Jump to content

disinfectPL

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

1,180 profile views
  1. Ahem......maybe I spoke to soon. Why does my Mbam Web Protection getting turned off. When that happens I am unable to open my Mabam, although its in the tray and clickable. It keeps saying "real-time protection turned off". If I use task manager and quit all processes and then restart it works for some time and then whem I am browsing I get the message. Is there a known issue with Mbam?
  2. Malwarebytes shows its clean !! That's why I have Mbam on every device. Thank you so much for your help. Highly appreciated.
  3. Sorry for the lateness! I was having problems with my battery not being detected anymore, and my cpu is overheating. I hope this is not related to this virus crap. My new FRST is attached. FRST.txt Addition.txt
  4. FRST log. FRST_15-06-2018 18.42.55.txt Addition_15-06-2018 18.42.55.txt
  5. They all seem real. In my 15+ years of computer-ing, I have never had this crop up so out of the blue. I may get 2-3 on occasional MBam scans, but the last scan had 705 !! Of course, that is counting component files of the programs/malwares. But now I really need help to figure out what is happening. I have saved the MBAm scan output. So that is attached. Any help to do a thorough comp clean would be highly appreciated !! Thanks! Mbam Scan 705.txt
  6. @AdvancedSetupSorry that I am so late !! I actually gave up trying to get MBAM going and forgot about getting back. But I am back to trying again. I ran the script, it did its thing, I rebooted and tried to activate again. The screenshot is attached.
  7. Hi AdvancedSetup, Thanks for the reply and help. The mbam_check log is in my previous post. The other two logs are attached. Addition.txt FRST.txt
  8. I have been using MBAM for quite sometime, but now on Windows 10 I get the following error: I have a lifetime key. "There is problem with your license key and we are unable to activate your license." 1. I entered the key manually - several times. No change. 2. I used MBAM clean ver 2.3 to completely clean MBAM. REBOOTED and reinstalled MBAM. Still same error with activation. 3. Clicking update seems to connect to server, since it says no new updates. 4. Disabled "Windows defender" - the only antivirus I have. No change. 5. Cleaned and re-installed after reboots multiple times - same error. Attached is the mbam_check output. Your help is appreciated. CheckResults.txt
  9. I agree with greyowl. Ver 1.70 causes some really serious boot problems. I spent couple of weeks troubleshooting this here but to no avail. MBAM 1.70 hangs and completely freezes the computer. Only a restart works. Selective startup - done in safe mode - where I turned off MBAM start up fixes boot problems, but then scans always cause computer to freeze..... http://forums.malwarebytes.org/index.php?showtopic=120151&st=0
  10. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012 (ATTENTION: FRST version is 29 days old) Ran by SYSTEM at 26-01-2013 14:32:03 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet003 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.) HKLM\...\Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe" [193536 2010-10-08] (Mediafour Corporation) HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" -startup [481608 2008-08-22] (Corel, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.) HKLM-x32\...\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Photo Album 7\CorelIOMonitor.exe [37888 2008-08-22] () HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-12-29] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [336992 2012-05-30] (Power Software Ltd) HKU\Dibbs\...\Run: [Akamai NetSession Interface] "C:\Users\Dibbs\AppData\Local\Akamai\netsession_win.exe" [x] HKU\Dibbs\...\Run: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29S215PP05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1 [2573416 2012-10-17] (Hewlett-Packard Co.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\NI Error Reporting.lnk ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation) Startup: C:\Users\Dibbs\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () Startup: C:\Users\Dibbs\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk -> C:\Windows\System32\RunDll32.exe (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r [356376 2012-12-29] (Kaspersky Lab ZAO) 2 Crypkey License; crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) 2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) 2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [46192 2011-06-14] (National Instruments Corporation) 2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation) 2 M4LIC; "C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE" [205312 2010-07-20] (Mediafour Corporation) 4 MacDrive8Service; "C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe" [149504 2010-10-08] (Mediafour Corporation) 2 mxssvr; "C:\Program Files (x86)\National Instruments\MAX\nimxs.exe" [12696 2011-06-14] (National Instruments Corporation) 2 NIApplicationWebServer; "C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [50336 2011-05-27] (National Instruments Corporation) 4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [68256 2011-05-27] (National Instruments Corporation) 2 NIDomainService; "C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [362104 2011-06-14] (National Instruments Corporation) 3 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1427688 2010-08-02] (Macrovision Corporation) 2 nimDNSResponder; "C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe" [194224 2011-06-01] (National Instruments Corporation) 2 niSvcLoc; "C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe" -system [50328 2011-05-27] (National Instruments Corporation) 2 NITaggerService; "C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe" [676016 2011-06-14] (National Instruments Corporation) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-09-21] () 2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] () 2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.) ==================== Drivers (Whitelisted) ===================== 3 BTWUSB; C:\Windows\System32\Drivers\BTWUSB.sys [63744 2006-06-07] (Broadcom Corporation.) 1 CBDisk; C:\Windows\System32\Drivers\CBDisk.sys [70344 2010-05-12] (EldoS Corporation) 1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-15] (DT Soft Ltd) 0 KL1; C:\Windows\System32\Drivers\KL1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) 1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [613720 2012-12-29] (Kaspersky Lab) 1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) 3 klkbdflt; C:\Windows\System32\Drivers\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab) 3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab) 1 kltdi; C:\Windows\System32\Drivers\kltdi.sys [54104 2012-12-29] (Kaspersky Lab) 1 kneps; C:\Windows\System32\Drivers\kneps.sys [178008 2012-08-13] (Kaspersky Lab) 0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [307888 2010-10-07] (Mediafour Corporation) 0 MDPMGRNT; C:\Windows\System32\Drivers\MDPMGRNT.sys [32424 2010-10-21] (Mediafour Corporation) 1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] () 3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2011-09-02] () 3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2011-09-02] () 3 UBNRedir; C:\Windows\SysWow64\Drivers\UBNRedir.sys [6784 2011-12-31] (UniversalBox) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 2 MCSTRM; [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-26 11:01 - 2013-01-26 11:01 - 01464303 ____A (Farbar) C:\Users\Dibbs\Downloads\FRST64(1).exe 2013-01-26 07:08 - 2013-01-26 07:08 - 00021732 ____A C:\ComboFix.txt 2013-01-25 15:45 - 2013-01-25 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-01-24 15:45 - 2013-01-26 06:40 - 05026751 ____R (Swearware) C:\Users\Dibbs\Downloads\ComboFix.exe 2013-01-23 17:18 - 2013-01-23 17:18 - 00881914 ____A C:\Users\Dibbs\Downloads\SecurityCheck.exe 2013-01-23 17:08 - 2013-01-23 17:08 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Dibbs\Downloads\rkill(1).com 2013-01-22 18:42 - 2013-01-22 18:43 - 00007168 __ASH C:\Users\Dibbs\Documents\Thumbs.db 2013-01-22 18:41 - 2013-01-22 18:41 - 01172020 ____A C:\Users\Dibbs\Documents\elements finish 2.pptx 2013-01-21 04:24 - 2013-01-21 04:24 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Apple 2013-01-21 04:23 - 2013-01-21 04:23 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Apple Computer 2013-01-20 11:44 - 2013-01-20 11:45 - 00295488 ____A C:\Windows\Minidump\012013-28657-01.dmp 2013-01-20 11:36 - 2013-01-23 17:09 - 00002470 ____A C:\Users\Dibbs\Desktop\Rkill.txt 2013-01-20 11:35 - 2013-01-20 11:35 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Dibbs\Downloads\rkill.com 2013-01-20 11:31 - 2013-01-20 11:31 - 02057199 ____A C:\Users\Dibbs\Downloads\ParanoidPreferences.apk 2013-01-20 11:29 - 2013-01-20 11:29 - 22330090 ____A C:\Users\Dibbs\Downloads\i717-ICS-UCLF6-Modem.zip 2013-01-19 19:39 - 2013-01-19 19:39 - 00000000 ____D C:\Users\Dibbs\Desktop\Doctor Who - The Snowmen Christmas Special 2012 [MP4-AAC](oan) 2013-01-19 13:28 - 2013-01-19 13:28 - 14513085 ____A C:\Users\Dibbs\Desktop\ebaypics.zip 2013-01-19 12:44 - 2013-01-19 13:28 - 00000000 ____D C:\Users\Dibbs\Desktop\ebaypics 2013-01-19 10:28 - 2013-01-19 10:28 - 00001703 ____A C:\Users\Dibbs\Desktop\RKreport[5]_S_01192013_02d1328.txt 2013-01-19 10:27 - 2013-01-19 10:27 - 00764416 ____A C:\Users\Dibbs\Downloads\RogueKiller.exe 2013-01-19 10:25 - 2013-01-19 10:25 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Dibbs\Downloads\tdsskiller.exe 2013-01-19 10:25 - 2013-01-19 10:25 - 00001434 ____A C:\AdwCleaner[R2].txt 2013-01-19 10:24 - 2013-01-19 10:24 - 00574677 ____A C:\Users\Dibbs\Downloads\adwcleaner(1).exe 2013-01-19 10:23 - 2013-01-19 10:23 - 00000960 ____A C:\Users\Dibbs\Desktop\NTREGOPT.lnk 2013-01-19 10:23 - 2013-01-19 10:23 - 00000941 ____A C:\Users\Dibbs\Desktop\ERUNT.lnk 2013-01-19 10:23 - 2013-01-19 10:23 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-01-19 10:22 - 2013-01-19 10:22 - 00791393 ____A (Lars Hederer ) C:\Users\Dibbs\Downloads\erunt-setup.exe 2013-01-19 08:42 - 2013-01-19 09:07 - 00010627 ____A C:\Users\Dibbs\Desktop\Pratima_CoachesList.xlsx 2013-01-19 08:42 - 2013-01-19 08:42 - 00000165 ___AH C:\Users\Dibbs\Desktop\~$Pratima_CoachesList.xlsx 2013-01-18 17:38 - 2013-01-18 17:38 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-01-18 15:36 - 2013-01-18 15:36 - 00001929 ____A C:\Users\Public\Desktop\HitmanPro.lnk 2013-01-18 15:36 - 2013-01-18 15:36 - 00000000 ____D C:\Program Files\HitmanPro 2013-01-18 15:35 - 2013-01-18 17:39 - 00000000 ____D C:\Users\All Users\HitmanPro 2013-01-18 15:34 - 2013-01-18 15:35 - 09703176 ____A (SurfRight B.V.) C:\Users\Dibbs\Downloads\HitmanPro_x64.exe 2013-01-18 15:32 - 2013-01-18 15:32 - 02436672 ____A C:\Users\Dibbs\Downloads\bitdefender_antivirus.exe 2013-01-18 15:13 - 2013-01-18 15:13 - 00688992 ____R (Swearware) C:\Users\Dibbs\Downloads\dds(1).com 2013-01-18 15:03 - 2013-01-18 15:03 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Dibbs\Downloads\mbam-setup-1.70.0.1100(1).exe 2013-01-18 14:57 - 2013-01-18 15:12 - 00000472 ____A C:\Users\Dibbs\Downloads\defogger_disable.log 2013-01-18 14:57 - 2013-01-18 14:57 - 00050477 ____A C:\Users\Dibbs\Downloads\Defogger.exe 2013-01-18 14:57 - 2013-01-18 14:57 - 00000168 ____A C:\Users\Dibbs\defogger_reenable 2013-01-16 15:12 - 2013-01-18 15:16 - 00000000 ____D C:\Users\Dibbs\Documents\New folder 2013-01-16 15:10 - 2013-01-16 15:10 - 00688992 ____R (Swearware) C:\Users\Dibbs\Downloads\dds.com 2013-01-10 15:34 - 2013-01-10 17:59 - 728018944 ____A C:\Users\Dibbs\Downloads\ubuntu-12.04.1-desktop-amd64.iso 2013-01-08 06:05 - 2013-01-08 06:05 - 00774144 ____A (Microsoft Corporation) C:\Users\Dibbs\Downloads\nusb33e.exe 2013-01-08 05:57 - 2013-01-08 05:57 - 00010481 ____A C:\Users\Dibbs\Downloads\wtgenusb.zip 2013-01-08 05:51 - 2013-01-08 05:55 - 00000000 ____D C:\Users\Dibbs\Downloads\Windows 98_SECOND_English 2013-01-06 06:33 - 2013-01-06 06:34 - 00993824 ____A C:\Windows\Minidump\010613-29468-01.dmp 2013-01-04 05:30 - 2013-01-04 05:30 - 00003712 ____A C:\Windows\SysWOW64\ealregsnapshot1.reg 2013-01-04 05:07 - 2013-01-04 05:07 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Criterion Games 2013-01-02 17:41 - 2013-01-04 05:00 - 00000000 ____D C:\Users\Dibbs\Downloads\Burnout.Paradise.The.Ultimate.Box-RELOADED 2013-01-01 11:40 - 2013-01-01 11:40 - 00000381 ____A C:\Users\Dibbs\Documents\Rohan's type art (frowny face) unfinished.txt 2013-01-01 09:46 - 2013-01-01 09:46 - 00002152 ____A C:\Users\Dibbs\Documents\Rohan's type art (smiley face).txt 2012-12-30 11:47 - 2013-01-19 20:16 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\vlc 2012-12-30 11:47 - 2012-12-30 11:47 - 00001102 ____A C:\Users\Public\Desktop\VLC media player.lnk 2012-12-30 11:46 - 2012-12-30 11:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2012-12-30 11:45 - 2012-12-30 11:46 - 22916830 ____A C:\Users\Dibbs\Downloads\vlc-2.0.5-win32.exe 2012-12-29 16:55 - 2012-12-29 16:55 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2012-12-29 16:45 - 2012-12-29 16:45 - 00001334 ____A C:\Users\Dibbs\Desktop\3D Èíñòðóêòîð 2.2. Äîìàøíÿÿ âåðñèÿ.lnk 2012-12-29 16:45 - 2012-12-29 16:45 - 00000079 ____A C:\Users\Dibbs\Desktop\Èíôîðìàöèÿ ïî àêòèâàöèè ïðîäóêòà.url 2012-12-29 16:42 - 2012-12-29 16:44 - 00000000 ____D C:\Program Files (x86)\3D Instructor 2.2 Home 2012-12-29 16:41 - 2012-12-29 16:41 - 00000000 ____D C:\Users\Dibbs\Downloads\CityCarDriving.v.1.2.Eng 2012-12-29 16:38 - 2012-12-29 21:26 - 00002376 ____A C:\Users\Dibbs\Desktop\Safe Money.lnk 2012-12-29 16:34 - 2012-12-29 16:33 - 00001182 ____A C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk 2012-12-29 16:33 - 2012-12-29 16:33 - 00000000 ____D C:\Windows\ELAMBKUP 2012-12-29 16:33 - 2012-07-11 14:09 - 00064856 ____A (Kaspersky Lab) C:\Windows\System32\klfphc.dll 2012-12-29 16:28 - 2012-12-29 16:30 - 175777304 ____A (Kaspersky Lab) C:\Users\Dibbs\Downloads\kis2013_13.0.1.4190EN_3458.exe 2012-12-29 16:18 - 2012-12-29 16:18 - 00017408 ____A C:\Users\Dibbs\AppData\Local\WebpageIcons.db 2012-12-29 16:02 - 2013-01-24 14:01 - 00000000 ____D C:\Users\All Users\Kaspersky Lab 2012-12-29 16:02 - 2012-12-29 16:35 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2012-12-29 15:52 - 2012-12-29 15:52 - 22911336 ____A (SUPERAntiSpyware.com) C:\Users\Dibbs\Downloads\SUPERAntiSpyware(1).exe 2012-12-29 15:14 - 2012-12-29 15:14 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Dibbs\Downloads\mbam-setup-1.70.0.1100.exe 2012-12-29 15:07 - 2012-12-29 15:07 - 22911336 ____A (SUPERAntiSpyware.com) C:\Users\Dibbs\Downloads\SUPERAntiSpyware.exe 2012-12-29 12:11 - 2012-12-29 12:11 - 00001172 ____A C:\Users\Dibbs\Desktop\eMusic Download Manager 6.lnk 2012-12-29 12:11 - 2012-12-29 12:11 - 00000000 ____D C:\Program Files (x86)\eMusic Download Manager 6 2012-12-29 12:10 - 2012-12-29 12:11 - 14552720 ____A C:\Users\Dibbs\Downloads\emusic-dlm-installer-windows-6.0.2.exe 2012-12-29 11:18 - 2013-01-05 12:20 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\HpUpdate 2012-12-29 11:18 - 2012-12-29 11:18 - 00002272 ____A C:\Users\Public\Desktop\HP Officejet 4620 series.lnk 2012-12-29 11:18 - 2012-12-29 11:18 - 00001209 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 4620 series.lnk 2012-12-29 11:18 - 2012-10-17 01:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\System32\HPDiscoPM6412.dll 2012-12-29 11:17 - 2012-12-29 11:22 - 00000000 ____D C:\Users\Dibbs\AppData\Local\HP 2012-12-29 11:17 - 2012-12-29 11:18 - 00000000 ____D C:\Program Files (x86)\HP 2012-12-29 11:17 - 2012-12-29 11:17 - 00000057 ____A C:\Users\All Users\Ament.ini 2012-12-29 11:17 - 2012-12-29 11:17 - 00000000 ____D C:\Users\All Users\HP 2012-12-29 11:17 - 2012-12-29 11:17 - 00000000 ____D C:\Program Files\HP 2012-12-29 11:12 - 2012-12-29 11:13 - 119887328 ____A C:\Users\Dibbs\Downloads\OJ4620_1315.exe 2012-12-29 10:39 - 2012-12-29 10:39 - 00000000 ____D C:\FRST 2012-12-29 07:50 - 2013-01-19 12:38 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Adobe 2012-12-29 07:35 - 2012-12-29 07:35 - 01463381 ____A (Farbar) C:\Users\Dibbs\Downloads\FRST64.exe 2012-12-28 23:52 - 2012-12-28 23:52 - 00000000 ____D C:\found.000 2012-12-28 22:06 - 2012-12-29 08:23 - 00000000 ____D C:\Windows\pss 2012-12-28 21:18 - 2012-12-28 21:21 - 105603488 ____A C:\Users\Dibbs\Downloads\avira_free_antivirus_en.exe 2012-12-28 20:41 - 2012-12-28 20:41 - 00003636 ____A C:\AdwCleaner[s2].txt 2012-12-28 20:40 - 2012-12-28 20:40 - 00550017 ____A C:\Users\Dibbs\Downloads\adwcleaner.exe 2012-12-28 20:40 - 2012-12-28 20:40 - 00039699 ____A C:\AdwCleaner[R1].txt 2012-12-28 19:11 - 2012-12-28 19:11 - 00028566 ____A C:\Users\Dibbs\Documents\Attach.txt 2012-12-28 19:11 - 2012-12-28 19:11 - 00018388 ____A C:\Users\Dibbs\Documents\DDS.txt 2012-12-28 19:10 - 2013-01-18 15:15 - 00023933 ____A C:\Users\Dibbs\Desktop\dds.txt 2012-12-28 19:10 - 2013-01-18 15:15 - 00008856 ____A C:\Users\Dibbs\Desktop\attach.txt 2012-12-28 18:37 - 2013-01-18 15:30 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\QuickScan 2012-12-28 18:02 - 2012-12-29 15:54 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2012-12-28 17:53 - 2012-12-28 17:53 - 00001491 ____A C:\Users\Dibbs\Desktop\RKreport[3]_S_12282012_02d2053.txt 2012-12-28 17:53 - 2012-12-28 17:53 - 00001457 ____A C:\Users\Dibbs\Desktop\RKreport[4]_D_12282012_02d2053.txt 2012-12-28 17:20 - 2013-01-26 07:09 - 00000000 ____D C:\Qoobox 2012-12-28 17:20 - 2013-01-20 11:50 - 00000000 ____D C:\Windows\erdnt 2012-12-28 17:20 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-12-28 17:20 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-12-28 17:20 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-12-28 17:20 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-12-28 17:20 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-12-28 17:20 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-12-28 17:20 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-12-28 17:20 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-12-28 17:14 - 2012-12-28 17:14 - 00000132 ____A C:\Users\Dibbs\Documents\CFScript.txt 2012-12-28 17:01 - 2012-12-28 17:01 - 00002162 ____A C:\Users\Dibbs\Desktop\RKreport[2]_D_12282012_02d2001.txt 2012-12-28 17:00 - 2012-12-28 17:00 - 00002107 ____A C:\Users\Dibbs\Desktop\RKreport[1]_S_12282012_02d2000.txt 2012-12-28 16:59 - 2013-01-19 10:28 - 00000000 ____D C:\Users\Dibbs\Desktop\RK_Quarantine 2012-12-28 16:57 - 2012-12-28 21:07 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\EurekaLog 2012-12-28 16:54 - 2012-12-28 16:57 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7 2012-12-28 16:54 - 2012-12-28 16:54 - 00001072 ____A C:\Users\Dibbs\Desktop\Your Unin-staller!.lnk 2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\URSoft 2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\Babylon 2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Babylon 2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\All Users\Babylon 2012-12-28 16:36 - 2012-12-28 16:36 - 00000513 ____A C:\Users\Dibbs\Documents\WinZip TrialPzy.txt 2012-12-28 16:34 - 2012-12-28 16:34 - 00368856 ____A (WinZip Computing) C:\Users\Dibbs\Downloads\WinZip170.exe 2012-12-28 14:46 - 2012-12-28 15:20 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0 2012-12-28 11:47 - 2012-12-28 11:47 - 00001264 ____A C:\Users\Dibbs\Desktop\Revo Uninstaller.lnk 2012-12-28 11:47 - 2012-12-28 11:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2012-12-28 11:46 - 2012-12-28 11:47 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Dibbs\Downloads\revosetup.exe 2012-12-28 08:08 - 2012-12-28 08:08 - 00000000 ____D C:\Users\Dibbs\AppData\Local\RadonLabs 2012-12-28 08:03 - 2010-03-15 01:31 - 00165376 ____A C:\Windows\SysWOW64\unrar.dll 2012-12-28 08:00 - 2012-12-29 16:45 - 00001057 ____A C:\Windows\NLSDownlevelMapping.log 2012-12-28 07:59 - 2012-12-29 16:44 - 00000000 ____D C:\Users\Dibbs\Documents\Multisoft 2012-12-28 07:50 - 2012-12-28 07:55 - 408504248 ____A C:\Users\Dibbs\Downloads\CityCarDriving.v.1.2.Eng.rar 2012-12-27 19:52 - 2012-12-27 20:05 - 00000000 ____D C:\Users\Dibbs\Desktop\4GB USB DRIVE RED 2012-12-27 19:50 - 2012-12-27 19:53 - 00000000 ____D C:\Users\Dibbs\Downloads\imageusb 2012-12-27 19:49 - 2012-12-27 19:49 - 00432327 ___RA C:\Users\Dibbs\Downloads\imageusb.zip ==================== One Month Modified Files and Folders ======= 2013-01-26 11:24 - 2011-12-11 00:59 - 00410096 ____A C:\Windows\PFRO.log 2013-01-26 11:16 - 2011-12-10 22:45 - 01574240 ____A C:\Windows\WindowsUpdate.log 2013-01-26 11:14 - 2009-07-13 21:13 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-26 11:07 - 2011-12-10 22:18 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\Skype 2013-01-26 11:01 - 2013-01-26 11:01 - 01464303 ____A (Farbar) C:\Users\Dibbs\Downloads\FRST64(1).exe 2013-01-26 10:33 - 2012-01-09 14:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1616424981-3898423210-350200610-1000UA.job 2013-01-26 07:09 - 2012-12-28 17:20 - 00000000 ____D C:\Qoobox 2013-01-26 07:08 - 2013-01-26 07:08 - 00021732 ____A C:\ComboFix.txt 2013-01-26 06:55 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2013-01-26 06:40 - 2013-01-24 15:45 - 05026751 ____R (Swearware) C:\Users\Dibbs\Downloads\ComboFix.exe 2013-01-26 06:30 - 2012-01-09 14:03 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1616424981-3898423210-350200610-1000Core.job 2013-01-26 06:21 - 2012-03-31 05:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-01-25 15:45 - 2013-01-25 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-01-24 14:01 - 2012-12-29 16:02 - 00000000 ____D C:\Users\All Users\Kaspersky Lab 2013-01-24 00:34 - 2012-01-09 14:04 - 00002364 ____A C:\Users\Dibbs\Desktop\Google Chrome.lnk 2013-01-23 17:18 - 2013-01-23 17:18 - 00881914 ____A C:\Users\Dibbs\Downloads\SecurityCheck.exe 2013-01-23 17:09 - 2013-01-20 11:36 - 00002470 ____A C:\Users\Dibbs\Desktop\Rkill.txt 2013-01-23 17:08 - 2013-01-23 17:08 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Dibbs\Downloads\rkill(1).com 2013-01-22 18:43 - 2013-01-22 18:42 - 00007168 __ASH C:\Users\Dibbs\Documents\Thumbs.db 2013-01-22 18:41 - 2013-01-22 18:41 - 01172020 ____A C:\Users\Dibbs\Documents\elements finish 2.pptx 2013-01-22 18:40 - 2009-07-13 20:51 - 00120697 ____A C:\Windows\setupact.log 2013-01-22 13:02 - 2009-07-13 20:45 - 00014592 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-22 13:02 - 2009-07-13 20:45 - 00014592 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-22 12:55 - 2011-12-10 23:36 - 00000000 ____D C:\users\Dibbs 2013-01-22 12:54 - 2011-12-11 00:50 - 00016864 ____A C:\Windows\error.log 2013-01-22 12:54 - 2011-12-11 00:50 - 00003892 ____A C:\Windows\errord.log 2013-01-22 12:54 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-22 05:04 - 2011-12-27 16:52 - 00000000 ____D C:\Users\Dibbs\AppData\Local\CrashDumps 2013-01-21 04:24 - 2013-01-21 04:24 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Apple 2013-01-21 04:23 - 2013-01-21 04:23 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Apple Computer 2013-01-20 12:04 - 2011-12-10 22:16 - 00000000 ____D C:\Users\All Users\Skype 2013-01-20 11:54 - 2009-07-13 21:08 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-01-20 11:50 - 2012-12-28 17:20 - 00000000 ____D C:\Windows\erdnt 2013-01-20 11:45 - 2013-01-20 11:44 - 00295488 ____A C:\Windows\Minidump\012013-28657-01.dmp 2013-01-20 11:44 - 2012-07-19 02:49 - 632107619 ____A C:\Windows\MEMORY.DMP 2013-01-20 11:44 - 2012-02-11 10:08 - 00000000 ____D C:\Windows\Minidump 2013-01-20 11:35 - 2013-01-20 11:35 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Dibbs\Downloads\rkill.com 2013-01-20 11:31 - 2013-01-20 11:31 - 02057199 ____A C:\Users\Dibbs\Downloads\ParanoidPreferences.apk 2013-01-20 11:29 - 2013-01-20 11:29 - 22330090 ____A C:\Users\Dibbs\Downloads\i717-ICS-UCLF6-Modem.zip 2013-01-19 20:16 - 2012-12-30 11:47 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\vlc 2013-01-19 19:39 - 2013-01-19 19:39 - 00000000 ____D C:\Users\Dibbs\Desktop\Doctor Who - The Snowmen Christmas Special 2012 [MP4-AAC](oan) 2013-01-19 13:28 - 2013-01-19 13:28 - 14513085 ____A C:\Users\Dibbs\Desktop\ebaypics.zip 2013-01-19 13:28 - 2013-01-19 12:44 - 00000000 ____D C:\Users\Dibbs\Desktop\ebaypics 2013-01-19 12:38 - 2012-12-29 07:50 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Adobe 2013-01-19 12:35 - 2012-01-10 09:44 - 00000000 ____D C:\Users\All Users\FLEXnet 2013-01-19 10:28 - 2013-01-19 10:28 - 00001703 ____A C:\Users\Dibbs\Desktop\RKreport[5]_S_01192013_02d1328.txt 2013-01-19 10:28 - 2012-12-28 16:59 - 00000000 ____D C:\Users\Dibbs\Desktop\RK_Quarantine 2013-01-19 10:27 - 2013-01-19 10:27 - 00764416 ____A C:\Users\Dibbs\Downloads\RogueKiller.exe 2013-01-19 10:25 - 2013-01-19 10:25 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Dibbs\Downloads\tdsskiller.exe 2013-01-19 10:25 - 2013-01-19 10:25 - 00001434 ____A C:\AdwCleaner[R2].txt 2013-01-19 10:24 - 2013-01-19 10:24 - 00574677 ____A C:\Users\Dibbs\Downloads\adwcleaner(1).exe 2013-01-19 10:23 - 2013-01-19 10:23 - 00000960 ____A C:\Users\Dibbs\Desktop\NTREGOPT.lnk 2013-01-19 10:23 - 2013-01-19 10:23 - 00000941 ____A C:\Users\Dibbs\Desktop\ERUNT.lnk 2013-01-19 10:23 - 2013-01-19 10:23 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-01-19 10:22 - 2013-01-19 10:22 - 00791393 ____A (Lars Hederer ) C:\Users\Dibbs\Downloads\erunt-setup.exe 2013-01-19 09:07 - 2013-01-19 08:42 - 00010627 ____A C:\Users\Dibbs\Desktop\Pratima_CoachesList.xlsx 2013-01-19 08:42 - 2013-01-19 08:42 - 00000165 ___AH C:\Users\Dibbs\Desktop\~$Pratima_CoachesList.xlsx 2013-01-18 17:39 - 2013-01-18 15:35 - 00000000 ____D C:\Users\All Users\HitmanPro 2013-01-18 17:38 - 2013-01-18 17:38 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-01-18 17:38 - 2012-06-02 11:39 - 00000000 ____D C:\Users\Dibbs\Downloads\DigiDNA.DiskAid.v5.1.2.Incl.Keygen-Lz0 2013-01-18 15:36 - 2013-01-18 15:36 - 00001929 ____A C:\Users\Public\Desktop\HitmanPro.lnk 2013-01-18 15:36 - 2013-01-18 15:36 - 00000000 ____D C:\Program Files\HitmanPro 2013-01-18 15:35 - 2013-01-18 15:34 - 09703176 ____A (SurfRight B.V.) C:\Users\Dibbs\Downloads\HitmanPro_x64.exe 2013-01-18 15:32 - 2013-01-18 15:32 - 02436672 ____A C:\Users\Dibbs\Downloads\bitdefender_antivirus.exe 2013-01-18 15:30 - 2012-12-28 18:37 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\QuickScan 2013-01-18 15:16 - 2013-01-16 15:12 - 00000000 ____D C:\Users\Dibbs\Documents\New folder 2013-01-18 15:15 - 2012-12-28 19:10 - 00023933 ____A C:\Users\Dibbs\Desktop\dds.txt 2013-01-18 15:15 - 2012-12-28 19:10 - 00008856 ____A C:\Users\Dibbs\Desktop\attach.txt 2013-01-18 15:13 - 2013-01-18 15:13 - 00688992 ____R (Swearware) C:\Users\Dibbs\Downloads\dds(1).com 2013-01-18 15:12 - 2013-01-18 14:57 - 00000472 ____A C:\Users\Dibbs\Downloads\defogger_disable.log 2013-01-18 15:03 - 2013-01-18 15:03 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Dibbs\Downloads\mbam-setup-1.70.0.1100(1).exe 2013-01-18 14:57 - 2013-01-18 14:57 - 00050477 ____A C:\Users\Dibbs\Downloads\Defogger.exe 2013-01-18 14:57 - 2013-01-18 14:57 - 00000168 ____A C:\Users\Dibbs\defogger_reenable 2013-01-16 17:59 - 2011-12-27 17:37 - 00000000 ____D C:\Program Files (x86)\Opera 2013-01-16 15:10 - 2013-01-16 15:10 - 00688992 ____R (Swearware) C:\Users\Dibbs\Downloads\dds.com 2013-01-10 17:59 - 2013-01-10 15:34 - 728018944 ____A C:\Users\Dibbs\Downloads\ubuntu-12.04.1-desktop-amd64.iso 2013-01-08 06:05 - 2013-01-08 06:05 - 00774144 ____A (Microsoft Corporation) C:\Users\Dibbs\Downloads\nusb33e.exe 2013-01-08 05:57 - 2013-01-08 05:57 - 00010481 ____A C:\Users\Dibbs\Downloads\wtgenusb.zip 2013-01-08 05:55 - 2013-01-08 05:51 - 00000000 ____D C:\Users\Dibbs\Downloads\Windows 98_SECOND_English 2013-01-06 08:41 - 2012-02-13 18:16 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Corel 2013-01-06 08:24 - 2012-02-13 18:17 - 00000952 __ASH C:\Windows\SysWOW64\KGyGaAvL.sys 2013-01-06 06:34 - 2013-01-06 06:33 - 00993824 ____A C:\Windows\Minidump\010613-29468-01.dmp 2013-01-05 12:20 - 2012-12-29 11:18 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\HpUpdate 2013-01-04 05:30 - 2013-01-04 05:30 - 00003712 ____A C:\Windows\SysWOW64\ealregsnapshot1.reg 2013-01-04 05:29 - 2011-12-11 00:53 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Downloaded Installations 2013-01-04 05:11 - 2011-12-23 12:33 - 00000000 ____D C:\Program Files (x86)\Electronic Arts 2013-01-04 05:11 - 2011-12-23 12:32 - 00435055 ____A C:\Windows\DirectX.log 2013-01-04 05:07 - 2013-01-04 05:07 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Criterion Games 2013-01-04 05:00 - 2013-01-02 17:41 - 00000000 ____D C:\Users\Dibbs\Downloads\Burnout.Paradise.The.Ultimate.Box-RELOADED 2013-01-03 17:05 - 2012-10-25 16:15 - 00000000 ____D C:\Users\Dibbs\Documents\18 WoS Extreme Trucker 2 2013-01-01 11:40 - 2013-01-01 11:40 - 00000381 ____A C:\Users\Dibbs\Documents\Rohan's type art (frowny face) unfinished.txt 2013-01-01 09:46 - 2013-01-01 09:46 - 00002152 ____A C:\Users\Dibbs\Documents\Rohan's type art (smiley face).txt 2012-12-30 11:47 - 2012-12-30 11:47 - 00001102 ____A C:\Users\Public\Desktop\VLC media player.lnk 2012-12-30 11:46 - 2012-12-30 11:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2012-12-30 11:46 - 2012-12-30 11:45 - 22916830 ____A C:\Users\Dibbs\Downloads\vlc-2.0.5-win32.exe 2012-12-29 21:26 - 2012-12-29 16:38 - 00002376 ____A C:\Users\Dibbs\Desktop\Safe Money.lnk 2012-12-29 18:22 - 2012-10-25 14:23 - 00613720 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys 2012-12-29 18:22 - 2012-06-08 08:38 - 00054104 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\kltdi.sys 2012-12-29 17:40 - 2012-11-29 17:52 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk 2012-12-29 16:55 - 2012-12-29 16:55 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2012-12-29 16:45 - 2012-12-29 16:45 - 00001334 ____A C:\Users\Dibbs\Desktop\3D Èíñòðóêòîð 2.2. Äîìàøíÿÿ âåðñèÿ.lnk 2012-12-29 16:45 - 2012-12-29 16:45 - 00000079 ____A C:\Users\Dibbs\Desktop\Èíôîðìàöèÿ ïî àêòèâàöèè ïðîäóêòà.url 2012-12-29 16:45 - 2012-12-28 08:00 - 00001057 ____A C:\Windows\NLSDownlevelMapping.log 2012-12-29 16:44 - 2012-12-29 16:42 - 00000000 ____D C:\Program Files (x86)\3D Instructor 2.2 Home 2012-12-29 16:44 - 2012-12-28 07:59 - 00000000 ____D C:\Users\Dibbs\Documents\Multisoft 2012-12-29 16:41 - 2012-12-29 16:41 - 00000000 ____D C:\Users\Dibbs\Downloads\CityCarDriving.v.1.2.Eng 2012-12-29 16:35 - 2012-12-29 16:02 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2012-12-29 16:33 - 2012-12-29 16:34 - 00001182 ____A C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk 2012-12-29 16:33 - 2012-12-29 16:33 - 00000000 ____D C:\Windows\ELAMBKUP 2012-12-29 16:30 - 2012-12-29 16:28 - 175777304 ____A (Kaspersky Lab) C:\Users\Dibbs\Downloads\kis2013_13.0.1.4190EN_3458.exe 2012-12-29 16:18 - 2012-12-29 16:18 - 00017408 ____A C:\Users\Dibbs\AppData\Local\WebpageIcons.db 2012-12-29 15:54 - 2012-12-28 18:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2012-12-29 15:52 - 2012-12-29 15:52 - 22911336 ____A (SUPERAntiSpyware.com) C:\Users\Dibbs\Downloads\SUPERAntiSpyware(1).exe 2012-12-29 15:14 - 2012-12-29 15:14 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Dibbs\Downloads\mbam-setup-1.70.0.1100.exe 2012-12-29 15:07 - 2012-12-29 15:07 - 22911336 ____A (SUPERAntiSpyware.com) C:\Users\Dibbs\Downloads\SUPERAntiSpyware.exe 2012-12-29 12:11 - 2012-12-29 12:11 - 00001172 ____A C:\Users\Dibbs\Desktop\eMusic Download Manager 6.lnk 2012-12-29 12:11 - 2012-12-29 12:11 - 00000000 ____D C:\Program Files (x86)\eMusic Download Manager 6 2012-12-29 12:11 - 2012-12-29 12:10 - 14552720 ____A C:\Users\Dibbs\Downloads\emusic-dlm-installer-windows-6.0.2.exe 2012-12-29 11:22 - 2012-12-29 11:17 - 00000000 ____D C:\Users\Dibbs\AppData\Local\HP 2012-12-29 11:18 - 2012-12-29 11:18 - 00002272 ____A C:\Users\Public\Desktop\HP Officejet 4620 series.lnk 2012-12-29 11:18 - 2012-12-29 11:18 - 00001209 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 4620 series.lnk 2012-12-29 11:18 - 2012-12-29 11:17 - 00000000 ____D C:\Program Files (x86)\HP 2012-12-29 11:17 - 2012-12-29 11:17 - 00000057 ____A C:\Users\All Users\Ament.ini 2012-12-29 11:17 - 2012-12-29 11:17 - 00000000 ____D C:\Users\All Users\HP 2012-12-29 11:17 - 2012-12-29 11:17 - 00000000 ____D C:\Program Files\HP 2012-12-29 11:13 - 2012-12-29 11:12 - 119887328 ____A C:\Users\Dibbs\Downloads\OJ4620_1315.exe 2012-12-29 10:39 - 2012-12-29 10:39 - 00000000 ____D C:\FRST 2012-12-29 08:23 - 2012-12-28 22:06 - 00000000 ____D C:\Windows\pss 2012-12-29 07:35 - 2012-12-29 07:35 - 01463381 ____A (Farbar) C:\Users\Dibbs\Downloads\FRST64.exe 2012-12-28 23:52 - 2012-12-28 23:52 - 00000000 ____D C:\found.000 2012-12-28 22:26 - 2011-12-27 19:10 - 00000000 ____D C:\Program Files (x86)\Steam 2012-12-28 21:21 - 2012-12-28 21:18 - 105603488 ____A C:\Users\Dibbs\Downloads\avira_free_antivirus_en.exe 2012-12-28 21:07 - 2012-12-28 16:57 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\EurekaLog 2012-12-28 20:41 - 2012-12-28 20:41 - 00003636 ____A C:\AdwCleaner[s2].txt 2012-12-28 20:40 - 2012-12-28 20:40 - 00550017 ____A C:\Users\Dibbs\Downloads\adwcleaner.exe 2012-12-28 20:40 - 2012-12-28 20:40 - 00039699 ____A C:\AdwCleaner[R1].txt 2012-12-28 19:11 - 2012-12-28 19:11 - 00028566 ____A C:\Users\Dibbs\Documents\Attach.txt 2012-12-28 19:11 - 2012-12-28 19:11 - 00018388 ____A C:\Users\Dibbs\Documents\DDS.txt 2012-12-28 19:09 - 2012-07-26 15:27 - 00000000 ____D C:\Users\Dibbs\Downloads\TOSHIBA 2012-12-28 17:53 - 2012-12-28 17:53 - 00001491 ____A C:\Users\Dibbs\Desktop\RKreport[3]_S_12282012_02d2053.txt 2012-12-28 17:53 - 2012-12-28 17:53 - 00001457 ____A C:\Users\Dibbs\Desktop\RKreport[4]_D_12282012_02d2053.txt 2012-12-28 17:14 - 2012-12-28 17:14 - 00000132 ____A C:\Users\Dibbs\Documents\CFScript.txt 2012-12-28 17:01 - 2012-12-28 17:01 - 00002162 ____A C:\Users\Dibbs\Desktop\RKreport[2]_D_12282012_02d2001.txt 2012-12-28 17:00 - 2012-12-28 17:00 - 00002107 ____A C:\Users\Dibbs\Desktop\RKreport[1]_S_12282012_02d2000.txt 2012-12-28 16:57 - 2012-12-28 16:54 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7 2012-12-28 16:54 - 2012-12-28 16:54 - 00001072 ____A C:\Users\Dibbs\Desktop\Your Unin-staller!.lnk 2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\URSoft 2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\Babylon 2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Babylon 2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\All Users\Babylon 2012-12-28 16:36 - 2012-12-28 16:36 - 00000513 ____A C:\Users\Dibbs\Documents\WinZip TrialPzy.txt 2012-12-28 16:34 - 2012-12-28 16:34 - 00368856 ____A (WinZip Computing) C:\Users\Dibbs\Downloads\WinZip170.exe 2012-12-28 15:20 - 2012-12-28 14:46 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0 2012-12-28 11:49 - 2012-05-06 17:36 - 00870128 ____A C:\Users\Dibbs\AppData\Roaming\mcs.rma 2012-12-28 11:47 - 2012-12-28 11:47 - 00001264 ____A C:\Users\Dibbs\Desktop\Revo Uninstaller.lnk 2012-12-28 11:47 - 2012-12-28 11:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2012-12-28 11:47 - 2012-12-28 11:46 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Dibbs\Downloads\revosetup.exe 2012-12-28 11:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources 2012-12-28 11:06 - 2012-06-02 11:25 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\DiskAid 2012-12-28 08:08 - 2012-12-28 08:08 - 00000000 ____D C:\Users\Dibbs\AppData\Local\RadonLabs 2012-12-28 07:55 - 2012-12-28 07:50 - 408504248 ____A C:\Users\Dibbs\Downloads\CityCarDriving.v.1.2.Eng.rar 2012-12-27 20:05 - 2012-12-27 19:52 - 00000000 ____D C:\Users\Dibbs\Desktop\4GB USB DRIVE RED 2012-12-27 19:53 - 2012-12-27 19:50 - 00000000 ____D C:\Users\Dibbs\Downloads\imageusb 2012-12-27 19:49 - 2012-12-27 19:49 - 00432327 ___RA C:\Users\Dibbs\Downloads\imageusb.zip ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-01-22 14:24:29 Restore point made on: 2013-01-24 15:48:08 Restore point made on: 2013-01-26 06:40:54 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 3893.86 MB Available physical RAM: 3261.83 MB Total Pagefile: 3892.01 MB Available Pagefile: 3247.05 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:337.41 GB) (Free:132.97 GB) NTFS 3 Drive f: () (Removable) (Total:7.46 GB) (Free:6.37 GB) FAT32 4 Drive g: (Blank) (Removable) (Total:0.96 GB) (Free:0.02 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 7647 MB 0 B Disk 2 Online 984 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 337 GB 101 MB Partition 3 Primary 117 GB 337 GB Partition 4 Primary 10 GB 455 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 337 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 83 Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Disk: 0 Partition 4 Type : 82 Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7646 MB 1024 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 7646 MB Healthy ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 983 MB 16 KB ================================================================================== Disk: 2 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G Blank FAT Removable 983 MB Healthy ========================================================= Last Boot: 2013-01-23 21:02 ==================== End Of Log =============================
  11. Thanks so much for your reply. I'm running farbar. Yes, I have MBAM pro license - lifetime version. MBAM was the only software for virus/malware I installed. I did install Kaspersky when MBAM was on there, and it was a ~4 months ago I think (??). Other software like BitDefender, SuperAntispyware and Avira seem to run through a quick scan all right. This is only happening on the newest version of MBAM (sorry, do not remember version #) - the one with the blue M icon. The old RED Icon M seems t run fine - at least on my other computer. Aha, maybe I should try to udpate the other computer and see if I get a freeze, then it has to be sotware ??? Just srtruck me..... 1. Where is ComboFix-quarantined-files.txt stored? Many thanks.
  12. Hi, Here is ComboFix log. BTW, re the freezing of MBAM, I have waited even overnight for it to finish. But everything is just completely forzen.... no mouse movements, no nothing. ComboFix 13-01-26.02 - Dibbs 01/26/2013 9:41.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2320 [GMT -5:00] Running from: c:\users\Dibbs\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 ))))))))))))))))))))))))))))))) . . 2013-01-26 14:55 . 2013-01-26 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-22 13:45 . 2013-01-23 09:36 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAFC8448-AE01-4C5C-863D-ABFF87C948AC}\offreg.dll 2013-01-21 12:24 . 2013-01-21 12:24 -------- d-----w- c:\users\Dibbs\AppData\Local\Apple 2013-01-21 12:23 . 2013-01-21 12:23 -------- d-----w- c:\users\Dibbs\AppData\Local\Apple Computer 2013-01-19 18:23 . 2013-01-19 18:23 -------- d-----w- c:\program files (x86)\ERUNT 2013-01-19 01:38 . 2013-01-19 01:38 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-01-18 23:36 . 2013-01-18 23:36 -------- d-----w- c:\program files\HitmanPro 2013-01-18 23:35 . 2013-01-19 01:39 -------- d-----w- c:\programdata\HitmanPro 2013-01-04 13:30 . 2013-01-04 13:30 3712 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg 2013-01-04 13:07 . 2013-01-04 13:07 -------- d-----w- c:\users\Dibbs\AppData\Local\Criterion Games 2012-12-30 19:47 . 2013-01-20 04:16 -------- d-----w- c:\users\Dibbs\AppData\Roaming\vlc 2012-12-30 19:46 . 2012-12-30 19:46 -------- d-----w- c:\program files (x86)\VideoLAN 2012-12-30 00:55 . 2012-12-30 00:55 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack 2012-12-30 00:42 . 2012-12-30 00:44 -------- d-----w- c:\program files (x86)\3D Instructor 2.2 Home 2012-12-30 00:33 . 2012-07-11 22:09 64856 ----a-w- c:\windows\system32\klfphc.dll 2012-12-30 00:33 . 2012-12-30 00:33 -------- d-----w- c:\windows\ELAMBKUP 2012-12-30 00:02 . 2012-12-30 00:35 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2012-12-30 00:02 . 2013-01-24 22:01 -------- d-----w- c:\programdata\Kaspersky Lab 2012-12-29 20:11 . 2012-12-29 20:11 -------- d-----w- c:\users\Dibbs\AppData\Local\eMusic 2012-12-29 20:11 . 2012-12-29 20:11 -------- d-----w- c:\program files (x86)\eMusic Download Manager 6 2012-12-29 19:18 . 2013-01-05 20:20 -------- d-----w- c:\users\Dibbs\AppData\Roaming\HpUpdate 2012-12-29 19:18 . 2012-10-17 09:31 741480 ------w- c:\windows\system32\HPDiscoPM6412.dll 2012-12-29 19:17 . 2012-12-29 19:18 -------- d-----w- c:\program files (x86)\HP 2012-12-29 19:17 . 2012-12-29 19:17 -------- d-----w- c:\programdata\HP 2012-12-29 19:17 . 2012-12-29 19:17 -------- d-----w- c:\program files\HP 2012-12-29 19:17 . 2012-12-29 19:22 -------- d-----w- c:\users\Dibbs\AppData\Local\HP 2012-12-29 18:39 . 2012-12-29 18:39 -------- d-----w- C:\FRST 2012-12-29 15:50 . 2013-01-19 20:38 -------- d-----w- c:\users\Dibbs\AppData\Local\Adobe 2012-12-29 07:52 . 2012-12-29 07:52 -------- d-----w- C:\found.000 2012-12-29 02:37 . 2013-01-18 23:30 -------- d-----w- c:\users\Dibbs\AppData\Roaming\QuickScan 2012-12-29 02:02 . 2012-12-29 23:54 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-12-29 00:57 . 2012-12-29 05:07 -------- d-----w- c:\users\Dibbs\AppData\Roaming\EurekaLog 2012-12-29 00:54 . 2012-12-29 00:54 -------- d-----w- c:\users\Dibbs\AppData\Roaming\URSoft 2012-12-29 00:54 . 2012-12-29 00:57 -------- d-----w- c:\program files (x86)\Your Uninstaller! 7 2012-12-29 00:54 . 2012-12-29 00:54 -------- d-----w- c:\users\Dibbs\AppData\Local\Babylon 2012-12-29 00:54 . 2012-12-29 00:54 -------- d-----w- c:\users\Dibbs\AppData\Roaming\Babylon 2012-12-29 00:54 . 2012-12-29 00:54 -------- d-----w- c:\programdata\Babylon 2012-12-29 00:36 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAFC8448-AE01-4C5C-863D-ABFF87C948AC}\mpengine.dll 2012-12-28 22:46 . 2012-12-28 23:20 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2012-12-28 19:47 . 2012-12-28 19:47 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-12-28 19:04 . 2012-12-28 19:04 -------- d-----w- c:\users\Dibbs\AppData\Local\Programs 2012-12-28 16:08 . 2012-12-28 16:08 -------- d-----w- c:\users\Dibbs\AppData\Local\RadonLabs 2012-12-28 16:03 . 2010-03-15 09:31 165376 ----a-w- c:\windows\SysWow64\unrar.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-30 02:22 . 2012-10-25 22:23 613720 ----a-w- c:\windows\system32\drivers\klif.sys 2012-12-30 02:22 . 2012-06-08 16:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys 2012-12-21 21:52 . 2012-07-02 22:18 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-21 21:52 . 2011-12-11 08:18 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Dibbs\AppData\Local\Akamai\netsession_win.exe" [bU] "HP Officejet 4620 series (NET)"="c:\program files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Photo Album 7\CorelIOMonitor.exe" [2008-08-22 37888] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-12-30 356376] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-05-31 336992] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] . c:\users\Dibbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2007-2-27 982320] NI Error Reporting.lnk - c:\program files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [2011-6-19 619672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-10 1038088] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] R3 LVUVC64;Logitech Webcam C260(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-11-01 12800] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-11-01 171008] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-09-03 19936] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-09-03 13280] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104] R3 UBNRedir;UBNRedir;c:\windows\system32\DRIVERS\ubnredir.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R4 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 149504] R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 68256] S0 MDFSYSNT;MacDrive file system driver; [x] S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2010-10-21 32424] S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-05-12 70344] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-15 283200] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-12-30 54104] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008] S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-07-20 205312] S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336] S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224] S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-06-15 548264] S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688] . . Contents of the 'Scheduled Tasks' folder . 2013-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1616424981-3898423210-350200610-1000Core.job - c:\users\Dibbs\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 22:03] . 2013-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1616424981-3898423210-350200610-1000UA.job - c:\users\Dibbs\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 22:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.110.223\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.110.223\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584] "MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 193536] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256] "Corel Photo Downloader"="c:\program files (x86)\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" [2008-08-22 481608] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie.htm Trusted Zone: rhapsody.com\rhap-app-4-0 Trusted Zone: rhapsody.com\rhapreg TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Dibbs\AppData\Roaming\Mozilla\Firefox\Profiles\zpncz643.default\ FF - ExtSQL: 2012-12-29 19:33; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2012-12-29 19:33; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2012-12-29 19:33; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2012-12-29 19:33; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2012-12-29 19:33; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF - ExtSQL: 2013-01-18 18:30; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Dibbs\AppData\Roaming\Mozilla\Firefox\Profiles\zpncz643.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) ShellIconOverlayIdentifiers-MacDrive volume icons - (no file) AddRemove-Akamai - c:\users\Dibbs\AppData\Local\Akamai\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1616424981-3898423210-350200610-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{49CA60F3-7D7F-D540-3F44-7A99EEF0DD39}*] "bbemohkjfbokbpgcjepnbjjcmenjofagdkcf"=hex:61,62,6a,68,6f,61,6c,69,62,6b,64,6a, 70,65,64,64,64,61,6c,64,67,61,68,69,65,70,6d,63,67,62,62,6f,6d,6e,00,00 "abemohkjfbokbpgcjecoobljmjnpjiikjl"=hex:61,62,6f,67,6b,67,63,63,70,61,70,64, 70,70,6c,6f,63,6c,6d,6f,70,69,6a,65,67,62,70,63,65,6d,64,6f,70,68,00,00 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-26 10:08:46 ComboFix-quarantined-files.txt 2013-01-26 15:08 ComboFix2.txt 2012-12-29 01:42 . Pre-Run: 143,303,532,544 bytes free Post-Run: 142,841,683,968 bytes free . - - End Of File - - 143AC534FE9450D52AA50DF87D1CF5B1
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.