:\Users\user1\Desktop\aswMBR.txt
2014-07-15 11:43 - 2014-07-15 13:18 - 00000512 _____ () C:\Users\user1\Desktop\MBR.dat
2014-07-15 11:33 - 2014-07-15 11:33 - 05185536 _____ (AVAST Software) C:\Users\user1\Desktop\aswmbr.exe
2014-07-15 11:20 - 2014-07-15 11:20 - 01348263 _____ () C:\Users\user1\Desktop\adwcleaner_3.215.exe
2014-07-15 10:28 - 2014-07-15 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 10:26 - 2014-07-15 10:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user1\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-15 10:08 - 2014-07-15 10:08 - 00000042 _____ () C:\Users\user1\Desktop\mbam-clean.txt
2014-07-15 10:05 - 2014-07-15 10:05 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Macromedia
2014-07-15 10:05 - 2014-07-15 10:05 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Adobe
2014-07-15 09:53 - 2014-07-15 10:18 - 00000944 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-15 09:53 - 2014-07-15 09:53 - 00000949 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 09:53 - 2014-07-15 09:53 - 00000915 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-07-15 09:53 - 2014-07-15 09:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-15 09:53 - 2014-07-15 09:53 - 00000000 _____ () C:\Windows\setupact.log
2014-07-15 09:50 - 2014-07-15 09:53 - 00000000 ____D () C:\Users\user1
2014-07-15 09:50 - 2014-07-15 09:50 - 00000020 ___SH () C:\Users\user1\ntuser.ini
2014-07-15 09:50 - 2011-08-13 11:15 - 00000000 ___RD () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-15 09:50 - 2011-08-13 11:15 - 00000000 ___RD () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-15 09:28 - 2014-07-15 09:28 - 00000000 ____D () C:\Users\John\Desktop\mbam-chameleon-3.1.4.0
2014-07-15 09:26 - 2014-07-15 09:26 - 04872677 _____ () C:\Users\John\Desktop\mbam-chameleon-3.1.4.0.zip
2014-07-15 09:22 - 2014-07-15 13:22 - 00013050 _____ () C:\Windows\PFRO.log
2014-07-15 09:00 - 2014-07-15 13:44 - 00002208 _____ () C:\Users\John\Desktop\Rkill.txt
2014-07-15 08:59 - 2014-07-15 08:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\rkill.exe
2014-07-15 08:56 - 2014-07-15 08:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-07-15 08:44 - 2014-07-15 13:25 - 00048515 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 08:42 - 2014-07-15 08:42 - 00282360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 07:07 - 2014-07-15 07:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-11 08:48 - 2014-07-11 08:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\iolo
2014-07-11 08:48 - 2014-07-11 08:48 - 00000000 ____D () C:\ProgramData\iolo
2014-07-11 08:48 - 2014-07-11 08:48 - 00000000 ____D () C:\dell
2014-07-10 18:21 - 2014-07-10 18:21 - 00000000 ____D () C:\Program Files\Windows Kits
2014-07-10 18:08 - 2014-07-10 18:21 - 00000000 ____D () C:\Users\John\Documents\AvastPEToolkit
2014-07-10 12:20 - 2014-07-10 12:20 - 00000000 ____D () C:\Program Files\ToniArts
2014-07-10 11:58 - 2014-07-10 11:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\SparkTrust
2014-07-10 11:57 - 2014-07-10 12:05 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-07-10 11:17 - 2014-07-10 11:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-09 20:19 - 2014-07-09 20:19 - 00000000 ____D () C:\ca12041aa2ab28e8fee252
2014-07-09 19:00 - 2014-07-09 19:00 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dell
2014-07-09 19:00 - 2014-07-09 19:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-07-09 18:59 - 2014-07-10 16:09 - 00000000 ____D () C:\Program Files\My Dell
2014-07-09 18:58 - 2014-07-09 18:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\PCDr
2014-07-09 17:44 - 2014-07-09 17:44 - 00006414 _____ () C:\ComboFix.txt
2014-07-09 16:56 - 2014-07-09 17:44 - 00000000 ____D () C:\Qoobox
2014-07-09 10:58 - 2014-07-15 13:46 - 00000000 ____D () C:\FRST
2014-07-09 10:17 - 2014-07-09 10:17 - 00000000 ____D () C:\Program Files\ESET
2014-07-09 09:03 - 2014-07-15 13:21 - 00000000 ____D () C:\AdwCleaner
2014-07-08 22:03 - 2014-07-08 22:03 - 02949120 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2014-07-08 14:09 - 2014-07-08 14:09 - 00000000 ____D () C:\Users\John\Documents\Avast
2014-07-08 13:04 - 2014-07-11 15:07 - 00000000 ____D () C:\Windows\pss
2014-06-23 06:47 - 2014-06-23 06:57 - 00000003 _____ () C:\Users\John\AppData\Local\proxy.log
 
==================== One Month Modified Files and Folders =======
 
2014-07-15 13:46 - 2014-07-15 13:46 - 01077248 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-07-15 13:46 - 2014-07-15 13:46 - 00025874 _____ () C:\Users\John\Desktop\FRST.txt
2014-07-15 13:46 - 2014-07-09 10:58 - 00000000 ____D () C:\FRST
2014-07-15 13:44 - 2014-07-15 09:00 - 00002208 _____ () C:\Users\John\Desktop\Rkill.txt
2014-07-15 13:43 - 2014-07-15 12:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 13:42 - 2014-07-15 13:42 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\uSeRiNiT.exe
2014-07-15 13:38 - 2014-07-15 13:38 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\WiNlOgOn.exe
2014-07-15 13:28 - 2012-11-20 08:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 13:27 - 2006-11-02 05:33 - 00716194 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 13:25 - 2014-07-15 08:44 - 00048515 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 13:25 - 2014-06-03 14:19 - 00000270 _____ () C:\Windows\Tasks\pcreg.job
2014-07-15 13:25 - 2011-08-09 18:42 - 00000944 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-15 13:24 - 2012-11-20 08:24 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-15 13:23 - 2014-02-17 20:19 - 00000370 _____ () C:\Windows\Tasks\RegInOut on user logon - John.job
2014-07-15 13:22 - 2014-07-15 09:22 - 00013050 _____ () C:\Windows\PFRO.log
2014-07-15 13:22 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 13:22 - 2006-11-02 07:47 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 13:22 - 2006-11-02 07:47 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 13:21 - 2014-07-09 09:03 - 00000000 ____D () C:\AdwCleaner
2014-07-15 13:21 - 2006-11-02 08:01 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 13:18 - 2014-07-15 11:43 - 00013726 _____ () C:\Users\user1\Desktop\aswMBR.txt
2014-07-15 13:18 - 2014-07-15 11:43 - 00000512 _____ () C:\Users\user1\Desktop\MBR.dat
2014-07-15 12:56 - 2014-07-15 12:28 - 00024810 _____ () C:\Users\user1\Desktop\FRST.txt
2014-07-15 12:42 - 2014-07-15 12:42 - 00000000 ____D () C:\Users\user1\AppData\Local\VirtualStore
2014-07-15 12:25 - 2014-07-15 12:25 - 01077248 _____ (Farbar) C:\Users\user1\Desktop\FRST.exe
2014-07-15 12:06 - 2014-07-15 12:06 - 00068224 _____ () C:\Users\user1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 12:05 - 2014-07-15 12:05 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 12:05 - 2014-07-15 12:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 11:33 - 2014-07-15 11:33 - 05185536 _____ (AVAST Software) C:\Users\user1\Desktop\aswmbr.exe
2014-07-15 11:20 - 2014-07-15 11:20 - 01348263 _____ () C:\Users\user1\Desktop\adwcleaner_3.215.exe
2014-07-15 11:13 - 2014-06-03 14:19 - 00000000 ____D () C:\Program Files\pcmax
2014-07-15 11:13 - 2011-08-09 18:41 - 00000000 ____D () C:\Users\John
2014-07-15 10:28 - 2014-07-15 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 10:27 - 2014-07-15 10:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user1\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-15 10:18 - 2014-07-15 09:53 - 00000944 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-15 10:08 - 2014-07-15 10:08 - 00000042 _____ () C:\Users\user1\Desktop\mbam-clean.txt
2014-07-15 10:05 - 2014-07-15 10:05 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Macromedia
2014-07-15 10:05 - 2014-07-15 10:05 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Adobe
2014-07-15 09:53 - 2014-07-15 09:53 - 00000949 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 09:53 - 2014-07-15 09:53 - 00000915 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-07-15 09:53 - 2014-07-15 09:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-15 09:53 - 2014-07-15 09:53 - 00000000 _____ () C:\Windows\setupact.log
2014-07-15 09:53 - 2014-07-15 09:50 - 00000000 ____D () C:\Users\user1
2014-07-15 09:50 - 2014-07-15 09:50 - 00000020 ___SH () C:\Users\user1\ntuser.ini
2014-07-15 09:42 - 2011-08-09 18:42 - 00001356 _____ () C:\Users\John\AppData\Local\d3d9caps.dat
2014-07-15 09:28 - 2014-07-15 09:28 - 00000000 ____D () C:\Users\John\Desktop\mbam-chameleon-3.1.4.0
2014-07-15 09:26 - 2014-07-15 09:26 - 04872677 _____ () C:\Users\John\Desktop\mbam-chameleon-3.1.4.0.zip
2014-07-15 08:59 - 2014-07-15 08:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\rkill.exe
2014-07-15 08:56 - 2014-07-15 08:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-07-15 08:42 - 2014-07-15 08:42 - 00282360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 08:33 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-07-15 07:07 - 2014-07-15 07:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-14 22:59 - 2011-11-01 06:46 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-07-14 22:51 - 2014-01-01 15:36 - 00000000 ____D () C:\Users\John\AppData\Roaming\TS3Client
2014-07-14 20:12 - 2011-08-10 08:14 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype
2014-07-14 20:11 - 2014-06-03 14:19 - 00000354 _____ () C:\Windows\Tasks\At1.job
2014-07-14 20:04 - 2012-08-23 08:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-14 10:04 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-07-14 10:04 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-07-14 10:04 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-07-14 10:04 - 2006-11-02 05:22 - 38273024 _____ () C:\Windows\system32\config\components_previous
2014-07-14 10:04 - 2006-11-02 05:22 - 28573696 _____ () C:\Windows\system32\config\software_previous
2014-07-14 10:04 - 2006-11-02 05:22 - 24903680 _____ () C:\Windows\system32\config\system_previous
2014-07-14 10:04 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-07-14 10:04 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-07-14 10:04 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-07-14 10:03 - 2013-08-17 14:35 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-07-14 10:03 - 2012-09-10 15:08 - 00000000 ____D () C:\Users\John\Documents\misc
2014-07-14 10:03 - 2012-01-26 19:55 - 00000000 ____D () C:\Users\John\AppData\Roaming\KompoZer
2014-07-14 10:03 - 2011-08-12 13:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\5000 Series
2014-07-14 10:03 - 2011-08-12 13:42 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-07-14 10:03 - 2011-08-10 07:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-14 10:03 - 2011-08-09 19:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-14 10:03 - 2011-08-09 18:42 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-14 10:03 - 2011-08-09 18:42 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-14 10:03 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-07-14 10:03 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-07-14 08:29 - 2014-03-05 16:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-14 08:10 - 2011-08-10 07:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-14 07:12 - 2012-12-10 16:18 - 00000000 ____D () C:\Users\John\Desktop\screenshots
2014-07-11 15:07 - 2014-07-08 13:04 - 00000000 ____D () C:\Windows\pss
2014-07-11 15:04 - 2011-08-10 09:22 - 00000000 ____D () C:\Users\John\AppData\Local\Deployment
2014-07-11 10:56 - 2011-09-04 14:06 - 00009130 _____ () C:\ProgramData\lxdm
2014-07-11 08:48 - 2014-07-11 08:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\iolo
2014-07-11 08:48 - 2014-07-11 08:48 - 00000000 ____D () C:\ProgramData\iolo
2014-07-11 08:48 - 2014-07-11 08:48 - 00000000 ____D () C:\dell
2014-07-10 18:21 - 2014-07-10 18:21 - 00000000 ____D () C:\Program Files\Windows Kits
2014-07-10 18:21 - 2014-07-10 18:08 - 00000000 ____D () C:\Users\John\Documents\AvastPEToolkit
2014-07-10 16:10 - 2014-06-04 15:59 - 00000000 ____D () C:\temp
2014-07-10 16:09 - 2014-07-09 18:59 - 00000000 ____D () C:\Program Files\My Dell
2014-07-10 12:20 - 2014-07-10 12:20 - 00000000 ____D () C:\Program Files\ToniArts
2014-07-10 12:20 - 2011-08-17 07:21 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-10 12:05 - 2014-07-10 11:57 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-07-10 11:58 - 2014-07-10 11:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\SparkTrust
2014-07-10 11:17 - 2014-07-10 11:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-09 20:19 - 2014-07-09 20:19 - 00000000 ____D () C:\ca12041aa2ab28e8fee252
2014-07-09 19:00 - 2014-07-09 19:00 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dell
2014-07-09 19:00 - 2014-07-09 19:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-07-09 18:58 - 2014-07-09 18:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\PCDr
2014-07-09 17:44 - 2014-07-09 17:44 - 00006414 _____ () C:\ComboFix.txt
2014-07-09 17:44 - 2014-07-09 16:56 - 00000000 ____D () C:\Qoobox
2014-07-09 17:04 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-07-09 10:17 - 2014-07-09 10:17 - 00000000 ____D () C:\Program Files\ESET
2014-07-08 22:12 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-08 22:03 - 2014-07-08 22:03 - 02949120 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2014-07-08 14:14 - 2006-11-02 07:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-07-08 14:09 - 2014-07-08 14:09 - 00000000 ____D () C:\Users\John\Documents\Avast
2014-06-24 19:55 - 2014-01-01 15:35 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-23 07:06 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\L2Schemas
2014-06-23 06:57 - 2014-06-23 06:47 - 00000003 _____ () C:\Users\John\AppData\Local\proxy.log
2014-06-15 18:16 - 2014-01-13 22:55 - 00000000 ____D () C:\Users\John\Documents\vggcaddypro-v5.0
 
Files to move or delete:
====================
C:\Users\John\.hemsFavorites.dat
C:\Users\John\battlelog-web-plugins_2.1.7_115.exe
C:\Users\John\battlelog-web-plugins_2.3.0_119.exe
C:\Users\John\battlelog-web-plugins_2.3.1_125.exe
C:\Users\John\battlelog-web-plugins_2.3.2_129.exe
C:\Users\John\battlelog-web-plugins_2.3.2_130.exe
C:\Users\John\ccsetup411.exe
C:\Users\John\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\John\mxsetup.exe
C:\Users\John\Silverlight.exe
C:\Users\John\SpeedMaxpc_installer.exe
C:\Users\John\TeamSpeak3-Client-win32-3.0.13.1.exe
C:\Users\John\TG_PCOptimizer.exe
C:\Windows\Tasks\At1.job
 
 
Some content of TEMP:
====================
C:\Users\user1\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {b7d9438c-c2f8-11e0-be3f-ad2c60df1caf}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \Windows
resumeobject            {b7d9438c-c2f8-11e0-be3f-ad2c60df1caf}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {b7d9438c-c2f8-11e0-be3f-ad2c60df1caf}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
 
 
LastRegBack: 2014-07-15 13:28


_____________________________________________________________________________
 
_____________________________________________________________________________
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by John at 2014-07-15 13:46:53
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version:  - )
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
CPUID CPU-Z 1.58 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Greenshot (HKLM\...\Greenshot_is1) (Version:  - )
iWisoft Free Video Converter 1.2 (HKLM\...\iWisoft Free Video Converter_is1) (Version: 1.2 - www.easy-video-converter.com)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lexmark 5000 Series (HKLM\...\Lexmark 5000 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.3.2.1000 - Maxthon International Limited)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver (Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA Control Panel 296.10 (Version: 296.10 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9728 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.10 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.7.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.11 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.11 - NVIDIA Corporation) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
SdBoxTrades (HKLM\...\ST5UNST #1) (Version:  - )
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
 
==================== Restore Points  =========================
 
20-06-2014 14:09:19 Scheduled Checkpoint
21-06-2014 15:12:16 Scheduled Checkpoint
22-06-2014 13:58:03 Scheduled Checkpoint
23-06-2014 13:40:16 Scheduled Checkpoint
24-06-2014 16:50:26 Scheduled Checkpoint
25-06-2014 14:03:11 Scheduled Checkpoint
26-06-2014 14:00:56 Scheduled Checkpoint
27-06-2014 16:25:02 Scheduled Checkpoint
29-06-2014 03:19:04 Scheduled Checkpoint
29-06-2014 21:19:28 Scheduled Checkpoint
30-06-2014 17:59:15 Scheduled Checkpoint
01-07-2014 16:53:26 Scheduled Checkpoint
02-07-2014 15:01:12 Scheduled Checkpoint
03-07-2014 14:58:37 Scheduled Checkpoint
04-07-2014 16:08:30 Scheduled Checkpoint
05-07-2014 05:00:01 Scheduled Checkpoint
05-07-2014 20:38:34 Scheduled Checkpoint
06-07-2014 16:22:49 Scheduled Checkpoint
08-07-2014 19:10:54 avast! antivirus system restore point
09-07-2014 03:03:44 Windows Update
10-07-2014 12:59:51 avast! antivirus system restore point
10-07-2014 16:17:23 Installed SpyHunter
10-07-2014 16:46:29 Removed SpyHunter
10-07-2014 17:20:41 Installed EasyCleaner
11-07-2014 17:52:33 Scheduled Checkpoint
12-07-2014 14:54:55 Scheduled Checkpoint
13-07-2014 12:39:24 Scheduled Checkpoint
14-07-2014 13:08:19 avast! antivirus system restore point
14-07-2014 13:27:54 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {171A66DF-16F1-4D2B-AF59-5B55CB7B70B0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {20D0029C-009B-486D-B843-4409E0152BBE} - System32\Tasks\At1 => c:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5D83E39A-A176-49D3-A5AF-7BC1985C257F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-20] (Google Inc.)
Task: {668F8EA6-2F0A-4D6E-9155-2293D257DE20} - System32\Tasks\ModemBooster_notification => C:\Program Files\inKline Global\Modem Booster\ModemBooster.exe
Task: {7D56298A-06FE-4BEE-B59C-2E3F191DFE75} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {91610B38-9521-4E1F-A8B7-E2256D7E209E} - System32\Tasks\ModemBooster_Run => C:\Program Files\inKline Global\Modem Booster\ModemBooster.exe
Task: {A4666641-8619-4557-A7AA-D259827C50A1} - System32\Tasks\ModemBooster_networkMonitor => C:\Program Files\inKline Global\Modem Booster\mbtray.exe
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {A99FEFEA-1D2B-4B11-8DBB-A7FECDB8D6A9} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION
Task: {AC047D51-1040-4C2B-8ACE-7AADC2F1E931} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\mxup.exe [2014-06-03] (Maxthon International ltd.)
Task: {D4C97088-63E6-4C11-B952-9D203E8E9517} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-08-09] ()
Task: {F817DA77-2F42-4633-8088-6CFD018F2593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-20] (Google Inc.)
Task: {FDE7986A-1324-4920-9891-4A231DF5FC5B} - System32\Tasks\RegInOut on user logon - John => C:\Program Files\RegInOut System Utilities\RegInOut.exe
Task: C:\Windows\Tasks\At1.job => c:\Program Files\pcmax\service.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcmax\service.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegInOut on user logon - John.job => C:\Program Files\RegInOut System Utilities\RegInOut.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-08-12 13:35 - 2007-06-07 08:38 - 00045056 _____ () C:\Windows\System32\LXDMPMON.DLL
2011-08-12 13:35 - 2007-04-09 17:59 - 00069632 _____ () C:\Windows\System32\LXDMOEM.DLL
2011-08-12 13:35 - 2007-06-07 08:35 - 00032768 _____ () C:\Program Files\Lexmark 5000 Series\ipcmt.dll
2011-08-12 13:39 - 2007-05-03 06:38 - 00113664 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdmdrpp.dll
2014-05-21 05:22 - 2014-05-21 05:22 - 02135232 _____ () C:\Program Files\Comodo\Dragon\dragon_updater.exe
2007-05-23 01:59 - 2007-05-23 01:59 - 00692224 _____ () C:\Windows\system32\lxdmdrs.dll
2007-05-22 17:10 - 2007-05-22 17:10 - 00065536 _____ () C:\Windows\system32\lxdmcaps.dll
2007-04-17 17:17 - 2007-04-17 17:17 - 00069632 _____ () C:\Windows\system32\lxdmcnv4.dll
2014-04-07 10:48 - 2013-11-17 20:18 - 00258944 _____ () C:\Program Files\Maxthon\bin\Maxzlib.dll
2014-04-07 10:48 - 2014-06-03 04:37 - 00247096 _____ () C:\Program Files\Maxthon\Addons\Mobile\MxMobile.dll
2014-04-07 10:48 - 2013-11-17 20:18 - 00258944 _____ () C:\Program Files\Maxthon\Bin\maxzlib.dll
2014-04-07 10:48 - 2013-11-21 01:37 - 00887064 _____ () C:\Program Files\Maxthon\Core\Webkit\libglesv2.dll
2014-04-07 10:48 - 2013-11-21 01:37 - 00109336 _____ () C:\Program Files\Maxthon\Core\Webkit\libegl.dll
2014-06-24 06:42 - 2014-06-03 04:37 - 04055504 _____ () C:\Program Files\Maxthon\Core\Webkit\pdf.dll
2014-06-24 06:42 - 2014-06-03 04:37 - 16361136 _____ () C:\Program Files\Maxthon\Core\Webkit\Npplugins\NPSWF32_13_0_0_214.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/15/2014 01:44:22 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (07/15/2014 01:43:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x129c, application start time 0xmbam.exe0.
 
Error: (07/15/2014 01:41:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (07/15/2014 01:41:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x240, application start time 0xmbam.exe0.
 
Error: (07/15/2014 01:31:16 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (07/15/2014 00:55:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x7ac, application start time 0xmbam.exe0.
 
Error: (07/15/2014 00:54:27 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (07/15/2014 00:37:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x414, application start time 0xmbam.exe0.
 
Error: (07/15/2014 00:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x534, application start time 0xmbam.exe0.
 
Error: (07/15/2014 00:23:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x268, application start time 0xmbam.exe0.
 
 
System errors:
=============
Error: (07/15/2014 01:23:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (07/15/2014 01:23:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: pcmaxservice Service%%2
 
Error: (07/15/2014 01:23:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxdmCATSCustConnectService%%1053
 
Error: (07/15/2014 01:23:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxdmCATSCustConnectService
 
Error: (07/15/2014 01:23:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (07/15/2014 01:22:22 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
 
Error: (07/15/2014 01:22:13 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (07/15/2014 01:11:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (07/15/2014 01:11:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: pcmaxservice Service%%2
 
Error: (07/15/2014 01:11:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxdmCATSCustConnectService%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (07/15/2014 01:44:22 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (07/15/2014 01:43:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd129c01cfa05cb3e744e5
 
Error: (07/15/2014 01:41:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (07/15/2014 01:41:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd24001cfa059ec76f155
 
Error: (07/15/2014 01:31:16 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (07/15/2014 00:55:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7ac01cfa055dcb88567
 
Error: (07/15/2014 00:54:27 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (07/15/2014 00:37:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd41401cfa0536d1ede78
 
Error: (07/15/2014 00:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd53401cfa052ef989778
 
Error: (07/15/2014 00:23:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd26801cfa051395055d8
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-15 13:46:48.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-15 13:46:48.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-15 13:46:48.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-15 13:46:48.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-15 13:46:37.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-15 13:46:36.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-15 13:46:36.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-15 13:46:36.862
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-15 13:46:36.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-15 13:46:36.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 33%
Total physical RAM: 3581.57 MB
Available physical RAM: 2386.84 MB
Total Pagefile: 7391.63 MB
Available Pagefile: 6257.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.93 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:298.09 GB) (Free:227.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 60000000)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
I would appreciate any help you could offer
 







 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Run the MGA Diagnostic Tool and post back the report it creates:


Download MGADiag from here: http://go.microsoft.com/fwlink/?linkid=52012 and save it to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

 

Let me see those logs..

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

Ran Farbar w/fixlog (see below) moved to & installed Malware, ran but crashes upon trying to update....then shut down Malware
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
Ran by John at 2014-07-15 16:56:23 Run:1
Running from C:\Users\John\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
HKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
C:\Program Files\pcmax
HKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\MountPoints2: {b2cf79db-af51-11e3-a868-001aa07f9b3b} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1644604338-3084827026-502906143-1000\...\MountPoints2: {c973569f-c735-11e0-950f-001aa07f9b3b} - G:\LaunchU3.exe -a
S2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [X]
C:\Windows\Tasks\pcreg.job
C:\Users\John\.hemsFavorites.dat
C:\Users\John\battlelog-web-plugins_2.1.7_115.exe
C:\Users\John\battlelog-web-plugins_2.3.0_119.exe
C:\Users\John\battlelog-web-plugins_2.3.1_125.exe
C:\Users\John\battlelog-web-plugins_2.3.2_129.exe
C:\Users\John\battlelog-web-plugins_2.3.2_130.exe
C:\Users\John\ccsetup411.exe
C:\Users\John\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\John\mxsetup.exe
C:\Users\John\Silverlight.exe
C:\Users\John\SpeedMaxpc_installer.exe
C:\Users\John\TeamSpeak3-Client-win32-3.0.13.1.exe
C:\Users\John\TG_PCOptimizer.exe
C:\Windows\Tasks\At1.job
C:\Users\user1\AppData\Local\temp\Quarantine.exe
Task: {20D0029C-009B-486D-B843-4409E0152BBE} - System32\Tasks\At1 => c:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION
Task: {A99FEFEA-1D2B-4B11-8DBB-A7FECDB8D6A9} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => c:\Program Files\pcmax\service.exe
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcmax\service.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegInOut on user logon - John.job => C:\Program Files\RegInOut System Utilities\RegInOut.exe
C:\Program Files\RegInOut System Utilities
End
*****************
 
HKU\S-1-5-21-1644604338-3084827026-502906143-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.
C:\Program Files\pcmax => Moved successfully.
'HKU\S-1-5-21-1644604338-3084827026-502906143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2cf79db-af51-11e3-a868-001aa07f9b3b}'=> Key not found.
'HKCR\CLSID\{b2cf79db-af51-11e3-a868-001aa07f9b3b}'=> Key not found.
'HKU\S-1-5-21-1644604338-3084827026-502906143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c973569f-c735-11e0-950f-001aa07f9b3b}'=> Key not found.
'HKCR\CLSID\{c973569f-c735-11e0-950f-001aa07f9b3b}'=> Key not found.
pcmaxservice => Service deleted successfully.
C:\Windows\Tasks\pcreg.job => Moved successfully.
C:\Users\John\.hemsFavorites.dat => Moved successfully.
"C:\Users\John\battlelog-web-plugins_2.1.7_115.exe" => File/Directory not found.
C:\Users\John\battlelog-web-plugins_2.3.0_119.exe => Moved successfully.
C:\Users\John\battlelog-web-plugins_2.3.1_125.exe => Moved successfully.
C:\Users\John\battlelog-web-plugins_2.3.2_129.exe => Moved successfully.
C:\Users\John\battlelog-web-plugins_2.3.2_130.exe => Moved successfully.
C:\Users\John\ccsetup411.exe => Moved successfully.
C:\Users\John\install_flashplayer11x32_mssd_aaa_aih.exe => Moved successfully.
C:\Users\John\mxsetup.exe => Moved successfully.
C:\Users\John\Silverlight.exe => Moved successfully.
C:\Users\John\SpeedMaxpc_installer.exe => Moved successfully.
C:\Users\John\TeamSpeak3-Client-win32-3.0.13.1.exe => Moved successfully.
"C:\Users\John\TG_PCOptimizer.exe" => File/Directory not found.
C:\Windows\Tasks\At1.job => Moved successfully.
"C:\Users\user1\AppData\Local\temp\Quarantine.exe" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20D0029C-009B-486D-B843-4409E0152BBE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20D0029C-009B-486D-B843-4409E0152BBE}' => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A99FEFEA-1D2B-4B11-8DBB-A7FECDB8D6A9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A99FEFEA-1D2B-4B11-8DBB-A7FECDB8D6A9}' => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg' => Key deleted successfully.
C:\Windows\Tasks\At1.job not found.
C:\Windows\Tasks\pcreg.job not found.
C:\Windows\Tasks\RegInOut on user logon - John.job not found.
"C:\Program Files\RegInOut System Utilities" => File/Directory not found.
 
==== End of Fixlog ====
Link to post
Share on other sites

MGA:

 

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Invalid License
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {5AC5947B-38AE-4326-98B1-BBD892F8ED74}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 100 Genuine
Microsoft Office XP Professional - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5AC5947B-38AE-4326-98B1-BBD892F8ED74}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-1644604338-3084827026-502906143</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 531</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.7</Version><SMBIOSVersion major="2" minor="5"/><Date>20071109000000.000000+000</Date></BIOS><HWID>6B333507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>AS09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>6352C75D3973DFC</Val><Hash>UvCZq229pFCrzmb5UR2fXFhG9T8=</Hash><Pid>54186-701-2103663-17889</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>  
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-1033-6000.0000-2212011
Installation ID: 013064918753623984291824935101608722720486795852974080
Partial Product Key: B9HD2
License Status: Notification
Notification Reason: 0xC004F02A.
 
Windows Activation Technologies-->
N/A
 
HWID Data-->
HWID Hash Current: MgAAAAEAAwABAAEAAQABAAAAAgABAAEA6GEoSmGqilRSnZIAHicGP/L0xIhiM6xWyPQ=
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC DELL   AS09   
  FACP DELL   AS09   
  HPET DELL   AS09   
  MCFG DELL   AS09   
  SLIC DELL   AS09   
  SSDT DELL   AS09   
Link to post
Share on other sites

The MGA log confirms the OS has expired 30 day trial, license key is classed as invalid.

 

Go to the following link: http://www.vistax64.com/tutorials/84488-activate-vista-phone.html Scroll to "Step 2" then use "Option 2" see if you can do a Phone Activation.

 

If you are successful run MGA one more time and post a fresh log....

Link to post
Share on other sites

Was able to get Microsoft to authorize ang get Vista genuine again, thanks so much for your help Kevin! 

 

Uninstalled and redownloaded Malwarebytes with firewall off, but it still will not work. whenever I try to initiate a scan, it checks for updates and App crashes. Checked online for solution and the it just closes.

 

 

Latest Log from MGA :

 

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-8HWFP-9B389-T4PH8
Windows Product Key Hash: GqiePE3NJUfl1kJglOlKLXLiTEQ=
Windows Product ID: 89578-OEM-7249373-83924
Windows Product ID Type: 8
Windows License Type: COA SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {5AC5947B-38AE-4326-98B1-BBD892F8ED74}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 100 Genuine
Microsoft Office XP Professional - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5AC5947B-38AE-4326-98B1-BBD892F8ED74}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-T4PH8</PKey><PID>89578-OEM-7249373-83924</PID><PIDType>8</PIDType><SID>S-1-5-21-1644604338-3084827026-502906143</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 531</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.7</Version><SMBIOSVersion major="2" minor="5"/><Date>20071109000000.000000+000</Date></BIOS><HWID>6B333507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>AS09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>6352C75D3973DFC</Val><Hash>UvCZq229pFCrzmb5UR2fXFhG9T8=</Hash><Pid>54186-701-2103663-17889</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>  
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_COA_SLP channel
Activation ID: a4eec485-e375-48b4-8f51-80d13a4086b6
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00144-493-783924-02-1033-6001.0000-1972014
Installation ID: 015460542392664665296855981786515625164506489151199135
Partial Product Key: T4PH8
License Status: Licensed
 
Windows Activation Technologies-->
N/A
 
HWID Data-->
HWID Hash Current: MgAAAAEAAwABAAEAAQABAAAAAgABAAEA6GEoSmGqilRSnZIAHicGP/L0xIhiM6xWyPQ=
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC DELL   AS09   
  FACP DELL   AS09   
  HPET DELL   AS09   
  MCFG DELL   AS09   
  SLIC DELL   AS09   
  SSDT DELL   AS09   
Link to post
Share on other sites

Thanks for the update, good to hear that validation was confirmed. It will be essential to d/l and install Service Pack 2 (SP2) as that service pack will close out many potential security issues for your system.... Before we do that lets see if Malwarebytes can be run....

 

Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following: 

 

MBAM Clean Removal Process 2x

 

Follow the relevant steps and ensure to run mbam-clean tool after UNinstalling Malwarebytes.

 

When reinstalling the program please try the latest version from here:

 

http://www.malwarebytes.org/mwb-download/

 

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

If Malwarebytes is now successful and has completed let me see the log. If he log is clean now will be a good time to install SP2. Information and d/l available at the following link:

 

http://windows.microsoft.com/en-GB/windows/service-packs-download#sptabs=vista

 

Let me know the outcome...

 

Thank you,

 

Kevin

Link to post
Share on other sites

No luck....uninstalled, ran removal tool, downloaded from provided link, reinstalled & ran as admin. Upon launch it checks for updates and crashes:
 

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: mbam.exe
  Application Version: 1.0.0.532
  Application Timestamp: 53518532
  Fault Module Name: MSVCR100.dll
  Fault Module Version: 10.0.40219.325
  Fault Module Timestamp: 4df2be1e
  Exception Code: 40000015
  Exception Offset: 0008d6fd
  OS Version: 6.0.6001.2.1.0.768.3
  Locale ID: 1033
  Additional Information 1: e18a
  Additional Information 2: a082e0273bd50d17691dce48e194d12c
  Additional Information 3: 2346
  Additional Information 4: 3a01c46a877eebc21576261e2c9eae67

 
Link to post
Share on other sites

Continue please:

 

Read the following link before we continue and run Combofix:

 

ComboFix usage, Questions, Help? - Look here

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

http://www.infospyware.net/antimalware/combofix/

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

 Combofix ran without any hiccups, report below:

 

ComboFix 14-07-17.03 - John 07/17/2014  18:21:50.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3582.2468 [GMT -5:00]
Running from: c:\users\John\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-17 to 2014-07-17  )))))))))))))))))))))))))))))))
.
.
2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\John\AppData\Local\temp
2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\UpdatusUser(55)\AppData\Local\temp
2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-17 12:31 . 2014-07-17 12:31 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-17 12:30 . 2014-07-17 12:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-17 12:30 . 2014-07-17 12:30 -------- d-----w- c:\programdata\Malwarebytes
2014-07-17 12:30 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-17 12:30 . 2014-05-12 12:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-17 12:30 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-17 12:10 . 2014-07-17 12:10 -------- d-----w- c:\program files\Common Files\Java
2014-07-17 12:10 . 2014-07-11 08:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-17 03:23 . 2014-07-14 09:12 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B31A51CC-7285-4584-857D-4D6F5B0D4EE8}\mpengine.dll
2014-07-16 13:45 . 2014-07-16 15:57 -------- d-----w- c:\users\John\AppData\Roaming\ImgBurn
2014-07-16 03:44 . 2014-07-16 03:44 -------- d-----w- C:\Vista Ultimate x86 SP1
2014-07-16 03:23 . 2014-07-09 21:34 55232 ----a-w- c:\windows\system32\drivers\{5178f938-0bd5-47c1-8242-71f6e3e72925}Gt.sys
2014-07-16 02:25 . 2014-07-16 02:25 -------- d-----w- c:\program files\ImgBurn
2014-07-16 02:20 . 2014-07-16 02:20 -------- d-----w- c:\program files\7-Zip
2014-07-15 22:30 . 2014-07-17 02:59 -------- d-----w- C:\MGADiagToolOutput
2014-07-15 22:29 . 2014-07-15 22:29 -------- d-----w- c:\programdata\Office Genuine Advantage
2014-07-15 14:50 . 2014-07-15 14:53 -------- d-----w- c:\users\user1
2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- c:\programdata\iolo
2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- c:\users\John\AppData\Roaming\iolo
2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- C:\dell
2014-07-10 23:21 . 2014-07-10 23:21 -------- d-----w- c:\program files\Windows Kits
2014-07-10 17:20 . 2014-07-10 17:20 -------- d-----w- c:\program files\ToniArts
2014-07-10 16:58 . 2014-07-10 16:58 -------- d-----w- c:\users\John\AppData\Roaming\SparkTrust
2014-07-10 16:57 . 2014-07-10 17:05 -------- d-----w- c:\programdata\SparkTrust
2014-07-10 16:17 . 2014-07-10 16:17 -------- d-----w- c:\program files\Enigma Software Group
2014-07-10 01:19 . 2014-07-10 01:19 -------- d-----w- C:\ca12041aa2ab28e8fee252
2014-07-10 00:00 . 2014-07-10 00:00 -------- d-----w- c:\users\John\AppData\Roaming\Dell
2014-07-10 00:00 . 2014-07-10 00:00 -------- d-----w- c:\programdata\PCDr
2014-07-09 23:59 . 2014-07-10 21:09 -------- d-----w- c:\program files\My Dell
2014-07-09 23:58 . 2014-07-09 23:58 -------- d-----w- c:\users\John\AppData\Roaming\PCDr
2014-07-09 15:58 . 2014-07-15 21:56 -------- d-----w- C:\FRST
2014-07-09 14:03 . 2014-07-15 18:21 -------- d-----w- C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-29 12:20 . 2013-01-14 14:14 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-05-10 12:57 . 2012-08-23 17:11 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 12:57 . 2012-08-23 17:11 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://johnspatch.blogspot.com/
uDefault_Search_URL = hxxp://google.inklineglobal.com
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-17 18:25
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-07-17  18:26:41
ComboFix-quarantined-files.txt  2014-07-17 23:26
ComboFix2.txt  2014-07-15 19:35
ComboFix3.txt  2014-07-15 19:14
ComboFix4.txt  2014-07-09 22:44
ComboFix5.txt  2014-07-17 23:21
.
Pre-Run: 240,011,317,248 bytes free
Post-Run: 240,060,403,712 bytes free
.
- - End Of File - - C0A9ABD1117134424F636B36B2BDEA38
239841E1AE8E4843C0676F3681A7D6BE
 
 
 
Thanks for the help
Link to post
Share on other sites

Took me a while to find them:

2
 

ComboFix 14-07-17.03 - John 07/17/2014  18:21:50.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3582.2468 [GMT -5:00]
Running from: c:\users\John\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-17 to 2014-07-17  )))))))))))))))))))))))))))))))
.
.
2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\John\AppData\Local\temp
2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\UpdatusUser(55)\AppData\Local\temp
2014-07-17 23:25 . 2014-07-17 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-17 12:31 . 2014-07-17 12:31 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-17 12:30 . 2014-07-17 12:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-17 12:30 . 2014-07-17 12:30 -------- d-----w- c:\programdata\Malwarebytes
2014-07-17 12:30 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-17 12:30 . 2014-05-12 12:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-17 12:30 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-17 12:10 . 2014-07-17 12:10 -------- d-----w- c:\program files\Common Files\Java
2014-07-17 12:10 . 2014-07-11 08:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-17 03:23 . 2014-07-14 09:12 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B31A51CC-7285-4584-857D-4D6F5B0D4EE8}\mpengine.dll
2014-07-16 13:45 . 2014-07-16 15:57 -------- d-----w- c:\users\John\AppData\Roaming\ImgBurn
2014-07-16 03:44 . 2014-07-16 03:44 -------- d-----w- C:\Vista Ultimate x86 SP1
2014-07-16 03:23 . 2014-07-09 21:34 55232 ----a-w- c:\windows\system32\drivers\{5178f938-0bd5-47c1-8242-71f6e3e72925}Gt.sys
2014-07-16 02:25 . 2014-07-16 02:25 -------- d-----w- c:\program files\ImgBurn
2014-07-16 02:20 . 2014-07-16 02:20 -------- d-----w- c:\program files\7-Zip
2014-07-15 22:30 . 2014-07-17 02:59 -------- d-----w- C:\MGADiagToolOutput
2014-07-15 22:29 . 2014-07-15 22:29 -------- d-----w- c:\programdata\Office Genuine Advantage
2014-07-15 14:50 . 2014-07-15 14:53 -------- d-----w- c:\users\user1
2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- c:\programdata\iolo
2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- c:\users\John\AppData\Roaming\iolo
2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- C:\dell
2014-07-10 23:21 . 2014-07-10 23:21 -------- d-----w- c:\program files\Windows Kits
2014-07-10 17:20 . 2014-07-10 17:20 -------- d-----w- c:\program files\ToniArts
2014-07-10 16:58 . 2014-07-10 16:58 -------- d-----w- c:\users\John\AppData\Roaming\SparkTrust
2014-07-10 16:57 . 2014-07-10 17:05 -------- d-----w- c:\programdata\SparkTrust
2014-07-10 16:17 . 2014-07-10 16:17 -------- d-----w- c:\program files\Enigma Software Group
2014-07-10 01:19 . 2014-07-10 01:19 -------- d-----w- C:\ca12041aa2ab28e8fee252
2014-07-10 00:00 . 2014-07-10 00:00 -------- d-----w- c:\users\John\AppData\Roaming\Dell
2014-07-10 00:00 . 2014-07-10 00:00 -------- d-----w- c:\programdata\PCDr
2014-07-09 23:59 . 2014-07-10 21:09 -------- d-----w- c:\program files\My Dell
2014-07-09 23:58 . 2014-07-09 23:58 -------- d-----w- c:\users\John\AppData\Roaming\PCDr
2014-07-09 15:58 . 2014-07-15 21:56 -------- d-----w- C:\FRST
2014-07-09 14:03 . 2014-07-15 18:21 -------- d-----w- C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-29 12:20 . 2013-01-14 14:14 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-05-10 12:57 . 2012-08-23 17:11 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 12:57 . 2012-08-23 17:11 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://johnspatch.blogspot.com/
uDefault_Search_URL = hxxp://google.inklineglobal.com
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-17 18:25
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-07-17  18:26:41
ComboFix-quarantined-files.txt  2014-07-17 23:26
ComboFix2.txt  2014-07-15 19:35
ComboFix3.txt  2014-07-15 19:14
ComboFix4.txt  2014-07-09 22:44
ComboFix5.txt  2014-07-17 23:21
.
Pre-Run: 240,011,317,248 bytes free
Post-Run: 240,060,403,712 bytes free
.
- - End Of File - - C0A9ABD1117134424F636B36B2BDEA38
239841E1AE8E4843C0676F3681A7D6BE
 
___________________________________________________________________________________________
 
3:
 
ComboFix 14-07-15.04 - John 07/15/2014  14:29:03.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3582.3137 [GMT -5:00]
Running from: c:\users\John\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-15 to 2014-07-15  )))))))))))))))))))))))))))))))
.
.
2014-07-15 19:34 . 2014-07-15 19:34 -------- d-----w- c:\users\John\AppData\Local\temp
2014-07-15 19:34 . 2014-07-15 19:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-07-15 19:34 . 2014-07-15 19:34 -------- d-----w- c:\users\UpdatusUser(55)\AppData\Local\temp
2014-07-15 19:34 . 2014-07-15 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-15 17:13 . 2014-07-15 17:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{345001E6-868B-49A1-A274-4CF698ABD7AA}\offreg.dll
2014-07-15 17:05 . 2014-07-15 18:55 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-15 17:05 . 2014-07-15 18:55 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-15 17:05 . 2014-07-15 17:05 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-15 17:05 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-15 17:05 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-15 15:28 . 2014-07-15 15:28 -------- d-----w- c:\programdata\Malwarebytes
2014-07-15 14:50 . 2014-07-15 14:53 -------- d-----w- c:\users\user1
2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- c:\programdata\iolo
2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- c:\users\John\AppData\Roaming\iolo
2014-07-11 13:48 . 2014-07-11 13:48 -------- d-----w- C:\dell
2014-07-10 23:21 . 2014-07-10 23:21 -------- d-----w- c:\program files\Windows Kits
2014-07-10 17:20 . 2014-07-10 17:20 -------- d-----w- c:\program files\ToniArts
2014-07-10 16:58 . 2014-07-10 16:58 -------- d-----w- c:\users\John\AppData\Roaming\SparkTrust
2014-07-10 16:57 . 2014-07-10 17:05 -------- d-----w- c:\programdata\SparkTrust
2014-07-10 16:17 . 2014-07-10 16:17 -------- d-----w- c:\program files\Enigma Software Group
2014-07-10 01:19 . 2014-07-10 01:19 -------- d-----w- C:\ca12041aa2ab28e8fee252
2014-07-10 00:00 . 2014-07-10 00:00 -------- d-----w- c:\users\John\AppData\Roaming\Dell
2014-07-10 00:00 . 2014-07-10 00:00 -------- d-----w- c:\programdata\PCDr
2014-07-09 23:59 . 2014-07-10 21:09 -------- d-----w- c:\program files\My Dell
2014-07-09 23:58 . 2014-07-09 23:58 -------- d-----w- c:\users\John\AppData\Roaming\PCDr
2014-07-09 15:58 . 2014-07-15 18:48 -------- d-----w- C:\FRST
2014-07-09 15:17 . 2014-07-09 15:17 -------- d-----w- c:\program files\ESET
2014-07-09 14:03 . 2014-07-15 18:21 -------- d-----w- C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-29 12:20 . 2013-01-14 14:14 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-05-10 12:57 . 2012-08-23 17:11 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 12:57 . 2012-08-23 17:11 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-30 23:37 . 2014-06-01 06:34 8073384 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{345001E6-868B-49A1-A274-4CF698ABD7AA}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-15 c:\windows\Tasks\At1.job
- c:\program files\pcmax\service.exe [2014-05-29 11:16]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]
.
2014-07-15 c:\windows\Tasks\pcreg.job
- c:\program files\pcmax\service.exe [2014-05-29 11:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://johnspatch.blogspot.com/
uDefault_Search_URL = hxxp://google.inklineglobal.com
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-15 14:34
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-07-15  14:35:45
ComboFix-quarantined-files.txt  2014-07-15 19:35
ComboFix2.txt  2014-07-15 19:14
ComboFix3.txt  2014-07-09 22:44
ComboFix4.txt  2014-07-09 22:04
.
Pre-Run: 243,762,589,696 bytes free
Post-Run: 243,662,098,432 bytes free
.
- - End Of File - - D27101DAC2D5496202D60350D722A04E
239841E1AE8E4843C0676F3681A7D6BE
 
____________________________________________________________________________________________
 
5:
 
ComboFix 14-07-08.01 - John 07/09/2014  16:58:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3582.2385 [GMT -5:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\John\battlelog-web-plugins_2.1.7_115.exe
c:\users\John\TG_PCOptimizer.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-09 to 2014-07-09  )))))))))))))))))))))))))))))))
.
.
2014-07-09 15:58 . 2014-07-09 21:31 -------- d-----w- C:\FRST
2014-07-09 15:17 . 2014-07-09 15:17 -------- d-----w- c:\program files\ESET
2014-07-09 14:05 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-09 14:03 . 2014-07-09 20:37 -------- d-----w- C:\AdwCleaner
2014-07-09 13:53 . 2014-07-09 13:53 -------- d-----w- c:\windows\ERUNT
2014-07-09 03:17 . 2014-07-09 03:17 -------- d-----w- c:\users\John\AppData\Local\ElevatedDiagnostics
2014-07-08 19:15 . 2014-07-08 19:15 -------- d-----w- c:\users\John\AppData\Roaming\AVAST Software
2014-07-08 19:14 . 2014-07-08 19:14 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-08 19:14 . 2014-07-08 19:14 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-08 19:14 . 2014-07-08 19:14 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-08 19:14 . 2014-07-08 19:14 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-08 19:14 . 2014-07-08 19:14 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-08 19:14 . 2014-07-08 19:14 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-08 19:14 . 2014-07-08 19:14 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-08 19:14 . 2014-07-08 19:14 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-07-08 19:14 . 2014-07-08 19:14 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 19:14 . 2011-08-10 12:18 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-29 12:20 . 2013-01-14 14:14 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-05-10 12:57 . 2012-08-23 17:11 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 12:57 . 2012-08-23 17:11 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-30 23:37 . 2014-06-01 06:34 8073384 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{345001E6-868B-49A1-A274-4CF698ABD7AA}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-08 19:14 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-08 4086432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]
.
2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://johnspatch.blogspot.com/
uDefault_Search_URL = hxxp://google.inklineglobal.com
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-09 17:03
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\users\John\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-07-09  17:04:51
ComboFix-quarantined-files.txt  2014-07-09 22:04
.
Pre-Run: 246,961,356,800 bytes free
Post-Run: 247,117,848,576 bytes free
.
- - End Of File - - 52CEFDAC6D5127507B5F554BB62F24CA
5C616939100B85E558DA92B899A0FC36
ComboFix 14-07-08.01 - John 07/09/2014  17:39:32.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3582.3004 [GMT -5:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\jp2ssv.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-09 to 2014-07-09  )))))))))))))))))))))))))))))))
.
.
2014-07-09 22:43 . 2014-07-09 22:43 -------- d-----w- c:\users\John\AppData\Local\temp
2014-07-09 22:43 . 2014-07-09 22:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-07-09 22:43 . 2014-07-09 22:43 -------- d-----w- c:\users\UpdatusUser(55)\AppData\Local\temp
2014-07-09 22:43 . 2014-07-09 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-09 15:58 . 2014-07-09 21:31 -------- d-----w- C:\FRST
2014-07-09 15:17 . 2014-07-09 15:17 -------- d-----w- c:\program files\ESET
2014-07-09 14:05 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-09 14:03 . 2014-07-09 20:37 -------- d-----w- C:\AdwCleaner
2014-07-09 13:53 . 2014-07-09 13:53 -------- d-----w- c:\windows\ERUNT
2014-07-09 03:17 . 2014-07-09 03:17 -------- d-----w- c:\users\John\AppData\Local\ElevatedDiagnostics
2014-07-08 19:15 . 2014-07-08 19:15 -------- d-----w- c:\users\John\AppData\Roaming\AVAST Software
2014-07-08 19:14 . 2014-07-08 19:14 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-08 19:14 . 2014-07-08 19:14 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-08 19:14 . 2014-07-08 19:14 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-08 19:14 . 2014-07-08 19:14 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-08 19:14 . 2014-07-08 19:14 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-08 19:14 . 2014-07-08 19:14 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-08 19:14 . 2014-07-08 19:14 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-08 19:14 . 2014-07-08 19:14 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-07-08 19:14 . 2014-07-08 19:14 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 19:14 . 2011-08-10 12:18 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-29 12:20 . 2013-01-14 14:14 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-05-10 12:57 . 2012-08-23 17:11 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 12:57 . 2012-08-23 17:11 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-30 23:37 . 2014-06-01 06:34 8073384 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{345001E6-868B-49A1-A274-4CF698ABD7AA}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-08 19:14 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-08 4086432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]
.
2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://johnspatch.blogspot.com/
uDefault_Search_URL = hxxp://google.inklineglobal.com
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-09 17:43
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-07-09  17:44:37
ComboFix-quarantined-files.txt  2014-07-09 22:44
ComboFix2.txt  2014-07-09 22:04
.
Pre-Run: 247,145,312,256 bytes free
Post-Run: 247,111,520,256 bytes free
.
- - End Of File - - 002F0802E6D8F4ABB564DDB56CBBBF48
5C616939100B85E558DA92B899A0FC36
_______________________________________________________________________________________________
 
Quarantined Files:
 
2014-07-15 19:14:31 . 2014-07-15 19:14:31              129 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CmPCIaudio.reg.dat
2014-07-15 19:12:40 . 2014-07-18 02:24:19            3,859 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-07-09 21:58:26 . 2014-07-18 02:21:35              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2014-07-09 21:56:43 . 2014-07-18 02:21:37              545 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2014-02-18 02:34:30 . 2014-02-18 02:34:37        4,015,280 ----a-w-  C:\Qoobox\Quarantine\C\Users\John\TG_PCOptimizer.exe.vir
2013-10-17 11:36:02 . 2014-03-18 03:05:14          171,944 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Java\jre7\bin\jp2ssv.dll.vir
2013-08-17 19:35:01 . 2013-08-17 19:35:01        3,820,480 ----a-w-  C:\Qoobox\Quarantine\C\Users\John\battlelog-web-plugins_2.1.7_115.exe.vir
 
Link to post
Share on other sites

Thanks for those logs, not seeing any obvious malware/infection issues. Go to the following link and follow instructions to d/l and install Service Pack 2 (SP2)

 

http://windows.microsoft.com/en-GB/windows/service-packs-download#sptabs=vista

 

When SP2 is completed reboot, check to see if any more updates are required. Instructions at following link if required.

 

http://windows.microsoft.com/en-gb/windows-vista/install-windows-updates

 

When the system is known to be fully updated lets see if Malwarebytes will now run, again please use the mbam-clean tool if required....

 

Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x

Follow the relevant steps and ensure to run mbam-clean tool after UNinstalling Malwarebytes.

 

When reinstalling the program please try the latest version from here:

http://www.malwarebytes.org/mwb-download/

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Kevin...

Link to post
Share on other sites

If your login account does not have administartor level rights, then before starting MBAM, do this:  Locate the shortcut link Right-click the icon and select Run as Administrator and allow to run  ( answer YES).

 

If you have both realtime protection as well as self-protection selected in MBAM, you need to first turn off the self-protection using the programs Settings >>Advanced Settings screen.

 

Next, ( but only if the program is running) let's shutdown the realtime Malwarebytes Anti-Malware. Go to the desktop Taskbar. See the blue-color MBAM icon in the notification area.

Do a Right-click on it with your mouse, and select EXIT.

 

{ if you are only running the Free mode program, you will not see that, so in that case you can ignore that step.}.

 

If you are unable to update Malwarebytes Anti-Malware's database, please follow the steps below :

 

1: Download our netconf replacement tool from the link below

 

https://malwarebytes.box.com/shared/static/4pro228sfm3mzl3f7eyl.zip

 

2: Unzip the zip file to Extract the "Net Conf Fix" folder on your desktop.

3: Once extracted, open the **Net Conf Fix** folder.

4: Double click on the net-replacement.bat file. If you are using Windows Vista or higher, please Right-click the net-replacement.bat file and click Run as Administrator from the menu.

5: After the tool has run, launch Malwarebytes Anti-Malware and click Update Now

 

Please let me know if you are able to update the database after running this tool.

 

Kevin...

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.