RobertSchlein

Members

View Profile See their activity

Posts
2
Joined
November 20, 2012
Last visited
November 21, 2012

Reputation

0 Neutral

Shell_notification failed

RobertSchlein replied to RobertSchlein's topic in Malwarebytes for Windows Support Forum

I'm having trouble finding a phone number contact. Can someone call me? ~number removed~
- November 21, 2012
- 3 replies
Shell_notification failed

RobertSchlein posted a topic in Malwarebytes for Windows Support Forum

I am getting the same error. Additionally, one of my applications I use daily won't close after I use it a moment. I have read other forums about similar codes and have some reports. mbam-check result log version: 1.10.0.1000 Malwarebytes Version: REG_SZ 1.65.1.1000 Date Log Created: 11/20/12 Time Log Created: 12:26:25 32 bit Operating System Product Name: REG_SZ Microsoft Windows XP Current Build Number: 2600 Current Version Number: 5.1 Current CSDVersion: Service Pack 3 OS Product Info: Home Edition Proxy Status: No proxy is Set Proxy Override: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyOverride REG_SZ *.local LAN Settings: ============= No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 4 (The service is running.) (State is stopped) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 3 (Manual Startup) Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Documents and Settings\Rob Schlein\Local Settings\Application Data\Google\Chrome\Application\chrome.exeREG_SZ EnableNXShowUI C:\Program Files\Internet Explorer\iexplore.exeREG_SZ EnableNXShowUI HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\XX\XX.BAT REG_SZ WIN95 C:\XX\CUSTOM030.BAT REG_SZ WIN95 C:\Program Files\R&R Report Writer\rrw.exeREG_SZ WIN98 C:\TEMP\MENU.EXE REG_SZ WIN95 C:\Documents and Settings\Rob Schlein\Desktop\Rnav2003.exeREG_SZ WIN98 C:\MENU.BAT REG_SZ WIN98 DISABLECICERO C:\Documents and Settings\Rob Schlein\Desktop\MENU.BAT.pifREG_SZ WIN95 C:\MENU\MENU.EXE REG_SZ WIN95 DISABLETHEMES Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked MBAM Startup Entries: ===================== Service and Driver Status: ========================== MBAMProtector: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMService: ============== Type : 16 State : 4 (The service is running.) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr DependOnGroup REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum 0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" DependOnService REG_MULTI_SZ MBAMProtector DependOnGroup REG_DWORD 0 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Enum 0 REG_SZ Root\LEGACY_MBAMSERVICE\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAM DLL's and Runtime Files: ============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid (Default): REG_SZ vbAccelerator Grid Control HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid (Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid (Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid (Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid (Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ ISubclass HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ CTimer HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ vbalGrid HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 MBAM Registry Settings and License Info: ======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malware Affiliate REG_SZ https://store.malwarebytes.org/342/?scope=checkout&cart=29945 dbversion REG_SZ v2012.11.20.03 programversion REG_SZ 1.65.1.1000 dbdate REG_SZ Tue, 20 Nov 2012 15:17:35 GMT hidereg REG_DWORD 0 startipdisabled REG_DWORD 0 useproxy REG_DWORD 0 useauthentication REG_DWORD 0 downloadprogram REG_DWORD 1 advancedheuristics REG_DWORD 1 scanreboot REG_DWORD 1 detectp2p REG_DWORD 0 detectpum REG_DWORD 1 detectpup REG_DWORD 2 updatewarn REG_DWORD 1 updatewarndays REG_DWORD 7 notifyinstallprogram REG_DWORD 1 trialended REG_DWORD 0 SchedulerQueue REG_MULTI_SZ 6148, 30175178, 103391312, 1, 23 | 30262936, 1967437424 ID XXXXX-XXXXX This is hidden data. Key XXXX-XXXX-XXXX-XXXX This is hidden data. contextmenu REG_DWORD 1 reportthreats REG_DWORD 1 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 1 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware\UUID There is data here but it is hidden. HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware (Trial) TrialId There is data here but it is hidden. HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware language REG_SZ english.lng selectedrives REG_SZ C:\| terminateie REG_DWORD 0 autosavelog REG_DWORD 1 openlog REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 defaultscan REG_DWORD 0 alwaysscanstartups REG_DWORD 1 HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 contextmenu REG_DWORD 1 defaultscan REG_DWORD 0 reportthreats REG_DWORD 1 terminateie REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 0 HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 contextmenu REG_DWORD 1 defaultscan REG_DWORD 0 reportthreats REG_DWORD 1 terminateie REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1 Inno Setup: Setup Version REG_SZ 5.4.3 (a) Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware InstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware Inno Setup: User REG_SZ Rob Schlein Inno Setup: Selected Tasks REG_SZ desktopicon,quicklaunchicon Inno Setup: Deselected Tasks REG_DWORD 0 Inno Setup: Language REG_SZ English DisplayName REG_SZ Malwarebytes Anti-Malware version 1.65.1.1000 DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe UninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT DisplayVersion REG_SZ 1.65.1.1000 Publisher REG_SZ Malwarebytes Corporation URLInfoAbout REG_SZ http://www.malwarebytes.org NoModify REG_DWORD 1 NoRepair REG_DWORD 1 InstallDate REG_SZ 20121109 MajorVersion REG_DWORD 1 MinorVersion REG_DWORD 65 Scheduler Queue: ================ Scheduled Item: Update Schedule Options: | Daily | Random Start Time: 2011-09-10 14:57 Repeating Every: 1 Recover if missed by: 23 Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ MBAM Drivers: ============= C:\WINDOWS\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0 Required Dependencies: ====================== fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr Description REG_SZ File System Filter Manager Driver DisplayName REG_SZ FltMgr ErrorControl REG_DWORD 1 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Start REG_DWORD 0 Type REG_DWORD 2 Tag REG_DWORD 1 AttachWhenLoaded REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512 C:\WINDOWS\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5 C:\WINDOWS\system32\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34 C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512 List of MBAM Related Directories: ================================= C:\Program Files\Malwarebytes' Anti-Malware changes.rtf File Size: 785 BYTES changes.txt File Size: 576 BYTES license.txt File Size: 11141 BYTES mbam.chm File Size: 582708 BYTES mbam.dll File Size: 499784 BYTES FileVersion: 1.65.0.0 mbam.exe File Size: 981656 BYTES FileVersion: 1.62.0.140 mbamcore.dll File Size: 1089608 BYTES FileVersion: 1.62.0.0 mbamext.dll File Size: 80968 BYTES FileVersion: 1.61.0.0 mbamgui.exe File Size: 766536 BYTES FileVersion: 1.65.0.0 mbamnet.dll File Size: 2168904 BYTES FileVersion: 1.62.0.0 mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0 mbamscheduler.exe File Size: 399432 BYTES FileVersion: 1.65.0.0 mbamservice.exe File Size: 676936 BYTES FileVersion: 1.65.0.0 ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3 unins000.dat File Size: 97693 BYTES unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0 unins000.msg File Size: 10550 BYTES vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40 zlib.dll File Size: 79696 BYTES FileVersion: 1.2.3.0 C:\Program Files\Malwarebytes' Anti-Malware\Chameleon chameleon.chm File Size: 186068 BYTES firefox.com File Size: 218184 BYTES firefox.exe File Size: 218184 BYTES firefox.pif File Size: 218184 BYTES firefox.scr File Size: 218184 BYTES iexplore.exe File Size: 218184 BYTES mbam-chameleon.com File Size: 218184 BYTES mbam-chameleon.exe File Size: 218184 BYTES mbam-chameleon.pif File Size: 218184 BYTES mbam-chameleon.scr File Size: 218184 BYTES mbam-killer.exe File Size: 984648 BYTES FileVersion: 1.60.0.47 rundll32.exe File Size: 218184 BYTES svchost.exe File Size: 218184 BYTES winlogon.exe File Size: 218184 BYTES C:\Program Files\Malwarebytes' Anti-Malware\Languages arabic.lng File Size: 21110 BYTES belarusian.lng File Size: 26026 BYTES bosnian.lng File Size: 26236 BYTES bulgarian.lng File Size: 26678 BYTES catalan.lng File Size: 27226 BYTES chineseSI.lng File Size: 10642 BYTES chineseTR.lng File Size: 11588 BYTES croatian.lng File Size: 25844 BYTES czech.lng File Size: 23894 BYTES danish.lng File Size: 25750 BYTES dutch.lng File Size: 27282 BYTES english.lng File Size: 23742 BYTES estonian.lng File Size: 24112 BYTES finnish.lng File Size: 24990 BYTES french.lng File Size: 28790 BYTES german.lng File Size: 28870 BYTES greek.lng File Size: 28316 BYTES hebrew.lng File Size: 18714 BYTES hungarian.lng File Size: 27548 BYTES italian.lng File Size: 27186 BYTES japanese.lng File Size: 15814 BYTES korean.lng File Size: 13710 BYTES latvian.lng File Size: 26208 BYTES lithuanian.lng File Size: 26920 BYTES macedonian.lng File Size: 27830 BYTES norwegian.lng File Size: 24216 BYTES polish.lng File Size: 25726 BYTES portugueseBR.lng File Size: 27720 BYTES portuguesePT.lng File Size: 28056 BYTES romanian.lng File Size: 27308 BYTES russian.lng File Size: 26352 BYTES serbian.lng File Size: 25970 BYTES slovak.lng File Size: 24752 BYTES slovenian.lng File Size: 23998 BYTES spanish.lng File Size: 29010 BYTES swedish.lng File Size: 25132 BYTES thai.lng File Size: 25190 BYTES turkish.lng File Size: 25046 BYTES vietnamese.lng File Size: 28574 BYTES C:\Documents and Settings\Rob Schlein\Application Data\Malwarebytes\Malwarebytes' Anti-Malware C:\Documents and Settings\Rob Schlein\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs mbam-log-2010-10-04 (12-02-15).txt File Size: 1746 BYTES mbam-log-2010-10-05 (11-13-43).txt File Size: 896 BYTES mbam-log-2010-10-05 (12-41-20).txt File Size: 912 BYTES mbam-log-2010-10-07 (17-11-08).txt File Size: 894 BYTES mbam-log-2011-04-16 (15-57-38).txt File Size: 895 BYTES mbam-log-2011-09-10 (17-42-48).txt File Size: 902 BYTES mbam-log-2011-11-29 (15-46-10).txt File Size: 902 BYTES mbam-log-2012-11-20 (11-21-55).txt File Size: 1946 BYTES C:\Documents and Settings\Rob Schlein\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine =============================================================== END OF FILE DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2 Run by Rob Schlein at 12:28:09 on 2012-11-20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3061.1968 [GMT -6:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\WebDrive\wdService.exe C:\WINDOWS\System32\WFXSVC.EXE C:\Program Files\WinFax\WFXMOD32.EXE C:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\FaxTalk Trial\FTmsgsvc.exe C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe C:\WINDOWS\system32\NWTRAY.EXE C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k eapsvcs C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k dot3svc C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bigtalldirect.com uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language} mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://home.peoplepc.com/search dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: Yahoo! Companion BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\common\ycomp5_1_6_0.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Solid Converter PDF: {259F616C-A300-44F5-B04A-ED001A26C85C} - c:\program files\soliddocuments\solidconverterpdf\scpdf\ExploreExtPDF.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file> BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: IeCaptureBho Object: {7c1ce531-09e9-4fc5-9803-1c2956615786} - LocalServer32 - <no file> BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll BHO: Viewpoint Toolbar BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - LocalServer32 - <no file> BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: &Google Notebook: {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - c:\program files\google\google notebook\gnotes1.0.2.19-1365465124.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\23.0.1271.64\npchrome_frame.dll TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\RoboForm.dll TB: &Yahoo! Companion: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\common\ycomp5_1_6_0.dll TB: Copernic Agent: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - c:\program files\copernic agent\CopernicAgentExt.dll TB: Google Notebook: {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - c:\program files\google\google notebook\gnotes1.0.2.19-1365465124.dll TB: Ask Toolbar: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\askbardis\bar\bin\askBar.dll TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll TB: &Yahoo! Companion: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\common\ycomp5_1_6_0.dll TB: Copernic Agent: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - c:\program files\copernic agent\CopernicAgentExt.dll TB: Solid Converter PDF: {259F616C-A300-44F5-B04A-ED001A26C85C} - c:\program files\soliddocuments\solidconverterpdf\scpdf\ExploreExtPDF.dll TB: Google Notebook: {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - c:\program files\google\google notebook\gnotes1.0.2.19-1365465124.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned> EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0411.dll EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0411.dll EB: Copernic Agent Results: {6F480F82-C3A6-4D35-96F7-B297AD49FBE8} - c:\program files\copernic agent\CopernicAgentExt.dll EB: Google Notebook: {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - c:\program files\google\google notebook\gnotes1.0.2.19-1365465124.dll EB: Copernic Agent: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - c:\program files\copernic agent\CopernicAgentExt.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [backup4all 3] "c:\program files\softland\backup4all 3\Backup4all.exe" /s uRun: [Google Update] "c:\documents and settings\rob schlein\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [WebDriveTray] c:\program files\webdrive\webdrive.exe /trayicon uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" mRun: [NWTRAY] NWTRAY.EXE mRun: [AdaptecDirectCD] c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe mRun: [pdfFactory Pro Dispatcher v1] c:\windows\system32\spool\drivers\w32x86\2\fppdis1.exe mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [pdfFactory Dispatcher v2] "c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe" /source=HKLM mRun: [sDVirtualPrinterAgent] c:\progra~1\sdapps\print-~1\SDVPAGENT.EXE mRun: [FinePrint Dispatcher v5] "c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe" /source=HKLM mRun: [WinFaxAppPortStarter] wfxsnt40.exe mRun: [WFXSwtch] c:\progra~1\winfax\WFXSWTCH.exe mRun: [PeachtreePrefetcher.exe] c:\program files\sage software\peachtree8\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [FaxTalk FaxCenter Pro 8] "c:\program files\faxtalk trial\FTClCtrl.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" StartupFolder: c:\docume~1\robsch~1\startm~1\programs\startup\dosprn.lnk - c:\program files\dosprn\DOSprn.exe StartupFolder: c:\docume~1\robsch~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: CompatibleRUPSecurity = dword:1 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Note this (Google Notebook) - c:\program files\google\google notebook\gnotes1.0.2.19-1365465124.dll/gn_menu1.html IE: Note this item (Google Notebook) - c:\program files\google\google notebook\gnotes1.0.2.19-1365465124.dll/gn_menu2.html IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT IE: Yahoo! Dictionary - /c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! Search - /c:\program files\yahoo!\Common/ycsrch.htm IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~2\COPERN~1.EXE IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - <orphaned> IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboForm.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboForm.dll IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0411.dll IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~2\COPERN~1.EXE IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: symsupportutil - hxxps://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} - hxxps://www.refurbdepot.com/CFIDE/classes/CFJava.cab DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - hxxp://down.plaxo.com/down/release/PlaxoInstall.cab DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} - hxxp://download.mcafee.com/molbin/Shared/MGBrwFld.cab DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - hxxps://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0309.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxps://www.webiqonline.com/WebIQ/bin/WebIQ.cab DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/22339e56b57531774405/netzip/RdxIE601.cab DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} - hxxp://216.249.24.141/code/PWActiveXImgCtl.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} - hxxp://cs7b.instantservice.com/jars/customerxsigned35.cab DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://rtc.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB DPF: {960B6AEC-118A-4745-A070-819025E17534} - hxxps://www.novastor.com/olbs/webrestore/wbr.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37538.6022106481 DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - hxxps://secure.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_01-win.cab DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/activedata/SymAData.dll DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} - hxxp://acs.pandasoftware.com/activescanpro/as5/asproinst.cab DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab DPF: {E2B7DB22-38C5-11D5-91F6-00104BDB8FF9} - hxxp://www.eprintdriver.com/demos/cabs/LMVRGBxf.cab DPF: {E2B7DB7E-38C5-11D5-91F6-00104BDB8FF9} - hxxp://www.eprintdriver.com/demos/cabs/LCodcScr.cab DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=1827532856 TCP: NameServer = 10.0.0.1 TCP: Interfaces\{5547D208-8BE8-41E4-9A4B-6E29702E1C18} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{BF29A8FF-A9F5-4A7D-9F9A-58DBFA384539} : DHCPNameServer = 10.0.0.1 Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\program files\copernic agent\CopernicAgentExt.dll Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\program files\copernic agent\CopernicAgentExt.dll Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\23.0.1271.64\npchrome_frame.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\stardock\fences\FencesMenu.dll SEH: WinFax PRO IShellExecuteHook - {A213B520-C6C2-11d0-AF9D-008029E1027E} - c:\program files\winfax\WFXSEH32.DLL LSA: Authentication Packages = msv1_0 nwv1_0 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\rob schlein\application data\mozilla\firefox\profiles\v7plfz3v.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1423464&SearchSource=3&q= FF - prefs.js: browser.startup.homepage - hxxp://www.bigtalldirect.com/index_1024.htm FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\rob schlein\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\rob schlein\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\rob schlein\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\rob schlein\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.93\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbrowster.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\nitro pdf\reader\npdf.dll FF - plugin: c:\program files\nitro pdf\reader\npnitroie.dll FF - plugin: c:\program files\nitro pdf\reader\npnitromozilla.dll FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\opera\program\plugins\npdrmv2.dll FF - plugin: c:\program files\picasa2\npPicasa3.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\npwmsdrm.dll FF - ExtSQL: 2012-10-15 10:38; artur.dubovoy@gmail.com; c:\documents and settings\rob schlein\application data\mozilla\firefox\profiles\v7plfz3v.default\extensions\artur.dubovoy@gmail.com.xpi FF - ExtSQL: 2012-10-15 11:01; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\documents and settings\rob schlein\application data\mozilla\firefox\profiles\v7plfz3v.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} FF - ExtSQL: 2012-11-01 13:54; clpics@eternicode.com; c:\documents and settings\rob schlein\application data\mozilla\firefox\profiles\v7plfz3v.default\extensions\clpics@eternicode.com.xpi FF - ExtSQL: 2012-11-01 13:56; craigslistfusion@craigslistfusion.com; c:\documents and settings\rob schlein\application data\mozilla\firefox\profiles\v7plfz3v.default\extensions\craigslistfusion@craigslistfusion.com.xpi . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-31 28544] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-6 729752] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-6 355632] R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files\abbyy pdf transformer 3.0\NetworkLicenseServer.exe [2009-4-27 759048] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-6 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-6 44808] R2 FaxTalk FaxCenter Pro 8;FaxTalk FaxCenter Pro 8;c:\program files\faxtalk trial\FTmsgsvc.exe [2012-9-11 33368] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374704] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-5-30 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-5-30 47640] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-9 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-4 676936] R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService2.exe [2012-8-22 184848] R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2008-6-6 435496] R2 ReplicaSysMon;Seagate Replica System Monitor;c:\program files\seagate replica\bin\ReplicaSysMon.exe [2011-3-28 416208] R2 Seagate-Replica-Svc;Seagate Replica Service;c:\program files\seagate replica\bin\Seagate-Replica-Svc.exe [2011-3-28 1947600] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2004-2-4 585728] R2 WebDriveFSD;WebDrive Filesystem Driver;c:\program files\webdrive\wdfsd.sys [2011-4-21 147416] R2 WinDriver;WinDriver;c:\windows\system32\drivers\windrvr.sys [2002-10-9 205220] R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-10-1 39424] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-4 22856] S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-5-15 234888] S2 ltmodem;Hayes Modem Driver;c:\windows\system32\ltmodem.sys [2002-10-9 727848] S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\sbserv.exe --> c:\progra~1\common~1\symant~1\script~1\SBServ.exe [?] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944] S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256] S3 bcm;Beceem Communications Inc. Tarang3;c:\windows\system32\drivers\drxvi314.sys [2010-7-4 233472] S3 bcmbusctr;Beceem Devices' Enumerator Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-7-4 54784] S3 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2004-3-10 218736] S3 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-2-4 235120] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050325.009\NAVENG.Sys [2005-3-25 73728] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050325.009\NavEx15.Sys [2005-3-25 631040] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-6-13 30336] S3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\program files\sage software\peachtree8\SmartPostingService2011.exe [2010-4-10 43848] S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-5-30 12192] S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\USBBC.sys [2002-10-9 15576] S3 Winacusb;Winacusb;c:\windows\system32\drivers\winacusb.sys --> c:\windows\system32\drivers\winacusb.sys [?] S4 AloPar;AloPar;c:\windows\system32\drivers\AloPar.sys [2002-10-9 4112] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== File Associations =============== . FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1" ShellExec: NovaBackup.exe: Open="c:\program files\novastor\novabackup\7\NovaBackup.exe" ShellExec: solidconverterpdf.exe: open="c:\program files\soliddocuments\solidconverterpdf\scpdf\solidconverterpdf.exe" ShellExec: solidconverterpdfopenwith.exe: open="c:\program files\soliddocuments\solidconverterpdf\scpdf\solidconverterpdf.exe" -i "%1" -z -w x . =============== Created Last 30 ================ . 2012-11-09 20:20:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-01 18:53:24 -------- d-----w- c:\program files\Nirodha Software . ==================== Find3M ==================== . 2012-11-09 20:20:00 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-11-09 20:19:58 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-09 20:19:58 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-09 14:48:27 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-09 14:48:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-05 18:35:18 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-11-05 18:35:17 92072 ----a-w- c:\windows\system32\LMIinit.dll 2012-11-05 18:35:17 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2012-11-05 18:35:17 31144 ----a-w- c:\windows\system32\LMIport.dll 2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-30 01:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-11 15:13:24 33368 ----a-w- c:\windows\system32\ftumn80.dll 2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-22 22:31:38 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-08-22 22:31:38 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll 2001-04-05 15:46:32 5226496 ----a-w- c:\program files\Epson Registration.exe . ============= FINISH: 12:29:32.31 =============== I have an attach.txt also, but I read that to send it upon request.
- November 20, 2012
- 3 replies

Sign In

RobertSchlein

Posts

Joined

Last visited

Reputation

Shell_notification failed

Shell_notification failed

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information