Phosforic
2014-01-16, 07:03
So recently having been in and out and not using my own pc, I ran across a few things on the family computer. Idk if they're malware related, and sbsd isn't finding anything but i did see other posts with conduit being a culprit as it was on this computer. Aside from that, I am not able to run SBSD in admin mode to remove 'logs' it shows in it's scan, the internet tells me "you're not currently connected to any networks", but that could be a fault on my part of setting up the router, but it also is almost always showing activity animation even when nothing, that i can see, is using internet access. I've uninstalled conduit as best as i could, and there was another program that i'm guessing was the cause for conduit that i also probably shabbily removed, but i can't recall the name kids game program or other. I've uninstalled and reinstalled SBSD and aren't able to run it in admin mode still, and it had suggested running an automatic scan at startup which becomes unresponsive when scanning the last file. I keep getting errors for Microsoft Essentials telling me i'm not able to complete updates due to no connection, and when i reinstalled essentials i wasn't able to reboot correctly, and haven't been able to since. It'll tell me shutting down, configuring updates, then 'shutting off' and the tower will be running silently, but the screen stays black. Here are results from SBSD of the two logs that can't be removed, if it's any help. Also, a few minutes after windows logs on I receive some errors for 'parsing' from CCC something or other, will post the exact information after I turn off teatimer. Best regards, Jonas. Also, do you think it's malware related or just computer ineptness?
From 'Log' 2 entries, only did a usage track check since those are the only things that come up as an issue, and didn't feel the need to run a full scan again, if necessary will gladly.
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\Windows\ntbtlog.txt
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\Windows\System32\wbem\logs\wmiprov.log
Internet Explorer: [SBI $1E8157BE] Typed URL list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1070394170-13485805-302000740-1000\Software\Microsoft\Internet Explorer\TypedURLs
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\as1.suitesmart.com\6thElement.sol
Properties.size=152
Properties.md5=C754231A78F162F6103B86CFBF97C549
Properties.filedate=1389802072
Properties.filedatetext=2014-01-15 11:07:51
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cfiles.5min.com\5minSessionTracker_www.huffingtonpost.com.sol
Properties.size=132
Properties.md5=6235BE4F5A6D1E5E1E0EE0B06666A7BF
Properties.filedate=1389711206
Properties.filedatetext=2014-01-14 09:53:26
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cfiles.5min.com\Storage5minCookie.sol
Properties.size=62
Properties.md5=A9A44F54291EB6CD7F30AE31BAE5277C
Properties.filedate=1389711194
Properties.filedatetext=2014-01-14 09:53:14
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\login.yahoo.com\loginCache.sol
Properties.size=79
Properties.md5=33F3DD906BD3CE5E825C965FCCF82579
Properties.filedate=1389681203
Properties.filedatetext=2014-01-14 01:33:22
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=A0EA46CFB3941C1821293B2149ECAA7B
Properties.filedate=1389766953
Properties.filedatetext=2014-01-15 01:22:32
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\skype.com\#ui\preferences.sol
Properties.size=234
Properties.md5=EA4972C43485884F3668321F0879F7BB
Properties.filedate=1389757814
Properties.filedatetext=2014-01-14 22:50:13
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cc1.midasplayer.com\swf\CCMain.swf\giveLifeX.sol
Properties.size=262
Properties.md5=E01C44424BFB168B169DE8648B7F20F9
Properties.filedate=1389788379
Properties.filedatetext=2014-01-15 07:19:38
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cc1.midasplayer.com\swf\CCMain.swf\invite_friends.sol
Properties.size=78
Properties.md5=28D2FCBE992E218CAC98193941616114
Properties.filedate=1389791304
Properties.filedatetext=2014-01-15 08:08:24
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cc1.midasplayer.com\swf\CCMain.swf\pwf_giveHelp.sol
Properties.size=166
Properties.md5=0A4A204FBC0ECD5892D9D147B4CBF8E0
Properties.filedate=1389740396
Properties.filedatetext=2014-01-14 17:59:55
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cc1.midasplayer.com\swf\CCMain.swf\pwf_livesPop.sol
Properties.size=76
Properties.md5=0E34B9797810F954FE17773F308C8E5D
Properties.filedate=1389788369
Properties.filedatetext=2014-01-15 07:19:28
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cc1.midasplayer.com\swf\CCMain.swf\pwf_movesPop.sol
Properties.size=76
Properties.md5=D4147F09AC599F363251706260092650
Properties.filedate=1389789639
Properties.filedatetext=2014-01-15 07:40:38
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cc1.midasplayer.com\swf\CCMain.swf\receivedBoosterGifts.sol
Properties.size=322
Properties.md5=C03FD213EAB12B4A0CE96CB6601AEB7F
Properties.filedate=1389740371
Properties.filedatetext=2014-01-14 17:59:30
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\www.omegle.com\static\omegle.swf\omegle.sol (http://www.omegle.com\static\omegle.swf\omegle.sol)
Properties.size=52
Properties.md5=4B6610C93794FA4A3A45CA0BE2543177
Properties.filedate=1389703986
Properties.filedatetext=2014-01-14 07:53:06
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1070394170-13485805-302000740-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1070394170-13485805-302000740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (18 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1070394170-13485805-302000740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1070394170-13485805-302000740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cookie: [SBI $49804B54] Cookie (6) (Cookie, nothing done)
Cache: [SBI $49804B54] Cache (347) (Cache, nothing done)
History: [SBI $49804B54] History (101) (History, nothing done)
Cookie: [SBI $49804B54] Cookie (35) (Cookie, nothing done)
History: [SBI $49804B54] History (41) (History, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2013-12-28 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-01-08 Includes\Adware-000.sbi
2014-01-08 Includes\Adware-001.sbi
2014-01-08 Includes\Adware-C.sbi
2014-01-08 Includes\Adware.sbi
2014-01-03 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2014-01-08 Includes\Dialer-000.sbi
2014-01-08 Includes\Dialer-001.sbi
2014-01-08 Includes\Dialer-C.sbi
2014-01-08 Includes\Dialer.sbi
2013-04-11 Includes\DialerC.sbi
2013-04-11 Includes\HeavyDuty.sbi
2014-01-08 Includes\Hijackers-000.sbi
2014-01-08 Includes\Hijackers-001.sbi
2014-01-08 Includes\Hijackers-C.sbi
2014-01-08 Includes\Hijackers.sbi
2013-04-11 Includes\HijackersC.sbi
2014-01-08 Includes\iPhone-000.sbi
2014-01-08 Includes\iPhone.sbi
2014-01-08 Includes\Keyloggers-000.sbi
2014-01-08 Includes\Keyloggers-C.sbi
2014-01-08 Includes\Keyloggers.sbi
2013-10-30 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2013-05-29 Includes\Malware.sbi
2014-01-06 Includes\MalwareC.sbi
2012-11-14 Includes\PUPS.sbi
2014-01-07 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2014-01-08 Includes\Security-000.sbi
2014-01-08 Includes\Security-C.sbi
2014-01-08 Includes\Security.sbi
2013-10-30 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2014-01-08 Includes\Spyware-000.sbi
2014-01-08 Includes\Spyware-001.sbi
2014-01-08 Includes\Spyware-C.sbi
2014-01-08 Includes\Spyware.sbi
2013-08-06 Includes\SpywareC.sbi
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi
2013-12-11 Includes\TrojansC-02.sbi
2013-12-10 Includes\TrojansC-03.sbi
2014-01-07 Includes\TrojansC-04.sbi
2013-06-13 Includes\TrojansC-05.sbi
2013-08-06 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526
Run by Lynn at 23:12:20 on 2014-01-15
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{547EBCD8-F443-46FF-ACC6-753E28572E1F} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lynn\appdata\roaming\mozilla\firefox\profiles\tlx9jl26.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-01-15 08:42:13 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{82603fc8-35d4-4790-8127-4a5c611053d0}\mpengine.dll
2014-01-14 05:06:17 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f543d1ea-95b1-43b7-9088-7c59f9f49c73}\gapaengine.dll
2014-01-14 05:05:03 7760024 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-14 04:34:52 -------- d-----w- c:\program files\Microsoft Security Client
2014-01-14 04:34:10 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-04 03:45:11 -------- d--h--w- c:\windows\msdownld.tmp
2014-01-04 03:44:58 -------- d-----w- c:\program files\Microsoft
2014-01-04 03:44:19 -------- d--h--w- c:\programdata\Common Files
2014-01-04 03:44:18 -------- d-----w- c:\users\lynn\appdata\local\MFAData
2014-01-04 03:44:18 -------- d-----w- c:\users\lynn\appdata\local\Avg2014
2014-01-04 03:44:18 -------- d-----w- c:\programdata\MFAData
2014-01-04 02:59:06 7760024 ------w- c:\programdata\microsoft\windows defender\definition updates\{f2046fb7-8e4d-4cd5-a893-f7376af4360f}\mpengine.dll
2014-01-04 02:29:36 -------- d-----w- c:\windows\system32\appmgmt
2013-12-31 07:15:54 -------- d-----w- c:\users\lynn\appdata\local\Macromedia
2013-12-30 18:15:54 -------- d-----w- c:\users\lynn\appdata\local\Mozilla
2013-12-30 18:15:12 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-12-28 03:58:12 -------- d-----w- c:\windows\Migration
2013-12-24 12:51:07 -------- d-----w- c:\windows\system32\SearchProtect
.
==================== Find3M ====================
.
2013-12-31 06:56:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-31 06:56:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 09:32:04 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12:54 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 01:43:04 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43:06 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-30 00:35:24 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-10-22 07:19:59 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
============= FINISH: 23:13:02.32 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-15 23:13:46
-----------------------------
23:13:46.479 OS Version: Windows 6.0.6002 Service Pack 2
23:13:46.480 Number of processors: 1 586 0x5F02
23:13:46.481 ComputerName: COLLECTIVE UserName: Lynn
23:13:48.021 Initialize success
23:34:05.720 AVAST engine defs: 14011401
23:34:33.150 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000050
23:34:33.168 Disk 0 Vendor: WDC_WD16 05.0 Size: 152627MB BusType: 6
23:34:33.657 Disk 0 MBR read successfully
23:34:33.667 Disk 0 MBR scan
23:34:34.684 Disk 0 Windows VISTA default MBR code
23:34:34.707 Disk 0 Partition 1 00 06 FAT16 9800 MB offset 2048
23:34:35.141 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142825 MB offset 20072448
23:34:35.396 Disk 0 scanning sectors +312578048
23:34:35.787 Disk 0 scanning C:\Windows\system32\drivers
23:35:14.890 Service scanning
23:35:36.061 Service MpKsl4db7864d c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82603FC8-35D4-4790-8127-4A5C611053D0}\MpKsl4db7864d.sys **LOCKED** 32
23:36:01.232 Modules scanning
23:36:16.615 Disk 0 trace - called modules:
23:36:16.642 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
23:36:16.659 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f8f1b0]
23:36:16.703 3 CLASSPNP.SYS[861a28b3] -> nt!IofCallDriver -> [0x83974c20]
23:36:16.704 5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\00000050[0x83974788]
23:36:20.444 AVAST engine scan C:\Windows
23:36:23.661 AVAST engine scan C:\Windows\system32
23:42:10.367 AVAST engine scan C:\Windows\system32\drivers
23:42:33.517 AVAST engine scan C:\Users\Lynn
23:43:10.013 Disk 0 MBR has been saved successfully to "C:\Users\Lynn\Documents\MBR.dat"
23:43:10.151 The log file has been saved successfully to "C:\Users\Lynn\Documents\aswMBR.txt"
23:56:40.609 AVAST engine scan C:\ProgramData
23:57:25.358 Scan finished successfully
00:02:35.280 Disk 0 MBR has been saved successfully to "C:\Users\Lynn\Documents\MBR.dat"
00:02:35.316 The log file has been saved successfully to "C:\Users\Lynn\Documents\aswMBR.txt"
I almost feel like those scans aren't long enough, and some stuff seems a bit unnerving, but the error parsing is from
MOM.exe - Configuration parser error
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config
Parser returned error 0xC00CE509
I have the option of OK only then it proceeds to show;
CCC.exe - Configuration parser error
Error Parsing
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config
Parser returned error 0xC00E509
But they're just AMD Catalyst conflicts with Windows?
What catches my attention is;
Server = 192.168.1.1
TCP: Interfaces\{547EBCD8-F443-46FF-ACC6-753E28572E1F} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
Am I way off?
From 'Log' 2 entries, only did a usage track check since those are the only things that come up as an issue, and didn't feel the need to run a full scan again, if necessary will gladly.
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\Windows\ntbtlog.txt
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\Windows\System32\wbem\logs\wmiprov.log
Internet Explorer: [SBI $1E8157BE] Typed URL list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1070394170-13485805-302000740-1000\Software\Microsoft\Internet Explorer\TypedURLs
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\as1.suitesmart.com\6thElement.sol
Properties.size=152
Properties.md5=C754231A78F162F6103B86CFBF97C549
Properties.filedate=1389802072
Properties.filedatetext=2014-01-15 11:07:51
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cfiles.5min.com\5minSessionTracker_www.huffingtonpost.com.sol
Properties.size=132
Properties.md5=6235BE4F5A6D1E5E1E0EE0B06666A7BF
Properties.filedate=1389711206
Properties.filedatetext=2014-01-14 09:53:26
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cfiles.5min.com\Storage5minCookie.sol
Properties.size=62
Properties.md5=A9A44F54291EB6CD7F30AE31BAE5277C
Properties.filedate=1389711194
Properties.filedatetext=2014-01-14 09:53:14
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\login.yahoo.com\loginCache.sol
Properties.size=79
Properties.md5=33F3DD906BD3CE5E825C965FCCF82579
Properties.filedate=1389681203
Properties.filedatetext=2014-01-14 01:33:22
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=A0EA46CFB3941C1821293B2149ECAA7B
Properties.filedate=1389766953
Properties.filedatetext=2014-01-15 01:22:32
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\skype.com\#ui\preferences.sol
Properties.size=234
Properties.md5=EA4972C43485884F3668321F0879F7BB
Properties.filedate=1389757814
Properties.filedatetext=2014-01-14 22:50:13
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cc1.midasplayer.com\swf\CCMain.swf\giveLifeX.sol
Properties.size=262
Properties.md5=E01C44424BFB168B169DE8648B7F20F9
Properties.filedate=1389788379
Properties.filedatetext=2014-01-15 07:19:38
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cc1.midasplayer.com\swf\CCMain.swf\invite_friends.sol
Properties.size=78
Properties.md5=28D2FCBE992E218CAC98193941616114
Properties.filedate=1389791304
Properties.filedatetext=2014-01-15 08:08:24
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cc1.midasplayer.com\swf\CCMain.swf\pwf_giveHelp.sol
Properties.size=166
Properties.md5=0A4A204FBC0ECD5892D9D147B4CBF8E0
Properties.filedate=1389740396
Properties.filedatetext=2014-01-14 17:59:55
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cc1.midasplayer.com\swf\CCMain.swf\pwf_livesPop.sol
Properties.size=76
Properties.md5=0E34B9797810F954FE17773F308C8E5D
Properties.filedate=1389788369
Properties.filedatetext=2014-01-15 07:19:28
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cc1.midasplayer.com\swf\CCMain.swf\pwf_movesPop.sol
Properties.size=76
Properties.md5=D4147F09AC599F363251706260092650
Properties.filedate=1389789639
Properties.filedatetext=2014-01-15 07:40:38
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\cc1.midasplayer.com\swf\CCMain.swf\receivedBoosterGifts.sol
Properties.size=322
Properties.md5=C03FD213EAB12B4A0CE96CB6601AEB7F
Properties.filedate=1389740371
Properties.filedatetext=2014-01-14 17:59:30
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\Lynn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q6SA6PXM\www.omegle.com\static\omegle.swf\omegle.sol (http://www.omegle.com\static\omegle.swf\omegle.sol)
Properties.size=52
Properties.md5=4B6610C93794FA4A3A45CA0BE2543177
Properties.filedate=1389703986
Properties.filedatetext=2014-01-14 07:53:06
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1070394170-13485805-302000740-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1070394170-13485805-302000740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (18 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1070394170-13485805-302000740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1070394170-13485805-302000740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cookie: [SBI $49804B54] Cookie (6) (Cookie, nothing done)
Cache: [SBI $49804B54] Cache (347) (Cache, nothing done)
History: [SBI $49804B54] History (101) (History, nothing done)
Cookie: [SBI $49804B54] Cookie (35) (Cookie, nothing done)
History: [SBI $49804B54] History (41) (History, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2013-12-28 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-01-08 Includes\Adware-000.sbi
2014-01-08 Includes\Adware-001.sbi
2014-01-08 Includes\Adware-C.sbi
2014-01-08 Includes\Adware.sbi
2014-01-03 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2014-01-08 Includes\Dialer-000.sbi
2014-01-08 Includes\Dialer-001.sbi
2014-01-08 Includes\Dialer-C.sbi
2014-01-08 Includes\Dialer.sbi
2013-04-11 Includes\DialerC.sbi
2013-04-11 Includes\HeavyDuty.sbi
2014-01-08 Includes\Hijackers-000.sbi
2014-01-08 Includes\Hijackers-001.sbi
2014-01-08 Includes\Hijackers-C.sbi
2014-01-08 Includes\Hijackers.sbi
2013-04-11 Includes\HijackersC.sbi
2014-01-08 Includes\iPhone-000.sbi
2014-01-08 Includes\iPhone.sbi
2014-01-08 Includes\Keyloggers-000.sbi
2014-01-08 Includes\Keyloggers-C.sbi
2014-01-08 Includes\Keyloggers.sbi
2013-10-30 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2013-05-29 Includes\Malware.sbi
2014-01-06 Includes\MalwareC.sbi
2012-11-14 Includes\PUPS.sbi
2014-01-07 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2014-01-08 Includes\Security-000.sbi
2014-01-08 Includes\Security-C.sbi
2014-01-08 Includes\Security.sbi
2013-10-30 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2014-01-08 Includes\Spyware-000.sbi
2014-01-08 Includes\Spyware-001.sbi
2014-01-08 Includes\Spyware-C.sbi
2014-01-08 Includes\Spyware.sbi
2013-08-06 Includes\SpywareC.sbi
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi
2013-12-11 Includes\TrojansC-02.sbi
2013-12-10 Includes\TrojansC-03.sbi
2014-01-07 Includes\TrojansC-04.sbi
2013-06-13 Includes\TrojansC-05.sbi
2013-08-06 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526
Run by Lynn at 23:12:20 on 2014-01-15
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{547EBCD8-F443-46FF-ACC6-753E28572E1F} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lynn\appdata\roaming\mozilla\firefox\profiles\tlx9jl26.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-01-15 08:42:13 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{82603fc8-35d4-4790-8127-4a5c611053d0}\mpengine.dll
2014-01-14 05:06:17 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f543d1ea-95b1-43b7-9088-7c59f9f49c73}\gapaengine.dll
2014-01-14 05:05:03 7760024 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-14 04:34:52 -------- d-----w- c:\program files\Microsoft Security Client
2014-01-14 04:34:10 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-04 03:45:11 -------- d--h--w- c:\windows\msdownld.tmp
2014-01-04 03:44:58 -------- d-----w- c:\program files\Microsoft
2014-01-04 03:44:19 -------- d--h--w- c:\programdata\Common Files
2014-01-04 03:44:18 -------- d-----w- c:\users\lynn\appdata\local\MFAData
2014-01-04 03:44:18 -------- d-----w- c:\users\lynn\appdata\local\Avg2014
2014-01-04 03:44:18 -------- d-----w- c:\programdata\MFAData
2014-01-04 02:59:06 7760024 ------w- c:\programdata\microsoft\windows defender\definition updates\{f2046fb7-8e4d-4cd5-a893-f7376af4360f}\mpengine.dll
2014-01-04 02:29:36 -------- d-----w- c:\windows\system32\appmgmt
2013-12-31 07:15:54 -------- d-----w- c:\users\lynn\appdata\local\Macromedia
2013-12-30 18:15:54 -------- d-----w- c:\users\lynn\appdata\local\Mozilla
2013-12-30 18:15:12 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-12-28 03:58:12 -------- d-----w- c:\windows\Migration
2013-12-24 12:51:07 -------- d-----w- c:\windows\system32\SearchProtect
.
==================== Find3M ====================
.
2013-12-31 06:56:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-31 06:56:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 09:32:04 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12:54 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 01:43:04 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43:06 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-30 00:35:24 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-10-22 07:19:59 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
============= FINISH: 23:13:02.32 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-15 23:13:46
-----------------------------
23:13:46.479 OS Version: Windows 6.0.6002 Service Pack 2
23:13:46.480 Number of processors: 1 586 0x5F02
23:13:46.481 ComputerName: COLLECTIVE UserName: Lynn
23:13:48.021 Initialize success
23:34:05.720 AVAST engine defs: 14011401
23:34:33.150 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000050
23:34:33.168 Disk 0 Vendor: WDC_WD16 05.0 Size: 152627MB BusType: 6
23:34:33.657 Disk 0 MBR read successfully
23:34:33.667 Disk 0 MBR scan
23:34:34.684 Disk 0 Windows VISTA default MBR code
23:34:34.707 Disk 0 Partition 1 00 06 FAT16 9800 MB offset 2048
23:34:35.141 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142825 MB offset 20072448
23:34:35.396 Disk 0 scanning sectors +312578048
23:34:35.787 Disk 0 scanning C:\Windows\system32\drivers
23:35:14.890 Service scanning
23:35:36.061 Service MpKsl4db7864d c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82603FC8-35D4-4790-8127-4A5C611053D0}\MpKsl4db7864d.sys **LOCKED** 32
23:36:01.232 Modules scanning
23:36:16.615 Disk 0 trace - called modules:
23:36:16.642 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
23:36:16.659 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f8f1b0]
23:36:16.703 3 CLASSPNP.SYS[861a28b3] -> nt!IofCallDriver -> [0x83974c20]
23:36:16.704 5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\00000050[0x83974788]
23:36:20.444 AVAST engine scan C:\Windows
23:36:23.661 AVAST engine scan C:\Windows\system32
23:42:10.367 AVAST engine scan C:\Windows\system32\drivers
23:42:33.517 AVAST engine scan C:\Users\Lynn
23:43:10.013 Disk 0 MBR has been saved successfully to "C:\Users\Lynn\Documents\MBR.dat"
23:43:10.151 The log file has been saved successfully to "C:\Users\Lynn\Documents\aswMBR.txt"
23:56:40.609 AVAST engine scan C:\ProgramData
23:57:25.358 Scan finished successfully
00:02:35.280 Disk 0 MBR has been saved successfully to "C:\Users\Lynn\Documents\MBR.dat"
00:02:35.316 The log file has been saved successfully to "C:\Users\Lynn\Documents\aswMBR.txt"
I almost feel like those scans aren't long enough, and some stuff seems a bit unnerving, but the error parsing is from
MOM.exe - Configuration parser error
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config
Parser returned error 0xC00CE509
I have the option of OK only then it proceeds to show;
CCC.exe - Configuration parser error
Error Parsing
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config
Parser returned error 0xC00E509
But they're just AMD Catalyst conflicts with Windows?
What catches my attention is;
Server = 192.168.1.1
TCP: Interfaces\{547EBCD8-F443-46FF-ACC6-753E28572E1F} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
Am I way off?