HP VISTA 64 KEEPS CRASHING PURCHASED 2008

lotodig · March 29, 2013, 02:43:20 AM

ok one more time

ComboFix 13-03-28.01 - gabe 03/28/2013 21:25:18.5.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4085.2095 [GMT -5:00]
Running from: c:\users\gabe\Desktop\ComboFix.exe
Command switches used :: c:\users\gabe\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\REND94.tmp"
"c:\windows\system32\REND95.tmp"
"c:\windows\system32\REND96.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\AntiVirus
c:\program files (x86)\Common Files\AntiVirus\Definitions\acertdefs0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\adsrules.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\AdviceTx.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\api0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\apincl.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\apprules.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\bhmem.vtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\bhsl.vtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\bmem.vtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\CatDesc.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\CatID.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\cblk.vtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\cmem.vtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\cname.wtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\comp0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\Cookies.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\CoreVer.txt
c:\program files (x86)\Common Files\AntiVirus\Definitions\ctid.vtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\defs0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\DefVer.txt
c:\program files (x86)\Common Files\AntiVirus\Definitions\dex_hash.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\dexmem.vtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\dnrl.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\elf_hash.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\EPSigs.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\FastSigs.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\FileDT.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\FolderDT.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\fsigs.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\gfiark.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\gfiark32.sys
c:\program files (x86)\Common Files\AntiVirus\Definitions\gfiark64.sys
c:\program files (x86)\Common Files\AntiVirus\Definitions\gfiarkup.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\gfiutil.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\gfiutl32.sys
c:\program files (x86)\Common Files\AntiVirus\Definitions\gfiutl64.sys
c:\program files (x86)\Common Files\AntiVirus\Definitions\hcol.wtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\heur0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\HistoryCleaner.xml
c:\program files (x86)\Common Files\AntiVirus\Definitions\hstn.vtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\idsrules.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\ih.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\IncompatiblePrograms.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\incompats.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\ip.vtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\JSSigs.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\kbu.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\kbu.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\lgpl.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\lib7zip.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libBase64.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libCHM.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libEmail.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libMachoUniv.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libMsCab.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libMsi.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libNSIS.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libOleA.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libRar.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libRTF.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libtd.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libVvs.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\libZip.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\macroptn.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\MFastSigs.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\mime0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\networkrules.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\pack0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\patchw32.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\qscnf.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\qscnr.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\RegDT.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\rem0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\remediation.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\RootCA.wtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\RTmem.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\SBTS.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\SBWL.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\script0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\sdll0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\sel.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\smim0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\ThreatCategoryGlossary.xml
c:\program files (x86)\Common Files\AntiVirus\Definitions\ThreatCategoryGlossary.xsd
c:\program files (x86)\Common Files\AntiVirus\Definitions\ThreatDT.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\ThreatID.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\TImem.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\unpck0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\updater.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\vcore.dll
c:\program files (x86)\Common Files\AntiVirus\Definitions\VVSSigs.vdx
c:\program files (x86)\Common Files\AntiVirus\Definitions\WebFilterExceptions.dat
c:\program files (x86)\Common Files\AntiVirus\Definitions\white.wtd
c:\program files (x86)\Common Files\AntiVirus\Definitions\white0.std
c:\program files (x86)\Common Files\AntiVirus\Definitions\whsl.wtd
c:\program files (x86)\Common Files\AntiVirus\SBAMConfig.bin
c:\program files (x86)\MyTechHelp
c:\program files (x86)\MyTechHelp\Anti-Virus Malware Suite\Help.chm
c:\programdata\MyTechHelp
c:\programdata\MyTechHelp\AntiMalware\APConfig.xml
c:\programdata\MyTechHelp\AntiMalware\CountScans.XML
c:\programdata\MyTechHelp\AntiMalware\EmailAVConfig.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032523490600.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032523491701.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032523491702.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032523564203.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032523595904.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032600500205.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032607562706.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032608571307.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032610584008.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032614445200.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032614450501.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032709313100.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032709314301.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032716533100.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032716534301.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032717534802.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032723581003.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032800590104.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032808045805.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032809054406.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032813090207.xml
c:\programdata\MyTechHelp\AntiMalware\Events\EV2013032814595108.xml
c:\programdata\MyTechHelp\AntiMalware\History\20130325235957.xml
c:\programdata\MyTechHelp\AntiMalware\Logs\SBAMSvcLog.csv
c:\programdata\MyTechHelp\AntiMalware\Logs\SBAMSvcLog_1.csv
c:\programdata\MyTechHelp\AntiMalware\RegistrationConfig.xml
c:\programdata\MyTechHelp\AntiMalware\ScanConfig.xml
c:\programdata\MyTechHelp\AntiMalware\ServiceConfig.xml
c:\programdata\MyTechHelp\AntiMalware\SoftwareUpdateConfig.xml
c:\programdata\MyTechHelp\AntiMalware\ThreatDefinitionsConfig.xml
c:\programdata\MyTechHelp\AntiMalware\WSCConfig.xml
c:\programdata\MyTechHelp\AntiVirusMalwareSuite\Anti-Virus Malware Suite.stg
c:\programdata\MyTechHelp\AntiVirusMalwareSuite\Cnf\Mac.pad
c:\programdata\MyTechHelp\AntiVirusMalwareSuite\smartscan.cfg
c:\users\gabe\AppData\Roaming\MyTechHelp
c:\windows\system32\REND94.tmp
c:\windows\system32\REND95.tmp
c:\windows\system32\REND96.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-29 )))))))))))))))))))))))))))))))
.
.
2013-03-29 02:31 . 2013-03-29 02:31   --------   d-----w-   c:\users\Public\AppData\Local\temp
2013-03-29 02:31 . 2013-03-29 02:31   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-03-29 01:40 . 2013-03-19 10:50   9311288   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2450C188-3812-4C36-9554-1CC56A167039}\mpengine.dll
2013-03-28 20:57 . 2012-10-23 12:04   972264   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84F7E6FF-40DA-4ABC-8F3C-DBC4CEB5ABDF}\gapaengine.dll
2013-03-28 20:53 . 2013-03-28 20:53   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2013-03-28 20:53 . 2013-03-28 20:53   --------   d-----w-   c:\program files\Microsoft Security Client
2013-03-28 20:25 . 2013-03-28 20:25   95648   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-27 23:09 . 2013-03-27 23:09   --------   d-----w-   c:\users\gabe\AppData\Local\ElevatedDiagnostics
2013-03-26 04:49 . 2013-03-28 16:00   --------   d-----w-   C:\_Backup
2013-03-26 04:48 . 2013-03-26 04:48   --------   d-----w-   c:\programdata\Avanquest
2013-03-21 17:53 . 2013-02-12 02:18   19456   ----a-w-   c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-28 20:25 . 2012-06-13 22:26   861088   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-03-28 20:25 . 2010-05-18 12:49   782240   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-03-13 08:03 . 2006-11-02 12:35   72013344   ----a-w-   c:\windows\system32\mrt.exe
2013-03-12 23:55 . 2012-03-29 12:24   693976   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 23:55 . 2011-05-21 13:35   73432   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2009-10-04 00:40   273840   ------w-   c:\windows\system32\MpSigStub.exe
2013-01-20 20:59 . 2013-01-20 20:59   230320   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2013-01-20 20:59 . 2013-01-20 20:59   130008   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:37 . 2013-02-13 21:12   4695400   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-01-04 11:31 . 2013-02-13 21:12   1417576   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-01-04 02:23 . 2013-02-13 21:12   40448   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2013-01-04 01:59 . 2013-02-13 21:12   2773504   ----a-w-   c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\gabe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\gabe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\gabe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDiRCPL"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - NISDRV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 18:05   1629648   ----a-w-   c:\program files (x86)\google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:55]
.
2013-03-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-183848497-3778990327-3186989207-1000Core.job
- c:\users\gabe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 23:24]
.
2013-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-183848497-3778990327-3186989207-1000UA.job
- c:\users\gabe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 23:24]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 20:22]
.
2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 20:22]
.
2013-03-06 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\gabe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\gabe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\gabe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\gabe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 178712]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = localhost;*.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\gabe\AppData\Roaming\Mozilla\Firefox\Profiles\kj65qb5i.default\
FF - prefs.js: browser.startup.homepage - chrome://newtabplus/content/newtab.html
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{DB61F672-0D05-4997-BEC6-96EAAB7C4106} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="REMOVED"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-03-28 21:37:24
ComboFix-quarantined-files.txt 2013-03-29 02:37
ComboFix2.txt 2013-03-29 01:27
ComboFix3.txt 2013-03-29 00:06
ComboFix4.txt 2013-03-28 21:39
ComboFix5.txt 2013-03-29 02:20
.
Pre-Run: 659,783,315,456 bytes free
Post-Run: 659,748,360,192 bytes free
.
- - End Of File - - 539FE52A601CC1865DB5E5A94CCB47F0

Corrine · March 29, 2013, 01:33:10 PM

:dance:

That is just what I wanted to see, lotodig!

How is your computer now? Have you had any crashes?

You may want to reinstall Malwarebytes. I suggest getting it from here.

lotodig · March 29, 2013, 01:54:49 PM

good morning Corrine

yes I had a crash last night....but I went through the black screen DOS setting and chose "start in normal mode" and then there was a notice "checking file system on C CHKDSK . After that it went through the start up and eventually got there. (I'm not sure which came first, the notice of the scan or the start in normal mode part)

I made a picture of the scan with my IPAD and could copy/type it here if it would be of any help

Corrine · March 29, 2013, 02:01:13 PM

Hi, lotodig.

First, let's clean up. You can delete SecurityCheck from your desktop and then do the following:

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

Regarding the crashes, expert assistance is available to assist with the crashes at Sysnative. Please register there and follow the instructions in this topic: Blue Screen of Death (BSOD) Posting Instructions - Windows 8, 7 & Vista. If you have any problems following the instructions, go ahead and create a new topic in that forum and explain what is happening and any problems you're having with the instructions. I'll be watching for you there.

lotodig · March 29, 2013, 02:41:14 PM

I was glad to make a donation of to combofix on your recommendation. Already done

Now off to Sysnative

Thank you so much for your help and patience and sharing your knowledge.

Corrine · March 29, 2013, 04:48:24 PM

I was very happy to help you, lotodig, and particularly pleased that your credit card company is providing you with a refund.

It was very kind of you to send a donation for ComboFix. The developer, sUBs, spends a tremendous amount of time not only further developing the tool but also providing guidance and assistance to the security community.

I see your account at Sysnative is in the "awaiting for email confirmation" stage. Make sure you check your spam folder for the confirmation email if it isn't in your Inbox.