l200
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by l200
-
-
MBAM Quick Scan Log (Today):
2012/10/18 03:20:33 -0400 -044-PC -044 MESSAGE Executing scheduled update: Daily2012/10/18 03:20:38 -0400 -044-PC -044 MESSAGE Scheduled update executed successfully: database updated from version v2012.10.16.04 to version v2012.10.17.05
2012/10/18 23:36:45 -0400 -044-PC -044 MESSAGE Protection stopped
2012/10/18 23:36:54 -0400 -044-PC -044 MESSAGE Starting protection
2012/10/18 23:36:54 -0400 -044-PC -044 MESSAGE Protection started successfully
2012/10/18 23:36:54 -0400 -044-PC -044 MESSAGE Starting IP protection
2012/10/18 23:36:54 -0400 -044-PC -044 ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/10/18 23:37:08 -0400 -044-PC -044 MESSAGE Starting IP protection
2012/10/18 23:37:08 -0400 -044-PC -044 ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/10/18 23:37:08 -0400 -044-PC -044 MESSAGE Starting IP protection
2012/10/18 23:37:08 -0400 -044-PC -044 ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/10/18 23:37:15 -0400 -044-PC -044 MESSAGE Starting database refresh
2012/10/18 23:37:17 -0400 -044-PC -044 MESSAGE Database refreshed successfully
2012/10/18 23:41:19 -0400 -044-PC -044 MESSAGE Starting protection
2012/10/18 23:41:20 -0400 -044-PC -044 MESSAGE Protection started successfully
2012/10/18 23:41:20 -0400 -044-PC -044 MESSAGE Starting IP protection
2012/10/18 23:41:20 -0400 -044-PC -044 ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
TDS:
The tds file is too big to post (even if split it up) so I attached it to this post. (tds.txt)
aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-18 09:55:37
-----------------------------
23:55:37.911 OS Version: Windows 6.1.7601 Service Pack 1
23:55:37.911 Number of processors: 2 586 0x170A
23:55:37.911 ComputerName: -Admin-PC UserName: Admin
23:56:01.714 Initialize success
23:56:32.260 AVAST engine defs: 12101802
00:01:14.247 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:01:14.263 Disk 0 Vendor: WDC_WD2500AAJS-75M0A0 02.03E02 Size: 238418MB BusType: 3
00:01:14.278 Disk 0 MBR read successfully
00:01:14.294 Disk 0 MBR scan
00:01:14.325 Disk 0 Windows VISTA default MBR code
00:01:14.341 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
00:01:14.356 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 81920
00:01:14.403 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237627 MB offset 1617920
00:01:14.419 Disk 0 scanning sectors +488278016
00:01:14.528 Disk 0 scanning C:\Windows\system32\drivers
00:01:27.850 Service scanning
00:01:40.642 Service MpKsldbed267f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBDE52BE-6680-4B82-B16E-89C59EEBBDE0}\MpKsldbed267f.sys **LOCKED** 32
00:01:57.771 Modules scanning
00:02:02.841 Disk 0 trace - called modules:
00:02:02.857 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
00:02:02.857 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855fc030]
00:02:02.872 3 CLASSPNP.SYS[88e1d59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85160908]
00:02:03.527 AVAST engine scan C:\Windows
00:02:05.321 AVAST engine scan C:\Windows\system32
00:05:28.826 AVAST engine scan C:\Windows\system32\drivers
00:05:43.724 AVAST engine scan C:\Users\-044
00:06:58.146 AVAST engine scan C:\ProgramData
00:07:45.620 Scan finished successfully
00:09:28.594 Disk 0 MBR has been saved successfully to "C:\Users\-044\Desktop\MBR.dat"
00:09:28.610 The log file has been saved successfully to "C:\Users\-044\Desktop\aswMBR.txt"
MBAM scan log (when I first got the virus a few months back):
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
Database version: v2012.04.07.09
Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
-Admin :: -Admin-PC [administrator]
Protection: Disabled
4/7/2012 5:23:03 PM
mbam-log-2012-04-07 (17-23-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193839
Time elapsed: 3 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PC Health Status (Malware.Packer.Gen) -> Data: C:\Windows\system32\config\systemprofile\AppData\Roaming\qpqfjloo.exe -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PC Health Status (Malware.Packer.Gen) -> Data: C:\Windows\system32\config\systemprofile\AppData\Roaming\qpqfjloo.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GiBXfTlvnmeV.exe (Trojan.Agent) -> Data: C:\ProgramData\GiBXfTlvnmeV.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 11
C:\Windows\System32\config\systemprofile\AppData\Roaming\qpqfjloo.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\ProgramData\GiBXfTlvnmeV.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\tvalz.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\ProgramData\AAix0Ke7.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\ProgramData\HWOBSw4E81nlAR.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\6816C279.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\ASDR.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\hkmsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\MASPINT.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\Temp\7.732946431702431E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\ch8l2.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
(end)
I also attached a picture of the quarantined files. There has been nothing recently detected but I am more then sure I still have a virus! Please help me, thank you soo much!
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:14:26 PM, on 10/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\-044\Downloads\HijackThis.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.34 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - Unknown owner - E:\Program Files\Teamviewer\TeamViewer_Service.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
--
End of file - 8237 bytesForgot to paste the Hijackthis log:
-
The problem is that I can not re-install Windows as it is not an option
so I have to try to clean up. I attached the log files. Thank you so much for helping, I owe you guys big time!CheckResults:
mbam-check result log version: 1.10.0.1000
Malwarebytes Version: REG_SZ 1.65.0.1400
Date Log Created: 10/13/12
Time Log Created: 14:39:57
32 bit Operating System
Product Name: REG_SZ Windows 7 Professional
Current Build Number: 7601
Current Version Number: 6.1
Current CSDVersion: Service Pack 1
Proxy Status: No proxy is Set
Proxy Override:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
ProxyOverride REG_SZ *.local
LAN Settings:
=============
only 'Automatically detect settings' is selected
SystemPartition:
================
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2
Balloon Tips Status:
====================
Enabled
Time Format Settings:
=====================
Should be:
h:mm:ss tt
AM
PM
:
Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :
Language and Regional Settings:
===============================
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: 850 Please refer to this link for details:[url=http://technet.microsoft.com/en-us/library/cc775938(WS.10).aspx] Here [/url]
Startup Folders for Error_Expanding_Variables Check:
====================================================
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
TERMService:
==============
Type : 32
State : 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE : 1077
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
TermService Start is set to: 3 (Manual Startup)
Compatibility Flag Settings (Any MBAM file listings should be removed):
=======================================================================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Program Files\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exeREG_SZ ELEVATECREATEPROCESS
MBAM Startup Entries:
=====================
Service and Driver Status:
==========================
MBAMProtector:
==============
Type : 2
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
MBAMService:
==============
Type : 16
State : 4 (The service is running.)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
MBAMProtector Registry Values:
==============================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type REG_DWORD 2
Start REG_DWORD 3
ErrorControl REG_DWORD 1
ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys
Group REG_SZ FSFilter Anti-Virus
DependOnService REG_MULTI_SZ FltMgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude REG_SZ 328800
Flags REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000
Count REG_DWORD 1
NextInstance REG_DWORD 1
MBAMService Registry Values:
============================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type REG_DWORD 16
Start REG_DWORD 2
ErrorControl REG_DWORD 1
ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
DependOnService REG_MULTI_SZ MBAMProtector
ObjectName REG_SZ LocalSystem
Description REG_SZ Malwarebytes Anti-Malware service
MBAM DLL's and Runtime Files:
=============================
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid
(Default): REG_SZ vbAccelerator Grid Control
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid
(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass
(Default): REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid
(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\SSubTimer6.CTimer
(Default): REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid
(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass
(Default): REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid
(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
(Default): REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default): REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default): REG_SZ 1.0
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
(Default): REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default): REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default): REG_SZ 1.0
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
(Default): REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default): REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default): REG_SZ 1.0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default): REG_SZ 2
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default): REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default): REG_SZ ISubclass
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default): REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default): REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version REG_SZ 1.0
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default): REG_SZ CTimer
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default): REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default): REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version REG_SZ 1.0
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default): REG_SZ vbalGrid
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
(Default): REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default): REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version REG_SZ 1.1
MBAM Registry Settings and License Info:
========================================
HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware
advancedheuristics REG_DWORD 1
downloadprogram REG_DWORD 1
hidereg REG_DWORD 0
detectp2p REG_DWORD 0
detectpum REG_DWORD 1
detectpup REG_DWORD 2
updatewarn REG_DWORD 1
updatewarndays REG_DWORD 7
useproxy REG_DWORD 0
useauthentication REG_DWORD 0
startipdisabled REG_DWORD 0
notifyinstallprogram REG_DWORD 1
InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malware
dbdate REG_SZ Sun, 14 Oct 2012 02:32:07 GMT
dbversion REG_SZ v2012.10.14.01
programversion REG_SZ 1.65.0.1400
trialended REG_DWORD 0
SchedulerQueue REG_MULTI_SZ 6148, 30217326, 2604609504, 1, 23 | 30255379, 130076671
contextmenu REG_DWORD 1
reportthreats REG_DWORD 0
silentipmode REG_DWORD 0
trialpromptshown REG_DWORD 1
startwithwindows REG_DWORD 1
startfsdisabled REG_DWORD 0
ID XXXXX This is hidden data.
Key XXXX-XXXX-XXXX-XXXX This is hidden data.
HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware (Trial)
TrialId There is data here but it is hidden.
HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles REG_DWORD 1
alwaysscanheuristics REG_DWORD 1
alwaysscanmemory REG_DWORD 1
alwaysscanregistry REG_DWORD 1
alwaysscanstartups REG_DWORD 1
autosavelog REG_DWORD 1
openlog REG_DWORD 1
defaultscan REG_DWORD 2
terminateie REG_DWORD 0
Language REG_SZ English.lng
selectedrives REG_SZ C:\|
HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles REG_DWORD 1
alwaysscanheuristics REG_DWORD 1
alwaysscanmemory REG_DWORD 1
alwaysscanregistry REG_DWORD 1
alwaysscanstartups REG_DWORD 1
autosavelog REG_DWORD 1
openlog REG_DWORD 1
contextmenu REG_DWORD 1
defaultscan REG_DWORD 0
reportthreats REG_DWORD 1
terminateie REG_DWORD 0
startwithwindows REG_DWORD 1
startfsdisabled REG_DWORD 0
silentipmode REG_DWORD 0
trialpromptshown REG_DWORD 0
HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles REG_DWORD 1
alwaysscanheuristics REG_DWORD 1
alwaysscanmemory REG_DWORD 1
alwaysscanregistry REG_DWORD 1
alwaysscanstartups REG_DWORD 1
autosavelog REG_DWORD 1
openlog REG_DWORD 1
contextmenu REG_DWORD 1
defaultscan REG_DWORD 0
reportthreats REG_DWORD 1
terminateie REG_DWORD 0
startwithwindows REG_DWORD 1
startfsdisabled REG_DWORD 0
silentipmode REG_DWORD 0
trialpromptshown REG_DWORD 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
Inno Setup: Setup Version REG_SZ 5.4.3 (a)
Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware
InstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\
Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware
Inno Setup: User REG_SZ -044
Inno Setup: Selected Tasks REG_SZ desktopicon
Inno Setup: Deselected Tasks REG_SZ quicklaunchicon
Inno Setup: Language REG_SZ English
DisplayName REG_SZ Malwarebytes Anti-Malware version 1.65.0.1400
DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
UninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT
DisplayVersion REG_SZ 1.65.0.1400
Publisher REG_SZ Malwarebytes Corporation
URLInfoAbout REG_SZ http://www.malwarebytes.org
NoModify REG_DWORD 1
NoRepair REG_DWORD 1
InstallDate REG_SZ 20121001
MajorVersion REG_DWORD 1
MinorVersion REG_DWORD 65
EstimatedSize REG_DWORD 19755
Scheduler Queue:
================
Scheduled Item: Update Schedule Options: | Daily | Random
Start Time: 2012-04-07 03:29 Repeating Every: 1 Recover if missed by: 23
Context Menu Entries:
=====================
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
(Default): REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
(Default): REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
(Default): REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
(Default): REG_SZ IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid
(Default): REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
(Default): REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
Version REG_SZ 1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
(Default): REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
ThreadingModel REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
(Default): REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
(Default): REG_SZ MBAMExt.MBAMShlExt
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default): REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default): REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware
MBAM Drivers:
=============
C:\Windows\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0
C:\Windows\system32\drivers\mbamswissarmy.sys File Size: 40776 BYTES FileVersion: 1.60.0.0
Required Dependencies:
======================
fltmgr:
==============
Type : 2
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded REG_DWORD 1
DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Group REG_SZ FSFilter Infrastructure
ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
ErrorControl REG_DWORD 3
Start REG_DWORD 0
Tag REG_DWORD 1
Type REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0 REG_SZ Root\LEGACY_FLTMGR\0000
Count REG_DWORD 1
NextInstance REG_DWORD 1
C:\Windows\system32\drivers\fltmgr.sys File Size: 198208 BYTES FileVersion: 6.1.7600.16385
C:\Windows\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5
C:\Windows\system32\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34
C:\Windows\system32\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514
List of MBAM Related Directories:
=================================
C:\Program Files\Malwarebytes' Anti-Malware
changes.txt File Size: 2780 BYTES
license.txt File Size: 11141 BYTES
mbam.chm File Size: 582708 BYTES
mbam.dll File Size: 499784 BYTES FileVersion: 1.65.0.0
mbam.exe File Size: 981656 BYTES FileVersion: 1.62.0.140
mbamcore.dll File Size: 1089608 BYTES FileVersion: 1.62.0.0
mbamext.dll File Size: 80968 BYTES FileVersion: 1.61.0.0
mbamgui.exe File Size: 766536 BYTES FileVersion: 1.65.0.0
mbamnet.dll File Size: 2168392 BYTES FileVersion: 1.62.0.0
mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0
mbamscheduler.exe File Size: 399432 BYTES FileVersion: 1.65.0.0
mbamservice.exe File Size: 676936 BYTES FileVersion: 1.65.0.0
ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3
unins000.dat File Size: 14735 BYTES
unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0
unins000.msg File Size: 10550 BYTES
vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon
chameleon.chm File Size: 186068 BYTES
firefox.com File Size: 218696 BYTES
firefox.exe File Size: 218696 BYTES
firefox.pif File Size: 218696 BYTES
firefox.scr File Size: 218696 BYTES
iexplore.exe File Size: 218696 BYTES
mbam-chameleon.com File Size: 218696 BYTES
mbam-chameleon.exe File Size: 218696 BYTES
mbam-chameleon.pif File Size: 218696 BYTES
mbam-chameleon.scr File Size: 218696 BYTES
mbam-killer.exe File Size: 896072 BYTES
rundll32.exe File Size: 218696 BYTES
svchost.exe File Size: 218696 BYTES
winlogon.exe File Size: 218696 BYTES
C:\Program Files\Malwarebytes' Anti-Malware\Languages
arabic.lng File Size: 21110 BYTES
belarusian.lng File Size: 26026 BYTES
bosnian.lng File Size: 26236 BYTES
bulgarian.lng File Size: 26678 BYTES
catalan.lng File Size: 27226 BYTES
chineseSI.lng File Size: 10642 BYTES
chineseTR.lng File Size: 11588 BYTES
croatian.lng File Size: 25844 BYTES
czech.lng File Size: 23894 BYTES
danish.lng File Size: 25750 BYTES
dutch.lng File Size: 27282 BYTES
english.lng File Size: 23742 BYTES
estonian.lng File Size: 24112 BYTES
finnish.lng File Size: 24990 BYTES
french.lng File Size: 28790 BYTES
german.lng File Size: 28870 BYTES
greek.lng File Size: 28316 BYTES
hebrew.lng File Size: 18714 BYTES
hungarian.lng File Size: 27548 BYTES
italian.lng File Size: 27186 BYTES
japanese.lng File Size: 15814 BYTES
korean.lng File Size: 13710 BYTES
latvian.lng File Size: 26208 BYTES
lithuanian.lng File Size: 26920 BYTES
macedonian.lng File Size: 27830 BYTES
norwegian.lng File Size: 24216 BYTES
polish.lng File Size: 25726 BYTES
portugueseBR.lng File Size: 27720 BYTES
portuguesePT.lng File Size: 28056 BYTES
romanian.lng File Size: 27308 BYTES
russian.lng File Size: 26352 BYTES
serbian.lng File Size: 25970 BYTES
slovak.lng File Size: 24752 BYTES
slovenian.lng File Size: 23998 BYTES
spanish.lng File Size: 29010 BYTES
swedish.lng File Size: 25132 BYTES
thai.lng File Size: 25190 BYTES
turkish.lng File Size: 25046 BYTES
vietnamese.lng File Size: 28574 BYTES
C:\Users\-044\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware
C:\Users\-044\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
mbam-log-2012-04-07 (17-23-03).txt File Size: 6526 BYTES
mbam-log-2012-04-07 (17-27-41).txt File Size: 1912 BYTES
mbam-log-2012-04-07 (19-46-51).txt File Size: 3638 BYTES
mbam-log-2012-04-07 (20-36-58).txt File Size: 1930 BYTES
mbam-log-2012-04-07 (21-39-06).txt File Size: 2088 BYTES
mbam-log-2012-04-08 (03-32-56).txt File Size: 1880 BYTES
mbam-log-2012-04-08 (15-51-19).txt File Size: 1930 BYTES
mbam-log-2012-05-09 (02-45-20).txt File Size: 3138 BYTES
mbam-log-2012-05-09 (02-57-35).txt File Size: 1906 BYTES
mbam-log-2012-05-09 (03-00-46).txt File Size: 1912 BYTES
mbam-log-2012-05-09 (03-04-45).txt File Size: 2124 BYTES
mbam-log-2012-05-10 (05-43-51).txt File Size: 1916 BYTES
mbam-log-2012-05-15 (23-41-50).txt File Size: 1916 BYTES
mbam-log-2012-05-23 (02-52-22).txt File Size: 1916 BYTES
mbam-log-2012-06-06 (01-11-38).txt File Size: 1912 BYTES
mbam-log-2012-06-06 (01-47-32).txt File Size: 1886 BYTES
mbam-log-2012-07-04 (06-13-55).txt File Size: 1888 BYTES
mbam-log-2012-07-17 (02-56-24).txt File Size: 2326 BYTES
mbam-log-2012-07-18 (02-10-21).txt File Size: 3504 BYTES
mbam-log-2012-07-18 (03-45-26).txt File Size: 2890 BYTES
mbam-log-2012-07-27 (03-57-32).txt File Size: 1896 BYTES
mbam-log-2012-07-27 (04-02-51).txt File Size: 1888 BYTES
mbam-log-2012-08-06 (22-32-14).txt File Size: 5054 BYTES
mbam-log-2012-08-07 (00-21-54).txt File Size: 1896 BYTES
mbam-log-2012-08-10 (23-43-49).txt File Size: 1886 BYTES
mbam-log-2012-08-13 (17-41-28).txt File Size: 5530 BYTES
mbam-log-2012-10-01 (05-14-43).txt File Size: 1852 BYTES
mbam-log-2012-10-01 (05-20-02).txt File Size: 1866 BYTES
mbam-log-2012-10-01 (13-50-45).txt File Size: 1960 BYTES
mbam-log-2012-10-01 (14-30-59).txt File Size: 1910 BYTES
C:\Users\-044\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
0100615881.data File Size: 717 BYTES
0100615881.quar File Size: 110592 BYTES
0224797646.quar File Size: 1632 BYTES
0449001931.data File Size: 718 BYTES
0449001931.quar File Size: 112510 BYTES
0700599321.data File Size: 901 BYTES
0894461481.data File Size: 757 BYTES
0894461481.quar File Size: 425984 BYTES
1006950210.data File Size: 744 BYTES
1006950210.quar File Size: 92160 BYTES
1982736677.data File Size: 751 BYTES
1982736677.quar File Size: 232960 BYTES
2166867946.data File Size: 744 BYTES
2166867946.quar File Size: 13312 BYTES
2743625212.quar File Size: 12288 BYTES
2823553920.data File Size: 744 BYTES
2823553920.quar File Size: 976896 BYTES
2875884552.data File Size: 744 BYTES
2875884552.quar File Size: 13312 BYTES
3135172479.quar File Size: 12288 BYTES
3982599681.quar File Size: 81997 BYTES
4017753341.quar File Size: 232960 BYTES
4198874260.data File Size: 744 BYTES
4198874260.quar File Size: 92160 BYTES
4242636344.data File Size: 744 BYTES
4242636344.quar File Size: 1632 BYTES
4394767900.quar File Size: 232960 BYTES
4555523155.data File Size: 732 BYTES
4555523155.quar File Size: 29184 BYTES
4634983034.data File Size: 732 BYTES
4634983034.quar File Size: 29184 BYTES
4837858974.data File Size: 744 BYTES
4837858974.quar File Size: 2048 BYTES
4925565913.quar File Size: 2048 BYTES
4959196714.data File Size: 717 BYTES
4959196714.quar File Size: 109568 BYTES
5135498801.quar File Size: 1024 BYTES
5301491030.data File Size: 896 BYTES
5479017513.data File Size: 751 BYTES
5479017513.quar File Size: 232960 BYTES
6186290457.data File Size: 744 BYTES
6186290457.quar File Size: 2048 BYTES
6270969231.data File Size: 717 BYTES
6270969231.quar File Size: 109568 BYTES
6358359539.data File Size: 888 BYTES
6727794263.data File Size: 718 BYTES
6727794263.quar File Size: 246657 BYTES
7407348187.data File Size: 744 BYTES
7407348187.quar File Size: 1632 BYTES
9438724392.quar File Size: 2048 BYTES
9515848034.quar File Size: 1632 BYTES
9688070405.quar File Size: 494 BYTES
9894170132.data File Size: 719 BYTES
9894170132.quar File Size: 246208 BYTES
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware
mbam-setup.exe File Size: 10524080 BYTES FileVersion: 1.65.0.1400
rules.ref File Size: 7214644 BYTES
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration
build.conf File Size: 140 BYTES
config.conf File Size: 3276 BYTES
custom.conf File Size: 20 BYTES
database.conf File Size: 432 BYTES
local.conf File Size: 1039 BYTES
manifest.conf File Size: 545 BYTES
messaging.conf File Size: 20 BYTES
news.conf File Size: 405 BYTES
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs
protection-log-2012-04-07.txt File Size: 2158 BYTES
protection-log-2012-04-08.txt File Size: 5984 BYTES
protection-log-2012-05-09.txt File Size: 664 BYTES
protection-log-2012-05-11.txt File Size: 486 BYTES
protection-log-2012-05-15.txt File Size: 972 BYTES
protection-log-2012-05-16.txt File Size: 1458 BYTES
protection-log-2012-05-18.txt File Size: 794 BYTES
protection-log-2012-05-23.txt File Size: 626 BYTES
protection-log-2012-05-25.txt File Size: 794 BYTES
protection-log-2012-05-26.txt File Size: 794 BYTES
protection-log-2012-05-29.txt File Size: 794 BYTES
protection-log-2012-05-30.txt File Size: 1458 BYTES
protection-log-2012-05-31.txt File Size: 794 BYTES
protection-log-2012-06-01.txt File Size: 794 BYTES
protection-log-2012-06-02.txt File Size: 794 BYTES
protection-log-2012-06-04.txt File Size: 664 BYTES
protection-log-2012-06-05.txt File Size: 664 BYTES
protection-log-2012-06-06.txt File Size: 308 BYTES
protection-log-2012-06-13.txt File Size: 664 BYTES
protection-log-2012-06-14.txt File Size: 3094 BYTES
protection-log-2012-06-18.txt File Size: 794 BYTES
protection-log-2012-06-19.txt File Size: 794 BYTES
protection-log-2012-06-20.txt File Size: 664 BYTES
protection-log-2012-06-26.txt File Size: 308 BYTES
protection-log-2012-07-04.txt File Size: 1102 BYTES
protection-log-2012-07-06.txt File Size: 664 BYTES
protection-log-2012-07-07.txt File Size: 794 BYTES
protection-log-2012-07-10.txt File Size: 664 BYTES
protection-log-2012-07-11.txt File Size: 664 BYTES
protection-log-2012-07-12.txt File Size: 1040 BYTES
protection-log-2012-07-17.txt File Size: 2074 BYTES
protection-log-2012-07-18.txt File Size: 5918 BYTES
protection-log-2012-07-27.txt File Size: 1636 BYTES
protection-log-2012-08-04.txt File Size: 238 BYTES
protection-log-2012-08-06.txt File Size: 5468 BYTES
protection-log-2012-08-08.txt File Size: 1032 BYTES
protection-log-2012-08-09.txt File Size: 972 BYTES
protection-log-2012-08-13.txt File Size: 6714 BYTES
protection-log-2012-08-18.txt File Size: 2064 BYTES
protection-log-2012-08-22.txt File Size: 1032 BYTES
protection-log-2012-08-24.txt File Size: 1032 BYTES
protection-log-2012-08-27.txt File Size: 1032 BYTES
protection-log-2012-09-05.txt File Size: 1032 BYTES
protection-log-2012-09-12.txt File Size: 1032 BYTES
protection-log-2012-09-14.txt File Size: 1032 BYTES
protection-log-2012-09-15.txt File Size: 3096 BYTES
protection-log-2012-09-26.txt File Size: 1032 BYTES
protection-log-2012-09-28.txt File Size: 1032 BYTES
protection-log-2012-10-01.txt File Size: 15556 BYTES
protection-log-2012-10-14.txt File Size: 442 BYTES
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
===============================================================
END OF FILEdds:
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Admin at 14:42:52 on 2012-10-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2012.1039 [GMT -3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\HPSIsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\-044\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN8R6BJC\dds.scr
C:\Users\-044\AppData\Local\Temp\nsj5053.tmp\ns585F.tmp
C:\Windows\system32\conhost.exe
C:\Users\-044\AppData\Local\Temp\nsj5053.tmp\PEV.DAT
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6C2CD458-6F3C-4989-A5BF-8B1AA93829A5} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 wvauth
LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-11-8 99896]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-1 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-1 676936]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2011-3-11 273448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-1 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-10-1 40776]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-11-8 17408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-7 116648]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-3-11 168232]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-3-11 504360]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-11 33832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-7 116648]
S3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-8-13 27424]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 99272]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-3-31 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-2 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-10-14 05:09:27 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-14 05:08:59 400896 ----a-w- c:\windows\system32\srcore.dll
2012-10-14 05:08:58 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-14 05:08:57 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{846813d4-0049-4b70-a0ef-cca35b948e68}\mpengine.dll
2012-10-14 05:08:57 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-10-14 05:08:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-14 05:06:48 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-10-14 05:01:28 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-10-14 05:01:27 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-10-09 09:26:08 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-02 07:22:30 -------- d-----w- c:\users\-044\appdata\local\Autobahn
2012-10-01 18:36:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-01 17:44:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-01 17:44:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-23 08:13:45 -------- d-----w- c:\users\-044\appdata\roaming\WinRAR
2012-09-17 05:10:04 -------- d-----w- c:\users\-044\appdata\roaming\Clicky Gone
2012-09-15 09:16:31 -------- d-----w- c:\users\-044\appdata\local\{CF1BA1A3-5F17-4429-B20C-712F5DF8FB85}
2012-09-15 09:05:43 1066368 ----a-w- c:\programdata\microsoft\wdexpress\11.0\1033\ResourceCache.dll
2012-09-15 08:18:47 -------- d-----w- c:\programdata\Package Cache
2012-09-09 06:17:22 -------- d-----w- c:\users\-044\appdata\roaming\TeamViewer
.
==================== Find3M ====================
.
2012-10-09 06:30:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 06:30:07 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 02:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-13 21:59:16 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-09 04:40:10 864208 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2012-07-09 04:40:10 501712 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2012-07-09 04:40:10 28616 ----a-w- c:\windows\system32\aspnet_counters.dll
2012-07-09 04:40:10 17840 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
.
============= FINISH: 14:45:26.13 ===============attach:
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 08/22/2011 6:20:31 PM
System Uptime: 10/13/2012 2:32:41 PM (106 hours ago)
.
Motherboard: Dell Inc.
Processor: Intel(R) Core(TM)2 Duo CPU
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 500 GiB total, 50.516 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP168: 3/11/2011 2:11:22 AM - Broadcom BTW Restore Point
RP166: 9/27/2012 2:13:20 AM - Scheduled Checkpoint
RP169: 10/4/2012 3:33:13 AM - Scheduled Checkpoint
RP170: 10/11/2012 7:04:59 AM - Scheduled Checkpoint
RP171: 10/14/2012 1:01:07 AM - Windows Update
RP172: 10/14/2012 1:10:48 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Rewards Client Installer
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
CameraHelperMsi
CCleaner
CrossLoop 2.20
Custom
CyberLink PowerDVD 9.5
D3DX10
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
DellAccess
DirectX 9 Runtime
EMBASSY Security Center
erLT
Gemalto
Google Chrome
Google Update Helper
HP LaserJet Professional P1100-P1560-P1600 Series
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 32
Junk Mail filter update
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTRU TCG Software Stack
Octoshape add-in for Adobe Flash Player
PC-CCID
PhotoShowExpress
Preboot Manager
Private Information Manager
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Sonic CinePlayer Decoder Pack
SPBA 5.9
Trusted Drive Manager
Update for (KB2504637)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Wave Infrastructure Installer
Wave Support Software Installer
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
9/30/2012 12:24:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/30/2012 12:24:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/30/2012 1:55:26 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/29/2012 3:34:26 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
9/29/2012 12:24:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/29/2012 12:24:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/28/2012 5:08:45 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user -044-PC\-044 SID (S-1-5-21-3879614731-2364777733-1311164118-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/28/2012 4:52:12 AM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it.
9/27/2012 4:20:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.142.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/26/2012 5:56:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.142.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/26/2012 5:56:25 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.142.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/26/2012 4:20:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.142.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/26/2012 4:10:41 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/26/2012 4:10:41 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
9/26/2012 4:09:22 PM, Error: Service Control Manager [7031] - The TeamViewer 7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.
9/25/2012 5:56:28 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.142.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/25/2012 5:56:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.142.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/24/2012 5:55:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.142.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/24/2012 5:55:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.142.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/9/2012 5:25:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/9/2012 5:25:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/8/2012 7:32:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/8/2012 7:32:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/8/2012 5:25:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/8/2012 5:25:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/7/2012 5:25:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/7/2012 5:25:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/7/2012 4:19:01 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/7/2012 4:19:01 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/6/2012 5:24:39 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/6/2012 5:24:39 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/5/2012 5:24:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/5/2012 5:24:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/4/2012 5:24:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/4/2012 5:24:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.967.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/3/2012 5:24:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/3/2012 5:24:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/2/2012 5:24:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/2/2012 5:24:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/14/2012 12:29:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1371.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/14/2012 12:29:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1371.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/14/2012 12:03:04 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
10/14/2012 12:03:04 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
10/14/2012 1:17:40 AM, Error: Service Control Manager [7003] - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.
10/13/2012 4:38:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1371.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/13/2012 4:38:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1371.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/12/2012 4:38:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1371.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/12/2012 4:38:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1371.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/11/2012 4:39:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1371.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/11/2012 4:39:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1371.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/10/2012 4:38:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1371.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/10/2012 4:38:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1371.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/1/2012 5:24:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/1/2012 5:24:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/1/2012 5:07:39 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/1/2012 5:07:39 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/1/2012 5:03:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/1/2012 5:03:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/1/2012 5:03:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/1/2012 4:54:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/1/2012 4:54:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/1/2012 2:33:02 PM, Error: Service Control Manager [7023] - The Slabbus service terminated with the following error: The specified module could not be found.
10/1/2012 2:33:02 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/1/2012 2:33:02 PM, Error: Service Control Manager [7000] - The TeamViewer 7 service failed to start due to the following error: The system cannot find the file specified.
10/1/2012 2:33:00 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/1/2012 2:32:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/1/2012 2:32:56 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
10/1/2012 12:23:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/1/2012 12:23:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.596.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
.
==== End Of File =========================== -
I have a re-occuring virus that one of my co-workers put on my computer a few months back and it keeps coming back after a certain period of time. It leaves traces as well (e.g disabling windows update, not allowing windows firewall, disable defender update, deleting system restore points, etc) which I have been able to fix (except for enabling MBAM malicious website blocker and system restore points) for the most part, but have it is still on the computer and I have not been able to remove it.
Most recently, Windows Defender found this virus called Trojan:Win32/Sirefef!cfg (http://www.microsoft...atid=2147654414) a few days ago which I assume is the same old virus.
Any help? I have attached a log file.
-
Not sure why it wont let me enable it
. I can enable file system protection but not suspicious website blocking.I attached all the files like I saw in other threads.
Thanks for all the support guys!
so I have to try to clean up. I attached the log files. Thank you so much for helping, I owe you guys big time!
Re-occuring Virus! Refuses to go away!
in Resolved Malware Removal Logs
Posted
I also noticed that there are a bunch of services missing/not running such as Base Filtering Engine (BFE) which is not even in the list.