[RKinner]

SFC report is just complaining about tcpmon.ini file. This is a really stupid detection since .ini files are supposed to change. False positive from SFC so can be ignored.

Go on with vew. The second time you run it it will overwrite its log so copy and paste the text from the first run before running it a second time.

[Advertisements]

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/09/2013 12:02:15 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/09/2013 4:39:26 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/09/2013 4:38:28 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 05/09/2013 4:37:39 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

[Lauriek1970]

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/09/2013 12:02:15 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/09/2013 4:39:26 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/09/2013 4:38:28 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 05/09/2013 4:37:39 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

[Lauriek1970]

ino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/09/2013 12:03:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/09/2013 5:39:06 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 9.0.8112.16446 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 15c4 Start Time: 01ceaa5715001621 Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: 07fc8175-1652-11e3-af6d-002564b7421a

Log: 'Application' Date/Time: 05/09/2013 4:42:46 PM
Type: Error Category: 0
Event: 123 Source: Wave TCG Client Services
The NTRU TSS is not running, Wave Software is unable to communicate to TPM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/09/2013 4:42:47 PM
Type: Warning Category: 0
Event: 1 Source: Wave TCG Client Services
Unable to determine TPM Security Chip state.

Log: 'Application' Date/Time: 05/09/2013 4:37:04 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-580040910-3867713631-2828622594-1000_Classes:
Process 4296 (\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000_CLASSES
Process 5756 (\Device\HarddiskVolume3\Program Files\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000_CLASSES
Process 1764 (\Device\HarddiskVolume3\Program Files\Citrix\GoToMyPC\g2comm.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000_CLASSES


Log: 'Application' Date/Time: 05/09/2013 4:37:02 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-580040910-3867713631-2828622594-1000:
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000\Software\Policies\Microsoft\SystemCertificates
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000\Software\Policies\Microsoft\SystemCertificates
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000\Software\Policies\Microsoft\SystemCertificates
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000\Software\Policies\Microsoft\SystemCertificates
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000\Software\Microsoft\SystemCertificates\Root
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000\Software\Microsoft\SystemCertificates\trust
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000\Software\Microsoft\SystemCertificates\My
Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-580040910-3867713631-2828622594-1000\Software\Microsoft\SystemCertificates\CA

[RKinner]

Were you able to uninstall Norton and install MSSE?

Are you able to install Firefox yet?

[Lauriek1970]

I uninstalled Norton. Couldn't get the other program to install. And no, still can't install Firefox.

[RKinner]

What happens when you try and install something?

See if you can download, save and run by right clicking and Run As Admin: Windows Repair All in One:

http://www.tweaking....all_in_one.html

We just need the step where it gives you the window that you see on the page. Make sure you have at least the following checked then hit Start:

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates

Reboot when done.

[Lauriek1970]

When I try to install Firefox, a window flashes and then nothing happens. When I try to install Microsoft Security Essentials it says An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again.

[RKinner]

OK Try Windows Repair all in one and let's see if that helps.

[Lauriek1970]

It's running, looks like it's going to take awhile, it installed just fine btw

Edited by Lauriek1970, 05 September 2013 - 03:04 PM.

[Lauriek1970]

Ok, so this time, Microsoft Security installed, but couldn't check for updates. It says to check my internet or network connection and try again. It is scanning though. When I double click the Firefox icon, I hit run, it says that it is extracting but I don't know where the extracted files go? Google Chrome is working fine now.

[RKinner]

Since you are in an office it's possible that your company has a firewall that is blocking things or perhaps the Norton firewall is still active. Can you download and save Combofix? We can use that to remove any traces of Norton.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. (You may want to turn off your screen saver so you can see what is going on.) The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
If you do not get a log after it reboots, that usually means it has foudn the latest version of Zero Access malware, then you just need to run it a second time. If you get an error about a regstry value when you try to run something after running Combofix, then just reboot and that will fix the error.

[Lauriek1970]

Ok, I downloaded and ran Combofix.

[Lauriek1970]

The Microsoft Security program is running fine. Firefox still isn't installing though. I dunno, whould I delet it and try downloading again?

[RKinner]

Did you get the log from Combofix? Do a search for combofix.txt

Try a new Firefox download but this time get the whole setup and not just the stub installer from https://download.moz...=win&lang=en-US

[Lauriek1970]

Here is the Combofix log

ComboFix 13-09-04.04 - Mary's 09/05/2013 15:54:48.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2012.1054 [GMT -7:00]
Running from: c:\users\Mary's\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mary's\g2mdlhlpx.exe
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2013-08-05 to 2013-09-05 )))))))))))))))))))))))))))))))
.
.
2013-09-05 22:59 . 2013-09-05 22:59 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-09-05 22:59 . 2013-09-05 22:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-05 21:31 . 2013-09-05 04:58 718712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C02DB5FE-4648-4E55-9578-46CCA887F76F}\gapaengine.dll
2013-09-05 21:30 . 2013-08-20 07:47 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B255BD3-E4D2-4632-BEF0-7C00138E4FB2}\mpengine.dll
2013-09-05 21:21 . 2013-09-05 21:27 -------- d-----w- c:\program files\Microsoft Security Client
2013-09-05 21:11 . 2013-09-05 21:52 -------- d-----w- c:\windows\system32\catroot2
2013-09-05 20:54 . 2013-09-05 21:19 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-09-05 20:46 . 2013-09-05 20:46 -------- d-----w- C:\RegBackup
2013-09-05 20:40 . 2013-09-05 20:40 -------- d-----w- c:\program files\Tweaking.com
2013-09-05 15:33 . 2013-09-05 15:33 -------- d-----w- c:\windows\ERUNT
2013-09-04 17:46 . 2013-09-04 17:46 -------- d-----w- C:\_OTL
2013-09-03 22:23 . 2013-09-03 22:24 -------- d-----w- C:\AdwCleaner
2013-09-03 16:19 . 2013-09-04 15:42 -------- d-----w- c:\users\Mary's\Temp2
2013-08-29 22:37 . 2013-08-29 22:37 -------- d-----w- c:\program files\Common Files\Sagekey Software
2013-08-29 22:26 . 2013-09-05 21:53 -------- d-----w- c:\program files\ManagER
2013-08-29 21:54 . 2013-09-03 16:19 -------- d-----w- c:\users\Servpro
2013-08-29 21:37 . 2013-08-29 21:37 -------- d-----w- c:\users\Guest\AppData\Local\LogMeIn Rescue Applet
2013-08-29 21:36 . 2013-08-29 21:36 -------- d-----w- c:\users\Guest\Tracing
2013-08-29 21:36 . 2013-08-29 21:36 -------- d-----w- c:\users\Guest\AppData\Roaming\FLEXnet
2013-08-29 21:36 . 2013-08-29 21:36 -------- d-----w- c:\users\Guest\AppData\Roaming\ControlCenter4
2013-08-19 22:43 . 2013-08-19 22:55 -------- d-----w- c:\users\Mary's\AppData\Local\NPE
2013-08-16 21:50 . 2013-08-19 22:53 -------- d-----w- c:\users\Mary's\AppData\Local\Intel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-05 21:50 . 2010-02-20 00:16 0 ----a-w- c:\users\Mary's\AppData\Local\WavXMapDrive.bat
2013-08-29 21:35 . 2011-07-13 15:49 0 ----a-w- c:\users\Guest\AppData\Local\WavXMapDrive.bat
2013-08-20 19:30 . 2012-10-30 17:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-20 19:30 . 2011-09-29 15:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-19 04:50 . 2013-06-19 04:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 04:50 . 2013-06-19 04:50 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-10 14:08 . 2011-02-26 17:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2012-05-08 20:27 . 2012-09-06 21:15 693648 ----a-w- c:\program files\12Uninstall My Scrap Nook.dll
2012-05-08 20:27 . 2012-09-06 21:15 174016 ----a-w- c:\program files\12res.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BIBLauncher"="c:\program files\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 901600]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2009-08-26 2691072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-22 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-22 151064]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2012-07-07 1838592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-02 946352]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-07 143360]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 995184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CrossLoopService;CrossLoop Service;c:\users\Mary's\AppData\Local\CrossLoop\CrossLoopService.exe [2011-09-07 569072]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-19 107392]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-07-18 295376]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400]
S2 monblanking;monblanking;c:\windows\system32\DRIVERS\monblanking.sys [2013-03-13 28416]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2012-06-05 266240]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-20 273448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 14:58 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 19:30]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 17:49]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 17:49]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.sso.serv...MTcyLjEuMS4xMjI
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\wvauth.DLL
.
Completion time: 2013-09-05 16:01:36
ComboFix-quarantined-files.txt 2013-09-05 23:01
.
Pre-Run: 100,865,351,680 bytes free
Post-Run: 100,913,463,296 bytes free
.
- - End Of File - - 68250D7296E9B0DD9845023D1984D004
CDB4DE4BBD714F152979DA2DCBEF57EB