Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow Moving Laptop, Constantly Locking Up [Solved]


  • This topic is locked This topic is locked

#16
MsClark

MsClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Sorry for the delay. My computer is locking up and I could not close the program that was not responding in task manager. It is very slow when trying to connect to the internet. The file you request is below.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2014 01
Ran by james (administrator) on KIMCLARK on 03-03-2014 23:46:28
Running from C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJ1YP7UL
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SonicWALL Inc.) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(SonicWALL Inc.) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
() C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [505720 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SonicWALLNetExtender] - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1103744 2010-04-01] (SonicWALL Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [VMM Mode Selection] - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-07] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1036789798-630842878-1665978630-1000\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\S-1-5-21-1036789798-630842878-1665978630-1000\...\Run: [HLBackupScheduler] - C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe [9384256 2014-02-05] ()
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-25] (Google)
Startup: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {BC1383D9-01AE-4CC9-BEBC-5223028D7767} URL = http://www.google.co...ng}&rlz=1I7TSHB
SearchScopes: HKCU - DefaultScope {2E80422B-6D67-420D-9641-BC8FEE77ADA7} URL = http://delicious.com...p={searchTerms}
SearchScopes: HKCU - {2E80422B-6D67-420D-9641-BC8FEE77ADA7} URL = http://delicious.com...p={searchTerms}
SearchScopes: HKCU - {BC1383D9-01AE-4CC9-BEBC-5223028D7767} URL = http://www.google.co...TSHB_en___US342
SearchScopes: HKCU - {E233B837-D73B-4E17-9005-E3AC11578FC2} URL = http://www.flickr.co...q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://vpn.stardynamics.com/NELX.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\7y7jhqp3.default
FF DefaultSearchEngine: Google
FF Homepage: www.google.com
FF SelectedSearchEngine: Google
FF SearchEngineOrder.1: Google
FF Keyword.URL: https://www.google.com/search
FF NewTab: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\james\AppData\Local\TNT2\2.0.0.1250\npTNT2ghost.dll (Search.Us.com)
FF Plugin HKCU: @tnt2toolbar.com/Plugin - C:\Users\james\AppData\Local\TNT2\2.0.0.1250\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\james\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npWTHost.dll (WildTangent)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Yahooober26600900.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Yahooober26600900.src
FF Extension: LavaFox V1-Blue - C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\7y7jhqp3.default\Extensions\[email protected](465).com [2011-02-13]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\7y7jhqp3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-13]
FF Extension: DownloadHelper - C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\7y7jhqp3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(466) [2011-02-13]
FF Extension: Download Statusbar - C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\7y7jhqp3.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-04-20]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-11]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-13]
CHR Extension: (Google Search) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-07]
CHR Extension: (Google Wallet) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]
CHR Extension: (Gmail) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-02]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-07] (AVAST Software)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION)
S4 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [246520 2010-04-16] (WildTangent, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-25] (Google)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 SONICWALL_NetExtender; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [313216 2010-04-01] (SonicWALL Inc.)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-07] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-02-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-07] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-02-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-29] ()
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [22600 2009-10-21] (SonicWALL Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-10] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows ® Codename Longhorn DDK provider)
S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [47360 2009-01-07] ()
S3 SUSTUCAP; C:\Windows\System32\DRIVERS\sustucap.sys [47360 2009-01-07] ()
S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [28032 2009-01-07] (Susteen, Inc.)
S3 SVRPEDRV; C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\james\AppData\Local\Temp\catchme.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-03 23:46 - 2014-03-03 23:46 - 00000000 ____D () C:\FRST
2014-02-26 01:31 - 2014-02-26 01:31 - 00016386 _____ () C:\ComboFix.txt
2014-02-26 01:15 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-26 01:15 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-26 01:15 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-26 01:15 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-26 01:15 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-26 01:15 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-26 01:15 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-26 01:15 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-26 01:14 - 2014-02-26 01:31 - 00000000 ____D () C:\Qoobox
2014-02-26 01:14 - 2014-02-26 01:29 - 00000000 ____D () C:\Windows\erdnt
2014-02-26 00:59 - 2014-02-26 00:59 - 00000000 ____D () C:\Program Files\QuickTime
2014-02-26 00:55 - 2014-02-26 00:55 - 05185084 ____R (Swearware) C:\Users\james\Desktop\ComboFix.exe
2014-02-22 13:47 - 2014-02-22 13:47 - 00056688 ____N () C:\Users\james\Desktop\hotelcoupons.com-hotels-ohio-dayton-hawthorn-suites-dayt.tif
2014-02-22 12:20 - 2014-02-22 12:20 - 00002259 _____ () C:\Users\james\Desktop\JRT.txt
2014-02-22 12:16 - 2014-02-22 12:16 - 00000000 ____D () C:\Windows\ERUNT
2014-02-22 12:15 - 2014-02-22 12:15 - 01037734 _____ (Thisisu) C:\Users\james\Desktop\JRT.exe
2014-02-22 12:07 - 2014-02-22 12:07 - 00009564 _____ () C:\Users\james\Desktop\AdwCleaner[S0].txt
2014-02-22 11:51 - 2014-02-22 12:01 - 00000000 ____D () C:\AdwCleaner
2014-02-22 11:49 - 2014-02-22 11:49 - 01037734 _____ (Thisisu) C:\Users\james\Downloads\JRT.exe
2014-02-22 11:47 - 2014-02-22 11:47 - 01241834 _____ () C:\Users\james\Desktop\AdwCleaner.exe
2014-02-21 03:24 - 2014-02-21 03:24 - 00602112 _____ (OldTimer Tools) C:\Users\james\Downloads\OTL (1).exe
2014-02-13 03:03 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:03 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:03 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:03 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:03 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:03 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:03 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 03:03 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:03 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 03:03 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:03 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:03 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:03 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:03 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:03 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 03:03 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 02:57 - 2014-02-13 02:57 - 00793600 _____ () C:\Users\james\Documents\PUBH-8002-2 ClarkK FinalProject.ppt
2014-02-12 22:15 - 2013-12-04 21:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 22:00 - 2014-02-12 22:00 - 00001781 _____ () C:\Users\james\Desktop\Verizon Cloud.lnk
2014-02-12 21:59 - 2014-02-12 22:00 - 00000000 ____D () C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon Cloud
2014-02-12 21:55 - 2014-02-12 21:55 - 44163440 _____ (Installation Program) C:\Users\james\Downloads\3.5.108-update.exe
2014-02-05 07:10 - 2014-02-05 07:10 - 00602112 _____ () C:\Windows\system32\xvid.dll

==================== One Month Modified Files and Folders =======

2014-03-03 23:46 - 2014-03-03 23:46 - 00000000 ____D () C:\FRST
2014-03-03 23:45 - 2009-07-31 00:50 - 01997632 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 23:27 - 2010-02-13 12:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 23:22 - 2010-02-13 12:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 23:10 - 2012-03-31 20:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-03 23:10 - 2006-11-02 07:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 23:10 - 2006-11-02 07:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 04:03 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\tracing
2014-02-26 02:12 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 02:03 - 2006-11-02 05:33 - 00778902 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 01:47 - 2011-02-25 02:32 - 00000000 ____D () C:\ProgramData\T-Mobile
2014-02-26 01:46 - 2010-07-10 07:03 - 00000000 ____D () C:\Program Files\Common Files\PctelEapPeer Authentication
2014-02-26 01:45 - 2009-10-12 01:12 - 00000000 ____D () C:\Users\james\AppData\Roaming\Shareaza
2014-02-26 01:45 - 2009-10-12 01:12 - 00000000 ____D () C:\Program Files\Shareaza
2014-02-26 01:39 - 2013-07-09 01:44 - 00000000 ____D () C:\Users\james\AppData\Local\Backup Assistant Plus
2014-02-26 01:38 - 2013-07-07 21:12 - 00000000 ____D () C:\Users\james\AppData\Local\HTC MediaHub
2014-02-26 01:37 - 2010-01-21 21:07 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-26 01:37 - 2008-01-20 22:02 - 00157202 _____ () C:\Windows\PFRO.log
2014-02-26 01:37 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 01:36 - 2009-08-24 17:56 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-26 01:36 - 2006-11-02 07:58 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 01:31 - 2014-02-26 01:31 - 00016386 _____ () C:\ComboFix.txt
2014-02-26 01:31 - 2014-02-26 01:14 - 00000000 ____D () C:\Qoobox
2014-02-26 01:31 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-02-26 01:29 - 2014-02-26 01:14 - 00000000 ____D () C:\Windows\erdnt
2014-02-26 01:28 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-02-26 00:59 - 2014-02-26 00:59 - 00000000 ____D () C:\Program Files\QuickTime
2014-02-26 00:55 - 2014-02-26 00:55 - 05185084 ____R (Swearware) C:\Users\james\Desktop\ComboFix.exe
2014-02-22 13:47 - 2014-02-22 13:47 - 00056688 ____N () C:\Users\james\Desktop\hotelcoupons.com-hotels-ohio-dayton-hawthorn-suites-dayt.tif
2014-02-22 12:20 - 2014-02-22 12:20 - 00002259 _____ () C:\Users\james\Desktop\JRT.txt
2014-02-22 12:16 - 2014-02-22 12:16 - 00000000 ____D () C:\Windows\ERUNT
2014-02-22 12:15 - 2014-02-22 12:15 - 01037734 _____ (Thisisu) C:\Users\james\Desktop\JRT.exe
2014-02-22 12:07 - 2014-02-22 12:07 - 00009564 _____ () C:\Users\james\Desktop\AdwCleaner[S0].txt
2014-02-22 12:01 - 2014-02-22 11:51 - 00000000 ____D () C:\AdwCleaner
2014-02-22 11:51 - 2010-07-13 00:27 - 00001898 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-22 11:49 - 2014-02-22 11:49 - 01037734 _____ (Thisisu) C:\Users\james\Downloads\JRT.exe
2014-02-22 11:47 - 2014-02-22 11:47 - 01241834 _____ () C:\Users\james\Desktop\AdwCleaner.exe
2014-02-21 03:36 - 2012-10-06 16:59 - 00110568 _____ () C:\Users\james\Downloads\OTL.Txt
2014-02-21 03:24 - 2014-02-21 03:24 - 00602112 _____ (OldTimer Tools) C:\Users\james\Downloads\OTL (1).exe
2014-02-21 02:49 - 2013-12-12 21:48 - 00000000 ____D () C:\Users\james\Documents\PhD Homework
2014-02-20 23:42 - 2012-03-31 20:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-20 23:42 - 2011-06-05 00:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-13 03:45 - 2009-07-23 04:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 03:29 - 2013-09-07 02:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 03:20 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-13 03:10 - 2006-11-02 05:23 - 00000275 _____ () C:\Windows\win.ini
2014-02-13 02:57 - 2014-02-13 02:57 - 00793600 _____ () C:\Users\james\Documents\PUBH-8002-2 ClarkK FinalProject.ppt
2014-02-12 22:00 - 2014-02-12 22:00 - 00001781 _____ () C:\Users\james\Desktop\Verizon Cloud.lnk
2014-02-12 22:00 - 2014-02-12 21:59 - 00000000 ____D () C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon Cloud
2014-02-12 21:59 - 2013-10-18 02:18 - 00000000 ____D () C:\Program Files\Verizon Cloud
2014-02-12 21:59 - 2013-07-09 01:42 - 00000000 ____D () C:\Program Files\ffdshow
2014-02-12 21:55 - 2014-02-12 21:55 - 44163440 _____ (Installation Program) C:\Users\james\Downloads\3.5.108-update.exe
2014-02-12 21:55 - 2014-01-23 21:20 - 00000309 _____ () C:\Users\james\Downloads\3.5.108-update.xml
2014-02-07 00:56 - 2013-10-11 01:49 - 00001800 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-07 00:55 - 2013-10-11 01:49 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-07 00:55 - 2013-10-11 01:49 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-07 00:55 - 2013-10-11 01:49 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-07 00:55 - 2013-10-11 01:49 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-02-07 00:55 - 2013-10-11 01:49 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-02-07 00:55 - 2013-10-11 01:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-07 00:55 - 2012-10-09 01:22 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-05 07:10 - 2014-02-05 07:10 - 00602112 _____ () C:\Windows\system32\xvid.dll
2014-02-05 03:58 - 2014-02-13 03:03 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 03:56 - 2014-02-13 03:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 03:53 - 2014-02-13 03:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 03:51 - 2014-02-13 03:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 03:50 - 2014-02-13 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 03:49 - 2014-02-13 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 03:49 - 2014-02-13 03:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 03:48 - 2014-02-13 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 03:48 - 2014-02-13 03:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 03:48 - 2014-02-13 03:03 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 03:48 - 2014-02-13 03:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 03:48 - 2014-02-13 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 03:47 - 2014-02-13 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 03:47 - 2014-02-13 03:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 03:47 - 2014-02-13 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 03:46 - 2014-02-13 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-01 23:52 - 2013-12-15 19:08 - 00001879 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk
2014-02-01 23:51 - 2013-07-07 20:31 - 00000000 ____D () C:\Users\james\AppData\Local\Downloaded Installations
2014-02-01 23:38 - 2006-11-02 07:49 - 00168201 _____ () C:\Windows\setupact.log

Files to move or delete:
====================
C:\Users\james\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\james\AppData\Local\Temp\catchme.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-26 01:44

==================== End Of Log ============================
  • 0

Advertisements


#17
MsClark

MsClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
My computer is so slow. I was trying to submit my homework on time but ended up submitting it late because my computer froze on me and would not let me paste my paper where needed. No matter what I touched, the screen would go white then finally slowly populate. How can get it to stop this. I am so angrey it takes me 45 mintues to submit a paper using blackboard.
Ms.Clark
  • 0

#18
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello MsClark

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::



Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#19
MsClark

MsClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
it has been still locking up.

ComboFix 14-03-05.01 - james 03/10/2014 2:12.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1803 [GMT -4:00]
Running from: c:\users\james\Desktop\ComboFix.exe
Command switches used :: c:\users\james\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-10 to 2014-03-10 )))))))))))))))))))))))))))))))
.
.
2014-03-10 06:22 . 2014-03-10 06:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-03-10 06:22 . 2014-03-10 06:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-07 07:15 . 2014-03-07 07:15 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{820B6383-A55E-4006-858B-2CB4AEDBBF9F}\offreg.dll
2014-03-07 07:06 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{820B6383-A55E-4006-858B-2CB4AEDBBF9F}\mpengine.dll
2014-03-04 04:46 . 2014-03-04 04:48 -------- d-----w- C:\FRST
2014-02-26 06:58 . 2014-02-26 06:58 -------- d-----w- c:\windows\Migration
2014-02-26 05:59 . 2014-02-26 05:59 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2014-02-26 05:59 . 2014-02-26 05:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-02-26 05:59 . 2014-02-26 05:59 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2014-02-26 05:59 . 2014-02-26 05:59 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2014-02-26 05:59 . 2014-02-26 05:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-02-26 05:59 . 2014-02-26 05:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-02-26 05:59 . 2014-02-26 05:59 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2014-02-26 05:59 . 2014-02-26 05:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-02-26 05:59 . 2014-02-26 05:59 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2014-02-26 05:59 . 2014-02-26 05:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-02-26 05:59 . 2014-02-26 05:59 -------- d-----w- c:\program files\QuickTime
2014-02-22 17:16 . 2014-02-22 17:16 -------- d-----w- c:\windows\ERUNT
2014-02-22 16:51 . 2014-02-22 17:01 -------- d-----w- C:\AdwCleaner
2014-02-13 03:15 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 04:42 . 2012-04-01 01:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 04:42 . 2011-06-05 05:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-07 05:55 . 2013-10-11 06:49 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-07 05:55 . 2013-10-11 06:49 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-07 05:55 . 2013-10-11 06:49 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-07 05:55 . 2013-10-11 06:49 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-07 05:55 . 2013-10-11 06:49 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-07 05:55 . 2013-10-11 06:47 43152 ----a-w- c:\windows\avastSS.scr
2014-02-07 05:55 . 2012-10-09 06:22 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-05 12:10 . 2014-02-05 12:10 602112 ----a-w- c:\windows\system32\xvid.dll
2014-01-17 21:24 . 2014-01-17 21:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 21:24 . 2014-01-17 21:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-12-29 22:24 . 2013-12-29 22:25 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-29 22:14 . 2013-10-11 06:49 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-18 11:13 . 2009-10-12 01:47 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-16 04:14 . 2010-06-24 15:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-08-25 23:46 . 2009-11-15 22:16 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-07 05:55 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"HLBackupScheduler"="c:\program files\Verizon Cloud\Verizon Cloud Service.exe" [2014-02-05 9384256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-04-02 1103744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-07 3767096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^james^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-25 23:46 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 01:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-01-20 21:32 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 21:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-07 01:26 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-06-03 12:11 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 04:42]
.
2014-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:03]
.
2014-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\james\AppData\Roaming\Mozilla\Firefox\Profiles\7y7jhqp3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-10 02:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????g?R,$??h?????????????????
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-03-10 02:25:49
ComboFix-quarantined-files.txt 2014-03-10 06:25
ComboFix2.txt 2014-02-26 06:31
.
Pre-Run: 137,115,901,952 bytes free
Post-Run: 136,621,842,432 bytes free
.
- - End Of File - - B67507288A8F1BDE2ABFB6981EC447A2
5B5E648D12FCADC244C1EC30318E1EB9
  • 0

#20
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello MsClark

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+

send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo
  • 0

#21
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#22
MsClark

MsClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I have kept my computer off until I can run the programs. Prior to your post, my computer locked up. I turned it off. I used my work computer for my homework and planned to do the programs you request tonight. I work two jobs and tonight is the first night I had off the second job since your last instructions. I'm very greatful for your help. I turned off the WiFi on that computer when I'm not home.

MsClark
  • 0

#23
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
No problem and I always bump twice before I close

I have recently been working two jobs so I know how that can be - if you do recieve another bump it is just me keeping track of my topics and all that is needed is to reply as you have done.

Gringo
  • 0

#24
MsClark

MsClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
The computer pages still lock up. its says the page stopped responding.


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 3082039296, free: 2062413824

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 3082039296, free: 2053439488

Downloaded database version: v2014.03.14.01
Downloaded database version: v2014.02.20.01
=======================================
Initializing...
------------ Kernel report ------------
03/14/2014 03:19:02
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\NxDrv.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\??\C:\Windows\system32\drivers\aswSnx.sys
\??\C:\Windows\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\??\C:\Windows\system32\drivers\aswTdi.sys
\SystemRoot\system32\drivers\afd.sys
\??\C:\Windows\system32\drivers\aswRdr.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\rtlprot.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\RTL8187B.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff873dc390
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8640f028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff873dc390, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff874dfd18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff873dc390, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8640f028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D3D93FCE

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 470190080
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 473264128 Numsec = 15132672
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-3074048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-473264128-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 3082039296, free: 1937498112

=======================================
Initializing...
------------ Kernel report ------------
03/14/2014 03:48:45
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\NxDrv.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\??\C:\Windows\system32\drivers\aswSnx.sys
\??\C:\Windows\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\??\C:\Windows\system32\drivers\aswTdi.sys
\SystemRoot\system32\drivers\afd.sys
\??\C:\Windows\system32\drivers\aswRdr.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\rtlprot.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\RTL8187B.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff873dc390
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8640f028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff873dc390, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff874dfd18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff873dc390, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8640f028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D3D93FCE

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 470190080
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 473264128 Numsec = 15132672
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-3074048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-473264128-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
  • 0

#25
MsClark

MsClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : james [Admin rights]
Mode : Scan -- Date : 03/14/2014 04:21:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69224927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69224984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69242BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6922FA79)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69224927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69224984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69242BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6922FA79)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS543225L9SA00 +++++
--- User ---
[MBR] 7c11ab4aaf4bfb91f313e8ddbec3eaf7
[BSP] 2857e76fbbd288da18431967399ed734 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 229585 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 473264128 | Size: 7389 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03142014_042142.txt >>




-----------------------------------------------------------------------------------------------

Second Notepad saved to desktop


RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : james [Admin rights]
Mode : Remove -- Date : 03/14/2014 08:39:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69224927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69224984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69242BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6922FA79)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69224927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69224984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69242BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6922FA79)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS543225L9SA00 +++++
--- User ---
[MBR] 7c11ab4aaf4bfb91f313e8ddbec3eaf7
[BSP] 2857e76fbbd288da18431967399ed734 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 229585 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 473264128 | Size: 7389 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_03142014_083929.txt >>
RKreport[0]_S_03142014_042142.txt
  • 0

Advertisements


#26
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello MsClark

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#27
MsClark

MsClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player 12 ActiveX
Adobe Reader 9.5.5
Adobe Shockwave Player 11.5
AIO_Scan
Amazon Links
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Ad Blocker
avast! Free Antivirus
Bejeweled 3
Bonjour
BufferChm
C4200
C4200_doccd
c4200_Help
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Delta 2 Chants Screen Saver
Delta 5 Chants Screen Saver
Delta Chant & Tribal Music Screen Saver
Delta Silent Screen Saver
Delta Tribal Music Only Screen Saver
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
DVD MovieFactory for TOSHIBA
eSupportQFolder
ffdshow [rev 2527] [2008-12-19]
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.3
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Solution Center 9.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
HTC Driver Installer
HTC Sync Manager
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IPTInstaller
iTunes
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
MarketResearch
Marooned
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
MotoHelper 2.0.51 Driver 5.1.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.1.0
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Picasa 3
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QuickBooks Financial Center
QuickTime 7
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SolutionCenter
SonicWALL SSL-VPN NetExtender
Status
Synaptics Pointing Device Driver
The Dream Voyagers
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Verizon Cloud
VideoToolkit01
WebReg
WildTangent Games
WildTangent Web Driver
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR 5.01 (32-bit)
WModem Driver Installer
Word Search Puzzles
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar
  • 0

#28
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


Adobe Reader 9.5.5
Java 7 Update 45

[/list]


Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#29
MsClark

MsClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I am completing your instructions right now.

msclark
  • 0

#30
MsClark

MsClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.18.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
james :: KIMCLARK [administrator]

Protection: Disabled

3/18/2014 10:56:39 PM
mbam-log-2014-03-18 (22-56-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240128
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} (PUP.Optional.TidyNetwork.A) -> Delete on reboot.
HKCR\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\james\AppData\Local\TNT2 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles\10295 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.

Files Detected: 48
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\Autorun.inf (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\crx.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\ffassist.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\hmac.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\ie8starter.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\iehpr.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\iestage2.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\IEToolbar.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\IEToolbar64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\LastSession.log (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\log.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\npTNT2.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\npTNT2Ghost.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\OldStyleSB.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\OSD9202.OSD (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\passport.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\passport64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\progress.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\regsvr.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\safari.safariextz (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\sqlite.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\Tnt2Cbt.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\TNT2User.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\TntMagicDel.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\UninstallDlg.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\untar.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\xpi.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\2.0.0.1250\zipunzip.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles\10295\icon.ico (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles\10295\inst.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles\10295\LastSession.log (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles\10295\PARTNER.3.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles\10295\PARTNER.4.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles\10295\partner.dat (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles\10295\passport.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles\10295\passport64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles\10295\runt.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles\10295\tnt_32x32.png (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\james\AppData\Local\TNT2\Profiles\10295\[email protected] (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP