mbam-check result log version: 2.0.0.1000 Malwarebytes Version: REG_SZ 1.70.0.1100 Date Log Created: 03/10/13 Time Log Created: 13:46:42 User Account type: Administrator 64 bit Operating System Product Name: REG_SZ Windows 8 Pro with Media Center Current Build Number: 9200 Current Version Number: 6.2 Current CSDVersion: Proxy Status: No proxy is Set Proxy Override: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyOverride REG_SZ *.local LAN Settings: ============= only 'Automatically detect settings' is selected SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume2 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's Startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 4 (The service is running.) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 3 (Manual Startup) Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Program Files (x86)\Samsung Magician\Samsung Magician.exeREG_SZ ~ RUNASADMIN HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Windows\SysWow64\cmicnfgp.dllREG_DWORD 0 Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== MBAM Startup Entries: ===================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Service and Driver Status: ========================== MBAMProtector: ============== Type : 2 State : 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMService: ============== Type : 16 State : 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMScheduler: ============== Type : 16 State : 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr WOW64 REG_DWORD 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "D:\Applications\Malwarebytes' Anti-Malware\mbamservice.exe" DependOnService REG_MULTI_SZ MBAMProtector WOW64 REG_DWORD 1 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware service DelayedAutostart REG_DWORD 0 MBAMScheduler Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "D:\Applications\Malwarebytes' Anti-Malware\mbamscheduler.exe" WOW64 REG_DWORD 1 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware scheduler MBAM DLL's and Runtime Files: ============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid (Default): REG_SZ vbAccelerator Grid Control HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid (Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid (Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid (Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid (Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ _ISubclass HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ ISubclass HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ __CTimer HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ CTimer HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ __vbalGrid HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ vbalGrid HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 MBAM Registry Settings and License Info: ======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware advancedheuristics REG_DWORD 1 downloadprogram REG_DWORD 1 hidereg REG_DWORD 0 detectp2p REG_DWORD 0 detectpum REG_DWORD 1 detectpup REG_DWORD 2 updatewarn REG_DWORD 1 updatewarndays REG_DWORD 7 useproxy REG_DWORD 0 useauthentication REG_DWORD 0 contextmenu REG_DWORD 1 reportthreats REG_DWORD 1 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 startipdisabled REG_DWORD 0 silentipmode REG_DWORD 0 autoquarantine REG_DWORD 1 notifyinstallprogram REG_DWORD 1 trialpromptshown REG_DWORD 0 autoquarantinenotify REG_DWORD 1 InstallPath REG_SZ D:\Applications\Malwarebytes' Anti-Malware dbdate REG_SZ Fri, 08 Mar 2013 22:50:26 GMT dbversion REG_SZ v2013.03.08.16 programversion REG_SZ 1.70.0.1100 programbuild REG_SZ consumer ID XXXXX-XXXXX This is hidden data. Key XXXX-XXXX-XXXX-XXXX This is hidden data. SchedulerQueue REG_MULTI_SZ 6148, 30284567, 1093309168, 1, 23 | 30285219, 573281810 HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 1 terminateie REG_DWORD 0 Language REG_SZ English.lng selectedrives REG_SZ C:\|D:\|E:\| HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1 Inno Setup: Setup Version REG_SZ 5.5.3-dev (a) Inno Setup: App Path REG_SZ D:\Applications\Malwarebytes' Anti-Malware InstallLocation REG_SZ D:\Applications\Malwarebytes' Anti-Malware\ Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware Inno Setup: User REG_SZ Jeffrey Inno Setup: Selected Tasks REG_SZ desktopicon Inno Setup: Deselected Tasks REG_SZ quicklaunchicon Inno Setup: Language REG_SZ English DisplayName REG_SZ Malwarebytes Anti-Malware version 1.70.0.1100 DisplayIcon REG_SZ D:\Applications\Malwarebytes' Anti-Malware\mbam.exe UninstallString REG_SZ "D:\Applications\Malwarebytes' Anti-Malware\unins000.exe" QuietUninstallString REG_SZ "D:\Applications\Malwarebytes' Anti-Malware\unins000.exe" /SILENT DisplayVersion REG_SZ 1.70.0.1100 Publisher REG_SZ Malwarebytes Corporation URLInfoAbout REG_SZ http://www.malwarebytes.org NoModify REG_DWORD 1 NoRepair REG_DWORD 1 InstallDate REG_SZ 20130307 MajorVersion REG_DWORD 1 MinorVersion REG_DWORD 70 EstimatedSize REG_DWORD 18968 Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ PendingFileRenameOperations REG_MULTI_SZ \??\D:\Applications\Bitdefender\Bitdefender\Bitdefender 2013\active virus control\Avc3_00184_002\avcuf32.dll Scheduler Queue: ================ Scheduled Item: Update Schedule Options: | Daily | Random Start Time: 2013-03-07 09:36 Repeating Every: 1 Recover if missed by: 23 Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64 (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64 (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ D:\Applications\Malwarebytes' Anti-Malware MBAM Drivers: ============= C:\Windows\system32\drivers\mbam.sys File Size: 24176 BYTES FileVersion: 1.60.2.0 Required Dependencies: ====================== BFE: ============== Type : 32 State : 4 (The service is running.) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001 ErrorControl REG_DWORD 1 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork Start REG_DWORD 2 Type REG_DWORD 32 Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002 DependOnService REG_MULTI_SZ RpcSs WfpLwfs ObjectName REG_SZ NT AUTHORITY\LocalService ServiceSidType REG_DWORD 3 RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege FailureActions REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters ServiceDllUnloadOnStop REG_DWORD 1 ServiceMain REG_SZ BfeServiceMain ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr AttachWhenLoaded REG_DWORD 1 DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 ErrorControl REG_DWORD 3 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Start REG_DWORD 0 Tag REG_DWORD 1 Type REG_DWORD 2 Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000 C:\Windows\system32\drivers\fltmgr.sys File Size: 374512 BYTES FileVersion: 6.2.9200.16384 C:\Windows\SysWOW64\olepro32.dll File Size: 79360 BYTES FileVersion: 6.2.9200.16384 List of MBAM Related Directories: ================================= D:\Applications\Malwarebytes' Anti-Malware changes.txt File Size: 2128 BYTES license.rtf File Size: 17916 BYTES mbam.chm File Size: 469873 BYTES mbam.dll File Size: 508264 BYTES FileVersion: 1.70.0.0 mbam.exe File Size: 824232 BYTES FileVersion: 1.70.0.9 mbamcore.dll File Size: 1091432 BYTES FileVersion: 1.70.0.0 mbamext.dll File Size: 93544 BYTES FileVersion: 1.70.0.0 mbamgui.exe File Size: 512360 BYTES FileVersion: 1.70.0.0 mbamnet.dll File Size: 2171240 BYTES FileVersion: 1.70.0.0 mbampt.exe File Size: 38248 BYTES FileVersion: 1.70.0.0 mbamscheduler.exe File Size: 398184 BYTES FileVersion: 1.70.0.0 mbamservice.exe File Size: 682344 BYTES FileVersion: 1.70.0.0 mbamtoast.dll File Size: 74312 BYTES FileVersion: 1.70.0.0 ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3 unins000.dat File Size: 15377 BYTES unins000.exe File Size: 710504 BYTES FileVersion: 51.52.0.0 unins000.msg File Size: 11277 BYTES vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40 D:\Applications\Malwarebytes' Anti-Malware\Chameleon chameleon.chm File Size: 186068 BYTES firefox.com File Size: 216424 BYTES firefox.exe File Size: 216424 BYTES firefox.pif File Size: 216424 BYTES firefox.scr File Size: 216424 BYTES iexplore.exe File Size: 216424 BYTES mbam-chameleon.com File Size: 216424 BYTES mbam-chameleon.exe File Size: 216424 BYTES mbam-chameleon.pif File Size: 216424 BYTES mbam-chameleon.scr File Size: 216424 BYTES mbam-killer.exe File Size: 894312 BYTES rundll32.exe File Size: 216424 BYTES svchost.exe File Size: 216424 BYTES winlogon.exe File Size: 216424 BYTES D:\Applications\Malwarebytes' Anti-Malware\Languages arabic.lng File Size: 21728 BYTES belarusian.lng File Size: 26766 BYTES bosnian.lng File Size: 26988 BYTES bulgarian.lng File Size: 27400 BYTES catalan.lng File Size: 28114 BYTES chineseSI.lng File Size: 10970 BYTES chineseTR.lng File Size: 11894 BYTES croatian.lng File Size: 26576 BYTES czech.lng File Size: 24682 BYTES danish.lng File Size: 26434 BYTES dutch.lng File Size: 28142 BYTES english.lng File Size: 24418 BYTES estonian.lng File Size: 25014 BYTES finnish.lng File Size: 25770 BYTES french.lng File Size: 29674 BYTES german.lng File Size: 29698 BYTES greek.lng File Size: 29116 BYTES hebrew.lng File Size: 19202 BYTES hungarian.lng File Size: 28430 BYTES italian.lng File Size: 28022 BYTES japanese.lng File Size: 16140 BYTES korean.lng File Size: 14096 BYTES latvian.lng File Size: 26916 BYTES lithuanian.lng File Size: 27664 BYTES macedonian.lng File Size: 28864 BYTES norwegian.lng File Size: 24978 BYTES polish.lng File Size: 26484 BYTES portugueseBR.lng File Size: 28544 BYTES portuguesePT.lng File Size: 28904 BYTES romanian.lng File Size: 28090 BYTES russian.lng File Size: 27134 BYTES serbian.lng File Size: 26662 BYTES slovak.lng File Size: 25486 BYTES slovenian.lng File Size: 24696 BYTES spanish.lng File Size: 29902 BYTES swedish.lng File Size: 25800 BYTES thai.lng File Size: 25884 BYTES turkish.lng File Size: 25800 BYTES vietnamese.lng File Size: 29400 BYTES C:\Users\Jeffrey\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware C:\Users\Jeffrey\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs mbam-log-2013-03-07 (17-24-59).txt File Size: 1914 BYTES mbam-log-2013-03-09 (19-42-59).txt File Size: 1912 BYTES C:\Users\Jeffrey\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware rules.ref File Size: 6045760 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration build.conf File Size: 140 BYTES config.conf File Size: 3970 BYTES custom.conf File Size: 20 BYTES database.conf File Size: 432 BYTES html.conf File Size: 2762 BYTES local.conf File Size: 812 BYTES manifest.conf File Size: 1752 BYTES messaging.conf File Size: 1430 BYTES news.conf File Size: 405 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs protection-log-2013-03-07.txt File Size: 4344 BYTES protection-log-2013-03-08.txt File Size: 7732 BYTES protection-log-2013-03-09.txt File Size: 2234 BYTES protection-log-2013-03-10.txt File Size: 1370 BYTES =============================================================== END OF FILE DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16482 Run by Jeffrey at 13:48:17 on 2013-03-10 Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.8159.5779 [GMT -5:00] . AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe C:\Program Files (x86)\Stardock\Start8\Start8_64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\1Password\Agile1pService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\AdminService.exe C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\dashost.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\SysWOW64\WebUpdateSvc4.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskhostex.exe C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe C:\Windows\Explorer.EXE C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE C:\Windows\SysWOW64\HsMgr.exe C:\Windows\System\HsMgr64.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe C:\Program Files (x86)\1Password\Agile1pAgent.exe C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe D:\Applications\iTunes\iTunesHelper.exe C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskhost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://online.rjet.com/ mWinlogon: Userinit = userinit.exe BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: 1Password: {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll mRun: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "D:\Applications\iTunes\iTunesHelper.exe" mRun: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey StartupFolder: C:\Users\Jeffrey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - C:\Program Files (x86)\1Password\Agile1pIE.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://www.asus.com/support/asusTek_sys_ctrl3.cab DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\Jeffrey\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - C:\Users\Jeffrey\AppData\Local\Temp\f5tmp\f5InspectionHost.cab TCP: Interfaces\{218D6B5F-81D7-492E-AE00-3F85F5BFF4AF} : DHCPNameServer = 208.67.222.222 208.67.220.220 75.75.75.75 TCP: Interfaces\{E4B800C0-5B73-419A-A0A7-1F50DDCC58DE} : NameServer = 208.67.222.222,208.67.220.220 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.160\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-3-7 652344] R1 eamonm;eamonm;C:\Windows\System32\Drivers\eamonm.sys [2012-12-21 213416] R2 Agile1Password;1Password;C:\Program Files (x86)\1Password\Agile1pService.exe [2013-3-7 768752] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-2-26 240640] R2 AtherosSvc;AtherosSvc;C:\Windows\System32\AdminService.exe [2012-8-29 208384] R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-3-7 168536] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-12-21 1333424] R2 epfwwfpr;epfwwfpr;C:\Windows\System32\Drivers\epfwwfpr.sys [2012-12-21 139768] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-7 14904] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-11-20 182088] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-7 166720] R2 PDFSFilter;PDFSFilter;C:\Windows\System32\Drivers\PDFsFilter.sys [2012-8-23 83224] R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2013-1-31 142960] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-7 365376] R2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2008-9-15 262360] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\Drivers\asmthub3.sys [2012-11-8 139592] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\Drivers\asmtxhci.sys [2012-11-8 418632] R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-8-29 565760] R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\Drivers\cmudaxp.sys [2012-8-15 2703360] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\Drivers\LGBusEnum.sys [2009-11-23 22408] R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\Drivers\LGSHidFilt.Sys [2012-10-2 66360] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\Drivers\LGVirHid.sys [2009-11-23 16008] R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-3-7 23552] S2 MBAMScheduler;MBAMScheduler;D:\Applications\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-7 398184] S2 MBAMService;MBAMService;D:\Applications\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-7 682344] S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\System32\Drivers\AthDfu.sys [2012-8-22 55336] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-1-15 94208] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-3-7 24176] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248] S3 WinRing0_1_2_0;WinRing0_1_2_0;D:\Applications\RealTemp\WinRing0x64.sys [2013-3-8 14544] . =============== Created Last 30 ================ . 2013-03-10 18:23:25 -------- d-----w- C:\Program Files\ESET 2013-03-10 17:53:28 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{23B7E6F7-E324-4EE5-96B1-A35C9560A01E}\mpengine.dll 2013-03-10 17:42:55 244820 ----a-w- C:\ProgramData\1362937227.bdinstall.bin 2013-03-10 01:39:07 -------- d-----w- C:\Program Files (x86)\Microsoft 2013-03-09 14:25:55 186640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10195.bin 2013-03-08 19:05:38 -------- d-----w- C:\Program Files\CPUID 2013-03-08 18:53:07 -------- d-----w- C:\ProgramData\APN 2013-03-08 18:15:16 -------- d-----w- C:\ProgramData\bdch 2013-03-08 17:22:48 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2013-03-08 17:22:48 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-03-08 17:22:47 -------- d-----w- C:\Program Files (x86)\AMD APP 2013-03-08 17:22:31 -------- d-----w- C:\Windows\LastGood.Tmp 2013-03-08 16:15:00 -------- d-----w- C:\Users\Jeffrey\AppData\Local\Diagnostics 2013-03-08 16:08:03 47633 ----a-w- C:\Windows\SysWow64\wuwuninst.exe 2013-03-08 16:04:43 -------- d-----w- C:\ProgramData\regid.2000-02.com.flashfxp 2013-03-08 16:04:43 -------- d-----w- C:\ProgramData\FlashFXP 2013-03-08 16:04:43 -------- d-----w- C:\Program Files (x86)\FlashFXP 4 2013-03-08 16:04:42 -------- dc-h--w- C:\ProgramData\{5485AD9B-A722-4E07-A417-B560E17ED35B} 2013-03-08 14:54:01 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3 2013-03-08 14:42:05 -------- d-----w- C:\Users\Jeffrey\AppData\Local\PowerPanel Personal Edition 2013-03-08 14:42:05 -------- d-----w- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition 2013-03-08 14:35:37 -------- d-----w- C:\Users\Jeffrey\AppData\Roaming\foobar2000 2013-03-08 14:04:18 10296 ----a-w- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS 2013-03-08 14:03:23 -------- d-----w- C:\Program Files\Hyper-V 2013-03-08 03:11:36 -------- d-----w- C:\Windows\PCHEALTH 2013-03-08 03:09:12 -------- d-----w- C:\Program Files\Microsoft Analysis Services 2013-03-08 03:09:12 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-03-08 03:08:56 -------- d-----w- C:\Users\Jeffrey\AppData\Local\Microsoft Help 2013-03-08 03:03:35 -------- d-----w- C:\Windows\ehome 2013-03-08 02:54:05 -------- d-----w- C:\Users\Jeffrey\AppData\Local\Downloaded Installations 2013-03-08 02:46:32 206336 ----a-w- C:\Windows\System32\unrar64.dll 2013-03-08 02:46:32 148992 ----a-w- C:\Windows\System32\lagarith.dll 2013-03-08 02:46:30 -------- d-----w- C:\Program Files\K-Lite Codec Pack x64 2013-03-08 02:45:59 178688 ----a-w- C:\Windows\SysWow64\unrar.dll 2013-03-08 02:45:57 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack 2013-03-08 00:00:24 -------- d-----w- C:\Program Files\F5 2013-03-07 23:57:07 -------- d-----w- C:\Program Files\ATI Technologies 2013-03-07 23:30:25 -------- d-----w- C:\Program Files\Raxco 2013-03-07 23:30:25 -------- d-----w- C:\Program Files\Common Files\Raxco 2013-03-07 23:30:18 -------- d-----w- C:\Program Files (x86)\Raxco 2013-03-07 23:28:25 -------- d-----w- C:\Users\Jeffrey\AppData\Local\Logitech 2013-03-07 23:28:19 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2013-03-07 23:28:15 -------- d-----w- C:\Program Files\Logitech Gaming Software 2013-03-07 23:27:52 53248 ----a-r- C:\Users\Jeffrey\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2013-03-07 23:26:16 -------- d-----w- C:\Users\Jeffrey\AppData\Roaming\Logishrd 2013-03-07 23:22:32 -------- d-----w- C:\Users\Jeffrey\AppData\Roaming\Malwarebytes 2013-03-07 23:22:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-07 23:22:28 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-07 23:19:49 -------- d-----w- C:\Users\Jeffrey\AppData\Local\ATI 2013-03-07 23:19:48 -------- d-----w- C:\ProgramData\AMD 2013-03-07 23:19:26 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2013-03-07 23:19:18 -------- d-----w- C:\Program Files\ATI 2013-03-07 23:18:18 -------- d-----w- C:\AMD 2013-03-07 23:15:32 -------- d-----w- C:\Users\Jeffrey\AppData\Roaming\Origin 2013-03-07 23:15:32 -------- d-----w- C:\Program Files (x86)\Origin Games 2013-03-07 23:15:28 -------- d-----w- C:\Users\Jeffrey\AppData\Local\Origin 2013-03-07 23:15:07 -------- d-----w- C:\ProgramData\Origin 2013-03-07 23:15:07 -------- d-----w- C:\ProgramData\Electronic Arts 2013-03-07 23:09:30 -------- d-----w- C:\ProgramData\Canon IJ Network Tool 2013-03-07 23:09:30 -------- d-----w- C:\Program Files (x86)\Canon 2013-03-07 23:09:29 315392 ----a-w- C:\Windows\SysWow64\CNC880L.dll 2013-03-07 23:09:29 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll 2013-03-07 23:09:29 106496 ----a-w- C:\Windows\SysWow64\CNC880U.dll 2013-03-07 23:07:29 0 ----a-w- C:\Windows\ativpsrm.bin 2013-03-07 23:06:51 -------- d-----w- C:\Windows\Panther 2013-03-07 23:06:21 -------- d-----w- C:\ProgramData\Samsung 2013-03-07 23:06:21 -------- d-----w- C:\Program Files (x86)\Samsung Magician 2013-03-07 23:04:30 -------- d--h--w- C:\ProgramData\CanonIJFAX 2013-03-07 23:04:11 543104 ----a-w- C:\Windows\System32\PROUnstl.exe 2013-03-07 23:02:20 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL 2013-03-07 23:02:20 366592 ----a-w- C:\Windows\SysWow64\CNMNPPM.DLL 2013-03-07 23:02:20 359936 ----a-w- C:\Windows\System32\CNMN6PPM.DLL 2013-03-07 23:02:20 -------- d-----w- C:\Windows\System32\STRING 2013-03-07 23:02:13 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAN.DLL 2013-03-07 23:02:13 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAN.DLL 2013-03-07 23:02:11 385024 ----a-w- C:\Windows\System32\CNMLMAN.DLL 2013-03-07 23:02:10 302080 ----a-w- C:\Windows\System32\CNCALAN.DLL 2013-03-07 23:02:10 248320 ----a-w- C:\Windows\System32\CNMIUAN.DLL 2013-03-07 23:01:40 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation 2013-03-07 23:01:25 15168 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll 2013-03-07 23:01:06 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2013-03-07 23:00:57 -------- d-----w- C:\Users\Jeffrey\AppData\Roaming\Intel Corporation 2013-03-07 23:00:52 62784 ----a-w- C:\Windows\System32\drivers\HECIx64.sys 2013-03-07 23:00:38 316736 ----a-w- C:\Windows\System32\PRONtObj.dll 2013-03-07 23:00:38 152960 ----a-w- C:\Windows\System32\drivers\iANSW60e.sys 2013-03-07 22:55:03 1887059 ----a-w- C:\ProgramData\1362696751.bdinstall.bin 2013-03-07 22:54:45 652344 ----a-w- C:\Windows\System32\drivers\iaStorA.sys 2013-03-07 22:54:09 -------- d-----w- C:\ProgramData\BDLogging 2013-03-07 22:54:07 23456 ----a-w- C:\Windows\System32\drivers\bdelam.sys 2013-03-07 22:54:06 82384 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys 2013-03-07 22:54:06 511328 ----a-w- C:\Windows\capicom.dll 2013-03-07 22:54:06 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll 2013-03-07 22:54:04 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys 2013-03-07 22:53:47 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2013-03-07 22:53:32 -------- d-----w- C:\Intel 2013-03-07 22:53:11 -------- d-----w- C:\Users\Jeffrey\AppData\Roaming\QuickScan 2013-03-07 22:52:26 -------- d-----w- C:\Program Files\Common Files\Bitdefender 2013-03-07 22:25:16 9162192 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-03-07 22:24:18 -------- d-----w- C:\ProgramData\Stardock 2013-03-07 22:24:16 -------- d-----w- C:\Program Files (x86)\Stardock 2013-03-07 21:56:29 -------- d-----w- C:\Users\Jeffrey\AppData\Roaming\Agile Web Solutions 2013-03-07 21:55:06 -------- d-----w- C:\Users\Jeffrey\AppData\Roaming\ASUS 2013-03-07 21:55:05 419840 ----a-w- C:\Windows\System32\wrap_oal.dll 2013-03-07 21:55:05 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2013-03-07 21:55:05 111616 ----a-w- C:\Windows\System32\OpenAL32.dll 2013-03-07 21:55:05 102400 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2013-03-07 21:55:05 -------- d-----w- C:\Program Files (x86)\OpenAL 2013-03-07 21:52:42 2367528 ----a-w- C:\Windows\System32\WSService.dll 2013-03-07 21:51:59 99328 ----a-w- C:\Windows\System32\wushareduxresources.dll 2013-03-07 21:50:59 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll 2013-03-07 21:48:21 -------- d-----w- C:\Users\Jeffrey\AppData\Local\Google 2013-03-07 21:29:03 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-03-07 21:29:03 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-03-07 21:25:59 144384 ----a-w- C:\Windows\System32\tssdisai.dll 2013-03-07 21:14:57 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2013-02-26 20:05:38 222720 ----a-w- C:\Windows\System32\clinfo.exe 2013-02-26 20:05:20 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll 2013-02-26 20:05:16 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2013-02-26 20:05:10 64000 ----a-w- C:\Windows\System32\OVDecode64.dll 2013-02-26 20:05:08 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2013-02-26 20:04:58 29149696 ----a-w- C:\Windows\System32\amdocl64.dll 2013-02-26 20:03:04 23810048 ----a-w- C:\Windows\SysWow64\amdocl.dll 2013-02-26 20:01:22 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2013-02-26 20:01:20 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2013-02-26 19:54:44 5067264 ----a-w- C:\Windows\System32\amdsc64.dll 2013-02-26 19:54:40 4083200 ----a-w- C:\Windows\SysWow64\amdsc.dll 2013-02-26 19:20:22 78640 ----a-w- C:\Windows\System32\atimpc64.dll 2013-02-26 19:20:22 71912 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2013-02-26 19:20:18 78640 ----a-w- C:\Windows\System32\amdpcom64.dll 2013-02-26 19:20:18 71912 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2013-02-26 19:20:16 118792 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2013-02-26 19:20:14 113672 ----a-w- C:\Windows\System32\atiu9p64.dll 2013-02-26 19:20:10 968560 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2013-02-26 19:20:04 7192832 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2013-02-26 19:19:50 5035000 ----a-w- C:\Windows\System32\atiumd6a.dll 2013-02-26 19:19:48 7040928 ----a-w- C:\Windows\System32\atiumd64.dll 2013-02-26 19:17:50 11613184 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2013-02-26 18:54:12 23581184 ----a-w- C:\Windows\System32\atio6axx.dll 2013-02-26 18:49:52 77312 ----a-w- C:\Windows\System32\coinst_12.10.17.dll 2013-02-26 18:48:14 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2013-02-26 18:45:52 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2013-02-26 18:45:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2013-02-26 18:45:44 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2013-02-26 18:45:42 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2013-02-26 18:45:30 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll 2013-02-26 18:41:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2013-02-26 18:37:46 19755520 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2013-02-26 18:25:42 442368 ----a-w- C:\Windows\System32\atidemgy.dll 2013-02-26 18:25:32 561152 ----a-w- C:\Windows\System32\atieclxx.exe 2013-02-26 18:24:44 240640 ----a-w- C:\Windows\System32\atiesrxx.exe 2013-02-26 18:23:24 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2013-02-26 18:23:12 25600 ----a-w- C:\Windows\System32\atimuixx.dll 2013-02-26 18:23:06 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2013-02-26 18:23:02 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2013-02-26 17:59:44 79360 ----a-w- C:\Windows\System32\amdave64.dll 2013-02-26 17:59:38 78336 ----a-w- C:\Windows\SysWow64\amdave32.dll 2013-02-26 17:59:26 74240 ----a-w- C:\Windows\System32\atisamu64.dll 2013-02-26 17:59:20 71168 ----a-w- C:\Windows\SysWow64\atisamu32.dll 2013-02-26 17:58:54 630272 ----a-w- C:\Windows\System32\atiadlxx.dll 2013-02-26 17:58:44 425984 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2013-02-26 17:58:28 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2013-02-26 17:58:26 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2013-02-26 17:58:26 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2013-02-26 17:58:22 44032 ----a-w- C:\Windows\System32\atig6txx.dll 2013-02-26 17:58:14 34816 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2013-02-26 17:58:04 576000 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2013-02-26 17:55:50 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll . ==================== Find3M ==================== . 2013-03-07 23:17:37 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-03-07 23:17:33 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-03-07 23:17:29 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2013-03-07 23:01:15 36472 ----a-w- C:\Windows\System32\NicCo36.dll 2013-03-07 23:01:15 101224 ----a-w- C:\Windows\System32\NicInstC.dll 2013-03-07 23:01:13 73032 ----a-w- C:\Windows\System32\e1cmsg.dll 2013-03-07 23:01:13 452432 ----a-w- C:\Windows\System32\drivers\e1c63x64.sys 2013-02-26 19:20:16 139904 ----a-w- C:\Windows\System32\atiuxp64.dll 2013-02-26 19:20:14 92512 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2013-02-26 19:20:12 1150328 ----a-w- C:\Windows\System32\aticfx64.dll 2013-02-26 19:20:08 8209496 ----a-w- C:\Windows\System32\atidxx64.dll 2013-02-26 19:20:00 4475192 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2013-02-26 19:19:54 6036160 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2013-02-21 07:29:31 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-21 07:29:30 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-08 10:04:42 356024 ----a-w- C:\Windows\SysWow64\sfileml90.ocx 2013-02-08 08:35:22 378040 ----a-w- C:\Windows\SysWow64\soaps90.ocx 2013-02-08 07:31:00 193208 ----a-w- C:\Windows\SysWow64\xmlp90.ocx 2013-02-08 07:30:46 281272 ----a-w- C:\Windows\SysWow64\http90.ocx 2013-01-31 03:29:52 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-17 04:04:06 4055552 ----a-w- C:\Windows\System32\win32k.sys 2013-01-16 00:35:49 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-01-16 00:31:26 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-01-16 00:25:17 1437696 ----a-w- C:\Windows\SysWow64\GdiPlus.dll 2013-01-16 00:23:19 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll 2013-01-15 10:11:30 94208 ----a-w- C:\Windows\System32\drivers\AtihdW86.sys 2013-01-15 10:11:16 110080 ----a-w- C:\Windows\System32\DelayAPO.dll 2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-10 16:23:22 1580784 ----a-w- C:\Windows\SysWow64\ChilkatCrypt2.dll 2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys 2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2013-01-10 01:29:54 1934056 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe 2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe 2013-01-09 23:26:35 410624 ----a-w- C:\Windows\SysWow64\Windows.Networking.dll 2013-01-09 23:26:35 261120 ----a-w- C:\Windows\SysWow64\Windows.Media.dll 2013-01-09 23:26:25 278528 ----a-w- C:\Windows\SysWow64\srm.dll 2013-01-09 23:26:25 202752 ----a-w- C:\Windows\SysWow64\srmstormod.dll 2013-01-09 23:26:23 1752064 ----a-w- C:\Windows\SysWow64\setupapi.dll 2013-01-09 23:26:20 67584 ----a-w- C:\Windows\SysWow64\samlib.dll 2013-01-09 23:26:08 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll 2013-01-09 23:26:04 890880 ----a-w- C:\Windows\SysWow64\msctf.dll 2013-01-09 23:26:03 436736 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL 2013-01-09 23:25:55 582144 ----a-w- C:\Windows\SysWow64\gpprefcl.dll 2013-01-09 23:23:32 95232 ----a-w- C:\Windows\System32\wiaacmgr.exe 2013-01-09 23:23:25 2094592 ----a-w- C:\Windows\System32\mmc.exe 2013-01-09 23:23:23 240640 ----a-w- C:\Windows\System32\fsquirt.exe 2013-01-09 23:23:18 256000 ----a-w- C:\Windows\System32\WSDMon.dll 2013-01-09 23:23:16 1964544 ----a-w- C:\Windows\System32\wlidsvc.dll 2013-01-09 23:23:14 594944 ----a-w- C:\Windows\System32\Windows.Networking.dll 2013-01-09 23:23:14 406016 ----a-w- C:\Windows\System32\Windows.Media.dll 2013-01-09 23:23:09 274432 ----a-w- C:\Windows\System32\srmstormod.dll 2013-01-09 23:23:08 279040 ----a-w- C:\Windows\System32\srm.dll 2013-01-09 23:23:07 1886208 ----a-w- C:\Windows\System32\setupapi.dll 2013-01-09 23:23:05 728064 ----a-w- C:\Windows\System32\samsrv.dll 2013-01-09 23:22:53 464384 ----a-w- C:\Windows\System32\netprofmsvc.dll 2013-01-09 23:22:53 151040 ----a-w- C:\Windows\System32\netprofm.dll 2013-01-09 23:22:43 1120768 ----a-w- C:\Windows\System32\msctf.dll 2013-01-09 23:22:41 666112 ----a-w- C:\Windows\System32\MP4SDECD.DLL 2013-01-09 23:22:35 438272 ----a-w- C:\Windows\System32\lsm.dll 2013-01-09 23:22:29 894464 ----a-w- C:\Windows\System32\iphlpsvc.dll 2013-01-09 23:22:29 159232 ----a-w- C:\Windows\System32\inetpp.dll 2013-01-09 23:22:26 49152 ----a-w- C:\Windows\System32\drivers\UMDF\HidBthLE.dll 2013-01-09 23:22:25 820736 ----a-w- C:\Windows\System32\gpprefcl.dll 2013-01-09 23:22:05 1918464 ----a-w- C:\Windows\System32\wbem\cimwin32.dll 2013-01-09 03:59:47 341504 ----a-w- C:\Windows\System32\drivers\HdAudio.sys 2013-01-09 03:59:16 74752 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS 2013-01-09 03:58:34 51712 ----a-w- C:\Windows\System32\drivers\bthenum.sys 2013-01-09 03:57:50 1175040 ----a-w- C:\Windows\System32\drivers\bthport.sys 2013-01-04 05:32:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 04:19:53 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2012-12-21 18:09:28 139768 ----a-w- C:\Windows\System32\drivers\epfwwfpr.sys 2012-12-21 18:08:54 150616 ----a-w- C:\Windows\System32\drivers\ehdrv.sys 2012-12-21 18:08:18 213416 ----a-w- C:\Windows\System32\drivers\eamonm.sys 2012-12-20 00:37:37 1775616 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-12-20 00:37:04 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-12-20 00:37:02 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2012-12-20 00:37:02 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2012-12-20 00:36:50 431616 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2012-12-20 00:29:16 2246656 ----a-w- C:\Windows\System32\wininet.dll 2012-12-20 00:29:11 907776 ----a-w- C:\Windows\System32\uxtheme.dll 2012-12-20 00:28:29 3966464 ----a-w- C:\Windows\System32\jscript9.dll 2012-12-20 00:28:26 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2012-12-20 00:28:04 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll 2012-12-19 01:43:10 815984 ----a-w- C:\Windows\System32\ncs2dmix.dll 2012-12-19 01:43:08 778608 ----a-w- C:\Windows\System32\accesor.dll 2012-12-19 01:32:04 220016 ----a-w- C:\Windows\System32\ncs2instutility.dll 2012-12-19 01:26:42 3617648 ----a-w- C:\Windows\System32\ncscolib.dll 2012-12-18 22:11:20 33616 ----a-w- C:\Windows\System32\drivers\iqvw64e.sys 2012-12-18 01:56:27 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll . ============= FINISH: 13:48:25.38 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Pro with Media Center Boot Device: \Device\HarddiskVolume2 Install Date: 3/7/2013 3:13:06 PM System Uptime: 3/10/2013 12:39:34 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | P8Z68-V GEN3 Processor: Intel® Core i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 119 GiB total, 85.172 GiB free. D: is FIXED (NTFS) - 1863 GiB total, 1695.417 GiB free. E: is FIXED (NTFS) - 1397 GiB total, 393.758 GiB free. F: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP3: 3/7/2013 9:08:46 PM - Installed Microsoft Office Home and Student 2010 RP4: 3/10/2013 5:00:12 AM - Windows Backup RP5: 3/10/2013 8:34:47 AM - Windows Backup . ==== Installed Programs ====================== . 1Password 1.0.9.322 AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager Apple Application Support Apple Mobile Device Support Apple Software Update Application Profiles Asmedia ASM104x USB 3.0 Host Controller Driver ASUS Xonar DX Audio Battlefield 3™ Bing Desktop Bonjour Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon MP Navigator EX 4.1 Canon MX880 series MP Drivers Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CPUID CPU-Z 1.63.0 CyberPower PowerPanel Personal Edition 1.3.4 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition eReg ESET NOD32 Antivirus FlashFXP foobar2000 v1.2.3 Google Chrome Google Update Helper Intel® Management Engine Components Intel® Network Connections 18.0.1.0 Intel® Rapid Storage Technology Intel® Trusted Connect Service Client iTunes K-Lite Codec Pack 9.8.0 (64-bit) K-Lite Codec Pack 9.8.0 (Full) Logbook Pro Logitech Gaming Software Logitech Gaming Software 8.40 Logitech SetPoint 6.52 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 OpenAL OPSWAT AntiVirus and Firewall Integration Libraries Origin PerfectDisk 12.5 Professional PunkBuster Services Samsung Magician Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition SimCity™ Software Update Wizard (Redistributable) 4.5 SplashID Safe 6.2 Start8 Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition VC_CRT_x64 WinRAR 4.20 (64-bit) . ==== End Of File ===========================
