Jump to content

Search the Community

Showing results for tags 'Restore'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 23 results

  1. MalwareBytes is my favorite program, because it has saved my laptop security; But something happened to my Win11 2 days ago. Windows 11 does not startup even from boot and I have to restore the Windows and System32 files which have been identified and quarantined as viruses by mistake of this antivirus. Windows 11 doesn't start up at all after those files are quarantined and after the required restart for the MalwareBytes program, it gives the message: "A few files & drivers are missing"; My laptop tries to repair this issue after one reset, but after that, it says something like "Windows has been corrupted, we restart for you after a few seconds". May you help me how to restore those quarantined files by another Windows manually?
  2. HELP! Look at the attachment below! I was on the lookout for a file yesterday, but I could not find it. Then I remembered I scanned my computer with Malwarebytes some days ago. Now I don't know how to recover/retrieve/restore them back to their corresponding place. Is there anything I can do at this point? These files are essential!
  3. Hi I've used Malwarebytes for years now with AVG and Avast without problem. But I've just got a new system and wanted a new antivirus with a better interface. So I picked Kaspersky 2020 and it's great. Far less spam messages than other free version antivirus programs. But Kaspersky isn't great at picking up Malware so I wanted to install Malwarebytes again. Sadly after three attempts and after two complete windows reinstalls it seems Malwarebytes is the culprit in my system failures. Every time I install Malwarebytes the start menu refuses to open, windows settings hangs and the search bar becomes unstable. I lose my Internet connection and get multiple other problems. This only happens after installing Malwarebytes. I've tried a system restore which fails and then I have to apply a complete backup image to get it working again. I was under the impression Malwarebytes would work along side Kaspersky. Is there a known issue in running these two together?
  4. How do I restore these colored files files? . Deleted: C:\Windows\System32\\SSL Deleted: C:\Windows\SysWOW64\\SSL Deleted: C:\rei Deleted: C:\QQPCMgr Deleted: C:\Users\User\Documents\QQPCMgr Deleted: C:\Users\User\AppData\LocalLow\xfin_portal Deleted: C:\Users\All Users\Documents\Downloaded Installers Deleted: C:\Users\Public\Documents\Downloaded Installers Deleted: C:\ProgramData\Tencent Deleted: C:\ProgramData\Application Data\Tencent Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\Tencent Deleted: C:\Program Files (x86)\Tencent Deleted: C:\Program Files (x86)\Common Files\Tencent Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent Deleted: C:\Users\All Users\Tencent Deleted: C:\Users\All Users\Documents\Tencent Deleted: C:\Users\Public\Documents\Tencent Deleted: C:\Users\User\AppData\Local\Tencent Deleted: C:\Users\User\AppData\LocalLow\Tencent Deleted: C:\Users\User\AppData\Roaming\Tencent Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 Deleted: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 Deleted: C:\Program Data\Byte Fence Deleted: C:\ProgramData\Application Data\ByteFence Deleted: C:\Program Files\ByteFence Deleted: C:\Users\All Users\ByteFence Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware Deleted: C:\Program Files (x86)\SoftUpgrade Deleted: C:\Users\User\Documents\Smart PC Cleaner Deleted: C:\ProgramData\aa36c262-1a67-0 Deleted: C:\ProgramData\aa36c262-2c13-1 ***** [ Files ] ***** Deleted: C:\Users\User\Downloads\TOTALAV.EXE Deleted: C:\Users\User\Downloads\DRIVERUPDATE-SETUP.EXE
  5. I hold a lifetime license and am running Malwarebytes version 3.3.1.2183. I have listed under exclusions a top level folder that holds all of my files to another virus scan program. Even though Malwarebytes should be recognizing this excluded folder, its sub-folders and all related files when performing scans it still seems to quarantine various files within this folder. When I try to restore them it gives me an error message telling me that it is unable to restore one or more of the files and that access is denied. I get this message regardless of trying to restore 1 file or doing a restore of all quarantined files. Can anyone provide me with a reason for this and a workaround that will restore these files and get Malwarebytes to recognize the folder I have listed within the exclusions field?
  6. A file has been quarantined that needs to be restored. When I attempt to restore it I get the error messag: "Unable to restore on or more quarantined items: Access Denied" I have administrator rights so I am not sure why I cannot do this. My computer is on a network and the item quarantined was taken from the server.
  7. Thanks, Malwarebytes. Thank you for ruining my computer. I did a full scan and deleted every file it told me to delete. I restarted my computer, and everything was looking fine until i got to logging in. I entered my password, then a few minutes later I get an error saying there was a problem. I log out, log back in, same problem. I restarted, shut down and turned back on, but nothing worked, It would direct me into a temporary account and give the the same error. I decided to restore all the files to fix the problem. A few minutes later, it stops leaving a few files yet to be restored. An error message pops up saying "Unable to restore one or more quarantined items: The system cannot find the files specified." I kept on trying to restore them but it just wasn't working. Without those files, I won't be able to log back on to my accounts. All of my data on those accounts is(are?) gone. I really need help.
  8. I'm having an issue with MB it took out my roaming profiles for windows so now it wont log in and service wont start for MB so I'm unable to restore quarantine files someone help? I'm in wrong deal as I don't have saved folder
  9. Hello, I scanned my PC with malwarebytes. It flagged the following files, and I accepted removing them. I cannot restore them because they are marked to be deleted at boot. But, my computer will not boot any more -- it goes to the blue screen saying it ran into a problem. I am running Windows 10. I would greatly appreciate an advice on how to proceed. Thank you very much! Registry Keys: 12 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AlphaAV, Quarantined, [9f8cdacd1a8e59dd4c71d3d31ae9ba46], RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\control, Quarantined, [d7546f38b9ef2a0cb2f707a08e75946c], RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\init32.exe , Quarantined, [9893d9ceabfd1521a9b6981033d0e719], RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msconfig, Quarantined, [be6d3176faaecf670e15f0b9cb386f91], RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\personalguard, Quarantined, [f536297ecbdd48ee92350f9a41c210f0], RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rwg, Quarantined, [60cb00a7891f171f525e3ef8719302fe], RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AlphaAV, Quarantined, [f13ae2c5d4d4b18564595a4cb94ab848], RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\control, Quarantined, [87a43b6cd3d51422c1e8bdea3bc8857b], RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\init32.exe , Quarantined, [c8631a8da9ff1e18acb35d4b3bc827d9], RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msconfig, Quarantined, [48e3a70002a648ee81a22a7f0df6be42], RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\personalguard, Quarantined, [e744c7e073356dc9388ffaafb84b04fc], RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rwg, Quarantined, [6bc05d4aaefa270f763a092dae5621df],
  10. hi i have used anti-malware the last version on a friend of mine laptop ,running w8.1 well , antimalware find everything and did clean all of them now my question : i have the original dvd (that came with the laptop ) , can i restore all the windows files to be sure they are not corrupeted ? just use the dvd to restore them ? or is there a way to use internet to check all of them and if there is a way , can i use it with w7 and w10? thanks
  11. I scan the computer and I accepted quarantine all the items found, now I realize there is a lot of programs quarantined even Office exe files, any software is working now, I would like to restore some and test with another scan or another antivirus if all are really infected and if canno't be cleaned, instead of quarantined, but if I try to restore I get: Can't restore an item marked for deletion on reboot. I did the reboot, and the files are not deleted, and also not posible to restore (same error) Any idea of why cannot restore or if could I do it manually?
  12. I 'm using windows insider feedback , malwarebytes-anti-rootkit blocked a ransome files activity and send it to quarantine. I restart the computer and Select Restore a file are in Malwarebytes Beta Quarantine but nothing effect, Malwarebytes show notification as : go to forum.malwarbytes.org to get your answer.
  13. I've had 2 false positives so far and reported both. I'm glad you guys are working on this. However, when it says the files are moved to Quarantine, they are actually just being deleted as far as I can tell. Nothing is listed in the Quarantine tab at the time of the infection alert, nor after a reboot, nor after turning protection off. Are the files gone forever, or is there a way to actually recover them? Thanks! (I'm running 0.9.16.484 on Windows 10)
  14. Due to some unforseen circumstances, the server hosting our Malwarebytes Enterprise console and data has been removed. I ran the Management Server Data Backup and Restoration application to create a backup. I had to create a new server (Running the same Server 2008R2 install image). I cannot use the same IP address, however. It's just not possible. When I go to restore the data, it says "The backup file version does not match your server installation". I tried changing the MEEBackupConfig file to match the new IP and new server HostName. No luck. What am I missing here? I used the same MEESetup.exe.
  15. Hey guys. It seems that I can't restore the items I marked for deletion. Here's the entire list.123.txt The only one that I still want to remove is Wajam. I'm not sure if anything else needs to be removed. I haven't restarted my computer or set up a backup yet. I thought maybe updating the computer to Windows 10 would solve the problem. What should I do?
  16. Hello and thank you. my issue started after I ran Malwarebytes and quarantined the recommended items. Since doing that I cannot open my computer using my usual sign in (administartor) account. The computer boots but there is only a grey screen with the mouse arrow. Nothing else appears. I attempted to restore the quarantined items but I get a message saying "cannot restore items set for deletion". I've rebooted several times and even tried to restore the system to an earlier restore point and that has failed as well. can anyone help me, please!!!??? original post here... https://forums.malwarebytes.org/index.php?/topic/171283-unable-to-restore-items-in-history/ thanks, Mark FABAR RECOVERY SCAN Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01 Ran by Mark 2 (ATTENTION: The logged in user is not administrator) on MARK-PC (03-08-2015 18:19:02) Running from C:\Users\Mark 2\Downloads Loaded Profiles: Mark & Mark 2 (Available Profiles: Mark & Mark 2) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> winlogon.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> svchost.exe Failed to access process -> nvvsvc.exe Failed to access process -> svchost.exe Failed to access process -> MsMpEng.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> stacsv64.exe Failed to access process -> svchost.exe Failed to access process -> nvxdsync.exe Failed to access process -> nvvsvc.exe Failed to access process -> svchost.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> armsvc.exe Failed to access process -> AESTSr64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Failed to access process -> nvstreamsvc.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Failed to access process -> ReflectService.exe Failed to access process -> RichVideo64.exe Failed to access process -> rpcnet.exe Failed to access process -> svchost.exe Failed to access process -> WDDriveService.exe Failed to access process -> WDBackupEngine.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Failed to access process -> nvstreamsvc.exe Failed to access process -> alg.exe Failed to access process -> conhost.exe Failed to access process -> nvstreamsvc.exe Failed to access process -> NisSrv.exe Failed to access process -> conhost.exe Failed to access process -> UI0Detect.exe Failed to access process -> SearchIndexer.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe Failed to access process -> MpCmdRun.exe Failed to access process -> MpCmdRun.exe Failed to access process -> conhost.exe Failed to access process -> wmpnetwk.exe (BitTorrent Inc.) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe Failed to access process -> SearchProtocolHost.exe (VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Failed to access process -> svchost.exe Failed to access process -> SearchFilterHost.exe Failed to access process -> taskeng.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [524800 1999-12-31] (IDT, Inc.) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [296960 2015-03-17] (Microsoft Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation) HKU\S-1-5-21-42931640-1002724403-1968875480-1004\...\Run: [uTorrent] => C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe [1996896 2015-08-03] (BitTorrent Inc.) Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk [2015-06-02] ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) URLSearchHook: [s-1-5-21-42931640-1002724403-1968875480-1001] ATTENTION ==> Default URLSearchHook is missing BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation) BHO-x32: No Name -> {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -> No File BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 12.127.16.67 12.127.17.71 Tcpip\..\Interfaces\{4983B62F-0691-49DE-98DF-495F3C782D8A}: [DhcpNameServer] 12.127.16.67 12.127.17.71 FireFox: ======== FF ProfilePath: C:\Users\Mark 2\AppData\Roaming\Mozilla\Firefox\Profiles\hkwwwff3.default FF DefaultSearchEngine.US: Google FF Homepage: https://www.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] () FF Plugin-x32: @bankid.com/BankID Security Application,version=5.0.2.10 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2013-11-14] (Finansiell ID-Teknik BID AB) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems) FF Extension: Gmail™ Notifier Plus - C:\Users\Mark 2\AppData\Roaming\Mozilla\Firefox\Profiles\hkwwwff3.default\Extensions\jid1-sqmEAwSoa3FZPc@jetpack.xpi [2015-06-03] FF Extension: Adblock Plus - C:\Users\Mark 2\AppData\Roaming\Mozilla\Firefox\Profiles\hkwwwff3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-03] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-23] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-12-21] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-09-01] (Glarysoft Ltd) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-06-09] (Glarysoft Ltd) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-03] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] () ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-03 18:19 - 2015-08-03 18:19 - 00015191 _____ C:\Users\Mark 2\Downloads\FRST.txt 2015-08-03 18:18 - 2015-08-03 18:19 - 00000000 ____D C:\FRST 2015-08-03 18:15 - 2015-08-03 18:16 - 02169856 _____ (Farbar) C:\Users\Mark 2\Downloads\FRST64.exe 2015-08-03 16:53 - 2015-08-03 16:53 - 00000000 ____D C:\Users\Mark 2\AppData\Roaming\NCH Software 2015-08-03 16:23 - 2015-08-03 16:23 - 00002690 _____ C:\Users\Mark 2\Desktop\µTorrent.lnk 2015-08-03 16:23 - 2015-08-03 16:23 - 00002690 _____ C:\Users\Mark 2\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-08-03 16:21 - 2015-08-03 16:22 - 01996896 _____ (BitTorrent Inc.) C:\Users\Mark 2\Downloads\uTorrent.exe 2015-08-03 12:16 - 2015-08-03 12:16 - 00000816 _____ C:\Windows\PFRO.log 2015-08-02 19:49 - 2015-08-03 15:44 - 00000000 ____D C:\Users\Mark 2\AppData\Roaming\vlc 2015-08-02 18:44 - 2015-08-02 18:49 - 00000000 ____D C:\AdwCleaner 2015-07-30 04:47 - 2015-08-03 13:03 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-30 04:47 - 2015-07-30 04:47 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-30 04:47 - 2015-07-30 04:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-30 04:46 - 2015-08-03 17:58 - 00046886 _____ C:\Windows\WindowsUpdate.log 2015-07-30 04:46 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-07-30 04:46 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-07-30 04:46 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-07-30 04:36 - 2015-07-30 04:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.1.8.1057.exe 2015-07-30 04:16 - 2015-08-03 15:52 - 00001344 _____ C:\Windows\setupact.log 2015-07-30 04:16 - 2015-07-30 04:16 - 00000000 _____ C:\Windows\setuperr.log 2015-07-29 22:02 - 2015-07-29 22:02 - 00000348 _____ C:\Windows\Tasks\GlaryInitialize 5.job 2015-07-29 21:57 - 2015-07-29 21:59 - 15236032 _____ C:\Users\Mark\Downloads\Glary_Utilities_v5.30.0.50.exe 2015-07-29 21:07 - 2015-07-29 21:23 - 00000000 _____ C:\Windows\SysWOW64\MyDefrag.dat 2015-07-29 20:40 - 2015-07-29 21:22 - 00000592 _____ C:\Windows\SysWOW64\MyDefrag.debuglog 2015-07-29 20:24 - 2015-08-02 20:09 - 00000292 _____ C:\Windows\Tasks\SlimCleaner Run.job 2015-07-27 17:03 - 2015-07-27 17:03 - 00000000 ____D C:\ProgramData\Soda PDF 7 2015-07-27 16:58 - 2015-07-27 16:58 - 00000000 ____D C:\ProgramData\regid.2008-09.org.wixtoolset 2015-07-27 16:37 - 2015-07-29 19:23 - 00000000 ____D C:\ProgramData\Package Cache 2015-07-27 15:03 - 2015-07-27 15:03 - 00000000 ____D C:\Program Files (x86)\MSECache ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-03 18:18 - 2015-06-03 10:37 - 00000000 ____D C:\Users\Mark 2\AppData\Roaming\uTorrent 2015-08-03 18:01 - 2014-05-14 02:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-03 17:58 - 2014-10-12 01:26 - 00017408 _____ C:\Windows\system32\rpcnetp.exe 2015-08-03 16:53 - 2013-05-09 05:42 - 00000000 ____D C:\ProgramData\NCH Software 2015-08-03 16:51 - 2012-12-21 12:44 - 00000000 ____D C:\Users\Mark 2015-08-03 16:24 - 2012-12-21 13:04 - 00000000 ____D C:\Users\Mark\AppData\Roaming\uTorrent 2015-08-03 16:20 - 2015-06-03 10:41 - 00000950 _____ C:\Users\Public\Desktop\µTorrent.lnk 2015-08-03 16:20 - 2012-12-26 13:12 - 00000956 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-08-03 16:17 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-03 16:17 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-03 16:09 - 2015-06-02 16:52 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat 2015-08-03 16:08 - 2015-05-28 17:36 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-08-03 15:52 - 2014-10-12 15:45 - 00078032 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2015-08-03 15:52 - 2014-10-12 01:27 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.dll 2015-08-03 15:51 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-03 15:45 - 2014-10-12 01:26 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.exe 2015-08-03 15:44 - 2015-06-03 09:51 - 00000000 ____D C:\Users\Mark 2\AppData\Local\NVIDIA 2015-08-03 15:44 - 2015-06-03 09:48 - 00000000 ____D C:\Users\Mark 2 2015-08-03 15:44 - 2015-02-05 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privacy Eraser 2015-08-03 15:44 - 2015-02-05 09:35 - 00000000 ____D C:\Program Files\Cybertron 2015-08-03 15:44 - 2015-01-02 10:23 - 00000000 ____D C:\Users\Mark\AppData\Local\NVIDIA 2015-08-03 15:44 - 2015-01-02 09:14 - 00000000 ____D C:\Users\Mark\AppData\Local\Innovative Solutions 2015-08-03 15:44 - 2013-07-03 07:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2 2015-08-03 15:44 - 2013-07-03 07:34 - 00000000 ____D C:\Program Files (x86)\Cyberlink 2015-08-03 15:44 - 2013-05-09 05:42 - 00000000 ____D C:\Program Files (x86)\NCH Software 2015-08-03 15:44 - 2013-03-09 02:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-08-03 15:44 - 2012-12-21 12:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2015-08-03 15:44 - 2012-12-21 12:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2015-08-03 15:44 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-08-03 15:43 - 2015-01-02 09:29 - 00000000 ____D C:\Users\Mark\AppData\Local\SlimWare Utilities Inc 2015-08-03 15:43 - 2012-12-21 13:16 - 00000000 ____D C:\Users\Mark\AppData\Roaming\vlc 2015-08-03 15:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2015-08-03 12:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Globalization 2015-08-02 20:00 - 2013-03-06 12:04 - 00000000 ____D C:\Users\Mark\AppData\Roaming\IrfanView 2015-08-02 19:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-08-02 19:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat 2015-08-02 19:42 - 2012-12-21 12:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-08-02 19:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv 2015-08-02 19:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\inetsrv 2015-07-30 04:47 - 2015-05-21 05:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-30 04:40 - 2012-12-22 14:58 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-29 20:27 - 2013-07-01 00:01 - 00000000 ____D C:\Users\Mark\AppData\Local\CrashDumps 2015-07-29 19:24 - 2013-07-03 07:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 11 2015-07-29 19:24 - 2013-07-03 07:30 - 00000000 ____D C:\Program Files\CyberLink 2015-07-29 19:23 - 2012-12-22 02:11 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Skype 2015-07-29 19:21 - 2013-04-10 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers 2015-07-16 06:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2015-07-14 17:01 - 2013-03-29 02:52 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-14 17:01 - 2013-03-29 02:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-14 15:42 - 2012-12-22 14:38 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Adobe 2015-07-09 14:43 - 2014-03-31 14:27 - 00048496 _____ (Absolute Software Corporation) C:\Windows\SysWOW64\identprv.dll 2015-07-07 13:33 - 2015-07-03 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-05 14:32 - 2014-05-14 02:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service Some files in TEMP: ==================== C:\Users\Mark\AppData\Local\Temp\iv_uninstall.exe C:\Users\Mark\AppData\Local\Temp\xReflect.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information. ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01 Ran by Mark 2 (2015-08-03 18:20:09) Running from C:\Users\Mark 2\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-42931640-1002724403-1968875480-500 - Administrator - Disabled) Guest (S-1-5-21-42931640-1002724403-1968875480-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-42931640-1002724403-1968875480-1002 - Limited - Enabled) Mark (S-1-5-21-42931640-1002724403-1968875480-1001 - Administrator - Enabled) => C:\Users\Mark Mark 2 (S-1-5-21-42931640-1002724403-1968875480-1004 - Limited - Enabled) => C:\Users\Mark 2 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-42931640-1002724403-1968875480-1004\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) BankID Security Application (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-37E05087B8C8}) (Version: 5.0.2.10 - Finansiell ID-Teknik BID AB) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2418 - CyberLink Corp.) CyberLink PowerDirector 11 (Version: 11.0.0.2418 - CyberLink Corp.) Hidden CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.3206 - CyberLink Corp.) DriverIdentifier 4.2.8 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier) Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6314.0 - IDT) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - ) K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - ) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 6.0.685 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MiniTool Partition Wizard Professional Edition 7.5 (HKLM-x32\...\{160479AF-4A05-4EE5-B3E7-1625227567EB}_is1) (Version: - MiniTool Solution Ltd.) Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com) Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd) Privacy Eraser (HKLM\...\{CB5AC03C-B8AD-980F-998E-51969A6DFC9F}_is1) (Version: 3.5.0.1127 - Cybertron Software Co., Ltd.) QuickTime (HKLM-x32\...\QuickTime) (Version: - ) RICOH Media Driver ver.2.07.01.01 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.01 - RICOH) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: - NCH Software) WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2013-04-23 08:04 - 00001955 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => Task: C:\Windows\Tasks\GlaryInitialize 5.job => Task: C:\Windows\Tasks\SlimCleaner Run.job => ==================== Loaded Modules (Whitelisted) ============== 2013-09-04 19:17 - 2013-09-04 19:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 09:23 - 2010-10-20 09:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-42931640-1002724403-1968875480-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark 2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 12.127.16.67 - 12.127.17.71 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{A51A80C8-34C9-40F0-BD13-858077B503DE}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [uDP Query User{61F79F4B-172F-4D36-A533-60D102B35F80}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [{7C98586F-E952-495F-A717-A9A5E101D740}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{04C603D6-1ADE-4A99-9349-05DFE2998F8B}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [uDP Query User{915686D0-ED14-4222-9161-28FB65CFF60D}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [{9A3F596D-B7CE-4267-B06B-22F0F142DBC5}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{40FB63AA-187D-4302-9B4F-A0BDEDC3B496}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{9291E510-7B63-40FD-913C-3D9355601724}C:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [uDP Query User{A6D13E61-CF69-459E-9771-5EFD4FA60578}C:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{70206B21-7A42-4F36-8668-755B5CCBBFF8}] => (Allow) C:\Windows\SysWOW64\dlbucoms.exe FirewallRules: [{50B0DC7B-3B7F-4CDF-86D6-12F399E71B74}] => (Allow) C:\Windows\SysWOW64\dlbucoms.exe FirewallRules: [{AC6F1796-B15C-46E6-ACCA-03D9A9E2E4C3}] => (Allow) C:\Windows\System32\dlbucoms.exe FirewallRules: [{DE5BF795-CAFD-405B-B084-383B4E45CD31}] => (Allow) C:\Windows\System32\dlbucoms.exe FirewallRules: [TCP Query User{214EE53B-FBFE-4672-A8BD-52C648C25049}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [uDP Query User{F37C5488-AA72-4D47-8920-52DC4A052A1D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [TCP Query User{6BD7F1AA-03E7-4EF7-95D4-DA5A3194BC8D}C:\users\mark\appdata\local\amazon\kindle previewer\lib\touchlibs\webreader.exe] => (Allow) C:\users\mark\appdata\local\amazon\kindle previewer\lib\touchlibs\webreader.exe FirewallRules: [uDP Query User{E455630D-D7BE-4631-B063-5A139312D6E1}C:\users\mark\appdata\local\amazon\kindle previewer\lib\touchlibs\webreader.exe] => (Allow) C:\users\mark\appdata\local\amazon\kindle previewer\lib\touchlibs\webreader.exe FirewallRules: [TCP Query User{ABA36E70-2A8F-488F-A5F9-BE827F3733D5}C:\users\mark\desktop\kindle previewer\lib\touchlibs\webreader.exe] => (Allow) C:\users\mark\desktop\kindle previewer\lib\touchlibs\webreader.exe FirewallRules: [uDP Query User{6B1459BD-C452-48D7-BF2C-52EC9052F269}C:\users\mark\desktop\kindle previewer\lib\touchlibs\webreader.exe] => (Allow) C:\users\mark\desktop\kindle previewer\lib\touchlibs\webreader.exe FirewallRules: [{32574D26-470A-4C20-B435-8C6E8ABD180E}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE FirewallRules: [TCP Query User{C5F5B5E0-EB29-43BF-8002-7B3666A2BAEB}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [uDP Query User{0E5F85CE-700E-4DCD-9715-F2565C933BDB}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{15DDC2BA-D5AC-4181-94B2-14C1275F9AB0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{BFAE11A6-3268-4FF5-B247-3BA97561A773}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{8159142D-3044-447D-A34F-F5D347670D45}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{F4C14BA5-A00E-4EE8-B076-34136FD3C9C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{D66CCE0B-C72E-4480-8D87-A85A1CC0DF0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{B13D28DF-0CE7-477A-9C3F-6E0B1C7A89E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{868F6C28-B34A-469D-B697-3A89B9E2D033}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2F537038-CCDF-46DC-A4A1-6A12BB33EEA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2F7D0B05-9073-4C7D-9538-DE066E39BDE2}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsl42D9.tmp\CnetInstaller-10477455.exe FirewallRules: [{99AE4324-FC83-4D12-A2C8-462D0CF70A68}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsl42D9.tmp\CnetInstaller-10477455.exe FirewallRules: [{5EAE2FA0-11DC-49B3-B765-31E31D9725FB}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsc23DC.tmp\CnetInstaller-76275671.exe FirewallRules: [{7FAC4E91-11B9-4113-A53B-C6D0413AB03A}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsc23DC.tmp\CnetInstaller-76275671.exe FirewallRules: [TCP Query User{3E6E194C-F56D-4BD7-84BC-685CA6111AE5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{88DF3644-A2EF-4470-84B3-3EC848088F6B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{3B178D0E-3306-475A-A344-DF58A5AD4A07}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsnAA8F.tmp\CnetInstaller-10028673.exe FirewallRules: [{15B68D91-C8A2-4EA7-8B45-6EA2791903D8}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsnAA8F.tmp\CnetInstaller-10028673.exe FirewallRules: [{BDBE766B-EDDA-4924-A13D-72C048863664}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsa5C22.tmp\CnetInstaller-10853744.exe FirewallRules: [{B7E1B39F-5CDB-4A24-A1B8-C8362CD27FB1}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsa5C22.tmp\CnetInstaller-10853744.exe FirewallRules: [{31167132-7AA2-4BB4-AFCF-B67CE5D20A25}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsn2B0F.tmp\CnetInstaller-75573091.exe FirewallRules: [{EDDDDF8B-1964-40BB-B424-5A1FA8F523D4}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsn2B0F.tmp\CnetInstaller-75573091.exe FirewallRules: [{7B54E981-C61C-4F35-B1A6-FEB90B2BE175}] => (Allow) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{06828E3D-3D13-4361-BEC8-AE6CBF63A1B5}] => (Allow) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7FB25EB0-6EFF-4C1C-8F0E-543122FD4324}] => (Allow) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{061ED0D0-A2ED-42F5-9DC7-757D646E3BEA}] => (Allow) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A5471C20-9D1E-42F5-8D7B-B3AD4632123F}] => (Allow) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3B9BBFF0-51E0-42FD-A879-9FD8CB0151E3}] => (Allow) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe ==================== Faulty Device Manager Devices ============= Name: NVIDIA nForce System Management Controller Description: NVIDIA nForce System Management Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: nvsmu Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/03/2015 06:19:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 172c Start Time: 01d0ce2e93caa870 Termination Time: 35 Application Path: C:\Windows\explorer.exe Report Id: ace53531-3a2d-11e5-af69-850c993f63ae Error: (08/03/2015 04:54:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 804 Start Time: 01d0ce2e616faab0 Termination Time: 24 Application Path: C:\Windows\explorer.exe Report Id: cf661631-3a21-11e5-af69-850c993f63ae Error: (08/03/2015 04:52:29 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5868. Message ID: [0x2509]. Error: (08/03/2015 04:50:26 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3080. Message ID: [0x2509]. Error: (08/03/2015 04:48:33 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4688. Message ID: [0x2509]. Error: (08/03/2015 04:08:59 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4656. Message ID: [0x2509]. Error: (08/03/2015 03:52:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NvNetworkService.exe, version: 1.0.8.24, time stamp: 0x53d0a628 Faulting module name: NvNetworkService.exe, version: 1.0.8.24, time stamp: 0x53d0a628 Exception code: 0xc0000005 Fault offset: 0x000bf856 Faulting process id: 0x918 Faulting application start time: 0xNvNetworkService.exe0 Faulting application path: NvNetworkService.exe1 Faulting module path: NvNetworkService.exe2 Report Id: NvNetworkService.exe3 Error: (08/03/2015 03:52:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (08/03/2015 03:52:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (08/03/2015 03:52:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] System errors: ============= Error: (08/03/2015 06:19:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1070 Error: (08/03/2015 06:19:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Server service hung on starting. Error: (08/03/2015 06:17:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1070 Error: (08/03/2015 06:17:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Server service hung on starting. Error: (08/03/2015 06:15:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1070 Error: (08/03/2015 06:15:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Server service hung on starting. Error: (08/03/2015 06:13:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1070 Error: (08/03/2015 06:13:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Server service hung on starting. Error: (08/03/2015 06:12:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1070 Error: (08/03/2015 06:12:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Server service hung on starting. Microsoft Office: ========================= Error: (08/03/2015 06:19:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.1.7601.17567172c01d0ce2e93caa87035C:\Windows\explorer.exeace53531-3a2d-11e5-af69-850c993f63ae Error: (08/03/2015 04:54:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.1.7601.1756780401d0ce2e616faab024C:\Windows\explorer.execf661631-3a21-11e5-af69-850c993f63ae Error: (08/03/2015 04:52:29 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5868. Message ID: [0x2509]. Error: (08/03/2015 04:50:26 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3080. Message ID: [0x2509]. Error: (08/03/2015 04:48:33 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4688. Message ID: [0x2509]. Error: (08/03/2015 04:08:59 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4656. Message ID: [0x2509]. Error: (08/03/2015 03:52:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: NvNetworkService.exe1.0.8.2453d0a628NvNetworkService.exe1.0.8.2453d0a628c0000005000bf85691801d0ce25dc498570C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeC:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe28966330-3a19-11e5-af69-850c993f63ae Error: (08/03/2015 03:52:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (08/03/2015 03:52:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (08/03/2015 03:52:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] CodeIntegrity: =================================== Date: 2015-01-01 18:16:15.807 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-01 18:14:29.802 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-31 18:08:02.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-31 17:56:11.700 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-26 20:08:35.981 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-26 18:25:03.310 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-26 18:11:31.539 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-26 18:11:28.615 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-25 10:44:50.420 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-24 17:47:57.088 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU P8700 @ 2.53GHz Percentage of memory in use: 61% Total physical RAM: 3838.36 MB Available physical RAM: 1478.65 MB Total Virtual: 7336.55 MB Available Virtual: 4546.22 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:217.98 GB) (Free:44.47 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: () (Fixed) (Total:80.06 GB) (Free:45.37 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of log ============================
  17. Is there a way to redirect a file restore from quarantine or a way to get a file out of the system where the original drive is no longer present? I had put a drive in as a 'second' drive so that it didnt boot from it to remove a NASTY virus/trojan. IT found it, I put the machine back into service.... but would now like to get the file to send for evaluation to a AV vendor. Is there a way to do that short of pulling the old machine back apart... putting the drive back in as a 'second' drive and restoring the file from quarantine? Thanks!
  18. Hi, When mbam finds suspected files they will be quarantined. When the scan is finished you can choose to remove those files or to restore them. My question is what happens when you accidently restore an item you want to delete? Will it show up in a next scan or does mbam think I marked it as 'safe'?
  19. We have a false positive of a DLL that is the main program we use. The company is down until we can get this resolved. That is over 200 users, and all of our business. The question is how to restore this to all users from the console? I have already set the file to exclude. on a side note, I am stunned there is no support phone number to call. The frustration right now is Thank you,
  20. We recently had a machine infected with some sort of malware. Malwarebytes was ran on the machine and successfully quarantined the infection. Due to the access the computer had to confidential files we want to know more about the malware to know if peoples' information was at risk while the infection was there. The problem is the drive is no longer in our possession and all we have is the log entry and the quarantine folder. We currently have a VM setup with the quarantine folder on it and Malwarebytes installed. What I need to know is if it is possible for Malwarebytes to restore files from a quarntine folder from a different machine to the new machine, and if so how does one go about that?
  21. I need some help to figure out what's going on with my computer. I keep losing internet connection. I work in a network with 5 computers more and my computer is the only one in which internet doesn't work. The router works fine, my phone is internet based and works fine, so I believe there is something wrong with my computer . The troubleshooting is not able to detect any internet problem. Finally I restored the system two days ago and now internet works perfectly. Can anyone give me a hand with this problem? Thanks!
  22. Hey everyone, I`m new to Malwarebytes and I got a little problem... I did a full scan on my computer and now Malwarebytes has quarantined a lot of things. There were some programs I didn`t trust and I deleted them, but there were also some of my own things in that list. I just deleted everything I didn`t know from the list and now I got a list of quarantined items which I want back, but I got this weird problem: When I click "Restore" or "Restore all" it comes up with the question "are you sure?" (or something similar to that) and then I click Yes, but it just doesn`t do anything. I clicked that button a few times, pressed Yes and the message disappears and nothing happens. It doesn`t freeze or anything, it just acts like I never pressed the button. The list is still full with my items and I would like to have those back I didn`t try reinstalling Malwarebytes yet, because I`m afraid it`ll delete the quarantined items when I uninstall it. Thanks to anyone who can help me And I`m sorry for my English, I`m Dutch.
  23. Hello. My name is Chris and I'm having a bit of trouble with a nasty infection. On the 23rd of February I seem to have "acquired" a trojan that has henceforth spread and infected other system files. I ran ESET Smart Security 5 and MBAM and yet they can't seem to help much in the matter. I performed registry cleaning tasks on a semi-daily basis with as much help as Tune-Up Utilities can provide. The infection has surprised me and I am yet to find a resolution. A possible cause would be that I've had 2 other people not so tech-savvy use my laptop for personal "business" for about 2 days. My system restore only has 1 file recognized from November last year, but I would rather have my system cleaned rather than replaced. I'm looking for any other alternatives than a drive C format and reinstalling OS as I quite like the way my system ran prior to this infection, and have worked a lot on customizing it with various programs. I've attached the logs requested below. I'll kindly await your reply. DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 01.09.2011 10:56:52 System Uptime: 04.03.2012 17:52:16 (1 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | N/A | 2001/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 289 GiB total, 132,931 GiB free. D: is CDROM () G: is CDROM () N: is FIXED (NTFS) - 288 GiB total, 128,894 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . ????? Windows Live ?????? Windows Live ??????? ??????????? ??? Windows Live ???????? ?????????? Windows Live ?????????? Windows Live ??????????? ?? Windows Live ???????????? Windows Live AC3Filter 1.63b Adobe AIR Adobe Community Help Adobe Creative Suite 5 Master Collection Adobe Flash Player 10 ActiveX Adobe Media Player Adobe Photoshop Elements 9 Adobe Premiere Elements 9 Adobe Reader X (10.1.2) MUI Adobe Shockwave Player 11.6 ArcSoft Magic-i Visual Effects 2 ArcSoft WebCam Companion 4 Ask Toolbar Updater Assassin's Creed Brotherhood Assassin's Creed II Assassin's Creed Revelations Atheros WiFi Driver Installation µTorrent Bing Bar Corel WinDVD D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Disciples II Rise of the Elves Disciples III: Resurrection DivX Setup Elements 9 Organizer Elements STI Installer FotoSketcher 2.20 Galeria de Fotografias do Windows Live Galeria fotografii usługi Windows Live Galerie de photos Windows Live Galerie foto Windows Live GOM Player Google Chrome High-Definition Video Playback 10 IconPackager Intel® Management Engine Components Intel® Rapid Storage Technology IrfanView (remove only) Java Auto Updater Java™ 6 Update 22 Junk Mail filter update Malwarebytes Anti-Malware version 1.60.1.1000 Mass Effect Mass Effect 2 Mass Effect™ 3 Demo Matroska Pack Mesh Runtime Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 10.0.2 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack Basic Nero BackItUp 10 Nero BackItUp 10 Help (CHM) Nero Burning ROM 10 Nero BurningROM 10 Help (CHM) Nero BurnRights 10 Nero BurnRights 10 Help (CHM) Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero CoverDesigner 10 Nero CoverDesigner 10 Help (CHM) Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Dolby Files 10 Nero Express 10 Nero Express 10 Help (CHM) Nero InfoTool 10 Nero InfoTool 10 Help (CHM) Nero MediaHub 10 Nero MediaHub 10 Help (CHM) Nero Multimedia Suite 10 Nero Recode 10 Nero Recode 10 Help (CHM) Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero SoundTrax 10 Nero SoundTrax 10 Help (CHM) Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Update Nero Vision 10 Nero Vision 10 Help (CHM) Nero WaveEditor 10 Nero WaveEditor 10 Help (CHM) NVIDIA 3D Vision Video Player NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Origin PDF Settings CS5 PMB VAIO Edition Guide PMB VAIO Edition Plug-in Poczta usługi Windows Live Podstawowe programy Windows Live PxMergeModule Qualcomm Atheros Direct Connect Quick Web Access QuickTime Raccolta foto di Windows Live Rainmeter Realtek High Definition Audio Driver Remote Keyboard Remote Play with PlayStation 3 Renesas Electronics USB 3.0 Host Controller Driver Security Update for ?????? ??????? ??? ?? ???????? ??? Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for ?????? ??????? ??? ?? ???????? ??? Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja (KB2478663) Security Update for A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile NOR Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile NOR Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile PTG Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile PTG Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Istemci Profili TRK Dil Paketi (KB2478663) Security Update for Microsoft .NET Framework 4 Istemci Profili TRK Dil Paketi (KB2518870) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870) Sid Meier's Civilization 4 Sid Meier's Civilization 4 - Beyond the Sword Sid Meier's Civilization 4 - Warlords Sid Meier's Civilization IV: Realism:Invictus Skype™ 5.5 SmartSound Quicktracks for Premiere Elements 9.0 SSLx86 Star Wars: The Old Republic StarCraft II swMSM tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi V3DPX86 VAIO - Media Gallery VAIO - PMB VAIO Edition Guide VAIO - PMB VAIO Edition Plug-in VAIO - Remote Keyboard VAIO - Remote Play with PlayStation®3 VAIO 3D Portal VAIO Care VAIO Control Center VAIO Data Restore Tool VAIO Easy Connect VAIO Event Service VAIO F Series - Summer 2011 Screensaver VAIO Gate VAIO Gate Default VAIO Hardware Diagnostics VAIO Improvement VAIO Manual VAIO Sample Contents VAIO Smart Network VAIO Transfer Support VAIO Update VC80CRTRedist - 8.0.50727.6195 VCCx86 VESx86 VirtualCloneDrive VIx86 VLC media player 1.1.11 VMware Workstation VSNx86 VWSTx86 WebCam Recorder Winamp Winamp Detector Plug-in Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Fotótár Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotogaléria Windows Live Fotograf Galerisi Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima Windows Media Player Firefox Plugin XSplit Xvid Plus Codec Pack Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 27.02.2012 22:19:37, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started. 27.02.2012 22:19:36, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress. 27.02.2012 22:19:28, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 27.02.2012 22:19:28, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure. 26.02.2012 17:35:18, Error: Service Control Manager [7034] - The VAIO Power Management service terminated unexpectedly. It has done this 1 time(s). 26.02.2012 17:35:04, Error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s). 26.02.2012 12:54:22, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s). 26.02.2012 12:54:16, Error: Service Control Manager [7034] - The Nero Update service terminated unexpectedly. It has done this 1 time(s). 26.02.2012 12:54:10, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). 26.02.2012 12:54:00, Error: Service Control Manager [7034] - The Bing Bar Update Service service terminated unexpectedly. It has done this 1 time(s). 04.03.2012 17:58:47, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 04.03.2012 17:58:46, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 04.03.2012 17:55:02, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 04.03.2012 17:52:40, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed. 04.03.2012 17:52:40, Error: Service Control Manager [7003] - The McAfee Anti-Spam Service service depends the following service: MfeFire. This service might not be installed. 04.03.2012 17:52:40, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 04.03.2012 17:49:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 04.03.2012 17:48:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 04.03.2012 17:48:41, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 04.03.2012 17:48:25, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Program Files (x86)\Atheros WiFi Driver Installation\AthIhvWlanExt.dll Error Code: 21 04.03.2012 17:48:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 04.03.2012 17:48:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv ElbyCDIO spldr Wanarpv6 04.03.2012 17:47:01, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 04.03.2012 16:07:15, Error: Service Control Manager [7034] - The VUAgent service terminated unexpectedly. It has done this 1 time(s). 04.03.2012 13:06:07, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 04.03.2012 13:06:05, Error: Service Control Manager [7034] - The AtherosSvc service terminated unexpectedly. It has done this 1 time(s). 04.03.2012 01:18:37, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 03.03.2012 22:37:46, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 03.03.2012 22:36:49, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 01.03.2012 18:12:55, Error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s). 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by NINE at 18:00:07 on 2012-03-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.40.1033.18.6125.3763 [GMT 0:00] . AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\SysWOW64\vmnat.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Rainmeter\Rainmeter.exe N:\Downloads\Taskbar Eliminator\Taskbar Eliminator.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Sony\VAIO Smart Network\VSNService.exe C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k bthsvcs -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\msiexec.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\Sony\VAIO Update Common\VUAgent.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wbengine.exe C:\Windows\System32\vds.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Sony\VAIO Care\VCPerfService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Sony\VAIO Care\listener.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Sony\VAIO Care\VCService.exe C:\Program Files\Sony\VAIO Care\VCAgent.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\splwow64.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sony.eu/vaioportal uInternet Settings,ProxyOverride = <local> BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\NINE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe StartupFolder: C:\Users\NINE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKBA~1.LNK - N:\Downloads\Taskbar Eliminator\Taskbar Eliminator.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: %SystemRoot%\system32\vsocklib.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{32877206-6FCB-4797-BF56-EE38C5FF321B} : DhcpNameServer = 138.37.6.1 138.37.7.1 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\05576696 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\149657270275966496 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\25332305F6775627 : DhcpNameServer = 213.154.124.1 193.231.252.1 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\37075636472757D6 : DhcpNameServer = 172.16.66.1 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\75962756A7 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO-X64: IESpeakDoc - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\NINE\AppData\Roaming\Mozilla\Firefox\Profiles\p78u4anx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.co.uk FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\NINE\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: extentions.y2layers.installId - c3a6b478-ff98-4305-948d-6ca708dc3437 FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader,BestVideoDownloader, FF - user.js: extensions.autoDisableScopes - 14 . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-8 138400] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-8 73376] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-10 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-24 652360] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-29 2253120] R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?] R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?] R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsnxc64.sys --> C:\Windows\system32\drivers\risdsnxc64.sys [?] R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-9-1 259192] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-9-27 2027840] R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-5-10 105024] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-10 2656280] R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-5-10 550080] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448] R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-9-15 971704] R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768] R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896] R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\drivers\btath_bus.sys --> C:\Windows\system32\drivers\btath_bus.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-7-8 11856] R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-9-1 44736] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-9-2 8192] S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\drivers\btath_hcrp.sys --> C:\Windows\system32\drivers\btath_hcrp.sys [?] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\drivers\btath_rcp.sys --> C:\Windows\system32\drivers\btath_rcp.sys [?] S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-9-15 104096] S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824] S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232] S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104] S3 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-1-18 11839488] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-03-03 13:32:39 -------- d-----w- C:\Users\NINE\AppData\Local\DDMSettings 2012-03-03 13:21:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E888B89F-AB71-4949-9AC7-F0A3F306F4C8}\offreg.dll 2012-03-02 11:09:34 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E888B89F-AB71-4949-9AC7-F0A3F306F4C8}\mpengine.dll 2012-02-27 20:04:14 20480 ----a-w- C:\Windows\svchost.exe 2012-02-26 11:40:39 -------- d-----w- C:\Users\NINE\AppData\Roaming\AusLogics 2012-02-24 10:26:48 -------- d-sh--w- C:\$RECYCLE.BIN 2012-02-24 09:57:45 98816 ----a-w- C:\Windows\sed.exe 2012-02-24 09:57:45 518144 ----a-w- C:\Windows\SWREG.exe 2012-02-24 09:57:45 256000 ----a-w- C:\Windows\PEV.exe 2012-02-24 09:57:45 208896 ----a-w- C:\Windows\MBR.exe 2012-02-24 09:44:02 -------- d-----w- C:\Users\NINE\AppData\Roaming\Malwarebytes 2012-02-24 09:43:56 -------- d-----w- C:\ProgramData\Malwarebytes 2012-02-24 09:43:55 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-02-24 09:43:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-02-24 09:38:36 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-23 20:06:46 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll 2012-02-23 20:06:46 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2012-02-23 20:06:45 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll 2012-02-15 14:51:17 -------- d-----w- C:\ProgramData\EA Logs 2012-02-15 13:51:27 -------- d-----w- C:\Program Files (x86)\Origin Games 2012-02-15 13:51:25 -------- d-----w- C:\Users\NINE\AppData\Roaming\Origin 2012-02-15 13:51:25 -------- d-----w- C:\Users\NINE\AppData\Local\Origin 2012-02-15 13:51:19 -------- d-----w- C:\ProgramData\Origin 2012-02-15 13:51:19 -------- d-----w- C:\ProgramData\Electronic Arts 2012-02-15 13:51:04 -------- d-----w- C:\Program Files (x86)\Origin 2012-02-14 21:57:29 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-02-14 21:57:29 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-02-14 21:57:28 515584 ----a-w- C:\Windows\System32\timedate.cpl 2012-02-14 21:57:28 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2012-02-14 21:57:27 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2012-02-14 21:57:27 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-02-14 21:57:22 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2012-02-14 21:57:21 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2012-02-10 16:07:13 -------- d-----w- C:\Users\NINE\AppData\Local\VMware 2012-02-10 15:52:58 63088 ----a-w- C:\Windows\System32\drivers\vmx86.sys 2012-02-10 15:52:35 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe 2012-02-10 15:52:31 433264 ----a-w- C:\Windows\SysWow64\vmnat.exe 2012-02-10 15:52:31 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys 2012-02-10 15:52:28 942192 ----a-w- C:\Windows\System32\vnetlib64.dll 2012-02-10 15:51:39 32880 ----a-w- C:\Windows\System32\drivers\VMkbd.sys 2012-02-10 15:51:38 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys 2012-02-10 15:50:53 -------- d-----w- C:\Program Files (x86)\VMware 2012-02-10 15:50:53 -------- d-----w- C:\Program Files (x86)\Common Files\VMware 2012-02-10 15:50:20 -------- d-----w- C:\Program Files\Common Files\VMware 2012-02-08 19:28:11 -------- d-----w- C:\Windows\System32\embrace . ==================== Find3M ==================== . 2012-02-29 14:09:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-29 05:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-28 09:12:50 28056 ----a-w- C:\Windows\System32\xfcodec64.dll 2012-01-18 13:41:32 252016 ----a-w- C:\Windows\SysWow64\vmnc.dll 2012-01-18 13:06:00 62064 ----a-w- C:\Windows\System32\vmnetbridge.dll 2012-01-18 13:06:00 48752 ----a-w- C:\Windows\System32\vnetinst.dll 2012-01-18 13:06:00 45680 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys 2012-01-18 13:06:00 24176 ----a-w- C:\Windows\System32\drivers\vmnet.sys 2012-01-18 13:06:00 20080 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys 2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll 2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 18:01:04,89 =============== DDS.txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.