Prabhu

No Pop-ups for Ip blocking

67 posts in this topic

My Malwarebytes seems to be blocking websites silently. I cant seem to make it bring a popup everytime it blocks a site. I checked the settings, and the option is checked for tooltip balloon. I downloaded mbam-clean and reinstalled mbam, but to no avail. Can some help me with this?

Thanks

Prabhu

Share this post


Link to post
Share on other sites

Greetings :)

Please take a look under Section G of our FAQ under where it says I have it set to show the notifications in Malwarebytes but they do not show up, how can I fix it?. That should resolve the issue. Please let me know if it does not.

Thanks :)

Share this post


Link to post
Share on other sites

Greetings :)

Please take a look under Section G of our FAQ under where it says I have it set to show the notifications in Malwarebytes but they do not show up, how can I fix it?. That should resolve the issue. Please let me know if it does not.

Thanks :)

I did that, but it didnt not help.

Share this post


Link to post
Share on other sites

OK, please do the following:

Create and mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please copy and paste the entire contents of the log into your next post, or, if you prefer, you may attach the CheckResults.txt file which should now be located on your desktop to your next post instead

Thanks :)

Share this post


Link to post
Share on other sites

mbam-check result log version: 1.10.0.1000

Malwarebytes Version: REG_SZ 1.60.1.1000

Date Log Created: 03/31/12

Time Log Created: 08:58:05

64 bit Operating System

Product Name: REG_SZ Windows 7 Home Premium

Current Build Number: 7601

Current Version Number: 6.1

Current CSDVersion: Service Pack 1

Proxy Status: No proxy is Set

Proxy Override:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\

ProxyOverride REG_SZ *.local

LAN Settings:

=============

only 'Automatically detect settings' is selected

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume1

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's Startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE : 1077

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

MBAM Startup Entries:

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\

Malwarebytes' Anti-Malware REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

Service and Driver Status:

==========================

MBAMProtector:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMService:

==============

Type : 16

State : 4 (The service is running.) (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMProtector Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector

Type REG_DWORD 2

Start REG_DWORD 3

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys

Group REG_SZ FSFilter Anti-Virus

DependOnService REG_MULTI_SZ FltMgr

WOW64 REG_DWORD 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances

DefaultInstance REG_SZ MBAMProtector Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance

Altitude REG_SZ 328800

Flags REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum

0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

MBAMService Registry Values:

============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService

Type REG_DWORD 16

Start REG_DWORD 2

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

DependOnService REG_MULTI_SZ MBAMProtector

WOW64 REG_DWORD 1

ObjectName REG_SZ LocalSystem

Description REG_SZ Malwarebytes Anti-Malware service

DelayedAutostart REG_DWORD 1

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ _ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ __CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ __vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

advancedheuristics REG_DWORD 1

downloadprogram REG_DWORD 1

hidereg REG_DWORD 0

detectp2p REG_DWORD 0

detectpum REG_DWORD 1

detectpup REG_DWORD 2

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

startipdisabled REG_DWORD 0

notifyinstallprogram REG_DWORD 1

InstallPath REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

dbdate REG_SZ Sat, 31 Mar 2012 01:53:00 GMT

dbversion REG_SZ v2012.03.31.02

programversion REG_SZ 1.60.1.1000

trialended REG_DWORD 0

SchedulerQueue REG_MULTI_SZ 6148, 30215771, 2545164784, 1, 23 | 30215909, 2465118713

ID XXXXX This is hidden data.

Key XXXX-XXXX-XXXX-XXXX This is hidden data.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware (Trial)

TrialId There is data here but it is hidden.

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 1

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 1

Language REG_SZ English.lng

selectedrives REG_SZ C:\|D:\|E:\|

HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.4.2 (a)

Inno Setup: App Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

InstallLocation REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: User REG_SZ Kimberly Rajagopalan

Inno Setup: Selected Tasks REG_SZ desktopicon

Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.60.1.1000

DisplayIcon REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.60.1.1000

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20120330

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 60

EstimatedSize REG_DWORD 17770

Scheduler Queue:

================

Scheduled Item: Update Schedule Options: | Daily | Random

Start Time: 2012-03-30 09:58 Repeating Every: 1 Recover if missed by: 23

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

MBAM Drivers:

=============

C:\Windows\system32\drivers\mbam.sys File Size: 23152 BYTES FileVersion: 1.60.0.2

Required Dependencies:

======================

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

AttachWhenLoaded REG_DWORD 1

DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001

Group REG_SZ FSFilter Infrastructure

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000

ErrorControl REG_DWORD 3

Start REG_DWORD 0

Tag REG_DWORD 1

Type REG_DWORD 2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\Windows\system32\drivers\fltmgr.sys File Size: 289664 BYTES FileVersion: 6.1.7601.17514

C:\Windows\SysWOW64\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5

C:\Windows\SysWOW64\mscomctl.ocx File Size: 1069376 BYTES FileVersion: 6.1.98.18

C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514

List of MBAM Related Directories:

=================================

C:\Program Files (x86)\Malwarebytes' Anti-Malware

changes.rtf File Size: 804 BYTES

license.txt File Size: 11141 BYTES

mbam.chm File Size: 409786 BYTES

mbam.dll File Size: 472136 BYTES FileVersion: 1.60.0.23

mbam.exe File Size: 981680 BYTES FileVersion: 1.60.0.61

mbamcore.dll File Size: 1081416 BYTES FileVersion: 1.60.1.0

mbamext.dll File Size: 92232 BYTES FileVersion: 1.50.1.0

mbamgui.exe File Size: 460872 BYTES FileVersion: 1.60.0.8

mbamnet.dll File Size: 2227784 BYTES FileVersion: 1.60.0.18

mbampt.exe File Size: 39496 BYTES FileVersion: 1.60.0.1

mbamservice.exe File Size: 652360 BYTES FileVersion: 1.60.1.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 10695 BYTES

unins000.exe File Size: 709968 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 10498 BYTES

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 191200 BYTES

firefox.com File Size: 182856 BYTES

firefox.exe File Size: 182856 BYTES

firefox.pif File Size: 182856 BYTES

firefox.scr File Size: 182856 BYTES

iexplore.exe File Size: 182856 BYTES

mbam-chameleon.com File Size: 182856 BYTES

mbam-chameleon.exe File Size: 182856 BYTES

mbam-chameleon.pif File Size: 182856 BYTES

mbam-chameleon.scr File Size: 182856 BYTES

mbam-killer.exe File Size: 984648 BYTES FileVersion: 1.60.0.47

rundll32.exe File Size: 182856 BYTES

svchost.exe File Size: 182856 BYTES

winlogon.exe File Size: 182856 BYTES

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 20716 BYTES

bosnian.lng File Size: 25860 BYTES

bulgarian.lng File Size: 26296 BYTES

catalan.lng File Size: 26822 BYTES

chineseSI.lng File Size: 10480 BYTES

chineseTR.lng File Size: 11384 BYTES

croatian.lng File Size: 25546 BYTES

czech.lng File Size: 23540 BYTES

danish.lng File Size: 25384 BYTES

dutch.lng File Size: 26940 BYTES

english.lng File Size: 23390 BYTES

estonian.lng File Size: 24112 BYTES

finnish.lng File Size: 24580 BYTES

french.lng File Size: 28342 BYTES

german.lng File Size: 28506 BYTES

greek.lng File Size: 27864 BYTES

hebrew.lng File Size: 18372 BYTES

hungarian.lng File Size: 27124 BYTES

italian.lng File Size: 26812 BYTES

latvian.lng File Size: 25804 BYTES

lithuanian.lng File Size: 26666 BYTES

macedonian.lng File Size: 27830 BYTES

norwegian.lng File Size: 23864 BYTES

polish.lng File Size: 25304 BYTES

portugueseBR.lng File Size: 27330 BYTES

portuguesePT.lng File Size: 27628 BYTES

romanian.lng File Size: 26914 BYTES

russian.lng File Size: 25952 BYTES

serbian.lng File Size: 25606 BYTES

slovak.lng File Size: 24392 BYTES

slovenian.lng File Size: 23622 BYTES

spanish.lng File Size: 28542 BYTES

swedish.lng File Size: 24782 BYTES

thai.lng File Size: 24952 BYTES

turkish.lng File Size: 24640 BYTES

vietnamese.lng File Size: 28118 BYTES

C:\Users\Kimberly Rajagopalan\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware

C:\Users\Kimberly Rajagopalan\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

mbam-log-2012-03-30 (21-30-38).txt File Size: 1940 BYTES

C:\Users\Kimberly Rajagopalan\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware

rules.ref File Size: 6772462 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration

build.conf File Size: 152 BYTES

config.conf File Size: 3276 BYTES

custom.conf File Size: 20 BYTES

database.conf File Size: 432 BYTES

local.conf File Size: 1038 BYTES

manifest.conf File Size: 514 BYTES

news.conf File Size: 282 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

protection-log-2012-03-30.txt File Size: 3274 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================

END OF FILE

Share this post


Link to post
Share on other sites

Thanks :)

There's only one more thing that I know of to check to make sure that the notifications are shown:

  • Right-click on your taskbar and choose Properties
  • Click on Customize... under where it says Notification area
  • Find the listing for Malwarebytes Anti-Malware and click the drop down menu to the right of it and choose Show icon and notifications
  • Click OK
  • Click OK again

This page provides videos on how to do this. Just click on the link that says To change how icons and notifications appear in the notification area.

Share this post


Link to post
Share on other sites

Thanks :)

There's only one more thing that I know of to check to make sure that the notifications are shown:

  • Right-click on your taskbar and choose Properties
  • Click on Customize... under where it says Notification area
  • Find the listing for Malwarebytes Anti-Malware and click the drop down menu to the right of it and choose Show icon and notifications
  • Click OK
  • Click OK again

This page provides videos on how to do this. Just click on the link that says To change how icons and notifications appear in the notification area.

Thanks for you help, but that did not do anything either. Still no pop-ups.

Share this post


Link to post
Share on other sites

OK. Please do the following:

  • In your internet browser, visit the website iptest.malwarebytes.org
  • Let me know if the website is blocked and whether or not you get a block notification from the tray, it should look similar to the following:
    post-2103-0-00856900-1333239878.png
  • If the website was blocked, but you saw no notification then please open Malwarebytes Anti-Malware and click on the Logs tab
  • Open your most recent protection log (it will be named protection-log-YEAR-MONTH-DAY.txt where the date is today's date)
  • Copy and paste the logs contents into your next reply

Thanks :)

Share this post


Link to post
Share on other sites

OK. Please do the following:

  • In your internet browser, visit the website iptest.malwarebytes.org
  • Let me know if the website is blocked and whether or not you get a block notification from the tray, it should look similar to the following:
    post-2103-0-00856900-1333239878.png
  • If the website was blocked, but you saw no notification then please open Malwarebytes Anti-Malware and click on the Logs tab
  • Open your most recent protection log (it will be named protection-log-YEAR-MONTH-DAY.txt where the date is today's date)
  • Copy and paste the logs contents into your next reply

Thanks :)

Here is the info from the log. The site was blocked but no notification.

2012/03/31 09:17:34 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting protection

2012/03/31 09:17:35 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Protection started successfully

2012/03/31 09:17:38 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting IP protection

2012/03/31 09:17:39 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE IP Protection started successfully

2012/03/31 16:49:09 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting protection

2012/03/31 16:49:11 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Protection started successfully

2012/03/31 16:49:14 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting IP protection

2012/03/31 16:49:15 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE IP Protection started successfully

Share this post


Link to post
Share on other sites

That log shows no IP block so it appears the block did not take place.

Share this post


Link to post
Share on other sites

That log shows no IP block so it appears the block did not take place.

It is being blocked. See the screenshot.

Share this post


Link to post
Share on other sites

It is being blocked. See the screenshot.

Forgot the screen shot.

post-17360-0-66685500-1333242607.png

Share this post


Link to post
Share on other sites

OK. Please open the same log from today again, it should show the IP block in the log. Post its contents into your next reply.

Thanks :)

Share this post


Link to post
Share on other sites

OK. Please open the same log from today again, it should show the IP block in the log. Post its contents into your next reply.

Thanks :)

Here you go.

2012/03/31 09:17:34 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting protection

2012/03/31 09:17:35 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Protection started successfully

2012/03/31 09:17:38 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting IP protection

2012/03/31 09:17:39 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE IP Protection started successfully

2012/03/31 16:49:09 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting protection

2012/03/31 16:49:11 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Protection started successfully

2012/03/31 16:49:14 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting IP protection

2012/03/31 16:49:15 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE IP Protection started successfully

Share this post


Link to post
Share on other sites

Interesting. I'm wondering if perhaps some other software isn't blocking the IP's instead of Malwarebytes. Perhaps Norton? I say this because whenever Malwarebytes blocks an IP, it will show up in the protection log. For example, performing the same task on my system results in the following entries in my protection log:

2012/03/31 19:23:25 -0500 EXILE-PC exile IP-BLOCK 184.173.97.196 (Type: outgoing, Port: 51546, Process: iexplore.exe)

2012/03/31 19:23:25 -0500 EXILE-PC exile IP-BLOCK 184.173.97.196 (Type: outgoing, Port: 51545, Process: iexplore.exe)

2012/03/31 19:23:25 -0500 EXILE-PC exile IP-BLOCK 184.173.97.196 (Type: outgoing, Port: 51548, Process: iexplore.exe)

2012/03/31 19:23:25 -0500 EXILE-PC exile IP-BLOCK 184.173.97.196 (Type: outgoing, Port: 51547, Process: iexplore.exe)

Share this post


Link to post
Share on other sites

Interesting. I'm wondering if perhaps some other software isn't blocking the IP's instead of Malwarebytes. Perhaps Norton? I say this because whenever Malwarebytes blocks an IP, it will show up in the protection log. For example, performing the same task on my system results in the following entries in my protection log:

2012/03/31 19:23:25 -0500 EXILE-PC exile IP-BLOCK 184.173.97.196 (Type: outgoing, Port: 51546, Process: iexplore.exe)

2012/03/31 19:23:25 -0500 EXILE-PC exile IP-BLOCK 184.173.97.196 (Type: outgoing, Port: 51545, Process: iexplore.exe)

2012/03/31 19:23:25 -0500 EXILE-PC exile IP-BLOCK 184.173.97.196 (Type: outgoing, Port: 51548, Process: iexplore.exe)

2012/03/31 19:23:25 -0500 EXILE-PC exile IP-BLOCK 184.173.97.196 (Type: outgoing, Port: 51547, Process: iexplore.exe)

I tried disabling the Ip Protection in the program. See the screen shot. It is Malwarebytes blocking. I am pasting the log too.

2012/03/31 09:17:34 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting protection

2012/03/31 09:17:35 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Protection started successfully

2012/03/31 09:17:38 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting IP protection

2012/03/31 09:17:39 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE IP Protection started successfully

2012/03/31 16:49:09 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting protection

2012/03/31 16:49:11 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Protection started successfully

2012/03/31 16:49:14 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting IP protection

2012/03/31 16:49:15 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE IP Protection started successfully

2012/03/31 18:15:34 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Stopping IP protection

2012/03/31 18:16:12 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE IP Protection stopped

2012/03/31 18:16:25 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting IP protection

2012/03/31 18:16:25 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE IP Protection started successfully

2012/03/31 18:16:49 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Stopping IP protection

2012/03/31 18:17:29 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE IP Protection stopped

2012/03/31 18:18:23 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE Starting IP protection

2012/03/31 18:18:24 -0700 SCULLY2 Kimberly Rajagopalan MESSAGE IP Protection started successfully

post-17360-0-21043700-1333243250.png

post-17360-0-58228800-1333243260.png

Share this post


Link to post
Share on other sites

This is strange. So it is blocking the IP's, but not logging them, and thus no pop ups. I believe the heart of the issue is that it isn't logging the blocks for some reason.

Please do the following:

Create a DDS Log:

  • Download DDS from one of the following locations and save it to your desktop:

    [*]Double-click on the copy of DDS you downloaded to run it and it will scan your system, please be patient.

    [*]Once it completes it will open 2 logs, DDS.txt and Attach.txt

    [*]For each, click on File and click Save As... and save them to your desktop.

    [*]Right-click on Attach.txt and hover your mouse over Send To and select Compressed (zipped) Folder.

    [*]Copy and paste the entire contents of DDS.txt into your next reply and attach the Attach.zip file you just created to your post.

Thanks :)

Share this post


Link to post
Share on other sites

This is strange. So it is blocking the IP's, but not logging them, and thus no pop ups. I believe the heart of the issue is that it isn't logging the blocks for some reason.

Please do the following:

Create a DDS Log:

  • Download DDS from one of the following locations and save it to your desktop:

    [*]Double-click on the copy of DDS you downloaded to run it and it will scan your system, please be patient.

    [*]Once it completes it will open 2 logs, DDS.txt and Attach.txt

    [*]For each, click on File and click Save As... and save them to your desktop.

    [*]Right-click on Attach.txt and hover your mouse over Send To and select Compressed (zipped) Folder.

    [*]Copy and paste the entire contents of DDS.txt into your next reply and attach the Attach.zip file you just created to your post.

Thanks :)

Here is DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Kimberly Rajagopalan at 18:34:51 on 2012-03-31

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5517 [GMT -7:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe

C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\rundll32.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files\GPSoftware\Directory Opus\dopus.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll

uRun: [Google Update] "C:\Users\Kimberly Rajagopalan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"

mRun: [<NO NAME>]

mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\KIMBER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DIRECT~1.LNK - C:\Program Files (x86)\GPSoftware\Directory Opus\dopus.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: bechtel.com\citrix.bsii

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.116.46.115

TCP: Interfaces\{4851AFF9-B5E5-4C50-983D-231BFD3A0834} : DhcpNameServer = 172.168.51.52

TCP: Interfaces\{D16D5B66-E071-4C31-B015-4D638716D255} : DhcpNameServer = 208.67.222.222 208.67.220.220 68.116.46.115

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

SEH: Directory Opus Shell Execute Hook: {ee761688-c137-4b04-8fab-3c9cdf0886f0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll

mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn

BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO-X64: IDM Helper - No File

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"

mRun-x64: [(Default)]

mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

SEH-X64: Directory Opus Shell Execute Hook: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kimberly Rajagopalan\AppData\Roaming\Mozilla\Firefox\Profiles\z9unz1lj.default\

FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/HPNOT/1

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Kimberly Rajagopalan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-24 1157240]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120330.002\IDSviA64.sys [2012-3-30 488568]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-28 89600]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-7-12 923984]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-7-12 1001808]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-12 227896]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-28 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-28 2413056]

R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-31 652360]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-3-24 138232]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-28 2656536]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-7-12 1321296]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]

S3 EraserUtilDrv11122;EraserUtilDrv11122;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [2012-3-31 138360]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-12 138360]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-27 129976]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-03-31 20:26:27 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\HP

2012-03-31 16:17:06 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\Malwarebytes

2012-03-31 16:17:01 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-31 16:17:01 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-31 16:17:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-31 06:13:10 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-03-30 18:39:17 1671680 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM3.dll

2012-03-30 18:39:17 1669120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM6.dll

2012-03-30 18:39:17 1668608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM5.dll

2012-03-30 18:39:17 1668608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM4.dll

2012-03-30 18:39:17 1667072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM7.dll

2012-03-30 18:06:02 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\CDisplayEx

2012-03-30 18:04:15 -------- d-----w- C:\Program Files (x86)\CDisplayEx

2012-03-30 17:48:13 -------- d-----w- C:\Temp

2012-03-30 17:47:26 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-03-30 17:46:50 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\uTorrent

2012-03-30 17:39:52 -------- d-----w- C:\Program Files\CCleaner

2012-03-30 15:08:35 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\Apple Computer

2012-03-30 15:08:03 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-03-30 15:08:03 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-03-30 15:08:03 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-03-30 15:07:27 -------- d-----w- C:\Program Files\iPod

2012-03-30 15:07:24 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-03-30 15:07:24 -------- d-----w- C:\Program Files\iTunes

2012-03-30 15:07:24 -------- d-----w- C:\Program Files (x86)\iTunes

2012-03-30 15:05:50 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\Apple

2012-03-30 15:05:06 -------- d-----w- C:\Program Files\Bonjour

2012-03-30 15:05:06 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-03-28 01:25:52 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\Mozilla

2012-03-27 22:37:46 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\GPSoftware

2012-03-27 22:37:42 -------- d-----w- C:\Windows\System32\inf32

2012-03-27 22:37:42 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\GPSoftware

2012-03-27 22:37:09 -------- d-----w- C:\ProgramData\GPSoftware

2012-03-27 22:37:09 -------- d-----w- C:\Program Files\GPSoftware

2012-03-27 16:06:04 -------- d--h--w- C:\Windows\System32\CanonMF Uninstaller Information

2012-03-27 16:05:48 32768 ----a-w- C:\Windows\System32\CNAS0MMK.DLL

2012-03-27 16:05:46 -------- d-----w- C:\Program Files\Canon

2012-03-27 14:43:14 -------- d-----w- C:\ProgramData\Citrix

2012-03-27 14:42:57 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\ICAClient

2012-03-27 14:42:57 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\Citrix

2012-03-27 14:42:48 -------- d-----w- C:\Program Files (x86)\Citrix

2012-03-26 01:49:16 -------- d-----r- C:\Program Files (x86)\Skype

2012-03-25 04:53:34 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\IDM

2012-03-25 04:53:34 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\DMCache

2012-03-25 04:52:24 -------- d-----w- C:\Program Files (x86)\Internet Download Manager

2012-03-25 04:51:43 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\SUPERAntiSpyware.com

2012-03-25 04:51:00 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-03-25 04:51:00 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-03-25 04:18:12 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\Symantec

2012-03-25 04:10:13 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symnets.sys

2012-03-25 04:10:11 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306020.00A\symds64.sys

2012-03-25 04:10:11 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symefa64.sys

2012-03-25 04:10:10 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys

2012-03-25 04:10:10 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys

2012-03-25 04:10:10 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ironx64.sys

2012-03-25 04:10:10 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys

2012-03-25 04:08:53 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306020.00A

2012-03-16 11:08:36 149640 ----a-w- C:\Windows\System32\drivers\idmwfp.sys

2012-03-15 04:55:49 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\CyberLink

2012-03-15 04:53:41 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\com.adobe.dmp.contentviewer

2012-03-15 04:39:36 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\CrashDumps

2012-03-14 05:37:38 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 05:37:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 05:37:37 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 05:32:39 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe

2012-03-14 05:12:23 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\Google

2012-03-14 05:12:10 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\Deployment

2012-03-14 05:12:10 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\Apps

2012-03-14 04:57:20 -------- d-----w- C:\ProgramData\ALM

2012-03-14 04:55:46 -------- d-----w- C:\Program Files (x86)\HP

2012-03-14 04:54:22 -------- d--h--w- C:\Windows\AxInstSV

2012-03-14 04:49:04 -------- d-----w- C:\Users\Kimberly Rajagopalan\Adobe Flash Builder 4.5

2012-03-14 04:40:32 -------- d-----w- C:\Program Files (x86)\Adobe Story

2012-03-14 04:40:13 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\ElevatedDiagnostics

2012-03-14 04:38:53 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys

2012-03-14 04:38:53 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys

2012-03-14 04:38:53 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys

2012-03-14 04:38:53 -------- d-----w- C:\Program Files (x86)\My Company Name

2012-03-14 04:38:53 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared

2012-03-14 04:38:53 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2012-03-14 04:24:00 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 04:23:59 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 04:23:59 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 04:23:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 04:23:49 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 04:23:49 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 04:23:49 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 04:23:48 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 04:23:47 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 04:23:47 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-13 03:17:05 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-03-13 03:16:47 -------- d-----w- C:\Windows\SysWow64\Wat

2012-03-13 03:16:47 -------- d-----w- C:\Windows\System32\Wat

2012-03-13 03:11:31 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-03-13 03:09:07 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\WindowsUpdate

2012-03-13 03:04:50 77312 ----a-w- C:\Windows\System32\packager.dll

2012-03-13 03:04:50 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-03-13 02:57:25 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2012-03-13 02:54:57 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2012-03-13 02:54:34 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2012-03-13 02:54:32 -------- d-----w- C:\Windows\SHELLNEW

2012-03-13 02:54:21 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\Microsoft Help

2012-03-13 02:29:30 82944 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9F.DLL

2012-03-13 02:29:30 27648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9F.DLL

2012-03-13 02:28:58 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\Adobe

2012-03-13 02:09:42 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\Intel Corporation

2012-03-13 02:09:34 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\Synaptics

2012-03-13 02:08:58 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\VirtualStore

2012-03-13 02:05:43 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Roaming\hpqlog

2012-03-13 02:05:41 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\Hewlett-Packard

2012-03-13 02:05:00 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\RemEngine

2012-03-13 02:04:58 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\Hewlett-Packard_Company

2012-03-13 02:04:48 -------- d-----w- C:\Users\Kimberly Rajagopalan\AppData\Local\AuthenTec

2012-03-02 16:37:58 65536 ----a-w- C:\Windows\System32\drivers\FLxHCIh.sys

2012-03-02 16:37:58 221184 ----a-w- C:\Windows\System32\drivers\FLxHCIc.sys

.

==================== Find3M ====================

.

2012-03-25 04:10:20 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-03-14 05:11:43 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-29 05:48:36 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2012-01-29 05:48:36 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2012-01-29 05:48:36 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2012-01-29 05:48:36 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2012-01-29 05:48:16 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2012-01-29 05:48:16 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2012-01-29 05:48:16 331776 ----a-w- C:\Windows\System32\oleacc.dll

2012-01-29 05:48:16 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-01-03 13:10:52 53656 ----a-w- C:\Windows\System32\AdobePDF.dll

2012-01-03 13:10:48 24984 ----a-w- C:\Windows\System32\AdobePDFUI.dll

.

============= FINISH: 18:35:41.41 ===============

Attach.zip

Share this post


Link to post
Share on other sites

Thanks :)

Next, please do the following:

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Note: If using Windows Vista or Windows 7 you will need to read the FAQ for additional precautions and instructions on proper use.

  • Please download ERUNT from here
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected.

    [*]Click on OK

    [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Once that is complete, do the following:

Create a Reg File:

  • Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):
    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyOverride"=-

    Press Enter twice on your keyboard to insert 2 blank lines at the bottom of the text file

  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file Fix.reg (the .reg extension is very important)
  • Save the file to your desktop and double click it to run it. Click Yes or Allow to any prompts you receive.
  • Restart your computer and visit iptest.malwarebytes.org once more after the protection module has started (indicated by the appearance of the Malwarebytes Anti-Malware icon in your system tray).

Let me know if you now receive the notification about the blocked IP or not.

Thanks :)

Share this post


Link to post
Share on other sites

Thanks :)

Next, please do the following:

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Note: If using Windows Vista or Windows 7 you will need to read the FAQ for additional precautions and instructions on proper use.

  • Please download ERUNT from here
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected.

    [*]Click on OK

    [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Once that is complete, do the following:

Create a Reg File:

  • Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):
    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyOverride"=-

    Press Enter twice on your keyboard to insert 2 blank lines at the bottom of the text file

  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file Fix.reg (the .reg extension is very important)
  • Save the file to your desktop and double click it to run it. Click Yes or Allow to any prompts you receive.
  • Restart your computer and visit iptest.malwarebytes.org once more after the protection module has started (indicated by the appearance of the Malwarebytes Anti-Malware icon in your system tray).

Let me know if you now receive the notification about the blocked IP or not.

Thanks :)

Did that but still no notification.

Share this post


Link to post
Share on other sites

OK, thanks.

Are you using any sort of alternate DNS server or internet proxy for work etc.?

Share this post


Link to post
Share on other sites

OK, thanks.

Are you using any sort of alternate DNS server or internet proxy for work etc.?

My DNS is Open DNS. There is a proxy for work, but I use Citrix to access most of the time, because work proxy does not work from home.

Share this post


Link to post
Share on other sites

OK, thanks :).

Please try temporarily removing/disabling Open DNS and let me know if the prompts show up or not when an IP is blocked. That could be the cause of the problem.

Share this post


Link to post
Share on other sites

OK, thanks :).

Please try temporarily removing/disabling Open DNS and let me know if the prompts show up or not when an IP is blocked. That could be the cause of the problem.

Malwarebytes works fine on my other 2 computers with notifications. It is just this new laptop that is having problems. OpenDNS is enabled thru my router.

Share this post


Link to post
Share on other sites

I cannot find the mbamswissarmy.sys file in the drivers folder. Is that a problem?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.