Jump to content

daveonbass

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Waupun, WI
  1. What I meant by "fixed" is that Malwarebytes now loads properly. Here's the file: ComboFix 12-09-11.02 - Owner 09/11/2012 23:38:09.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.3343 [GMT -5:00] Running from: c:\users\Owner\Downloads\ComboFix.exe AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\SPL140D.tmp c:\programdata\SPL4920.tmp c:\programdata\SPL6141.tmp c:\programdata\SPL6B68.tmp c:\programdata\SPL6D99.tmp c:\programdata\SPL9610.tmp c:\users\Owner\AppData\Roaming\Config c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\btaw.url c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\btc.url c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\btis.url c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\BTP.url c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\BTRA.url c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\Bu.url c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\Cf.url c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ECEB.url c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\SBC.url c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\THYP (2).url c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\THYP.url c:\users\Owner\GoToAssistDownloadHelper.exe c:\users\TEMP\prfDDDF.tmp c:\windows\Downloaded Program Files\tgctlsr.dll . . ((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 ))))))))))))))))))))))))))))))) . . 2012-09-12 03:20 . 2012-09-12 03:20 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys 2012-09-12 02:02 . 2012-09-12 02:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-12 02:02 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-08 14:05 . 2012-09-08 14:05 -------- d-----w- c:\users\Owner\AppData\Local\HerraizSoto 2012-09-08 14:01 . 2012-09-08 14:01 -------- d-----w- c:\program files (x86)\HerraizSoto 2012-09-05 04:43 . 2012-09-05 04:43 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-01 15:27 . 2012-09-01 15:27 -------- d-----w- c:\users\Owner\AppData\Local\Amazon 2012-09-01 15:27 . 2012-09-01 15:27 101680 ----a-w- c:\windows\system32\stkMonitor.dll 2012-08-25 13:13 . 2012-08-25 15:44 -------- d-----w- c:\programdata\Comodo 2012-08-25 12:32 . 2012-08-25 13:13 -------- d-----w- c:\programdata\CPA_VA 2012-08-25 05:05 . 2012-08-25 13:13 -------- d-----w- c:\program files (x86)\Comodo 2012-08-25 05:05 . 2012-08-25 05:05 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2012-08-23 11:37 . 2012-08-23 11:37 -------- d-----w- c:\users\Owner\temp 2012-08-23 00:58 . 2012-09-06 14:20 225328 ----a-r- c:\windows\system32\drivers\wpshelper.sys 2012-08-23 00:57 . 2012-08-23 00:57 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-08-23 00:57 . 2012-08-23 00:57 -------- d-----w- c:\program files\Symantec 2012-08-23 00:53 . 2012-08-23 00:57 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-08-21 13:15 . 2012-08-21 13:15 -------- d-----w- c:\program files (x86)\Oracle 2012-08-20 11:07 . 2012-08-21 02:05 -------- d-----w- c:\users\Owner\AppData\Roaming\Online Backup 2012-08-20 11:07 . 2012-08-20 11:07 -------- d-----w- c:\program files\Online Backup 2012-08-15 19:32 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 19:32 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 19:32 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-08-15 19:32 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-15 09:43 . 2012-08-15 09:43 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-08-14 21:55 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-14 21:55 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-14 21:55 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-14 21:55 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-14 21:55 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-14 21:55 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-14 21:55 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-14 21:55 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-05 04:43 . 2012-05-24 11:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-05 04:43 . 2011-02-20 23:09 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-15 08:00 . 2010-10-28 01:07 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-15 06:19 . 2012-04-04 04:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-15 06:19 . 2011-05-23 10:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736] "BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-08-30 1229848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 136176] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-13 113120] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-11 203320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-28 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-22 1052328] S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-05-22 45224] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 06:19] . 2012-09-12 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-2759483930-3979168601-394739321-1000Core.job - c:\users\Owner\AppData\Local\Flock\Update\FlockUpdate.exe [2010-12-21 04:35] . 2012-09-12 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-2759483930-3979168601-394739321-1000UA.job - c:\users\Owner\AppData\Local\Flock\Update\FlockUpdate.exe [2010-12-21 04:35] . 2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 11:52] . 2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 11:52] . 2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759483930-3979168601-394739321-1000Core.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 11:01] . 2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759483930-3979168601-394739321-1000UA.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 11:01] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office10\EXCEL.EXE/3000 Trusted Zone: edwardjones.com\securera Trusted Zone: imwx.com\d.i TCP: DhcpNameServer = 192.168.1.254 DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\Owner\AppData\Local\Temp\f5tmp\f5opswati.cab DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\Owner\AppData\Local\Temp\f5tmp\f5opswati.cab DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\Owner\AppData\Local\Temp\f5tmp\f5opswati.cab DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\Owner\AppData\Local\Temp\f5tmp\f5opswati.cab FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jj0mgzlp.default\ FF - prefs.js: browser.search.selectedEngine - Search the web FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-Symantec Antvirus Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe . ************************************************************************** . Completion time: 2012-09-11 23:49:14 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-12 04:49 . Pre-Run: 813,278,908,416 bytes free Post-Run: 813,434,990,592 bytes free . - - End Of File - - DCC5078885FF6FBB23338A382CFA8388
  2. Started a thread elsewhere, was told to post here now: This is most often seen when a computer either is infected with ZeroAccess rootkit or it was removed but the damaged was never cleaned up: http://forums.malwarebytes.org/index.php?&showtopic=115688&pid=596131&st=0& ideas?...
  3. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 10/27/2010 6:40:28 PM System Uptime: 9/11/2012 8:55:35 PM (1 hours ago) . Motherboard: Dell Inc. | | 0C2KJT Processor: Intel® Core i3 CPU 540 @ 3.07GHz | CPU 1 | 3067/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 922 GiB total, 756.094 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: SBRE Device ID: ROOT\LEGACY_SBRE\0000 Manufacturer: Name: SBRE PNP Device ID: ROOT\LEGACY_SBRE\0000 Service: SBRE . ==== System Restore Points =================== . RP198: 9/2/2012 12:00:03 AM - Scheduled Checkpoint RP199: 9/4/2012 11:42:26 PM - Installed Java 7 Update 7 RP200: 9/8/2012 9:00:57 AM - Installed OmmWriter . ==== Installed Programs ====================== . ABBYY FineReader 6.0 Sprint Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Amazon MP3 Uploader Amazon Send to Kindle AMR to MP3 Converter 1.4 AnswerWorks 5.0 English Runtime Apple Application Support Apple Software Update Audacity 1.2.6 Audacity 1.3.14 (Unicode) BIG-IP Edge Client Components (All Users) Bing Rewards Client Installer Brother MFL-Pro Suite MFC-J410W Compatibility Pack for the 2007 Office system CuteFTP 8 Home D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Dell Toolbar Dropbox FileZilla Client 3.1.3.1 Flock (3.5.3.4641) FrostWire 4.21.3 Google Chrome Google Earth Google Gmail Notifier Google Talk Plugin Google Update Helper GoToAssist Corporate Intel® Graphics Media Accelerator Driver iSEEK AnswerWorks English Runtime Java 7 Update 7 Java Auto Updater Java 6 Update 26 Java 7 Update 5 JavaFX 2.1.1 Junk Mail filter update LAME v3.98.3 for Audacity LiveUpdate 3.3 (Symantec Corporation) Malwarebytes Anti-Malware version 1.65.0.1400 MediaMonkey 3.2 Mesh Runtime Messenger Companion Microsoft Default Manager Microsoft Office 2010 Microsoft Office XP Professional with FrontPage Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft UI Engine Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox (3.6.27) Mozilla Firefox 13.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Multimedia Card Reader OmmWriter Online Backup Picasa 3 Quicken 2011 Quicken 2012 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Rinse Roxio Burn Safari ScanSoft PaperPort 11 Secunia PSI (2.0.0.4003) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype Toolbars Skype™ 5.10 Spotify TeamViewer 7 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Visual Studio 2008 x64 Redistributables Walgreens PictureMover WeatherBug Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR archiver Yahoo! Install Manager Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 9/9/2012 5:31:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 9/9/2012 5:27:48 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 9/11/2012 8:56:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE 9/11/2012 8:56:29 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 9/11/2012 8:56:28 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 9/11/2012 8:56:28 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. . ==== End Of File ===========================
  4. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Owner at 21:54:44 on 2012-09-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.3157 [GMT -5:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe C:\Windows\system32\dleacoms.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\AWS\WeatherBug\Weather.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\explorer.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.com/ uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 uRun: [bDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Trusted Zone: edwardjones.com\securera Trusted Zone: imwx.com\d.i DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - C:\Users\Owner\AppData\Local\Temp\f5tmp\f5opswati.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - C:\Users\Owner\AppData\Local\Temp\f5tmp\f5opswati.cab DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\Owner\AppData\Local\Temp\f5tmp\f5tunsrv.cab DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\Owner\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1 DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - C:\Users\Owner\AppData\Local\Temp\f5tmp\f5opswati.cab DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - C:\Users\Owner\AppData\Local\Temp\f5tmp\f5InspectionHost.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\Owner\AppData\Local\Temp\f5tmp\urxhost.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - C:\Users\Owner\AppData\Local\Temp\f5tmp\f5syschk.cab DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - C:\Users\Owner\AppData\Local\Temp\f5tmp\f5opswati.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{566B56E1-7567-47B8-9DB9-EB2CE57FA612} : DhcpNameServer = 192.168.1.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll BHO-X64: 0x1 - No File BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun-x64: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jj0mgzlp.default\ FF - prefs.js: browser.search.selectedEngine - Search the web FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - prefs.js: network.proxy.type - 0 FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jj0mgzlp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Owner\AppData\Local\Flock\Update\1.2.213.0\npFlockOneClick8.dll FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?] R2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2010-11-29 45224] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064] R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-5-23 245760] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-22 138912] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-9 250056] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 136176] S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-12 113120] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-20 673088] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-09-12 02:02:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-12 02:02:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-08 14:05:22 -------- d-----w- C:\Users\Owner\AppData\Local\HerraizSoto 2012-09-08 14:01:52 -------- d-----w- C:\Program Files (x86)\HerraizSoto 2012-09-05 04:43:23 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-01 15:27:59 -------- d-----w- C:\Users\Owner\AppData\Local\Amazon 2012-09-01 15:27:22 101680 ----a-w- C:\Windows\System32\stkMonitor.dll 2012-08-25 13:13:04 -------- d-----w- C:\ProgramData\Comodo 2012-08-25 12:32:09 -------- d-----w- C:\ProgramData\CPA_VA 2012-08-25 05:05:33 -------- d-----w- C:\Program Files (x86)\Comodo 2012-08-25 05:05:32 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll 2012-08-23 11:37:55 -------- d-----w- C:\Users\Owner\temp 2012-08-23 00:58:33 225328 ----a-r- C:\Windows\System32\drivers\wpshelper.sys 2012-08-23 00:57:19 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-08-23 00:57:06 -------- d-----w- C:\Program Files\Symantec 2012-08-23 00:53:31 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2012-08-21 13:15:31 -------- d-----w- C:\Program Files (x86)\Oracle 2012-08-20 11:07:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\Online Backup 2012-08-20 11:07:24 -------- d-----w- C:\Program Files\Online Backup 2012-08-15 19:32:43 751104 ----a-w- C:\Windows\System32\win32spl.dll 2012-08-15 19:32:43 67072 ----a-w- C:\Windows\splwow64.exe 2012-08-15 19:32:43 559104 ----a-w- C:\Windows\System32\spoolsv.exe 2012-08-15 19:32:43 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-08-14 21:55:18 503808 ----a-w- C:\Windows\System32\srcore.dll 2012-08-14 21:55:17 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2012-08-14 21:55:12 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-08-14 21:55:12 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-08-14 21:55:12 136704 ----a-w- C:\Windows\System32\browser.dll 2012-08-14 21:55:09 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-08-14 21:55:07 956928 ----a-w- C:\Windows\System32\localspl.dll . ==================== Find3M ==================== . 2012-09-05 04:43:19 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-05 04:43:19 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-15 06:19:42 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-15 06:19:42 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 21:56:00.26 ===============
  5. 2012/09/09 03:48:56 -0500 OWNER-PC Owner MESSAGE Executing scheduled update: Daily 2012/09/09 03:49:06 -0500 OWNER-PC Owner MESSAGE Starting database refresh 2012/09/09 03:49:06 -0500 OWNER-PC Owner MESSAGE Scheduled update executed successfully: database updated from version v2012.09.08.02 to version v2012.09.09.01 2012/09/09 03:49:49 -0500 OWNER-PC Owner MESSAGE Database refreshed successfully 2012/09/09 05:25:31 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/09 05:25:34 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/09 05:25:37 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/09 05:25:37 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
  6. 2012/09/10 03:34:41 -0500 OWNER-PC Owner MESSAGE Executing scheduled update: Daily 2012/09/10 03:34:49 -0500 OWNER-PC Owner MESSAGE Starting database refresh 2012/09/10 03:34:49 -0500 OWNER-PC Owner MESSAGE Scheduled update executed successfully: database updated from version v2012.09.09.01 to version v2012.09.10.02 2012/09/10 03:34:56 -0500 OWNER-PC Owner MESSAGE Database refreshed successfully
  7. 2012/09/11 04:03:31 -0500 OWNER-PC Owner MESSAGE Executing scheduled update: Daily 2012/09/11 04:04:13 -0500 OWNER-PC Owner MESSAGE Scheduled update executed successfully: database updated from version v2012.09.09.01 to version v2012.09.10.02 2012/09/11 08:47:49 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/11 08:47:49 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/11 08:47:49 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 08:47:49 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 08:52:38 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 08:52:38 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 08:52:41 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 08:52:41 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 08:52:50 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 08:52:50 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 08:52:56 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 08:52:56 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 08:54:37 -0500 OWNER-PC Owner MESSAGE Starting database refresh 2012/09/11 08:54:40 -0500 OWNER-PC Owner MESSAGE Database refreshed successfully 2012/09/11 08:54:45 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 08:54:45 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 08:55:32 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 08:55:32 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 08:56:08 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 08:56:08 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 08:56:25 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 08:56:25 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:00:41 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:00:41 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:01:16 -0500 OWNER-PC Owner MESSAGE Stopping protection 2012/09/11 09:01:16 -0500 OWNER-PC Owner MESSAGE Protection stopped successfully 2012/09/11 09:01:17 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:01:17 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:01:18 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/11 09:01:18 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/11 09:01:19 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:01:19 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:01:32 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:01:32 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:02:22 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:02:22 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:05:57 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:05:57 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:10:16 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/11 09:10:17 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/11 09:10:17 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:10:17 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:12:29 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:12:29 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:12:31 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:12:31 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:14:51 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:14:51 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:14:54 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:14:54 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:23:36 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:23:36 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:23:37 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:23:37 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:23:44 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:23:44 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:23:50 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:23:50 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:28:47 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:28:47 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 09:29:08 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 09:29:08 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 20:53:18 -0500 OWNER-PC Owner MESSAGE Stopping protection 2012/09/11 20:53:18 -0500 OWNER-PC Owner MESSAGE Protection stopped successfully 2012/09/11 20:53:19 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 20:53:19 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 20:53:20 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/11 20:53:20 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/11 20:53:21 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 20:53:21 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 20:53:26 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 20:53:26 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 20:53:27 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 20:53:27 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 20:54:05 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 20:54:05 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 20:54:06 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 20:54:06 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 20:54:06 -0500 OWNER-PC Owner MESSAGE Stopping protection 2012/09/11 20:54:06 -0500 OWNER-PC Owner MESSAGE Protection stopped successfully 2012/09/11 20:54:08 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 20:54:08 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 20:54:09 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 20:54:09 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 20:54:09 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/11 20:54:09 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/11 20:54:10 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 20:54:10 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 20:54:59 -0500 OWNER-PC Owner MESSAGE Protection stopped 2012/09/11 21:03:22 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/11 21:03:22 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/11 21:03:22 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:03:22 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:03:35 -0500 OWNER-PC Owner MESSAGE Stopping protection 2012/09/11 21:03:35 -0500 OWNER-PC Owner MESSAGE Protection stopped successfully 2012/09/11 21:03:36 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:03:36 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:03:37 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/11 21:03:37 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/11 21:03:37 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:03:37 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:03:39 -0500 OWNER-PC Owner MESSAGE Stopping protection 2012/09/11 21:03:39 -0500 OWNER-PC Owner MESSAGE Protection stopped successfully 2012/09/11 21:04:37 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:04:37 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:04:37 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:04:37 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:04:38 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:04:38 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:04:38 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:04:38 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:04:41 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/11 21:04:41 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/11 21:04:42 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:04:42 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:04:43 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:04:43 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:05:06 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:05:06 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:05:10 -0500 OWNER-PC Owner MESSAGE Stopping protection 2012/09/11 21:05:10 -0500 OWNER-PC Owner MESSAGE Protection stopped successfully 2012/09/11 21:05:12 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:05:12 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:05:15 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/11 21:05:15 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/11 21:10:11 -0500 OWNER-PC Owner MESSAGE Protection stopped 2012/09/11 21:10:16 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/11 21:10:16 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/11 21:10:16 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:10:16 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:10:45 -0500 OWNER-PC Owner MESSAGE Starting database refresh 2012/09/11 21:10:47 -0500 OWNER-PC Owner MESSAGE Database refreshed successfully 2012/09/11 21:10:56 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:10:56 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:10:59 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:10:59 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:11:00 -0500 OWNER-PC Owner MESSAGE Stopping protection 2012/09/11 21:11:00 -0500 OWNER-PC Owner MESSAGE Protection stopped successfully 2012/09/11 21:11:01 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:11:01 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:11:02 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/11 21:11:02 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/11 21:11:06 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:11:06 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:11:07 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:11:07 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:11:08 -0500 OWNER-PC Owner MESSAGE Stopping protection 2012/09/11 21:11:08 -0500 OWNER-PC Owner MESSAGE Protection stopped successfully 2012/09/11 21:11:08 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:11:08 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:11:09 -0500 OWNER-PC Owner MESSAGE Starting protection 2012/09/11 21:11:09 -0500 OWNER-PC Owner MESSAGE Protection started successfully 2012/09/11 21:13:12 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:13:12 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:13:28 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:13:28 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:14:11 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:14:11 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:14:15 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:14:15 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:14:16 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:14:16 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:14:18 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:14:18 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:15:11 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:15:11 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:15:21 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:15:21 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:19:02 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:19:02 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/09/11 21:19:06 -0500 OWNER-PC Owner MESSAGE Starting IP protection 2012/09/11 21:19:06 -0500 OWNER-PC Owner ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
  8. CheckResults.txt log: mbam-check result log version: 1.10.0.1000 Malwarebytes Version: REG_SZ 1.65.0.1400 Date Log Created: 09/11/12 Time Log Created: 21:31:28 64 bit Operating System Product Name: REG_SZ Windows 7 Home Premium Current Build Number: 7601 Current Version Number: 6.1 Current CSDVersion: Service Pack 1 Proxy Status: No proxy is Set Proxy Override: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyOverride REG_SZ *.local LAN Settings: ============= No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume2 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's Startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE : 1077 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 3 (Manual Startup) Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Users\Owner\Downloads\SEP_Win64 (2).exeREG_SZ WINXPSP2 C:\Users\Owner\Downloads\Quicken_Deluxe_2012.exeREG_SZ WINXPSP2 SIGN.IE=0364968 LUSETUP.EXE REG_SZ VISTARTM HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Program Files (x86)\AVG\AVG10\Notification\XobniMiniAVGSetup.exeREG_SZ WINXPSP2 MBAM Startup Entries: ===================== Service and Driver Status: ========================== MBAMProtector: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMService: ============== Type : 16 State : 4 (The service is running.) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr WOW64 REG_DWORD 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum 0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" DependOnService REG_MULTI_SZ MBAMProtector WOW64 REG_DWORD 1 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware service MBAM DLL's and Runtime Files: ============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid (Default): REG_SZ vbAccelerator Grid Control HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid (Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid (Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid (Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid (Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ _ISubclass HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ ISubclass HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ __CTimer HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ CTimer HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ __vbalGrid HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ vbalGrid HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 MBAM Registry Settings and License Info: ======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware InstallPath REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware dbdate REG_SZ Tue, 11 Sep 2012 22:51:21 GMT dbversion REG_SZ v2012.09.11.09 programversion REG_SZ 1.65.0.1400 advancedheuristics REG_DWORD 1 downloadprogram REG_DWORD 1 hidereg REG_DWORD 0 detectp2p REG_DWORD 0 detectpum REG_DWORD 1 detectpup REG_DWORD 2 updatewarn REG_DWORD 1 updatewarndays REG_DWORD 7 useproxy REG_DWORD 0 useauthentication REG_DWORD 0 startipdisabled REG_DWORD 0 notifyinstallprogram REG_DWORD 1 trialended REG_DWORD 0 SchedulerQueue REG_MULTI_SZ 6148, 30195201, 798653504, 1, 23 | 30248956, 1355590206 ID XXXXX-XXXXX This is hidden data. Key XXXX-XXXX-XXXX-XXXX This is hidden data. contextmenu REG_DWORD 1 reportthreats REG_DWORD 1 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 1 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\UUID There is data here but it is hidden. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware (Trial) TrialId There is data here but it is hidden. HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware language REG_SZ English.lng alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 selectedrives REG_SZ C:\| HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 contextmenu REG_DWORD 1 defaultscan REG_DWORD 0 reportthreats REG_DWORD 1 terminateie REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 0 HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 contextmenu REG_DWORD 1 defaultscan REG_DWORD 0 reportthreats REG_DWORD 1 terminateie REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 0 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1 Inno Setup: Setup Version REG_SZ 5.4.3 (a) Inno Setup: App Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware InstallLocation REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware Inno Setup: User REG_SZ Owner Inno Setup: Selected Tasks REG_SZ desktopicon Inno Setup: Deselected Tasks REG_SZ quicklaunchicon Inno Setup: Language REG_SZ English DisplayName REG_SZ Malwarebytes Anti-Malware version 1.65.0.1400 DisplayIcon REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe UninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" QuietUninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT DisplayVersion REG_SZ 1.65.0.1400 Publisher REG_SZ Malwarebytes Corporation URLInfoAbout REG_SZ http://www.malwarebytes.org NoModify REG_DWORD 1 NoRepair REG_DWORD 1 InstallDate REG_SZ 20120911 MajorVersion REG_DWORD 1 MinorVersion REG_DWORD 65 EstimatedSize REG_DWORD 19772 Scheduler Queue: ================ Scheduled Item: Update Schedule Options: | Daily | Random Start Time: 2011-12-19 03:49 Repeating Every: 1 Recover if missed by: 23 Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware MBAM Drivers: ============= C:\Windows\system32\drivers\mbam.sys File Size: 25928 BYTES FileVersion: 1.60.2.0 Required Dependencies: ====================== fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr AttachWhenLoaded REG_DWORD 1 DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000 ErrorControl REG_DWORD 3 Start REG_DWORD 0 Tag REG_DWORD 1 Type REG_DWORD 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\Windows\system32\drivers\fltmgr.sys File Size: 289664 BYTES FileVersion: 6.1.7601.17514 C:\Windows\SysWOW64\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5 C:\Windows\SysWOW64\mscomctl.ocx File Size: 1077344 BYTES FileVersion: 6.1.95.45 C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514 List of MBAM Related Directories: ================================= C:\Program Files (x86)\Malwarebytes' Anti-Malware changes.txt File Size: 2780 BYTES license.txt File Size: 11141 BYTES mbam.chm File Size: 582708 BYTES mbam.dll File Size: 499784 BYTES FileVersion: 1.65.0.0 mbam.exe File Size: 981656 BYTES FileVersion: 1.62.0.140 mbamcore.dll File Size: 1089608 BYTES FileVersion: 1.62.0.0 mbamext.dll File Size: 95304 BYTES FileVersion: 1.61.0.0 mbamgui.exe File Size: 766536 BYTES FileVersion: 1.65.0.0 mbamnet.dll File Size: 2168392 BYTES FileVersion: 1.62.0.0 mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0 mbamscheduler.exe File Size: 399432 BYTES FileVersion: 1.65.0.0 mbamservice.exe File Size: 676936 BYTES FileVersion: 1.65.0.0 ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3 unins000.dat File Size: 29452 BYTES unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0 unins000.msg File Size: 10550 BYTES vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40 C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon chameleon.chm File Size: 186068 BYTES firefox.com File Size: 218696 BYTES firefox.exe File Size: 218696 BYTES firefox.pif File Size: 218696 BYTES firefox.scr File Size: 218696 BYTES iexplore.exe File Size: 218696 BYTES mbam-chameleon.com File Size: 218696 BYTES mbam-chameleon.exe File Size: 218696 BYTES mbam-chameleon.pif File Size: 218696 BYTES mbam-chameleon.scr File Size: 218696 BYTES mbam-killer.exe File Size: 896072 BYTES rundll32.exe File Size: 218696 BYTES svchost.exe File Size: 218696 BYTES winlogon.exe File Size: 218696 BYTES C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages arabic.lng File Size: 21110 BYTES belarusian.lng File Size: 26026 BYTES bosnian.lng File Size: 26236 BYTES bulgarian.lng File Size: 26678 BYTES catalan.lng File Size: 27226 BYTES chineseSI.lng File Size: 10642 BYTES chineseTR.lng File Size: 11588 BYTES croatian.lng File Size: 25844 BYTES czech.lng File Size: 23894 BYTES danish.lng File Size: 25750 BYTES dutch.lng File Size: 27282 BYTES english.lng File Size: 23742 BYTES estonian.lng File Size: 24112 BYTES finnish.lng File Size: 24990 BYTES french.lng File Size: 28790 BYTES german.lng File Size: 28870 BYTES greek.lng File Size: 28316 BYTES hebrew.lng File Size: 18714 BYTES hungarian.lng File Size: 27548 BYTES italian.lng File Size: 27186 BYTES japanese.lng File Size: 15814 BYTES korean.lng File Size: 13710 BYTES latvian.lng File Size: 26208 BYTES lithuanian.lng File Size: 26920 BYTES macedonian.lng File Size: 27830 BYTES norwegian.lng File Size: 24216 BYTES polish.lng File Size: 25726 BYTES portugueseBR.lng File Size: 27720 BYTES portuguesePT.lng File Size: 28056 BYTES romanian.lng File Size: 27308 BYTES russian.lng File Size: 26352 BYTES serbian.lng File Size: 25970 BYTES slovak.lng File Size: 24752 BYTES slovenian.lng File Size: 23998 BYTES spanish.lng File Size: 29010 BYTES swedish.lng File Size: 25132 BYTES thai.lng File Size: 25190 BYTES turkish.lng File Size: 25046 BYTES vietnamese.lng File Size: 28574 BYTES C:\Users\Owner\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware C:\Users\Owner\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs mbam-log-2011-12-19 (22-42-53).txt File Size: 2297 BYTES mbam-log-2012-01-07 (17-28-50).txt File Size: 2088 BYTES mbam-log-2012-07-21 (20-27-13).txt File Size: 1914 BYTES mbam-log-2012-08-22 (19-44-54).txt File Size: 1912 BYTES mbam-log-2012-08-25 (08-14-33).txt File Size: 1914 BYTES mbam-log-2012-09-11 (08-56-34).txt File Size: 1914 BYTES C:\Users\Owner\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware exclusions.dat File Size: 2 BYTES mbam-setup.exe File Size: 10524080 BYTES FileVersion: 1.65.0.1400 rules.ref File Size: 7003209 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration build.conf File Size: 140 BYTES config.conf File Size: 3276 BYTES custom.conf File Size: 20 BYTES database.conf File Size: 432 BYTES local.conf File Size: 1070 BYTES manifest.conf File Size: 545 BYTES messaging.conf File Size: 20 BYTES news.conf File Size: 405 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs protection-log-2011-12-19.txt File Size: 290 BYTES protection-log-2011-12-20.txt File Size: 524 BYTES protection-log-2011-12-21.txt File Size: 234 BYTES protection-log-2011-12-22.txt File Size: 814 BYTES protection-log-2011-12-23.txt File Size: 234 BYTES protection-log-2011-12-24.txt File Size: 234 BYTES protection-log-2011-12-25.txt File Size: 234 BYTES protection-log-2011-12-26.txt File Size: 234 BYTES protection-log-2011-12-27.txt File Size: 234 BYTES protection-log-2011-12-28.txt File Size: 524 BYTES protection-log-2011-12-29.txt File Size: 1022 BYTES protection-log-2011-12-30.txt File Size: 810 BYTES protection-log-2011-12-31.txt File Size: 810 BYTES protection-log-2012-01-01.txt File Size: 810 BYTES protection-log-2012-01-02.txt File Size: 810 BYTES protection-log-2012-01-03.txt File Size: 810 BYTES protection-log-2012-01-04.txt File Size: 810 BYTES protection-log-2012-01-05.txt File Size: 810 BYTES protection-log-2012-01-06.txt File Size: 810 BYTES protection-log-2012-01-07.txt File Size: 2170 BYTES protection-log-2012-01-08.txt File Size: 810 BYTES protection-log-2012-01-09.txt File Size: 810 BYTES protection-log-2012-01-10.txt File Size: 810 BYTES protection-log-2012-01-11.txt File Size: 1494 BYTES protection-log-2012-01-13.txt File Size: 680 BYTES protection-log-2012-01-14.txt File Size: 810 BYTES protection-log-2012-01-15.txt File Size: 1360 BYTES protection-log-2012-01-17.txt File Size: 810 BYTES protection-log-2012-01-18.txt File Size: 810 BYTES protection-log-2012-01-19.txt File Size: 680 BYTES protection-log-2012-01-20.txt File Size: 810 BYTES protection-log-2012-01-22.txt File Size: 810 BYTES protection-log-2012-01-31.txt File Size: 1688 BYTES protection-log-2012-02-07.txt File Size: 810 BYTES protection-log-2012-02-12.txt File Size: 680 BYTES protection-log-2012-02-13.txt File Size: 810 BYTES protection-log-2012-02-15.txt File Size: 680 BYTES protection-log-2012-02-22.txt File Size: 996 BYTES protection-log-2012-02-25.txt File Size: 680 BYTES protection-log-2012-02-27.txt File Size: 1360 BYTES protection-log-2012-02-28.txt File Size: 810 BYTES protection-log-2012-03-01.txt File Size: 810 BYTES protection-log-2012-03-02.txt File Size: 810 BYTES protection-log-2012-03-06.txt File Size: 680 BYTES protection-log-2012-03-07.txt File Size: 810 BYTES protection-log-2012-03-08.txt File Size: 680 BYTES protection-log-2012-03-09.txt File Size: 1490 BYTES protection-log-2012-03-11.txt File Size: 2850 BYTES protection-log-2012-03-14.txt File Size: 4210 BYTES protection-log-2012-03-17.txt File Size: 680 BYTES protection-log-2012-03-20.txt File Size: 1490 BYTES protection-log-2012-03-21.txt File Size: 384 BYTES protection-log-2012-03-22.txt File Size: 384 BYTES protection-log-2012-03-23.txt File Size: 384 BYTES protection-log-2012-03-24.txt File Size: 384 BYTES protection-log-2012-03-25.txt File Size: 1064 BYTES protection-log-2012-03-27.txt File Size: 2170 BYTES protection-log-2012-03-28.txt File Size: 810 BYTES protection-log-2012-03-30.txt File Size: 810 BYTES protection-log-2012-03-31.txt File Size: 1490 BYTES protection-log-2012-04-01.txt File Size: 810 BYTES protection-log-2012-04-08.txt File Size: 316 BYTES protection-log-2012-04-10.txt File Size: 1866 BYTES protection-log-2012-04-11.txt File Size: 1744 BYTES protection-log-2012-04-12.txt File Size: 7796 BYTES protection-log-2012-04-16.txt File Size: 2170 BYTES protection-log-2012-04-17.txt File Size: 1360 BYTES protection-log-2012-04-18.txt File Size: 810 BYTES protection-log-2012-04-21.txt File Size: 810 BYTES protection-log-2012-04-23.txt File Size: 810 BYTES protection-log-2012-04-26.txt File Size: 2040 BYTES protection-log-2012-04-27.txt File Size: 810 BYTES protection-log-2012-05-04.txt File Size: 1490 BYTES protection-log-2012-05-11.txt File Size: 316 BYTES protection-log-2012-05-12.txt File Size: 1174 BYTES protection-log-2012-05-16.txt File Size: 810 BYTES protection-log-2012-05-17.txt File Size: 810 BYTES protection-log-2012-05-18.txt File Size: 680 BYTES protection-log-2012-05-21.txt File Size: 1360 BYTES protection-log-2012-05-24.txt File Size: 810 BYTES protection-log-2012-05-25.txt File Size: 810 BYTES protection-log-2012-05-26.txt File Size: 680 BYTES protection-log-2012-05-27.txt File Size: 810 BYTES protection-log-2012-05-28.txt File Size: 680 BYTES protection-log-2012-05-29.txt File Size: 810 BYTES protection-log-2012-05-30.txt File Size: 810 BYTES protection-log-2012-05-31.txt File Size: 810 BYTES protection-log-2012-06-02.txt File Size: 810 BYTES protection-log-2012-06-09.txt File Size: 3530 BYTES protection-log-2012-06-10.txt File Size: 810 BYTES protection-log-2012-06-13.txt File Size: 680 BYTES protection-log-2012-06-14.txt File Size: 1854 BYTES protection-log-2012-06-15.txt File Size: 810 BYTES protection-log-2012-06-16.txt File Size: 680 BYTES protection-log-2012-06-17.txt File Size: 1360 BYTES protection-log-2012-06-18.txt File Size: 1490 BYTES protection-log-2012-06-19.txt File Size: 810 BYTES protection-log-2012-06-24.txt File Size: 1490 BYTES protection-log-2012-06-25.txt File Size: 810 BYTES protection-log-2012-06-28.txt File Size: 810 BYTES protection-log-2012-07-02.txt File Size: 810 BYTES protection-log-2012-07-04.txt File Size: 810 BYTES protection-log-2012-07-08.txt File Size: 810 BYTES protection-log-2012-07-09.txt File Size: 810 BYTES protection-log-2012-07-11.txt File Size: 680 BYTES protection-log-2012-07-18.txt File Size: 810 BYTES protection-log-2012-07-19.txt File Size: 810 BYTES protection-log-2012-07-21.txt File Size: 1056 BYTES protection-log-2012-07-22.txt File Size: 810 BYTES protection-log-2012-07-23.txt File Size: 810 BYTES protection-log-2012-07-24.txt File Size: 810 BYTES protection-log-2012-07-25.txt File Size: 1490 BYTES protection-log-2012-07-26.txt File Size: 810 BYTES protection-log-2012-07-27.txt File Size: 810 BYTES protection-log-2012-07-28.txt File Size: 810 BYTES protection-log-2012-07-29.txt File Size: 810 BYTES protection-log-2012-08-04.txt File Size: 1816 BYTES protection-log-2012-08-05.txt File Size: 810 BYTES protection-log-2012-08-06.txt File Size: 810 BYTES protection-log-2012-08-07.txt File Size: 810 BYTES protection-log-2012-08-08.txt File Size: 810 BYTES protection-log-2012-08-09.txt File Size: 810 BYTES protection-log-2012-08-10.txt File Size: 810 BYTES protection-log-2012-08-11.txt File Size: 810 BYTES protection-log-2012-08-12.txt File Size: 1490 BYTES protection-log-2012-08-13.txt File Size: 810 BYTES protection-log-2012-08-14.txt File Size: 810 BYTES protection-log-2012-08-15.txt File Size: 1490 BYTES protection-log-2012-08-16.txt File Size: 2170 BYTES protection-log-2012-08-17.txt File Size: 810 BYTES protection-log-2012-08-18.txt File Size: 810 BYTES protection-log-2012-08-19.txt File Size: 810 BYTES protection-log-2012-08-20.txt File Size: 810 BYTES protection-log-2012-08-21.txt File Size: 810 BYTES protection-log-2012-08-22.txt File Size: 3530 BYTES protection-log-2012-08-23.txt File Size: 810 BYTES protection-log-2012-08-24.txt File Size: 810 BYTES protection-log-2012-08-25.txt File Size: 3166 BYTES protection-log-2012-08-26.txt File Size: 810 BYTES protection-log-2012-08-27.txt File Size: 810 BYTES protection-log-2012-08-28.txt File Size: 810 BYTES protection-log-2012-08-29.txt File Size: 810 BYTES protection-log-2012-08-30.txt File Size: 810 BYTES protection-log-2012-08-31.txt File Size: 810 BYTES protection-log-2012-09-01.txt File Size: 810 BYTES protection-log-2012-09-02.txt File Size: 810 BYTES protection-log-2012-09-03.txt File Size: 810 BYTES protection-log-2012-09-04.txt File Size: 1490 BYTES protection-log-2012-09-05.txt File Size: 810 BYTES protection-log-2012-09-06.txt File Size: 810 BYTES protection-log-2012-09-07.txt File Size: 810 BYTES protection-log-2012-09-08.txt File Size: 810 BYTES protection-log-2012-09-09.txt File Size: 1490 BYTES protection-log-2012-09-10.txt File Size: 810 BYTES protection-log-2012-09-11.txt File Size: 31170 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine =============================================================== END OF FILE
  9. Everytime I start my PC, Malwarebytes icon always turns to GREY and Protection is Partially Enabled. It won't enable malicious website blocking, and I can't click to enable it. I have paid for the PRO version. Most of what I see as solutions here are very confusing to me, not sure I can even follow the directions. I'm pretty much ready to just delete the program and give up
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.