Jump to content

kanga85

Honorary Members
  • Posts

    50
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Brisbane Australia
  1. I will now be away for ~3 weeks, returning April 14th, so we should do nothing more now. If I am troubled in the future, may I call upon you again? Thanks in any case for your attempts.
  2. Ran MBam 2.0 under 'Safe Mode' Booting. Found 3 problems and seems to have dealt with them. Log file attached. Then ran MBam 2.0 under Normal Boot. Froze at C:\Wsers\Ray\... as before. I am happy to give up on this if you are, and accept that MBam just doesn't run on my computer for some inexplicable clash. ------------------------------------------------------------------------- <?xml version="1.0" encoding="UTF-16"?><mbam-log> <header><date>2014/03/23 19:40:26 +1000</date><log>mbam-log-2014-03-23 (19-18-25).xml</log><isadmin>yes</isadmin></header><engine><version>2.00.0.1000</version><rules-database>v2014.03.23.01</rules-database><swissarmy-database>v2014.03.18.01</swissarmy-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection> </engine> <system><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>Ray</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>385669</objects><time>1321</time><processes>0</processes><modules>0</modules><keys>2</keys><values>0</values><datas>0</datas><folders>0</folders><files>1</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><shuriken>enabled</shuriken><pup>enabled</pup><pum>enabled</pum></options><items><key><path>HKU\S-1-5-21-159631214-2618546689-2882160447-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}</path><vendor>PUP.Optional.TopArcadeHits.A</vendor><action>success</action><hash>9b12699d126979bd63251373c53d9f61</hash></key><key><path>HKU\S-1-5-21-159631214-2618546689-2882160447-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}</path><vendor>PUP.Optional.TopArcadeHits.A</vendor><action>success</action><hash>9b12699d126979bd63251373c53d9f61</hash></key><file><path>C:\System\MicrosoftWindowsMaliciousRemoval-KB890830-x64-V5.10.exe</path><vendor>Trojan.SpyEyes.R</vendor><action>success</action><hash>535a8284d1aaf343821e69614cb626da</hash></file></items> </mbam-log>
  3. Installed and ran Mbam 2 beta. Detected two objects in the registry scan, both: Pup.Optional.TopArcadeHits A Key HKU\S-1-5-21-15663...................... The program ran for about 5min and then hung on C:\Users\Ray\Documents\Local Port (45710 FileSystem Objects Scanned). The program was still running, I could pause and restart, but it refused to progress in scanning. Then difficult to stop and remove, and finally had to reboot the machine. Re-ran with similar results. No log file written, but I have attempted to pasted a screen shot (from Word) showing the two offending Pups, although I have had trouble in pasting, and cannot find how to attach the Word file.
  4. aswMBR run. Hung for ~10 minutes at 'C:\Users\Ray\Destop\Malware Problems\OTL.exe' (I have a folder for these problems on my Desktop called 'Malware Problems) so I saved the text file aswMBR.txt pasted below, and removed OTL.exe from the computer. Reran aswMBR. Hung for ~15 minutes at 'C:\Users\Ray\Desktop\Malware Problems\mbam-check.2.0.0.1000.exe'. Save the text file as aswMBR1.txt pasted below. Ran GMER. ark.txt pasted below. Ran ESET. Found the progam had stopped after ~20 min , 'Stopped by User' - although noone was near the computer, no threats, ~43000 files. No text file available. Ran ESET again, while watching. Stopped at 19min 58 sec when the screen saver activated - a blank screen. 'Stopped by user'. Set the screen saver to not activate for 5hr, and re-ran ESET. Completed: Scanned files 199239, Infected Files 0, Cleaned Files 0. I coud not find how to save a text file. ...................................... aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2014-03-22 06:54:42 ----------------------------- 06:54:42.903 OS Version: Windows x64 6.1.7601 Service Pack 1 06:54:42.903 Number of processors: 4 586 0x2A07 06:54:42.903 ComputerName: CF3 UserName: Ray 06:55:23.541 Initialize success 07:35:25.105 AVAST engine defs: 14032101 08:11:11.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 08:11:11.031 Disk 0 Vendor: Maxtor_7L250S0 BACE1G10 Size: 238418MB BusType: 3 08:11:11.203 Disk 0 MBR read successfully 08:11:11.218 Disk 0 MBR scan 08:11:11.218 Disk 0 Windows 7 default MBR code 08:11:11.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238417 MB offset 63 08:11:11.250 Disk 0 scanning C:\Windows\system32\drivers 08:11:21.046 Service scanning 08:11:46.084 Modules scanning 08:11:46.084 Disk 0 trace - called modules: 08:11:46.100 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 08:11:46.100 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004708060] 08:11:46.116 3 CLASSPNP.SYS[fffff880018bd43f] -> nt!IofCallDriver -> [0xfffffa800449c520] 08:11:46.116 5 ACPI.sys[fffff88000fb27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800449e060] 08:12:01.170 AVAST engine scan C:\Windows 08:12:03.697 AVAST engine scan C:\Windows\system32 08:14:42.396 AVAST engine scan C:\Windows\system32\drivers 08:14:55.157 AVAST engine scan C:\Users\Ray 08:22:55.794 Disk 0 MBR has been saved successfully to "C:\Users\Ray\Desktop\MBR.dat" 08:22:55.809 The log file has been saved successfully to "C:\Users\Ray\Desktop\aswMBR.txt" ------------------------------------------ aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2014-03-22 08:25:16 ----------------------------- 08:25:16.614 OS Version: Windows x64 6.1.7601 Service Pack 1 08:25:16.614 Number of processors: 4 586 0x2A07 08:25:16.614 ComputerName: CF3 UserName: Ray 08:25:17.425 Initialize success 08:25:34.148 AVAST engine defs: 14032101 08:25:43.103 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 08:25:43.103 Disk 0 Vendor: Maxtor_7L250S0 BACE1G10 Size: 238418MB BusType: 3 08:25:43.274 Disk 0 MBR read successfully 08:25:43.290 Disk 0 MBR scan 08:25:43.290 Disk 0 Windows 7 default MBR code 08:25:43.290 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238417 MB offset 63 08:25:43.352 Disk 0 scanning C:\Windows\system32\drivers 08:25:56.550 Service scanning 08:26:21.058 Modules scanning 08:26:21.058 Disk 0 trace - called modules: 08:26:21.073 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 08:26:21.073 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004708060] 08:26:21.089 3 CLASSPNP.SYS[fffff880018bd43f] -> nt!IofCallDriver -> [0xfffffa800449c520] 08:26:21.089 5 ACPI.sys[fffff88000fb27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800449e060] 08:26:22.056 AVAST engine scan C:\Windows 08:26:28.374 AVAST engine scan C:\Windows\system32 08:29:09.351 AVAST engine scan C:\Windows\system32\drivers 08:29:20.942 AVAST engine scan C:\Users\Ray 08:49:34.098 Disk 0 MBR has been saved successfully to "C:\Users\Ray\Desktop\MBR.dat" 08:49:34.114 The log file has been saved successfully to "C:\Users\Ray\Desktop\aswMBR1.txt" ---------------------------------------------------- GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-22 16:21:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Maxtor_7L250S0 rev.BACE1G10 232.83GB Running: j91sspnz.exe; Driver: C:\Users\Ray\AppData\Local\Temp\pxldqpow.sys ---- Processes - GMER 2.1 ---- Library Ì÷úà]H (*** suspicious ***) @ C:\Windows\Explorer.EXE [3472] 000007fef66e0000 Library C:\Users\Ray\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Ray\AppData\Roaming\Dropbox\bin\Dropbox.exe [3836](2014-01-03 00:45:04) 0000000003b30000 Library C:\Users\Ray\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Ray\AppData\Roaming\Dropbox\bin\Dropbox.exe [3836](2013-10-18 23:55:02) 000000006ce60000 Library C:\Users\Ray\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Ray\AppData\Roaming\Dropbox\bin\Dropbox.exe [3836] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 00000000711b0000 ---- EOF - GMER 2.1 ----
  5. I see from various log files that I still have some remnants of Google Chrome, despite the fact that I 'uninstalled' it and don't want it. Should I run a Google Chrome removal program to finally eliminate it?
  6. No luck - frustration! New system point created. "Java 7 Update 7 (64bit)" and "Java 7 Update 51" uninstalled. "JavaRa 1.16" downloaded, unzipped and run. Said it was now opening a log file but nothing opened. Said it would be on the root C:\ drive, but nothing there. Opened 'Additional Tasks' and asked for the log file, but nothing appeared. I search for both JavaRa.txt and JavaRa.log on the computer, but nothing by that name on my computer. Rebooted. Ran Malwarebytes. Froze at C:\Users\Ray\Documents\LPT3, 29400 Objects Scanned, 0 Objects Detected. Got out of the frozen program as before.
  7. Sorry for the delay. I had bookmarked p3 and wasn't looking in p4. I have run Malwarebytes again (Quick Scan) to check on the closure procedure. It stalled this time at C:\Users\Kerry\Desktop\ACDSee.lnk. Objects Scanned:30324, Objects Detected :0. WhenI clicked on the top righthand Closure Button X I got the message "Not Responding". When I clicked the same button again I got a new box "Malwarebytes Anti-Malware is not Responding". Clicked on "Close the program" and go "Windows is checking for a solution ...". After 4-5 seconds the program closed and the computer was running normally. I was running no other program, but I am unaware of what might have been running in the background. Farbar64 downloaded and run. FRST.txt file pasted below. No Addition.txt file generated, presumably because I ran Farbar for Borislav previously and posted that Addition.txt file here on 26th February. ---------------------------------------- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014 Ran by Ray (administrator) on CF3 on 12-03-2014 08:11:17 Running from C:\Users\Ray\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\system32\IProsetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Angus Johnson) C:\Program Files (x86)\Internode\mum.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIVE.EXE (FUJIFILM Corporation) C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe (Dropbox, Inc.) C:\Users\Ray\AppData\Roaming\Dropbox\bin\Dropbox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] - C:\Windows\system32\nvspcap64.dll [1064224 2013-11-14] (NVIDIA Corporation) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2006-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKU\S-1-5-21-159631214-2618546689-2882160447-1003\...\Run: [internodeUsage] - C:\Program Files (x86)\Internode\mum.exe [1361408 2011-02-19] (Angus Johnson) HKU\S-1-5-21-159631214-2618546689-2882160447-1003\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware) HKU\S-1-5-21-159631214-2618546689-2882160447-1003\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-159631214-2618546689-2882160447-1003\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-159631214-2618546689-2882160447-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Ray\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thefreedictionary.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\C:\Netscape\RAY\Ray11111 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-03] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-03-03] Chrome: ======= CHR Extension: (RealDownloader) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-04] CHR Extension: (Google Wallet) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-04] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06] ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2014-01-20] (SUPERAntiSpyware.com) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () S2 HPSLPSVC; C:\Users\Ray\AppData\Local\Temp\7zS0BC9\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-11-14] (NVIDIA Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-06-09] (VMware, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-12 08:11 - 2014-03-12 08:11 - 00015576 _____ () C:\Users\Ray\Desktop\FRST.txt 2014-03-12 08:09 - 2014-03-12 08:10 - 02157056 _____ (Farbar) C:\Users\Ray\Desktop\FRST64.exe 2014-03-10 20:06 - 2014-03-10 20:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Malwarebytes 2014-03-10 20:06 - 2014-03-10 20:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-10 20:06 - 2014-03-10 20:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-10 20:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-09 09:42 - 2014-03-09 09:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-05 15:01 - 2014-03-06 14:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-05 10:20 - 2014-03-05 10:20 - 00000000 ____D () C:\RegSeeker 2.5 2014-03-03 13:00 - 2011-03-14 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BIVE.DLL 2014-03-03 13:00 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL 2014-03-01 06:20 - 2014-03-01 06:20 - 00000000 ____D () C:\_OTL 2014-02-27 10:11 - 2014-02-27 10:11 - 00000687 _____ () C:\Users\Ray\Desktop\Download - Folder.lnk 2014-02-26 20:41 - 2014-03-12 08:11 - 00000000 ____D () C:\FRST 2014-02-21 22:29 - 2014-02-21 22:29 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-02-19 16:22 - 2014-02-19 16:22 - 00000000 ____D () C:\Users\Ray\AppData\Local\NVIDIA 2014-02-19 08:48 - 2011-06-26 16:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-02-19 08:48 - 2010-11-08 03:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-02-19 08:48 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-02-19 08:48 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-02-19 08:48 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-02-19 08:48 - 2000-08-31 10:00 - 00098816 _____ () C:\Windows\sed.exe 2014-02-19 08:48 - 2000-08-31 10:00 - 00080412 _____ () C:\Windows\grep.exe 2014-02-19 08:48 - 2000-08-31 10:00 - 00068096 _____ () C:\Windows\zip.exe 2014-02-19 08:47 - 2014-03-10 10:31 - 00000000 ____D () C:\Qoobox 2014-02-19 08:47 - 2014-02-19 08:57 - 00000000 ____D () C:\Windows\erdnt 2014-02-14 03:00 - 2014-02-06 22:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-14 03:00 - 2014-02-06 21:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-14 03:00 - 2014-02-06 21:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-14 03:00 - 2014-02-06 21:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-14 03:00 - 2014-02-06 21:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-14 03:00 - 2014-02-06 21:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-14 03:00 - 2014-02-06 20:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-14 03:00 - 2014-02-06 20:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-14 03:00 - 2014-02-06 20:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-14 03:00 - 2014-02-06 20:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-14 03:00 - 2014-02-06 20:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-14 03:00 - 2014-02-06 20:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-14 03:00 - 2014-02-06 20:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-14 03:00 - 2014-02-06 20:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-14 03:00 - 2014-02-06 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-14 03:00 - 2014-02-06 20:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-14 03:00 - 2014-02-06 20:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-14 03:00 - 2014-02-06 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-14 03:00 - 2014-02-06 20:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-14 03:00 - 2014-02-06 19:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-14 03:00 - 2014-02-06 19:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-14 03:00 - 2014-02-06 19:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-14 03:00 - 2014-02-06 19:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-14 03:00 - 2014-02-06 19:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-14 03:00 - 2014-02-06 19:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-14 03:00 - 2014-02-06 19:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-14 03:00 - 2014-02-06 19:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-14 03:00 - 2014-02-06 19:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-14 03:00 - 2014-02-06 19:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-14 03:00 - 2014-02-06 19:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-14 03:00 - 2014-02-06 19:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-14 03:00 - 2014-02-06 19:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-14 03:00 - 2014-02-06 19:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-14 03:00 - 2014-02-06 19:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-14 03:00 - 2014-02-06 18:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-14 03:00 - 2014-02-06 18:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-14 03:00 - 2014-02-06 18:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-14 03:00 - 2014-02-06 18:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-14 03:00 - 2014-02-06 18:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-13 11:16 - 2014-03-12 08:02 - 00000165 _____ () C:\Users\Ray\Desktop\Malwarebytes problems.url 2014-02-13 03:46 - 2013-12-25 09:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-13 03:46 - 2013-12-25 08:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-13 03:46 - 2013-11-26 18:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-13 03:46 - 2013-11-23 08:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-13 03:00 - 2013-12-21 19:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 03:00 - 2013-12-21 18:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-12 17:23 - 2014-01-01 09:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-12 17:23 - 2014-01-01 09:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-12 17:23 - 2013-12-06 12:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 17:23 - 2013-12-06 12:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-12 17:23 - 2013-12-06 12:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 17:23 - 2013-12-06 12:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-12 17:17 - 2013-12-04 12:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-12 17:17 - 2013-12-04 12:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-12 17:17 - 2013-12-04 12:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-12 17:17 - 2013-12-04 12:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-12 17:17 - 2013-12-04 12:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-12 17:17 - 2013-12-04 12:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-12 17:17 - 2013-12-04 12:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-12 17:17 - 2013-12-04 12:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-12 17:17 - 2013-12-04 12:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-12 17:17 - 2013-12-04 12:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-12 17:17 - 2013-12-04 12:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-12 17:17 - 2013-12-04 12:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-12 17:17 - 2013-12-04 12:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-12 17:17 - 2013-12-04 12:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-12 17:17 - 2013-12-04 11:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-12 17:17 - 2013-12-04 11:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-12 17:17 - 2013-12-04 11:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-12 17:17 - 2013-12-04 11:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe ==================== One Month Modified Files and Folders ======= 2014-03-12 08:11 - 2014-03-12 08:11 - 00015576 _____ () C:\Users\Ray\Desktop\FRST.txt 2014-03-12 08:11 - 2014-02-26 20:41 - 00000000 ____D () C:\FRST 2014-03-12 08:10 - 2014-03-12 08:09 - 02157056 _____ (Farbar) C:\Users\Ray\Desktop\FRST64.exe 2014-03-12 08:10 - 2006-09-24 04:58 - 00000000 ____D () C:\Download 2014-03-12 08:02 - 2014-02-13 11:16 - 00000165 _____ () C:\Users\Ray\Desktop\Malwarebytes problems.url 2014-03-12 07:48 - 2012-05-19 17:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-12 04:27 - 2012-05-17 17:53 - 01299627 _____ () C:\Windows\WindowsUpdate.log 2014-03-12 01:00 - 2013-07-04 15:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Dropbox 2014-03-10 20:08 - 2014-01-20 10:20 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-03-10 20:06 - 2014-03-10 20:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Malwarebytes 2014-03-10 20:06 - 2014-03-10 20:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-10 20:06 - 2014-03-10 20:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-10 16:16 - 2009-07-14 14:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-10 16:16 - 2009-07-14 14:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-10 16:10 - 2014-01-18 13:31 - 00000000 ____D () C:\Users\Ray\Desktop\Malwarebytes Problem 2014-03-10 16:09 - 2014-01-20 10:50 - 00196738 _____ () C:\Windows\PFRO.log 2014-03-10 16:09 - 2014-01-20 10:50 - 00038949 _____ () C:\Windows\setupact.log 2014-03-10 16:09 - 2013-12-22 17:07 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-10 16:09 - 2013-05-16 14:39 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-03-10 16:09 - 2012-06-18 17:21 - 00000000 ____D () C:\ProgramData\VMware 2014-03-10 16:09 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-10 14:24 - 2012-05-18 01:31 - 00000000 ___RD () C:\Users\Ray\Desktop\Accessories 2014-03-10 14:20 - 2006-01-16 10:27 - 00000000 ____D () C:\System 2014-03-10 10:31 - 2014-02-19 08:47 - 00000000 ____D () C:\Qoobox 2014-03-10 10:29 - 2009-07-14 12:34 - 00000215 _____ () C:\Windows\system.ini 2014-03-09 20:56 - 2012-05-17 20:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-09 20:11 - 2006-01-16 10:00 - 00000000 ____D () C:\Basicdir 2014-03-09 12:30 - 2006-01-16 10:27 - 00000000 ____D () C:\WINE 2014-03-09 12:30 - 2006-01-16 10:24 - 00000000 ____D () C:\Ray 2014-03-09 12:30 - 2006-01-16 10:03 - 00000000 ____D () C:\FINANCE 2014-03-09 12:30 - 2006-01-15 23:11 - 00000000 ____D () C:\CaCard 2014-03-09 09:42 - 2014-03-09 09:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-08 10:26 - 2012-05-17 21:31 - 00000000 ____D () C:\Users\Linda 2014-03-07 18:41 - 2012-07-16 13:55 - 00084968 _____ () C:\Users\Linda\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-07 08:35 - 2012-05-17 22:45 - 00001294 _____ () C:\Users\Ray\Desktop\Thunderbird 24-3 (Ray).lnk 2014-03-07 08:34 - 2012-05-19 17:36 - 00000000 ____D () C:\Users\Ray\Desktop\Internet 2014-03-07 08:34 - 2012-05-18 19:39 - 00000000 ___RD () C:\Users\Ray\Desktop\Applications 2014-03-06 15:04 - 2012-05-29 14:38 - 00000000 ___RD () C:\Users\Ray\Desktop\Ray 2014-03-06 14:29 - 2014-03-05 15:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-06 14:23 - 2012-08-17 13:17 - 00000997 _____ () C:\Users\Ray\Desktop\PUZZLEX.lnk 2014-03-06 14:14 - 2012-05-18 13:27 - 00084968 _____ () C:\Users\Ray\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-06 14:13 - 2012-05-17 21:11 - 00002020 _____ () C:\Users\Ray\Desktop\Firefox 28.0 (Ray).lnk 2014-03-06 14:00 - 2012-08-24 17:05 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM 2014-03-06 13:31 - 2009-07-14 14:45 - 00349208 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-05 21:07 - 2006-01-16 10:03 - 00000000 ____D () C:\LINDA 2014-03-05 10:20 - 2014-03-05 10:20 - 00000000 ____D () C:\RegSeeker 2.5 2014-03-04 13:47 - 2012-05-19 17:29 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-03 13:02 - 2013-05-21 15:53 - 00000000 ____D () C:\Program Files (x86)\Epson Software 2014-03-03 12:07 - 2013-05-21 15:51 - 00000000 ____D () C:\ProgramData\EPSON 2014-03-01 12:28 - 2009-07-14 15:13 - 00786742 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-01 06:20 - 2014-03-01 06:20 - 00000000 ____D () C:\_OTL 2014-03-01 00:23 - 2012-09-07 13:00 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Internode 2014-02-28 21:09 - 2006-01-16 10:16 - 00000000 ____D () C:\Homeutil 2014-02-27 10:11 - 2014-02-27 10:11 - 00000687 _____ () C:\Users\Ray\Desktop\Download - Folder.lnk 2014-02-25 13:11 - 2012-05-17 19:45 - 00000000 ____D () C:\Users\Ray 2014-02-22 15:08 - 2012-05-17 19:45 - 00000000 ___RD () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-22 00:51 - 2012-05-19 17:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-22 00:51 - 2012-05-19 17:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-22 00:51 - 2012-05-19 17:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-21 22:29 - 2014-02-21 22:29 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-02-19 16:22 - 2014-02-19 16:22 - 00000000 ____D () C:\Users\Ray\AppData\Local\NVIDIA 2014-02-19 10:26 - 2013-03-07 09:44 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Media Player Classic 2014-02-19 08:58 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Default 2014-02-19 08:57 - 2014-02-19 08:47 - 00000000 ____D () C:\Windows\erdnt 2014-02-19 08:46 - 2012-06-18 17:32 - 00000000 ____D () C:\Users\Ray\AppData\Local\VMware 2014-02-18 03:02 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-18 03:00 - 2012-05-18 08:23 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-16 12:48 - 2012-06-18 17:32 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\VMware 2014-02-14 03:03 - 2012-06-18 17:21 - 00770608 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-13 03:56 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache 2014-02-12 14:12 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Public\Libraries ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-10 00:55 ==================== End Of Log ============================
  8. Mbam reinstalled, updates downloaded, and then run as Quick Scan. Stalled ("not responding") after 30366 files at C:\USERS\Ray\Desktop\Desktop.ini No log written.
  9. TFC downloaded and run. Rebooted. Mbam-check downloaded and run, Mbam-check log pasted below. Thanks for your continuing efforts. ------------------------------------------------ mbam-check result log version: 2.0.0.1000 Malwarebytes Version: REG_SZ 1.75.0.1300 Date Log Created: 03/10/14 Time Log Created: 14:26:20 User Account type: Administrator 64 bit Operating System Product Name: REG_SZ Windows 7 Home Premium Current Build Number: 7601 Current Version Number: 6.1 Current CSDVersion: Service Pack 1 Proxy Status: No proxy is Set LAN Settings: ============= only 'Automatically detect settings' is selected SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: 850 Please refer to this link for details: Here Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's Startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE : 1077 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 3 (Manual Startup) Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\FTW\FTW.EXE REG_SZ RUNASADMIN C:\Basicdir\GWBASIC.EXE REG_SZ WINXPSP3 RUNASADMIN SIGN.MEDIA=5062DE SETUP.EXE REG_SZ WINXPSP2 SIGN.MEDIA=3816E Setup.exe REG_SZ WINXPSP2 C:\Download\GFX_Win7_8_64_9.17.10.3062.exeREG_SZ WINXPSP2 SIGN.MEDIA=50800 netsetup.exe REG_SZ WINXPSP2 C:\ProgramData\VMware\VMware Player\Uninstaller\uninstall.exeREG_SZ VISTARTM HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\FTW\FTW.EXE REG_SZ WIN98 RUNASADMIN C:\CaCard\CACard32.exe REG_SZ WIN98 C:\CaCard\raynote.bat REG_SZ WINXPSP3 C:\CaCard\fmnot32.exe REG_SZ WIN7RTM RUNASADMIN C:\WINE\WINE.EXE REG_SZ WIN7RTM C:\Program Files (x86)\FreeBASIC\fbc.exeREG_SZ WINXPSP3 SIGN.MEDIA=2A55FAD0 autoplay.EXEREG_SZ WINXPSP3 SIGN.MEDIA=2A55FAD0 SETUP.EXE REG_SZ WIN98 256COLOR 640X480 RUNASADMIN C:\Basicdir\GWBASIC.EXE REG_SZ 256COLOR 640X480 DISABLETHEMES DISABLEDWM HIGHDPIAWARE C:\Music\CONCERT.EXE REG_SZ WINXPSP3 SIGN.MEDIA=1546DAE setup.exe REG_SZ WIN7RTM RUNASADMIN C:\CaCard7\AG CreataCard\cacplay.exeREG_SZ WINXPSP3 256COLOR RUNASADMIN C:\CaCard7\AG CreataCard\AGremind.exeREG_SZ WINXPSP3 RUNASADMIN C:\CaCard7\AG CreataCard\MSRUN32.EXEREG_SZ WINXPSP3 RUNASADMIN C:\CaCard3Disk\setup.exe REG_SZ WINXPSP3 RUNASADMIN SIGN.MEDIA=7AB6CE HPDeskJet710c\9x\hpfsplsh.exeREG_SZ ELEVATECREATEPROCESS SIGN.MEDIA=70B33E HPDeskJet710c\31\hpfldr.exeREG_SZ WINXPSP3 RUNASADMIN Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== MBAM Startup Entries: ===================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Service and Driver Status: ========================== <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon MBAMProtector Registry Values: ============================== MBAMService Registry Values: ============================ MBAMScheduler Registry Values: ============================== MBAM DLL's and Runtime Files: ============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid (Default): REG_SZ vbAccelerator Grid Control HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid (Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid (Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid (Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid (Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ _ISubclass HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ ISubclass HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ __CTimer HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ CTimer HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ __vbalGrid HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ vbalGrid HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 MBAM Registry Settings and License Info: ======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware programversion REG_SZ 1.75.0.1300 dbversion REG_SZ v2014.03.03.08 dbdate REG_SZ Mon, 03 Mar 2014 22:45:22 GMT advancedheuristics REG_DWORD 1 downloadprogram REG_DWORD 1 hidereg REG_DWORD 0 detectp2p REG_DWORD 2 detectpum REG_DWORD 1 detectpup REG_DWORD 1 updatewarn REG_DWORD 1 updatewarndays REG_DWORD 7 useproxy REG_DWORD 0 useauthentication REG_DWORD 0 startipdisabled REG_DWORD 0 notifyinstallprogram REG_DWORD 1 contextmenu REG_DWORD 1 reportthreats REG_DWORD 0 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 1 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 autoquarantine REG_DWORD 1 autoquarantinenotify REG_DWORD 1 programbuild REG_SZ consumer alwaysscanarchives REG_DWORD 1 trialended REG_DWORD 1 SchedulerQueue REG_MULTI_SZ 6148, 30349416, 2054560864, 1, 23 | 30355715, 1467794918 InstallPath REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\UUID There is data here but it is hidden. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\UUID HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware (Trial) TrialId There is data here but it is hidden. StartDate REG_SZ Thu, 23 Jan 2014 06:16:16 UTC EndDate REG_SZ Thu, 06 Feb 2014 06:16:16 UTC HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware language REG_SZ english.lng alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 selectedrives REG_SZ C:\| HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1 Inno Setup: Setup Version REG_SZ 5.5.3-dev (a) Inno Setup: App Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware InstallLocation REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware Inno Setup: User REG_SZ Ray Inno Setup: Selected Tasks REG_DWORD 0 Inno Setup: Deselected Tasks REG_SZ desktopicon,quicklaunchicon Inno Setup: Language REG_SZ English DisplayName REG_SZ Malwarebytes Anti-Malware version 1.75.0.1300 DisplayIcon REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe UninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" QuietUninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT DisplayVersion REG_SZ 1.75.0.1300 Publisher REG_SZ Malwarebytes Corporation URLInfoAbout REG_SZ http://www.malwarebytes.org NoModify REG_DWORD 1 NoRepair REG_DWORD 1 InstallDate REG_SZ 20140224 MajorVersion REG_DWORD 1 MinorVersion REG_DWORD 75 EstimatedSize REG_DWORD 19743 Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. Scheduler Queue: ================ Scheduled Item: Update Schedule Options: | Daily | Random Start Time: 2014-01-23 18:25 Repeating Every: 1 Recover if missed by: 23 Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware MBAM Drivers: ============= C:\Windows\system32\drivers\mbam.sys File Size: 25928 BYTES FileVersion: 1.60.2.0 Required Dependencies: ====================== BFE: ============== Type : 32 State : 4 (The service is running.) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 1 Start REG_DWORD 2 Type REG_DWORD 32 DependOnService REG_MULTI_SZ RpcSs ServiceSidType REG_DWORD 3 RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege FailureActions REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll ServiceDllUnloadOnStop REG_DWORD 1 ServiceMain REG_SZ BfeServiceMain fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr AttachWhenLoaded REG_DWORD 1 DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000 ErrorControl REG_DWORD 3 Start REG_DWORD 0 Tag REG_DWORD 1 Type REG_DWORD 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\Windows\system32\drivers\fltmgr.sys File Size: 289664 BYTES FileVersion: 6.1.7601.17514 C:\Windows\SysWOW64\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34 C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514 List of MBAM Related Directories: ================================= C:\Program Files (x86)\Malwarebytes' Anti-Malware 7z.dll File Size: 914432 BYTES FileVersion: 9.20.0.0 changes.txt File Size: 200 BYTES license.rtf File Size: 17916 BYTES mbam.chm File Size: 474148 BYTES mbam.dll File Size: 527944 BYTES FileVersion: 1.70.0.0 mbam.exe File Size: 887432 BYTES FileVersion: 1.75.0.1 mbamcore.dll File Size: 1127496 BYTES FileVersion: 1.70.0.0 mbamext.dll File Size: 95304 BYTES FileVersion: 1.70.0.0 mbamgui.exe File Size: 532040 BYTES FileVersion: 1.70.0.0 mbamnet.dll File Size: 2191944 BYTES FileVersion: 1.70.0.0 mbampt.exe File Size: 40008 BYTES FileVersion: 1.70.0.0 mbamscheduler.exe File Size: 418376 BYTES FileVersion: 1.70.0.0 mbamservice.exe File Size: 701512 BYTES FileVersion: 1.70.0.0 ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3 unins000.dat File Size: 15198 BYTES unins000.exe File Size: 712264 BYTES FileVersion: 51.52.0.0 unins000.msg File Size: 11277 BYTES vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40 C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon chameleon.chm File Size: 186068 BYTES firefox.com File Size: 218184 BYTES firefox.exe File Size: 218184 BYTES firefox.pif File Size: 218184 BYTES firefox.scr File Size: 218184 BYTES iexplore.exe File Size: 218184 BYTES mbam-chameleon.com File Size: 218184 BYTES mbam-chameleon.exe File Size: 218184 BYTES mbam-chameleon.pif File Size: 218184 BYTES mbam-chameleon.scr File Size: 218184 BYTES mbam-killer.exe File Size: 896072 BYTES rundll32.exe File Size: 218184 BYTES svchost.exe File Size: 218184 BYTES winlogon.exe File Size: 218184 BYTES C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages arabic.lng File Size: 21894 BYTES belarusian.lng File Size: 26884 BYTES bosnian.lng File Size: 27108 BYTES bulgarian.lng File Size: 27574 BYTES catalan.lng File Size: 28252 BYTES chineseSI.lng File Size: 11024 BYTES chineseTR.lng File Size: 11952 BYTES croatian.lng File Size: 26670 BYTES czech.lng File Size: 24874 BYTES danish.lng File Size: 26582 BYTES dutch.lng File Size: 28342 BYTES english.lng File Size: 24542 BYTES estonian.lng File Size: 25146 BYTES finnish.lng File Size: 25950 BYTES french.lng File Size: 29830 BYTES german.lng File Size: 29894 BYTES greek.lng File Size: 29300 BYTES hebrew.lng File Size: 19362 BYTES hungarian.lng File Size: 28666 BYTES indonesian.lng File Size: 26854 BYTES italian.lng File Size: 28194 BYTES japanese.lng File Size: 16266 BYTES korean.lng File Size: 14188 BYTES latvian.lng File Size: 27100 BYTES lithuanian.lng File Size: 27838 BYTES norwegian.lng File Size: 25116 BYTES polish.lng File Size: 26644 BYTES portugueseBR.lng File Size: 28654 BYTES portuguesePT.lng File Size: 29062 BYTES romanian.lng File Size: 28290 BYTES russian.lng File Size: 27302 BYTES serbian.lng File Size: 26804 BYTES slovak.lng File Size: 25644 BYTES slovenian.lng File Size: 24852 BYTES spanish.lng File Size: 30060 BYTES swedish.lng File Size: 25992 BYTES thai.lng File Size: 26092 BYTES turkish.lng File Size: 25876 BYTES vietnamese.lng File Size: 29528 BYTES C:\Users\Ray\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware C:\Users\Ray\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs mbam-log-2012-06-02 (12-11-17).txt File Size: 1842 BYTES mbam-log-2012-06-16 (16-47-42).txt File Size: 1842 BYTES mbam-log-2012-07-22 (12-08-43).txt File Size: 2020 BYTES mbam-log-2012-09-02 (12-07-50).txt File Size: 1844 BYTES mbam-log-2012-10-09 (19-00-03).txt File Size: 1842 BYTES mbam-log-2013-01-19 (14-48-02).txt File Size: 1844 BYTES mbam-log-2013-03-07 (11-52-55).txt File Size: 1844 BYTES mbam-log-2013-03-12 (12-42-31).txt File Size: 1846 BYTES mbam-log-2013-06-16 (13-55-06).txt File Size: 1846 BYTES mbam-log-2014-01-20 (18-26-03).txt File Size: 2168 BYTES MBAM-log-2014-01-20 (18-29-59).txt File Size: 2126 BYTES mbam-log-2014-01-21 (15-57-34).txt File Size: 1892 BYTES mbam-log-2014-02-23 (20-43-32).txt File Size: 2022 BYTES C:\Users\Ray\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine 9186004835.data File Size: 695 BYTES 9186004835.quar File Size: 57344 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware exclusions.dat File Size: 115 BYTES mbam-setup.exe File Size: 10285040 BYTES FileVersion: 1.75.0.1300 rules.ref File Size: 7337264 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration build.conf File Size: 140 BYTES config.conf File Size: 4076 BYTES custom.conf File Size: 20 BYTES database.conf File Size: 432 BYTES html.conf File Size: 2904 BYTES local.conf File Size: 967 BYTES manifest.conf File Size: 1752 BYTES messaging.conf File Size: 1430 BYTES news.conf File Size: 265 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs protection-log-2014-02-24.txt File Size: 124 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine =============================================================== END OF FILE
  10. Combofix downloaded and run. Text file pasted below. ------------------------------------------------------- ComboFix 14-03-05.01 - Ray 10/03/2014 10:24:47.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4065.2714 [GMT 10:00] Running from: c:\users\Ray\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2014-02-10 to 2014-03-10 ))))))))))))))))))))))))))))))) . . 2014-03-10 00:29 . 2014-03-10 00:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-03-10 00:29 . 2014-03-10 00:29 -------- d-----w- c:\users\Linda\AppData\Local\temp 2014-03-10 00:29 . 2014-03-10 00:29 -------- d-----w- c:\users\Kerry\AppData\Local\temp 2014-03-10 00:29 . 2014-03-10 00:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-10 00:29 . 2014-03-10 00:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2014-03-10 00:29 . 2014-03-10 00:29 -------- d-----w- c:\users\Administrator.CF3\AppData\Local\temp 2014-03-05 05:01 . 2014-03-06 04:29 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2014-03-05 00:20 . 2014-03-05 00:20 -------- d-----w- C:\RegSeeker 2.5 2014-03-04 06:06 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D23E5016-2A86-472D-B956-A92BFF7D5DA1}\mpengine.dll 2014-03-03 03:00 . 2007-04-09 15:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL 2014-03-03 03:00 . 2011-03-13 17:03 83968 ----a-w- c:\windows\system32\E_YD4BIVE.DLL 2014-02-28 20:20 . 2014-02-28 20:20 -------- d-----w- C:\_OTL 2014-02-26 10:41 . 2014-02-27 00:02 -------- d-----w- C:\FRST 2014-02-24 01:06 . 2014-02-24 01:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2014-02-24 01:06 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-02-21 12:29 . 2014-02-21 12:29 -------- d-----w- c:\programdata\Kaspersky Lab 2014-02-19 06:22 . 2014-02-19 06:22 -------- d-----w- c:\users\Ray\AppData\Local\NVIDIA 2014-02-12 17:46 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2014-02-12 17:46 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2014-02-12 17:46 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2014-02-12 17:46 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll 2014-02-12 17:00 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll 2014-02-12 17:00 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-02-12 07:23 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll 2014-02-12 07:23 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll 2014-02-12 07:23 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2014-02-12 07:23 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-21 14:51 . 2012-05-19 07:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-21 14:51 . 2012-05-19 07:35 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-02-17 17:00 . 2012-05-17 22:23 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2013-12-22 17:32 . 2013-12-22 17:32 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-12-22 17:32 . 2013-12-22 17:32 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-12-22 17:32 . 2013-12-22 17:32 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-12-22 17:32 . 2013-12-22 17:32 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2013-12-22 17:32 . 2013-12-22 17:32 235008 ----a-w- c:\windows\system32\elshyph.dll 2013-12-22 17:32 . 2013-12-22 17:32 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2013-12-22 17:32 . 2013-12-22 17:32 942592 ----a-w- c:\windows\system32\jsIntl.dll 2013-12-22 17:32 . 2013-12-22 17:32 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-12-22 17:32 . 2013-12-22 17:32 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-12-22 17:32 . 2013-12-22 17:32 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-12-22 17:32 . 2013-12-22 17:32 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-12-22 17:32 . 2013-12-22 17:32 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2013-12-22 17:32 . 2013-12-22 17:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-12-22 17:32 . 2013-12-22 17:32 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-12-22 17:32 . 2013-12-22 17:32 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2013-12-22 17:32 . 2013-12-22 17:32 337408 ----a-w- c:\windows\SysWow64\html.iec 2013-12-22 17:32 . 2013-12-22 17:32 247808 ----a-w- c:\windows\system32\msls31.dll 2013-12-22 17:32 . 2013-12-22 17:32 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-12-22 17:32 . 2013-12-22 17:32 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-12-22 17:32 . 2013-12-22 17:32 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2013-12-22 17:32 . 2013-12-22 17:32 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2013-12-22 17:32 . 2013-12-22 17:32 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-12-22 17:32 . 2013-12-22 17:32 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-12-22 17:32 . 2013-12-22 17:32 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-12-22 17:32 . 2013-12-22 17:32 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-12-22 17:32 . 2013-12-22 17:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-12-22 17:32 . 2013-12-22 17:32 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-12-22 17:32 . 2013-12-22 17:32 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2013-12-22 17:32 . 2013-12-22 17:32 413696 ----a-w- c:\windows\system32\html.iec 2013-12-22 17:32 . 2013-12-22 17:32 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2013-12-22 17:32 . 2013-12-22 17:32 296960 ----a-w- c:\windows\system32\dxtrans.dll 2013-12-22 17:32 . 2013-12-22 17:32 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2013-12-22 17:32 . 2013-12-22 17:32 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-12-22 17:32 . 2013-12-22 17:32 105984 ----a-w- c:\windows\system32\iesysprep.dll 2013-12-22 17:32 . 2013-12-22 17:32 84992 ----a-w- c:\windows\system32\mshtmled.dll 2013-12-22 17:32 . 2013-12-22 17:32 81408 ----a-w- c:\windows\system32\icardie.dll 2013-12-22 17:32 . 2013-12-22 17:32 62464 ----a-w- c:\windows\system32\pngfilt.dll 2013-12-22 17:32 . 2013-12-22 17:32 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2013-12-22 17:32 . 2013-12-22 17:32 30208 ----a-w- c:\windows\system32\licmgr10.dll 2013-12-22 17:32 . 2013-12-22 17:32 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2013-12-22 17:32 . 2013-12-22 17:32 243200 ----a-w- c:\windows\system32\webcheck.dll 2013-12-22 17:32 . 2013-12-22 17:32 235520 ----a-w- c:\windows\system32\url.dll 2013-12-22 17:32 . 2013-12-22 17:32 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-12-22 17:32 . 2013-12-22 17:32 147968 ----a-w- c:\windows\system32\occache.dll 2013-12-22 17:32 . 2013-12-22 17:32 143872 ----a-w- c:\windows\system32\wextract.exe 2013-12-22 17:32 . 2013-12-22 17:32 13824 ----a-w- c:\windows\system32\mshta.exe 2013-12-22 17:32 . 2013-12-22 17:32 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-12-22 17:32 . 2013-12-22 17:32 101376 ----a-w- c:\windows\system32\inseng.dll 2013-12-22 17:32 . 2013-12-22 17:32 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2013-12-22 17:32 . 2013-12-22 17:32 774144 ----a-w- c:\windows\system32\jscript.dll 2013-12-22 17:32 . 2013-12-22 17:32 48128 ----a-w- c:\windows\system32\imgutil.dll 2013-12-22 17:32 . 2013-12-22 17:32 135680 ----a-w- c:\windows\system32\iepeers.dll 2013-12-18 11:09 . 2014-01-16 10:29 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Ray\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Ray\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Ray\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Ray\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InternodeUsage"="c:\progra~2\INTERN~2\mum.exe" [2011-02-19 1361408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-15 6563608] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE" [2012-02-27 283232] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE" [2012-02-27 283232] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "EEventManager"="c:\program files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-07-09 502952] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-07-09 863400] . c:\users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Ray\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2012-5-19 303104] Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - NisDrv . Contents of the 'Scheduled Tasks' folder . 2014-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 14:51] . 2014-03-09 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2013-05-16 05:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Ray\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Ray\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Ray\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Ray\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-14 1064224] . ------- Supplementary Scan ------- . mLocal Page = c:\windows\SysWOW64\blank.htm LSP: %SystemRoot%\system32\vsocklib.dll TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\vgp03jla.default\ FF - prefs.js: browser.search.selectedEngine - . - - - - ORPHANS REMOVED - - - - . AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-03-10 10:31:17 ComboFix-quarantined-files.txt 2014-03-10 00:31 ComboFix2.txt 2014-02-18 22:58 . Pre-Run: 155,339,632,640 bytes free Post-Run: 155,250,864,128 bytes free . - - End Of File - - A21D5C03C8ACD410236393D1DEAE0969 A36C5E4F47E84449FF07ED3517B43A31
  11. Disk Check Run. Log File pasted below. -------------------------------------------- TimeCreated : 9/03/2014 9:13:32 PM Message : Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 3)... 365568 file records processed. File verification completed. 799 large file records processed. 0 bad file records processed. 0 EA records processed. 135 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... 420074 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 365568 file SDs/SIDs processed. Cleaning up 3605 unused index entries from index $SII of file 0x9 . Cleaning up 3605 unused index entries from index $SDH of file 0x9 . Cleaning up 3605 unused security descriptors. Security descriptor verification completed. 27254 data files processed. CHKDSK is verifying Usn Journal... 36339888 USN bytes processed. Usn Journal verification completed. Windows has checked the file system and found no problems. 244139773 KB total disk space. 91380908 KB in 154257 files. 84076 KB in 27255 indexes. 0 KB in bad sectors. 478037 KB in use by the system. 65536 KB occupied by the log file. 152196752 KB available on disk. 4096 bytes in each allocation unit. 61034943 total allocation units on disk. 38049188 allocation units available on disk. Internal Info: 00 94 05 00 14 c5 02 00 b9 98 04 00 00 00 00 00 ................ 5a 18 00 00 87 00 00 00 00 00 00 00 00 00 00 00 Z............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts.
  12. Thanks Ron, The computer freezes when running Malwarebytes, Have just run a quick scan, freezes ("Not Responding") at C:\Users\Linda\Links\Downloads.lnk. I removed this file "Downloads.lnk" and ran Malwarebytes again. Froze a little earlier (after ~31000 files scanned) at C:\Windows\System32\Wbem\WmiPerfClass.dll. Typically it freezes at a different place each run, usually getting as far as C:\Users\ All other programs seem to run fine, and Superantispyware runs to completion and finds no problems. So the computer is quite usable and I can live with it not running Malwarebytes, but I guess I remain puzzled (and should let Malwarebytes people know) as to why there is this conflict just with Malwarebytes. It runs alright when booting into Safe Mode, and then finds no problems. Ray
  13. I have now uninstalled Chrome from my computer.
  14. Reset IE and Chrome as advised. I have never knowingly used Chrome, and only use IE if required for a Windows program. Firefox is my default. Rebooted computer and tried a quick scan with Malwarebytes. Program froze at Users\public\documents\desktop.ini
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.