Jump to content

MDYoung

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. MDYoung
    I'm a customer at modiphius.us webstore and for the last few days Malwarebytes Browser Guard has flagged the site for trojan link at customjs.s.asaplabs.io with IP address 46.8.8.100 A customjs.s.asaplabs.io I've found in a search online connected with Shopify. I've contacted both Modiphius and Shopify support, the latter replying that everything on their end appears clean and suggesting that I contact Malwarebytes. So that's what I'm doing. Is this a false positive or something else?
  2. MDYoung
    Last night, MWB started blocking outbound connections from WRSA, my webroot av program, to the above site. Last night to sn.webrootavcloud.com and this morning to snu.webrootavcloud.com. Now it may have been because MWB is running a scan at the time webroot is calling home but I haven't had this happen previously with Malicious Website Blocked notifications, and I've been running both programs on my computer for four years now. Thanks for any help here. MDYoung
  3. MDYoung
    My apologies. I'd meant to ask you to close the case. Problem seems to have been solved. Thank you very much for your help.
  4. MDYoung
    OK, I ran MBAR last night and received a "clean" report. I did not shut down other process as I have with previous steps. If I need to rerun this, shutting other things down, let me know. I've attached the two files as indicated. Thanks for your help with this. mbar-log-2013-07-27 (21-03-05).txt system-log.txt
  5. MDYoung
    Here's what came back. RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : DandD [Admin rights] Mode : Scan -- Date : 07/27/2013 13:39:30 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST1000DM 003-9YN162 SATA Disk Device +++++ --- User --- [MBR] 1881c99c77804483d61d450d66cb9d13 [bSP] e3b874270256f5b61de19273c45b6b2c : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07272013_133930.txt >>
  6. MDYoung
    Have a niggling feeling that something slipped past Webroot and Malwarebytes. The computer has been sluggish and I keep spotting DOS boxes pop up at odd times. Haven't been able to do a screen capture since the DOS box is there and gone, so I'm not sure if they're legitimate updates or what. Anyway, here are the resultes of dds. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.25.2 Run by DandD at 10:20:40 on 2013-07-27 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5580.4182 [GMT -5:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} . ============== Running Processes =============== . C:\windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Webroot\WRSA.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\dwm.exe C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE C:\windows\system32\svchost.exe -k apphost C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe C:\windows\system32\lxeccoms.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\dashost.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\taskhostex.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\Explorer.EXE C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files\Webroot\WRSA.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: Do Not Track Me: {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [Power2GoExpress8] NA mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe mRun: [bATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe mRun: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\DandD\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\DandD\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\DandD\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\DandD\Documents\RCA Detective\RCADetective.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SETFUJ~1.LNK - C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces\{9609E145-7AD3-499F-8E0A-51A197DBCDD7} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll SSODL: WebCheck - <orphaned> x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\DandD\AppData\Roaming\Mozilla\Firefox\Profiles\err6paj2.default-1368540370859\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.refdesk.com FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\windows\System32\Drivers\amd_sata.sys [2013-3-31 80552] R0 amd_xata;amd_xata;C:\windows\System32\Drivers\amd_xata.sys [2013-3-31 26280] R0 WRkrn;WRkrn;C:\windows\System32\Drivers\WRkrn.sys [2013-4-16 114120] R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-2-19 92536] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-8 239616] R2 FFPCAutoSave;FUJIFILM PC AutoSave;C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [2013-2-28 94208] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-8-29 35232] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-2-19 2451456] R2 lxec_device;lxec_device;C:\windows\System32\lxeccoms.exe -service --> C:\windows\System32\lxeccoms.exe -service [?] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-16 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-16 701512] R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2013-4-16 742344] R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-4-16 25928] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\Drivers\netr28x.sys [2013-4-15 2482960] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\Drivers\RtsPStor.sys [2012-7-4 339600] R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-7-18 723088] R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-3-31 56448] S2 HPRegistrationSvc;HP Registration Service;C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [2012-7-18 205216] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 RDID1061;UA-4FX;C:\windows\System32\Drivers\Rdwm1061.sys [2013-4-26 201728] S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-07-21 22:38:52 -------- d-----w- C:\Users\DandD\AppData\Local\HP Quick Start 2013-07-20 23:16:19 -------- d-----w- C:\Users\DandD\AppData\Local\Temp 2013-07-18 18:49:02 -------- d-----w- C:\windows\System32\MRT 2013-07-18 16:11:18 -------- d-----w- C:\windows\LastGood.Tmp 2013-07-18 16:11:02 74344 ----a-w- C:\windows\System32\RtNicProp64.dll 2013-07-18 16:11:02 723088 ----a-w- C:\windows\System32\drivers\Rt630x64.sys 2013-07-18 16:10:46 -------- d-----w- C:\Users\DandD\AppData\Roaming\WinBatch 2013-07-18 16:04:58 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-07-11 12:34:04 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll 2013-07-11 12:34:04 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-07-11 12:34:04 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll 2013-07-11 12:34:04 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2013-07-11 12:34:04 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2013-07-11 12:34:04 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 12:34:04 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll 2013-06-27 16:17:25 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe . ==================== Find3M ==================== . 2013-06-27 22:04:51 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04:51 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-06-20 13:11:42 151664 ----a-w- C:\windows\SysWow64\WRusr.dll 2013-06-20 13:11:42 114120 ----a-w- C:\windows\System32\drivers\WRkrn.sys 2013-06-20 13:11:42 104296 ----a-w- C:\windows\System32\WRusr.dll 2013-06-16 22:41:31 997632 ----a-w- C:\windows\System32\drivers\ndis.sys 2013-06-13 02:48:23 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-06-13 02:48:17 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-06-13 02:47:57 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll 2013-06-01 11:54:16 194816 ----a-w- C:\windows\System32\drivers\sdbus.sys 2013-06-01 11:54:10 125184 ----a-w- C:\windows\System32\drivers\dumpsd.sys 2013-06-01 11:34:21 2391280 ----a-w- C:\windows\explorer.exe 2013-06-01 11:33:13 2233600 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-06-01 11:29:35 337152 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS 2013-06-01 11:29:35 213248 ----a-w- C:\windows\System32\drivers\UCX01000.SYS 2013-06-01 11:26:33 327936 ----a-w- C:\windows\System32\drivers\volsnap.sys 2013-06-01 11:26:31 6987008 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-06-01 10:24:46 2106176 ----a-w- C:\windows\SysWow64\explorer.exe 2013-06-01 09:25:52 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll 2013-06-01 09:25:05 67584 ----a-w- C:\windows\SysWow64\samlib.dll 2013-06-01 09:25:03 496640 ----a-w- C:\windows\SysWow64\qedit.dll 2013-06-01 09:24:19 493056 ----a-w- C:\windows\SysWow64\mscms.dll 2013-06-01 09:24:09 850944 ----a-w- C:\windows\SysWow64\mfasfsrcsnk.dll 2013-06-01 09:24:09 1453568 ----a-w- C:\windows\SysWow64\mfcore.dll 2013-06-01 09:23:46 1842176 ----a-w- C:\windows\SysWow64\dwmcore.dll 2013-06-01 09:23:06 680960 ----a-w- C:\windows\System32\vds.exe 2013-06-01 09:22:47 80896 ----a-w- C:\windows\System32\MbaeParserTask.exe 2013-06-01 09:22:33 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll 2013-06-01 09:22:33 446976 ----a-w- C:\windows\System32\wwansvc.dll 2013-06-01 09:22:09 190976 ----a-w- C:\windows\System32\vdsutil.dll 2013-06-01 09:21:39 729600 ----a-w- C:\windows\System32\samsrv.dll 2013-06-01 09:21:39 106496 ----a-w- C:\windows\System32\samlib.dll 2013-06-01 09:21:34 595968 ----a-w- C:\windows\System32\qedit.dll 2013-06-01 09:20:45 583168 ----a-w- C:\windows\System32\mscms.dll 2013-06-01 09:20:34 1527808 ----a-w- C:\windows\System32\mfcore.dll 2013-06-01 09:20:34 1048576 ----a-w- C:\windows\System32\mfasfsrcsnk.dll 2013-06-01 09:20:04 2219520 ----a-w- C:\windows\System32\dwmcore.dll 2013-06-01 09:19:58 207872 ----a-w- C:\windows\System32\DeviceSetupManager.dll 2013-06-01 09:19:42 785408 ----a-w- C:\windows\System32\audiosrv.dll 2013-06-01 03:08:57 37632 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys 2013-05-30 23:14:23 4036096 ----a-w- C:\windows\System32\win32k.sys 2013-05-24 22:09:20 1403296 ----a-w- C:\windows\System32\winload.efi 2013-05-24 22:09:20 1271584 ----a-w- C:\windows\System32\winload.exe 2013-05-24 22:09:20 1217352 ----a-w- C:\windows\System32\winresume.efi 2013-05-24 22:09:20 1093904 ----a-w- C:\windows\System32\winresume.exe 2013-05-23 23:01:46 1300992 ----a-w- C:\windows\System32\gdi32.dll 2013-05-23 22:27:05 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll 2013-05-15 22:37:03 44032 ----a-w- C:\windows\SysWow64\UXInit.dll 2013-05-15 22:35:49 53760 ----a-w- C:\windows\System32\UXInit.dll 2013-05-15 22:35:47 144384 ----a-w- C:\windows\System32\tssdisai.dll 2013-05-15 02:25:59 888320 ----a-w- C:\windows\System32\autochk.exe 2013-05-15 02:25:44 542208 ----a-w- C:\windows\System32\untfs.dll 2013-05-15 02:24:10 793088 ----a-w- C:\windows\SysWow64\autochk.exe 2013-05-15 02:24:01 482816 ----a-w- C:\windows\SysWow64\untfs.dll 2013-05-14 13:14:01 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-05-14 09:23:31 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-05-04 07:58:17 120736 ----a-w- C:\windows\System32\AuthHost.exe 2013-05-04 07:34:17 446720 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS 2013-05-04 07:34:15 284416 ----a-w- C:\windows\System32\drivers\spaceport.sys 2013-05-04 06:59:56 39424 ----a-w- C:\windows\System32\wuapp.exe 2013-05-04 06:59:51 1483776 ----a-w- C:\windows\System32\VSSVC.exe 2013-05-04 06:59:36 812544 ----a-w- C:\windows\System32\Magnify.exe 2013-05-04 06:59:25 98304 ----a-w- C:\windows\System32\wudriver.dll 2013-05-04 06:59:25 251904 ----a-w- C:\windows\System32\WUSettingsProvider.dll 2013-05-04 06:59:25 141824 ----a-w- C:\windows\System32\wuwebv.dll 2013-05-04 06:59:24 1619968 ----a-w- C:\windows\System32\wucltux.dll 2013-05-04 06:59:21 2842112 ----a-w- C:\windows\System32\WMVDECOD.DLL 2013-05-04 06:59:08 13644288 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll 2013-05-04 06:58:54 328192 ----a-w- C:\windows\System32\ubpm.dll 2013-05-04 06:58:54 10116096 ----a-w- C:\windows\System32\twinui.dll 2013-05-04 06:58:49 173568 ----a-w- C:\windows\System32\storewuauth.dll 2013-05-04 06:58:49 1332736 ----a-w- C:\windows\System32\sysmain.dll 2013-05-04 06:58:48 330240 ----a-w- C:\windows\System32\stobject.dll 2013-05-04 06:58:28 93696 ----a-w- C:\windows\System32\psmsrv.dll 2013-05-04 06:58:02 470528 ----a-w- C:\windows\System32\netprofmsvc.dll 2013-05-04 06:58:02 151552 ----a-w- C:\windows\System32\netprofm.dll 2013-05-04 06:58:01 169984 ----a-w- C:\windows\System32\netplwiz.dll 2013-05-04 06:57:59 17408 ----a-w- C:\windows\System32\muifontsetup.dll 2013-05-04 06:57:46 560640 ----a-w- C:\windows\System32\mfmp4srcsnk.dll 2013-05-04 06:57:15 501760 ----a-w- C:\windows\System32\DevicePairing.dll 2013-05-04 06:57:05 179712 ----a-w- C:\windows\System32\bisrv.dll 2013-05-04 06:57:05 122368 ----a-w- C:\windows\System32\biwinrt.dll 2013-05-04 06:57:04 389120 ----a-w- C:\windows\System32\BCP47Langs.dll 2013-05-04 06:57:04 2305024 ----a-w- C:\windows\System32\authui.dll 2013-05-04 06:57:00 708096 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll 2013-05-04 06:57:00 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll 2013-05-04 06:56:53 419840 ----a-w- C:\windows\System32\intl.cpl 2013-05-04 04:58:34 34304 ----a-w- C:\windows\SysWow64\wuapp.exe 2013-05-04 04:58:14 758784 ----a-w- C:\windows\SysWow64\Magnify.exe 2013-05-04 04:58:02 83968 ----a-w- C:\windows\SysWow64\wudriver.dll 2013-05-04 04:58:02 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll 2013-05-04 04:57:58 2620928 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL 2013-05-04 04:57:49 10788864 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll 2013-05-04 04:57:39 8857088 ----a-w- C:\windows\SysWow64\twinui.dll 2013-05-04 04:57:39 247296 ----a-w- C:\windows\SysWow64\ubpm.dll 2013-05-04 04:57:35 303616 ----a-w- C:\windows\SysWow64\stobject.dll . ============= FINISH: 10:20:53.34 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 4/16/2013 10:13:28 AM System Uptime: 7/27/2013 7:49:35 AM (3 hours ago) . Motherboard: PEGATRON CORPORATION | | 2AEE Processor: AMD A6-5400K APU with Radeon HD Graphics | P0 | 3600/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 910 GiB total, 845.815 GiB free. D: is FIXED (NTFS) - 20 GiB total, 2.535 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP19: 7/8/2013 4:06:05 PM - Installed LibreOffice 4.0.4.2 RP20: 7/13/2013 6:13:33 PM - Windows Update RP21: 7/16/2013 12:15:12 PM - HPSF Restore Point RP22: 7/18/2013 11:05:06 AM - Installed HP Support Assistant RP23: 7/26/2013 12:59:52 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . 4 Elements II 7-Zip 9.20 (x64 edition) Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) AMD APP SDK Runtime AMD Catalyst Install Manager AMD VISION Engine Control Center Audacity 2.0.3 Bejeweled 3 Bonjour Build-a-lot 4 - Power Source Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Chuzzle Deluxe Content Manager Cradle Of Egypt Collector's Edition Cradle of Rome 2 CyberLink LabelPrint CyberLink Media Suite 10 CyberLink PhotoDirector CyberLink Power2Go 8 CyberLink PowerDirector 10 CyberLink PowerDVD CyberLink YouCam D3DX10 Defraggler Do Not Track Me Add-on 2.2.8.122 Dropbox Energy Star Farm Frenzy FATE: The Cursed King Final Drive Fury FlatOut 2 FUJIFILM MyFinePix Studio 4.2a FUJIFILM PC AutoSave Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.1.1 Hoyle Card Games HP Connected Music (Meridian - installer) HP Connected Remote HP Customer Experience Enhancements HP Games HP Keyboard HP MyRoom HP Postscript Converter HP Quick Start HP Registration Service HP Support Assistant HP Support Information IrfanView (remove only) Java 7 Update 25 Java Auto Updater Jewel Match 3 John Deere Drive Green LAME v3.99.3 (for Windows) LibreOffice 4.0 Help Pack (English) LibreOffice 4.0.4.2 Luxor Evolved Magic Set Editor 2.0.0 Mahjongg Dimensions Deluxe: Tiles in Time MailWasherPro Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Application Error Reporting Microsoft Office Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mortimer Beckett and the Crimson Thief Premium Edition Movie Maker Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.7 (x86 en-US) MSVCRT MSVCRT110 MSVCRT110_amd64 Mystery P.I. - Curious Case of Counterfeit Cove OpenOffice.org 3.4.1 Opera 12.15 PDF-Viewer Peggle Nights Penguins! Photo Common Photo Gallery Polar Bowler Polar Golfer Ralink RT5390R 802.11bgn Wi-Fi Adapter RCA Detective™ 3.0.4.0 RCA easyRip 2.6.1.0 RCA Updater 2.1.7.1 Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek PCIE Card Reader Recovery Manager Recuva Roads of Rome 3 Speccy SUPERAntiSpyware Tales of Lagoona UA-4FX Driver Update Installer for WildTangent Games App Vacation Quest™ - Australia Webroot SecureAnywhere WildTangent Games WildTangent Games App Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WOT for Internet Explorer Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 7/27/2013 8:30:53 AM, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001. 7/27/2013 7:49:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Registration Service service to connect. 7/27/2013 7:49:54 AM, Error: Service Control Manager [7000] - The HP Registration Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== Hopefully it's just paranoia kicking in Thanks for the help.
  7. MDYoung
    I uninstalled McAfee and ran mbam.clean, then reinstalled. On updating the files, MBAM crashed and sent an error report. I ran MBAM after rebooting and it came back clean but still gave me the memory read error on closing.
  8. MDYoung
    I've run MBAM clean to uninstall and reinstall the latest versio0n with updates per directions given to me at "Read" problems with free version with the same result of the above memory read error at close. I've run memtest to see if I have problems with bad memory, and after running for 6 hours had no memory problems reported. I've run SuperAntiSpyware, Spybot, McAfee Security Suite [prior to reinstalling WinXP a couple of weeks ago, I'd been running Avast which also found nothing since this MBAM memory problem had arisen sometime back in November or early December], Panda Online [just on the off chance an off-site AV might find something. Nada blasted thing has been found. I've also run HijackThis [which I've attached this time around]. Still confused about the whole thing. Any help would be much appreciated. Thanks. hijackthis.log
  9. MDYoung
    Hmmm, I've posted a follow-up on the HijackThis area of the forum; however, I've realized now the read problem occurs with Malware Bytes every time I run it. The program ran fine until one of the Windows updates right before Thanksgiving and has had the read problem since then. Other searching around the net has uncovered other read type problems with WinXP . . . most of those problems having occurred back with the rolling out of SP2, but I'm running SP3 and--as noted previously--had had no problems with MBAM until recently. And I did not think to run MBAM after formatting the drive and reinstalling WinXP to see if the problem occurred at that time.
  10. MDYoung
    Here is the original post for the problems I'm having: I've lately come across a problem with Malware Bytes [as in started occurring a few weeks ago but I never got around to asking on these boards]. When I right-click a folder to scan its contents, MB runs fine, sends back a clean report, and files a log. However, when I close the program afterward, I get the following message: The instruction at "0x10002737" referenced memory at "0x00000000". The memory could not be "read". Now, I ran Defogger. Then DDS, then GMER Rootkit Scanner, the files for each of which I have attached. DDS.txt Attach.zip ark.txt
  11. MDYoung
    I've lately come across a problem with Malware Bytes [as in started occurring a few weeks ago but I never got around to asking on these boards]. When I right-click a folder to scan its contents, MB runs fine, sends back a clean report, and files a log. However, when I close the program afterward, I get the following message: The instruction at "0x10002737" referenced memory at "0x00000000". The memory could not be "read". Now, I've had to wipe the harddrive and reinstall WinXp over the last week [ran across a bug of some sort that appeared to have blown past all my computer's defenses] and after reinstalling MB, I have this same message pop up, so I'm unsure what's going on. If you require any other details, let me know, and I'll pass them along. Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.