Jump to content

Search the Community

Showing results for tags 'Vista'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. I noticed that the 08-Apr-2021 release notes <here> for the new Component Package v1.0.1251 update state in part: Further to Microsoft's July 2020 announcement at Windows Update SHA-1 Based Endpoints Discontinued for Older Windows Devices, does this mean that Malwarebytes plans to end support for Win XP SP3 and Vista SP2 users who use the legacy Malwarebytes v3.5.1-1.0.365? I just downloaded a fresh copy of the latest v3.5.1 installer (mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe) from https://downloads.malwarebytes.com/file/mb3_legacy and it's currently dual-signed with both SHA-1 and SHA-256 digital certificates.
  2. I have a Vista SP2 OS and can't get my MB Premium v3.5.1-1.0.365 to download the new component package v1.0.374 (see Erix's update announcement <here>) . Every time I go to Settings | Application | Application Updates and click Install Application Updates it reports "Progress: No application updates are available". The download link at https://downloads.malwarebytes.com/file/mb3/ is currently offering me a v3.5.1.2522-1.0.365 installer. Should Win XP and Vista users expect to receive the v1.0.374 component package? Ransomware protection is not available on these older OSs and I also found a recent post added to the FAQ titled Malwarebytes Support for Legacy Windows XP and Vista Operating Systems announcing that "Users running Malwarebytes 3.5 on Windows XP and Vista will continue to receive on-going protection updates to keep safe from the latest infections. However these operating systems will no longer receive program upgrades,such as component packages or newer program versions, for new features." Does that means that product and component package updates for MB v3.5.1 are stopping immediately for XP and Vista, or should product and component package updates continue to be delivered until v3.6.x is released? ---------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.8.0 * Norton Security Premium v22.14.2.13 * MB Premium v3.5.1.2522-1.0.365
  3. Hi , hope someone can help . I have run 3.0.0.865 and after 81,010 files , the number of files scanned doesnt increase although the programme seems to be running. After leaving the programme for an hour no change . I restarted the pc and restarted the programme and it hanged after 43,162 files . 3rd time lucky and ended up with Blue screen of death after scanning for 5 mins . After checking on the web i have added FRST Addition, and Check.txt files , and a picture of the BSOD . I understand that my pc is infected so just need some help to get the first part of the cleaning process done with malwarebytes CheckResults.txt Addition.txt FRST.txt
  4. Hello, I have an old PC (with decent specs though) that is running windows VISTA, which I think must be the worst OS ever. I want to donate this PC to a charity, so would really like to put a better OS on it, but I don't really want to buy one. So, I was wondering - I do have a laptop that came with Windows7 - and I've got the licence key on the back of the laptop - but the laptop was upgraded to Windows 10. Would that Windows7 licence key still work and how could I upgrade the VISTA to Windows 7? Welcome any other good ideas also! Many thanks!
  5. Hi, I am glad I found this forum, please help. Malware bytes shuts down befor finished, I also have trend micro antivirus and tried using Microsoft malware tool, no help. I don't know what else to do.
  6. Google is ending updates for its Chrome browser in April for computers running Windows XP, Vista, and select Mac operating systems. The browser will continue working but will leave systems vulnerable to malware and viruses. Will the installation of Malwarebytes be sufficient protection against malware beginning in April?
  7. Is anyone aware of a known issue where MBAM Premium v2.2.0 (mbam.exe) can crash at boot-up when the self-protection module is enabled? I recently enabled the self-protection module (Settings | Advanced Settings | Enable self-protection module) of my MBAM Premium as recommended in the 01-Feb-2016 Malwarebytes Unpacked blog entry Malwarebytes Anti-Malware Vulnerability Disclosure (https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/).%C2'> Now mbam.exe crashes when I boot up my 32-bit Vista system (see attached APPCRASH errors - fault module is always kernel32.dll) regardless of whether self-protection early start (Settings | Advanced Settings | Enable self-protection module | Enable self-protection early start) is enabled or disabled. MBAM APPCRASH Error Messages Feb 2016.txt My Norton Internet Security always has early boot time protection enabled to ensure that my antivirus protection loads early in the boot process (Settings | Computer | Real-Time Protection | Enable Boot Time Protection | Aggressive), but this Norton setting does not prevent mbam.exe from loading correctly at boot-up as long as MBAM's self-protection is disabled. Creating mutual scan exclusions for both my MBAM v2.x executables and Norton installation folder doesn't help. ------------- 32-bit Vista Home Premium SP2 * Firefox v44.0 * NIS v.21.7.0.11 * MBAM Premium v2.2.0.1024 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
  8. I have been unable to successfully complete a Windows Update on my 32-bit Vista machine since a MBAM v2.0.8.1057 Threat Scan detected and quarantined two registry entries for PUP.Optional.Spigot.A on 11-Aug-2015 (see attached MBAM scan log). I'm not sure if the Spigot detection and problems with Windows Update are simply a coincidence or if remants of Spigot might be preventing a connection to the Windows Update server. I do not see an error when Windows Update runs - it just reports that it is checking for updates and never finishes, even if I leave Windows Update runnning for over an hour. Process Explorer shows that the Windows process svchost.exe constantly consumes ~50% of my CPU while Windows Update is running (i.e., complete saturation of one of my Intel Duo cores) and that a thread for the Windows Update service (wuauserv) is responsible for that CPU activity. I ran full scans of my system with both MBAM and NIS yesterday, as well as a system file check ("sfc /verifyonly" from elevated command prompt) and none of these scans reported any further detections or problems. This might be unrelated, but please note that I have a paid Premium license for MBAM but deactivated my MBAM realtime protection about a month ago because of an ongoing issue with MBAM v2.x Malicious Website Protection that prevents my Norton Internet Security from running automatic LiveUpdates - see my 07-Dec-2014 thread Norton Pulse Updates Fail when Malicious Website Protection Enabled. I have a support ticket for this problem and was told by the Product Support Specialist on 04-Jun-2015 (and again on 03-Aug-2015) that they were preparing instructions for collecting further data but I still haven't received those instructions and don't want to continue waiting for assistance from the Help Desk if it means leaving my MBAM realtime protection disabled for long periods of time. ------------- 32-bit Vista Home Premium SP2 * Firefox 40.0 (default) * IE9 * NIS 2014 v. 21.7.0.11 * MBAM Premium 2.0.8.1057 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS FRST.txt Addition.txt MBAM Scan Log Spigot Registry Entries 11 Aug 2015.txt
  9. I turned on the computer this morning only to find out that it is informing me that my Product Key is invalid, yet I had this computer for 5 years and this never happened. Attached are the logs the FRST came up with. I also installed Malwarebytes and scanned before I use the FRST scan. How do I return my product key to normal? FRST_21-03-2015_13-25-31.txt Addition_21-03-2015_13-25-31.txt
  10. Hello A while back, I downloaded an update for Quicktime and it downloaded with no issues. I'd say about two to three hours later, my entire desktop disappeared. I'm able to still use my computer but in order to get to what I need to get to, I have to Ctrl+Alt+Delete to locate programs using Task Manager. The programs show as minimized windows on the very bottom of the screen. I'm unable to access features such as the Control Panel. Is it possible I downloaded a virus? How do I get my desktop back again? Any help would be appreciated.
  11. Hello, I saw that you posted some information in regards to a similar problem that i seem to be having with my Dell Inspiron Laptop that is running Windows Vista. I was trying to run a virus scan with Malwarebytes and then the computer just shut down. I also tried to boot the computer in safe mode and i tried running the scan and the same thing, the computer wanted to shut down randomly. I tried downloading the Combofix program and it would be great if I can send you the log to analyze (if that is ok?). Also i tried running Malwarebytes Scan after doing the Combofix and the Scan worked properly this time however it still keeps finding tons of Malware issues on the computer and I quarantine all the virus files. Then I try running the scan again and the Malwarebytes program continues to find infected issues on the computer. It never seems to completely clean out all the infected issues. Looking forward to your response. Thank you, Jazzfactor
  12. Sorry to be a repeat of this issue, but it seems everyone is a little different. I recently was infected with a virus appearing to be called "SecurityCenter". This wasn't my first run-in with malware so I did what I know to remove it manually (av clearly failing in the first place). I was able to remove all keys and processes and nothing suspicious runs now with the exception of this dllhost issue. It only starts when Internet Explorer runs and results in many instances of the process running simultaneously, consuming resources. The processes can be stopped and everything runs normally for a while. In addition, Internet Explorer protected mode repeatedly gets turned off automatically and the home page reset to about:blank. I have completeley uninstalled IE and reinstalled with no reslution. I am running Vista x64 premium.
  13. Hi, I dont know what to do after dowload the Microsoft's Patch Tuesday MBAM crash everytime I reboot my computer Camelia
  14. "FileASSASSIN" form Malwarebytes Corporation works under Vista SP2 or W7 SP1? Please let me know Thanks Camelia
  15. I have a Gateway P-6301 Laptop computer that had a failing hard drive in 2013, which I successfully replaced with a Crucial SSD, then recovered the factory Windows Vista from the recovery partition, then applied all the updates to bring it up to SP-2, and reinstalled my programs, including some that will only run on 32 bit machines (like AmiPro). It has been running flawlessly since then, as I keep it healthy with Malwarebytes Pro and System Mechanic. So it had no malware on it, and was running fine through August 20. But when I tried to start it on August 21, it got only to the black screen with the cursor in the middle, and stayed that way forever. instead of bringing up the Windows icon and password dialog. Pressing the start button would shut it down after about 50 seconds. Starting it with PF8 would bring up the repair choices, but Windows would not come up in Safe mode either, nor would command prompt, or directory services. The Repair Computer option, would allow me to access the Gateway System Recovery Options screen showing the following choices: startup repair, system restore, Windows complete PC restore,Windows Memory diagnostic tool, command prompt, and recovery manager. Startup repair ran through several tests all of which came back with code 0x0, then "boot status indicates that the OS booted successfully". and "Startup Repair could not detect a problem." System Restore didn't do anything. The Memory diagnostic tool ran successfully. When I try to startup with PF12, it shows whats happening quickly, and the Error PXE-E76 flashes by "Bad or missing multicast discovery address" Then PXE-M0F "Exiting PXE-ROM" I tried changing the start device order in the BIOS to no avail. It seems like the link to the part of the strartup routine that puts up the Windows icon and the signon dialog is lost. If all else fails, it appears that I'll have to bite the bullet and do a recovery from the recovery partition, saving data but putting Vista back to 2008 status, then have to update to SP2 again. I'm hoping there's something easier than that long process.. I would appreciate any assistance with this problem. Thanks ralphyde
  16. Hi After Install CS6 MBAM crash, it is a known issue? Problem signature: Problem Event Name: APPCRASH Application Name: mbam.exe Application Version: 1.0.0.532 Application Timestamp: 53518532 Fault Module Name: kernel32.dll Fault Module Version: 6.0.6002.18881 Fault Module Timestamp: 51da3e27 Exception Code: c0000142 Exception Offset: 00009f5d OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 1033 Additional Information 1: 9d13 Additional Information 2: 1abee00edb3fc1158f9ad6f44f0f6be8 Additional Information 3: 9d13 Additional Information 4: 1abee00edb3fc1158f9ad6f44f0f6be8 PLMK Thanks Camelia
  17. Hi Back to Vista SP2 i Can not MOVE MBAM log files from C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs/ *.* TO Other Partition (F:\Delete ), in order to wipe them Why? Thanks Camelia
  18. The infected computer is of a friend of mine. Its a laptop. Vista 32Bit After scanning the hard drive in my computer (attached via usb) with malwarebytes, and avast antivirus, and using malwarebytes anti rootkit the chrome browser doesnt work. crash imidiatly and saying its a dep issue, fully uninstalling it or installing a portable version of it didnt help. Internet explorer work ok. Now scanning the system in safe mode with malwarebytes anti malware and anti rootkit. Further assistance needed regarding the chome crash issue. Thank you for your help.
  19. First post here, can't figure this one out. Windows Vista SP2, 64 bit Started 2-3 days ago (around 4-18), svchost hogging CPU, then I started getting bounced emails to addresses in .DE with my return address. Once I shut off PC, the emails stopped. Malwarebytes (premium) log found nothing and neither did norton, MBAR rook kit or FRST. Ran FRST posted log below. Only lead I have is rougekiller which had a strange registry entry, I deleted it and rebooted but does not appear to be fixed. Roguekiller log is below with hooks to various DLL's, so I'm guessing I'm infected with something.... how can I fix this FRST LOG=========== Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014Ran by ernie (administrator) on ERNIE-PC on 22-04-2014 14:24:46Running from C:\oh stuffWindows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version:Download link for 64-Bit Version:Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Windows\system32\igfxsrvc.exe(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe(Agere Systems) C:\Program Files\LSI SoftModem\agr64svc.exe(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe(Google Inc.) C:\Users\ernie\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\ernie\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\ernie\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation)HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1532760 2011-06-15] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2008-01-10] (HP)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0HKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\Run: [POP Peeper] => C:\Program Files (x86)\POP Peeper\POPPeeper.exe [1613824 2011-11-16] (Mortal Universe)HKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\Run: [Google Update] => C:\Users\ernie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-15] (Google Inc.)HKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0HKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\MountPoints2: {bd92c53b-a20a-11e0-8f67-00248c6d2252} - L:\TLBootstrap_WPP.exeHKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\MountPoints2: {bd92c54d-a20a-11e0-8f67-00248c6d2252} - J:\ToolLauncher-Bootstrap.exeHKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\MountPoints2: {cafa40d4-9a77-11e1-ab34-00248c6d2252} - J:\ToolLauncher-Bootstrap.exeHKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\MountPoints2: {d0fcd25b-1e24-11e0-983b-00248c6d2252} - M:\PMBP_Win.exeHKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\MountPoints2: {f8dfe04c-0c55-11e1-936e-00248c6d2252} - L:\ToolLauncher-Bootstrap.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndtHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndtHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndtHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndtHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndtStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {1B550B3D-2241-48AE-BCD1-9D0096CA1C01} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDFSearchScopes: HKLM - {1B550B3D-2241-48AE-BCD1-9D0096CA1C01} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDFSearchScopes: HKLM - {3F518B6F-A4B9-4752-ABB6-9DE717F7712F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKLM-x32 - DefaultScope {1B550B3D-2241-48AE-BCD1-9D0096CA1C01} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDFSearchScopes: HKLM-x32 - {1B550B3D-2241-48AE-BCD1-9D0096CA1C01} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDFSearchScopes: HKLM-x32 - {3F518B6F-A4B9-4752-ABB6-9DE717F7712F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKLM-x32 - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}SearchScopes: HKCU - {3F518B6F-A4B9-4752-ABB6-9DE717F7712F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileHandler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - No FileHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No FileHandler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.243.0.12 FireFox:========FF ProfilePath: C:\Users\ernie\AppData\Roaming\Mozilla\Firefox\Profiles\t80feenp.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)FF Plugin-x32: @dymo.com/DymoLabelFramework - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ernie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ernie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbasic.dll ( )FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:\Users\ernie\AppData\Roaming\Mozilla\Firefox\Profiles\t80feenp.default\searchplugins\amazon-search-suggestions.xmlFF SearchPlugin: C:\Users\ernie\AppData\Roaming\Mozilla\Firefox\Profiles\t80feenp.default\searchplugins\whocalledus-lookup.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SafeSearch.xmlFF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-26] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Users\ernie\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Shockwave Flash) - C:\Users\ernie\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll No FileCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\ernie\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\ernie\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (Ringman Plugin for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\npbasic.dll ( )CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll No FileCHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U5) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Java Deployment Toolkit 7.0.50.5) - C:\Windows\SysWOW64\npDeployJava1.dll No FileCHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No FileCHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)CHR Extension: (YouTube) - C:\Users\ernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-01]CHR Extension: (Google Search) - C:\Users\ernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-01]CHR Extension: (Google Wallet) - C:\Users\ernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]CHR Extension: (Gmail) - C:\Users\ernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-01]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-24] ==================== Services (Whitelisted) ================= R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2008-08-26] (Agere Systems)R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2012-03-15] (CrashPlan)R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation)R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2009-04-22] ()R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116104 2009-04-22] ()S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-01] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-13] (Symantec Corporation)S3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfx64bulk.sys [20504 2009-02-25] (Hewlett Packard)R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140421.001\IDSvia64.sys [525016 2014-04-08] (Symantec Corporation)R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.033\ENG64.SYS [126040 2014-04-18] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.033\EX64.SYS [2099288 2014-04-18] (Symantec Corporation)R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12379136 2008-02-13] ()R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-04-26] (MCCI Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-26] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)S3 ALSysIO; \??\C:\Users\ernie\AppData\Local\Temp\ALSysIO64.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X]S1 SASDIFSV; \??\C:\Users\ernie\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]S3 SASENUM; \??\C:\Users\ernie\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [X]S1 SASKUTIL; \??\C:\Users\ernie\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [X]S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [X]S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [X] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547C:\Windows\system32\drivers\adp94xx.sys F14215E37CF124104575073F782111D2C:\Windows\system32\drivers\adpahci.sys 7D05A75E3066861A6610F7EE04FF085CC:\Windows\system32\drivers\adpu160m.sys 820A201FE08A0C345B3BEDBC30E1A77CC:\Windows\system32\drivers\adpu320.sys 9B4AB6854559DC168FBB4C24FC52E794C:\Windows\system32\drivers\afd.sys 2BA159E1F9FD75F6A496742B20F1D9CFC:\Windows\System32\DRIVERS\agrsm64.sys 70E15CDA25E151DFC60636EF73F5A7BEC:\Windows\system32\drivers\agp440.sys F6F6793B7F17B550ECFDBD3B229173F7C:\Windows\system32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00C:\Windows\system32\drivers\aliide.sys 157D0898D4B73F075CE9FA26B482DF98C:\Windows\system32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991EC:\Windows\system32\drivers\amdk8.sys CDC3632A3A5EA4DBB83E46076A3165A1C:\Windows\system32\drivers\arc.sys BA8417D4765F3988FF921F30F630E303C:\Windows\system32\drivers\arcsas.sys 9D41C435619733B34CC16A511E644B11C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6C:\Windows\system32\drivers\atapi.sys 1898FAE8E07D97F2F6C2D5326C633FACC:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys 6FF763C82B98C8F3955B2C34A55C5E70C:\Windows\system32\drivers\blbdrive.sys 79FEEB40056683F8F61398D81DDA65D2C:\Windows\System32\DRIVERS\bowser.sys 2348447A80920B2493A9B582A23E81E1C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legitC:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legitC:\Windows\system32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9BC:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legitC:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legitC:\Windows\system32\drivers\brusbser.sys ==> MD5 is legitC:\Windows\system32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29FC:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FCC:\Windows\system32\drivers\circlass.sys 02EA568D498BBDD4BA55BF3FCE34D456C:\Windows\System32\CLFS.sys 3DCA9A18B204939CFB24BEA53E31EB48C:\Windows\system32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192C:\Windows\system32\drivers\compbatt.sys 7FB8AD01DB0EABE60C8A861531A8F431C:\Windows\System32\drivers\crcdisk.sys A8585B6412253803CE8EFCBD6D6DC15CC:\Windows\System32\Drivers\dfsc.sys 8B722BA35205C71E7951CDC4CDBADE19C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905C:\Windows\System32\DRIVERS\Dot4.sys 74C02B1717740C3B8039539E23E4B53FC:\Windows\System32\DRIVERS\Dot4Prt.sys 08321D1860235BF42CF2854234337AEAC:\Windows\System32\DRIVERS\Dot4Scan.sys 8B73CA3010D7C5C5CB939686C637E5D1C:\Windows\System32\DRIVERS\dot4usb.sys 4ADCCF0124F2B6911D3786A5D0E779E5C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6C:\Windows\System32\drivers\dxgkrnl.sys 0A3C78677FF62E9E0AE7CC25C790A968C:\Windows\System32\DRIVERS\E1G6032E.sys 264CEE7B031A9D6C827F3D0CB031F2FEC:\Windows\System32\drivers\ecache.sys 5F94962BE5A62DB6E447FF6470C4F48AC:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 1B7AA375F711F66D5FF2B855F9EC987FC:\Windows\system32\drivers\elxstor.sys C4636D6E10469404AB5308D9FD45ED07C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 7230C8B80DDE1F0524C353240B78CC0EC:\Windows\system32\drivers\errdev.sys BC3A58E938BB277E46BF4B3003B01ABDC:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523C:\Windows\System32\Drivers\fastfat.sys 1A4BEE34277784619DDAF0422C0C6E23C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7FC:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBDC:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720C:\Windows\System32\Drivers\Fs_Rec.sys 5779B86CD8B32519FBECB136394D946AC:\Windows\system32\drivers\gagp30kx.sys C8E416668D3DC2BE3D4FE4C79224997FC:\Windows\System32\DRIVERS\GEARAspiWDM.sys AF4DEE5531395DEE72B35B36C9671FD0C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3DC:\Windows\system32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375FC:\Windows\system32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDFC:\Windows\system32\drivers\hpcisss.sys D7109A1E6BD2DFDBCBA72A6BC626A13BC:\Windows\System32\drivers\hpfx64bulk.sys DBD2BB97A574FC565B1EB5C0A03F917AC:\Windows\System32\drivers\hpfx64fax.sys 219C2A07FD07023D3905C332BF6F9BA8C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610C:\Windows\system32\drivers\i2omp.sys DA94C854CEA5FAC549D4E1F6E88349E8C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591FC:\Windows\System32\drivers\iastor.sys 5979854E6FDA990107E3170327022117C:\Windows\system32\drivers\iastorv.sys 3E3BF3627D886736D0B4E90054F929F6C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140421.001\IDSvia64.sys F6F8CDA3CC5207BFD0B319A26E33ACD3C:\Windows\System32\DRIVERS\igdkmd64.sys A124C87CD0B39C9E510E138534468383C:\Windows\system32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3C:\Windows\System32\drivers\RTKVHD64.sys 1EDAB7F9B9DE4424BECCDEF950CE2FF0C:\Windows\system32\drivers\intelide.sys DF797A12176F11B2D301C5B234BB200EC:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81C:\Windows\system32\drivers\ipmidrv.sys 9C2EE2E6E5A7203BFAE15C299475EC67C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BEC:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88DC:\Windows\system32\drivers\isapnp.sys 0672BFCEDC6FC468A2B0500D81437F4FC:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520C:\Windows\system32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4AC:\Windows\system32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26C:\Windows\System32\DRIVERS\kbdhid.sys DBDF75D51464FBC47D0104EC3D572C05C:\Windows\System32\Drivers\ksecdd.sys 88956AD9FA510848AD176777A6C6C1F5C:\Windows\system32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EBC:\Windows\System32\DRIVERS\btblan.sys 797289607A5EBF31353AA5EAD141F872C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02CC:\Windows\system32\drivers\lsi_fc.sys ACBE1AF32D3123E330A07BFBC5EC4A9BC:\Windows\system32\drivers\lsi_sas.sys 799FFB2FC4729FA46D2157C0065B3525C:\Windows\system32\drivers\lsi_scsi.sys F445FF1DAAD8A226366BFAF42551226BC:\Windows\system32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3EC:\Windows\System32\drivers\LVUSBS64.sys 0034F69D0007D3F77F6B96FA51228E85C:\Windows\system32\drivers\mbamchameleon.sys 4A1356200B82B852E137B687F03E8054C:\Windows\system32\drivers\mbam.sys FD5465B876D55534117963FAAA4B9DFCC:\Windows\system32\drivers\MBAMSwissArmy.sys 6140163BFE9D8F2DFDBA088ED5521C13C:\Windows\system32\drivers\mwac.sys 07B9C6E899E5109410F561F6DEE84B9EC:\Windows\system32\drivers\megasas.sys 5C5CD6AACED32FB26C3FB34B3DCF972FC:\Windows\system32\drivers\megasr.sys 859BC2436B076C77C159ED694ACFE8F8C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2EC:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69C:\Windows\System32\drivers\mountmgr.sys 11BC9B1E8801B01F7F6ADB9EAD30019BC:\Windows\system32\drivers\mpio.sys F8276EB8698142884498A528DFEA8478C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2C:\Windows\system32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802EC:\Windows\system32\drivers\mrxdav.sys 7C1DE4AA96DC0C071611F9E7DE02A68DC:\Windows\System32\DRIVERS\mrxsmb.sys 1485811B320FF8C7EDAD1CAEBB1C6C2BC:\Windows\System32\DRIVERS\mrxsmb10.sys 3B929A60C833FC615FD97FBA82BC7632C:\Windows\System32\DRIVERS\mrxsmb20.sys C64AB3E1F53B4F5B5BB6D796B2D7BEC3C:\Windows\system32\drivers\msahci.sys 1AC860612B85D8E85EE257D372E39F4DC:\Windows\system32\drivers\msdsm.sys 264BBB4AAF312A485F0E44B65A6B7202C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7CC:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8BC:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55BC:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.033\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.033\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561C:\Windows\System32\drivers\ndis.sys 65950E07329FCEE8E6516B17C8D0ABB6C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CEC:\Windows\System32\DRIVERS\netbt.sys FC2C792EBDDC8E28DF939D6A92C83D61C:\Windows\system32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEBC:\Windows\System32\Drivers\Ntfs.sys 2ACCAA3C3C55370A32F17B3595E1A217C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CBC:\Windows\system32\drivers\nvraid.sys 2C040B7ADA5B06F6FACADAC8514AA034C:\Windows\system32\drivers\nvstor.sys F7EA0FE82842D05EDA3EFDD376DBFDBAC:\Windows\system32\drivers\nv_agp.sys 19067CA93075EF4823E3938A686F532FC:\Windows\System32\DRIVERS\ohci1394.sys B5B1CE65AC15BBD11C0619E3EF7CFC28C:\Windows\system32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0C:\Windows\System32\drivers\partmgr.sys B43751085E2ABE389DA466BC62A4B987C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906DC:\Windows\system32\drivers\pciide.sys 8D618C829034479985A9ED56106CC732C:\Windows\system32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80DC:\Windows\System32\DRIVERS\LV302V64.SYS 37EA62238E17AE88E4713D9246CA1C1CC:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301C:\Windows\system32\drivers\processr.sys 5080E59ECEE0BC923F14018803AA7A01C:\Windows\System32\DRIVERS\PS2.sys 1D0A3F565397D08707F3D75B88586645C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31C:\Windows\system32\drivers\ql2300.sys 0B83F4E681062F3839BE2EC1D98FD94AC:\Windows\system32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2AC:\Windows\system32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2CC:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3EC:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716C:\Windows\system32\drivers\rdpdr.sys C045D1FB111C28DF0D1BE8D4BDA22C06C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3ABC:\Windows\System32\Drivers\RDPWD.sys AE4BD9E1C33D351D8E607FC81F15160CC:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73C:\Windows\System32\DRIVERS\Rtlh64.sys D53C84EC99AB4D78A90001E5CE5386ECC:\Windows\system32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01BC:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ser2pl64.sys 9F6490423AC3271E84A90A0DD9D30A3BC:\Windows\System32\DRIVERS\serenum.sys F71BFE7AC6C52273B7C82CBF1BB2A222C:\Windows\system32\drivers\serial.sys E62FAC91EE288DB29A9696A9D279929CC:\Windows\system32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DFC:\Windows\system32\drivers\sffdisk.sys 14D4B4465193A87C127933978E8C4106C:\Windows\system32\drivers\sffp_mmc.sys 7073AEE3F82F3D598E3825962AA98AB2C:\Windows\system32\drivers\sffp_sd.sys 35E59EBE4A01A0532ED67975161C7B82C:\Windows\system32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5FC:\Windows\system32\drivers\sisraid2.sys 7A5DE502AEB719D4594C6471060A78B3C:\Windows\system32\drivers\sisraid4.sys 3A2F769FAB9582BC720E11EA1DFB184DC:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473C:\Windows\System32\DRIVERS\snp2sxp.sys AC8F1EF394FAF226B64A8E937E6D812BC:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89DC:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS F718A57D946EAC76EFCB351D74E269F4C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS B18CE01B9C09C59422BA7C7064248B35C:\Windows\System32\DRIVERS\srv.sys 880A57FCCB571EBD063D4DD50E93E46DC:\Windows\System32\DRIVERS\srv2.sys A1AD14A6D7A37891FFFECA35EBBB0730C:\Windows\System32\DRIVERS\srvnet.sys 4BED62F4FA4D8300973F1151F4C4D8A7C:\Windows\System32\DRIVERS\sscdbus.sys F4F1E1FF6986FE8914525AF751EA3EACC:\Windows\System32\DRIVERS\sscdmdfl.sys 5447690D2CFE1BDE1BE3A5A5A3E2F796C:\Windows\System32\DRIVERS\sscdmdm.sys BFDA292053AEB76A0C1D63B2279D5138C:\Windows\System32\DRIVERS\sscdserd.sys 208731A751357DD71C5A0345C77AFD0AC:\Windows\System32\DRIVERS\serscan.sys 14B4DB4381E4A55F570D8BB699B791D6C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0CC:\Windows\system32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625BC:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39CC:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS 9F31630D7FC2DD9D5DA1CE359AAD1F46C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS 48C2934683CBD06F662B088EEF49EF6AC:\Windows\System32\Drivers\N360x64\1502000.026\SYMTDIV.SYS 018D1F8343C301B4AF9DD042D2FFBCC8C:\Windows\system32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837C:\Windows\system32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0C:\Windows\System32\drivers\tcpip.sys C2CB949645C299E23FBFD26CAD3FC96EC:\Windows\System32\DRIVERS\tcpip.sys C2CB949645C299E23FBFD26CAD3FC96EC:\Windows\System32\drivers\tcpipreg.sys C7E72A4071EE0200E3C075DACFB2B334C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BCC:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1C:\Windows\System32\DRIVERS\tdx.sys 458919C8C42E398DC4802178D5FFEE27C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98C:\Windows\System32\DRIVERS\tssecsrv.sys B2388462329ACD17AF50D8701E0C1B18C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3CC:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609C:\Windows\system32\drivers\uagp35.sys FEC266EF401966311744BD0F359F7F56C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34C:\Windows\system32\drivers\uliagpkx.sys 4EC9447AC3AB462647F60E547208CA00C:\Windows\system32\drivers\uliahci.sys 697F0446134CDC8F99E69306184FBBB4C:\Windows\system32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0C:\Windows\system32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4C:\Windows\System32\drivers\usbaudio.sys A565B509000BD3E42A9B93B9FFD40D3DC:\Windows\System32\DRIVERS\usbccgp.sys 858CC93477F9A9383E07861892600FF9C:\Windows\system32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2C:\Windows\System32\DRIVERS\usbehci.sys 82C3790E4E6F35087EF00994C7A72988C:\Windows\System32\DRIVERS\usbhub.sys BE2EB33AF6EE2E5DA07EB987E0A321F5C:\Windows\system32\drivers\usbohci.sys EBA14EF0C07CEC233F1529C698D0D154C:\Windows\System32\DRIVERS\usbprint.sys 28B693B6D31E7B9332C1BDCEFEF228C1C:\Windows\System32\DRIVERS\USBSTOR.SYS B854C1558FCA0C269A38663E8B59B581C:\Windows\System32\DRIVERS\usbuhci.sys 308F6DDC052C970D679DA37D8A305279C:\Windows\System32\Drivers\usbvideo.sys BF7A051DCCBA57C95541135B29CE0FB4C:\Windows\System32\DRIVERS\vgapnp.sys 916B94BCF1E09873FFF2D5FB11767BBCC:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63C:\Windows\system32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAAC:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCAC:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877C:\Windows\System32\drivers\volsnap.sys 582F710097B46140F5A89A19A6573D4BC:\Windows\system32\drivers\vsmraid.sys A68F455ED2673835209318DD61BFBB0EC:\Windows\system32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFDC:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFDC:\Windows\system32\drivers\wd.sys 0C17A0816F65B89E362E682AD5E7266EC:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8C:\Windows\system32\drivers\wmiacpi.sys E18AEBAAA5A773FE11AA2C70F65320F5C:\Windows\System32\DRIVERS\wpdusb.sys 5E2401B3FC1089C90E081291357371A9C:\Windows\system32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869FC:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-22 14:24 - 2014-04-22 14:24 - 00000000 ____D () C:\FRST2014-04-22 14:00 - 2014-04-22 14:00 - 00005307 _____ () C:\Users\ernie\Desktop\RKreport[0]_D_04222014_140000.txt2014-04-22 13:53 - 2014-04-22 13:53 - 00005242 _____ () C:\Users\ernie\Desktop\RKreport[0]_S_04222014_135322.txt2014-04-22 13:28 - 2014-04-22 13:28 - 00005217 _____ () C:\Users\ernie\Desktop\RKreport[0]_S_04222014_132829.txt2014-04-22 13:10 - 2014-04-22 13:10 - 00006185 _____ () C:\Users\ernie\Desktop\RKreport[0]_D_04222014_131020.txt2014-04-22 12:54 - 2014-04-22 12:54 - 00006065 _____ () C:\Users\ernie\Desktop\RKreport[0]_S_04222014_125456.txt2014-04-22 12:18 - 2014-04-22 14:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-04-22 12:17 - 2014-04-22 12:42 - 00000000 ____D () C:\Users\ernie\Desktop\mbar2014-04-22 12:17 - 2014-04-22 11:20 - 00000110 _____ () C:\Users\ernie\Desktop\xxyx.txt2014-04-21 16:18 - 2014-04-21 16:18 - 00000225 _____ () C:\Users\ernie\Desktop\router.txt2014-04-16 12:00 - 2014-04-16 12:18 - 00018720 _____ () C:\Users\ernie\Desktop\MyContacts.csv2014-04-16 09:48 - 2014-04-16 09:48 - 00921000 _____ (Oracle Corporation) C:\Users\ernie\Downloads\JavaSetup7u55.exe2014-04-16 09:39 - 2014-03-17 22:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-04-16 09:38 - 2014-03-17 22:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-04-16 09:38 - 2014-03-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-04-16 09:38 - 2014-03-17 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-04-16 09:35 - 2014-04-16 09:38 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log2014-04-15 18:09 - 2014-03-06 23:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\procexp.exe2014-04-15 18:07 - 2014-03-06 23:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Users\ernie\Desktop\procexp.exe2014-04-15 18:06 - 2014-04-16 10:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-04-15 08:43 - 2014-04-15 08:43 - 04968079 _____ (Tim Kosse) C:\Users\ernie\Downloads\FileZilla_3.8.0_win32-setup.exe2014-04-10 20:00 - 2014-04-22 13:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-04-10 19:57 - 2014-04-10 19:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-10 19:57 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-04-10 19:57 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-04-09 08:04 - 2014-03-08 00:54 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-04-09 08:04 - 2014-03-08 00:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-04-09 08:04 - 2014-03-07 23:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-04-09 08:04 - 2014-03-07 23:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-04-09 08:04 - 2014-03-07 23:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-04-09 08:04 - 2014-03-07 23:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-04-09 08:04 - 2014-03-07 23:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-04-09 08:04 - 2014-03-07 23:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-04-09 08:04 - 2014-03-07 23:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-04-09 08:04 - 2014-03-07 23:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-04-09 08:04 - 2014-03-07 23:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-04-09 08:04 - 2014-03-07 23:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-04-09 08:04 - 2014-03-07 23:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-04-09 08:04 - 2014-03-07 23:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-04-09 08:04 - 2014-03-07 23:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-04-09 08:04 - 2014-03-07 23:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-04-09 08:04 - 2014-03-07 19:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-04-09 08:04 - 2014-03-07 19:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-04-09 08:04 - 2014-03-07 19:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-04-09 08:04 - 2014-03-07 19:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-04-09 08:04 - 2014-03-07 19:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-04-09 08:04 - 2014-03-07 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-04-09 08:04 - 2014-03-07 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-04-09 08:04 - 2014-03-07 18:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-04-09 08:04 - 2014-03-07 18:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-04-09 08:04 - 2014-03-07 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-04-09 08:04 - 2014-03-07 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-04-09 08:04 - 2014-03-07 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-04-09 08:04 - 2014-03-07 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-04-09 08:04 - 2014-03-07 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-09 08:04 - 2014-03-07 18:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-04-09 08:04 - 2014-03-07 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-04-09 03:47 - 2014-02-06 00:21 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2014-04-09 03:47 - 2014-02-05 21:57 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2014-03-29 14:02 - 2014-03-29 14:02 - 00025815 _____ () C:\Users\ernie\Desktop\Coin Collection for dealers.xlsx2014-03-28 09:10 - 2014-03-28 09:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 ==================== One Month Modified Files and Folders ======= 2014-04-22 14:24 - 2014-04-22 14:24 - 00000000 ____D () C:\FRST2014-04-22 14:24 - 2010-05-19 13:38 - 00000000 ____D () C:\oh stuff2014-04-22 14:23 - 2014-04-22 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-04-22 14:19 - 2011-02-04 15:29 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-04-22 14:19 - 2011-02-04 15:29 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-04-22 14:00 - 2014-04-22 14:00 - 00005307 _____ () C:\Users\ernie\Desktop\RKreport[0]_D_04222014_140000.txt2014-04-22 13:54 - 2012-08-01 17:15 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926887384-2398991121-4048484460-1000UA.job2014-04-22 13:53 - 2014-04-22 13:53 - 00005242 _____ () C:\Users\ernie\Desktop\RKreport[0]_S_04222014_135322.txt2014-04-22 13:49 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI2014-04-22 13:48 - 2009-04-02 16:10 - 01756237 _____ () C:\Windows\WindowsUpdate.log2014-04-22 13:44 - 2014-04-10 20:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-04-22 13:43 - 2012-09-11 13:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-04-22 13:41 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-04-22 13:40 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-04-22 13:40 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-04-22 13:37 - 2006-11-02 11:42 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-04-22 13:28 - 2014-04-22 13:28 - 00005217 _____ () C:\Users\ernie\Desktop\RKreport[0]_S_04222014_132829.txt2014-04-22 13:11 - 2009-05-07 11:06 - 00168448 _____ () C:\Users\ernie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-04-22 13:10 - 2014-04-22 13:10 - 00006185 _____ () C:\Users\ernie\Desktop\RKreport[0]_D_04222014_131020.txt2014-04-22 12:54 - 2014-04-22 12:54 - 00006065 _____ () C:\Users\ernie\Desktop\RKreport[0]_S_04222014_125456.txt2014-04-22 12:42 - 2014-04-22 12:17 - 00000000 ____D () C:\Users\ernie\Desktop\mbar2014-04-22 12:18 - 2009-05-06 21:42 - 00000000 ____D () C:\Users\ernie\AppData\Roaming\POP Peeper2014-04-22 11:57 - 2010-05-18 14:06 - 00000732 _____ () C:\Users\ernie\AppData\Local\d3d9caps64.dat2014-04-22 11:20 - 2014-04-22 12:17 - 00000110 _____ () C:\Users\ernie\Desktop\xxyx.txt2014-04-22 09:39 - 2008-01-20 23:26 - 01429972 _____ () C:\Windows\PFRO.log2014-04-22 09:26 - 2009-05-11 15:53 - 00000000 ____D () C:\Users\ernie\AppData\Roaming\Binary Boy2014-04-22 01:54 - 2012-08-01 17:15 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926887384-2398991121-4048484460-1000Core.job2014-04-21 16:18 - 2014-04-21 16:18 - 00000225 _____ () C:\Users\ernie\Desktop\router.txt2014-04-21 09:13 - 2010-12-14 15:15 - 00000000 ____D () C:\Users\ernie\AppData\Roaming\vlc2014-04-21 09:05 - 2009-08-21 12:20 - 00000317 _____ () C:\Windows\1way.ini2014-04-20 22:00 - 2009-05-23 19:48 - 00000000 ____D () C:\Users\ernie\AppData\Local\QuickPar2014-04-17 22:48 - 2012-09-11 13:32 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-04-17 22:48 - 2012-03-31 12:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-04-17 22:48 - 2011-06-06 00:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-04-17 22:48 - 2009-05-07 08:30 - 00000000 ____D () C:\Users\ernie\AppData\Local\Adobe2014-04-17 22:40 - 2006-11-02 08:34 - 00000237 _____ () C:\Windows\win.ini2014-04-17 17:06 - 2010-12-20 13:55 - 00000000 ____D () C:\Users\ernie\AppData\Roaming\FileZilla2014-04-16 18:49 - 2010-05-10 10:27 - 00000000 ____D () C:\Users\ernie\AppData\Roaming\HpUpdate2014-04-16 12:18 - 2014-04-16 12:00 - 00018720 _____ () C:\Users\ernie\Desktop\MyContacts.csv2014-04-16 10:46 - 2014-04-15 18:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-04-16 10:25 - 2009-05-11 15:53 - 00000000 ____D () C:\Users\ernie\Documents\Binary Boy2014-04-16 09:48 - 2014-04-16 09:48 - 00921000 _____ (Oracle Corporation) C:\Users\ernie\Downloads\JavaSetup7u55.exe2014-04-16 09:39 - 2013-10-19 13:33 - 00000000 ____D () C:\ProgramData\Oracle2014-04-16 09:38 - 2014-04-16 09:35 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log2014-04-16 09:38 - 2013-07-07 16:36 - 00000000 ____D () C:\Program Files (x86)\Java2014-04-15 08:45 - 2010-12-20 13:55 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client2014-04-15 08:43 - 2014-04-15 08:43 - 04968079 _____ (Tim Kosse) C:\Users\ernie\Downloads\FileZilla_3.8.0_win32-setup.exe2014-04-13 19:52 - 2013-07-24 19:32 - 00001022 _____ () C:\Users\Public\Desktop\Vz In-Home Agent.lnk2014-04-10 19:57 - 2014-04-10 19:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-10 19:57 - 2010-05-18 15:05 - 00000000 ____D () C:\Users\ernie\AppData\Roaming\Malwarebytes2014-04-10 19:57 - 2010-05-18 15:04 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-04-09 08:44 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool2014-04-09 08:33 - 2012-08-01 17:17 - 00002084 _____ () C:\Users\ernie\Desktop\Google Chrome.lnk2014-04-09 08:03 - 2009-05-06 21:49 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-04-09 08:02 - 2013-08-14 03:11 - 00000000 ____D () C:\Windows\system32\MRT2014-04-09 07:57 - 2006-11-02 08:35 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2014-04-09 07:37 - 2009-05-06 19:40 - 00000456 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job2014-04-06 11:46 - 2014-01-20 15:59 - 00000817 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-04-06 11:02 - 2009-05-06 21:58 - 00000000 ____D () C:\EBW2014-04-04 22:30 - 2011-07-24 09:58 - 00000000 ____D () C:\Users\ernie\AppData\Local\CrashDumps2014-04-03 09:51 - 2014-04-10 19:57 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-04-03 09:51 - 2014-04-10 19:57 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-04-03 09:50 - 2010-05-18 15:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-03-29 14:14 - 2011-02-04 15:29 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-29 14:14 - 2011-02-04 15:29 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-29 14:02 - 2014-03-29 14:02 - 00025815 _____ () C:\Users\ernie\Desktop\Coin Collection for dealers.xlsx2014-03-28 09:10 - 2014-03-28 09:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 3602014-03-28 09:04 - 2009-05-06 19:51 - 00000000 ____D () C:\Windows\system32\Drivers\N360x642014-03-28 09:03 - 2012-06-04 13:43 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration2014-03-26 01:49 - 2012-08-01 17:15 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-926887384-2398991121-4048484460-1000UA2014-03-26 01:49 - 2012-08-01 17:15 - 00003396 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-926887384-2398991121-4048484460-1000Core2014-03-24 10:40 - 2012-04-27 15:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-03-23 19:10 - 2013-10-11 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird Some content of TEMP:====================C:\Users\ernie\AppData\Local\Temp\ntdll_dump.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Windows Boot Manager--------------------identifier {bootmgr}device partition=C:description Windows Boot Managerlocale en-usinherit {globalsettings}default {current}displayorder {current}toolsdisplayorder {memdiag}timeout 30resume Nocustomactions 0x1000085000001 0x54000001custom:54000001 {863df33e-9817-11dc-b72e-001b24047e4e} Windows Boot Loader-------------------identifier {current}device partition=C:path \Windows\system32\winload.exedescription Microsoft Windows Vistalocale en-usinherit {bootloadersettings}recoverysequence {572bcd55-ffa7-11d9-aae2-0007e994107d}recoveryenabled Yesosdevice partition=C:systemroot \Windowsresumeobject {1eb3a075-fda5-11dd-81b8-00248c07366c}nx OptIn Windows Boot Loader-------------------identifier {572bcd55-ffa7-11d9-aae2-0007e994107d}device ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}path \windows\system32\boot\winload.exedescription HP Recovery Managerosdevice ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}systemroot \windowsnx OptIndetecthal Yeswinpe Yes Windows Boot Loader-------------------identifier {863df33e-9817-11dc-b72e-001b24047e4e}device ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}path \windows\system32\boot\winload.exedescription F11 Boot from BCDosdevice ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}systemroot \windowsnx OptIndetecthal Yeswinpe Yes Resume from Hibernate---------------------identifier {1eb3a075-fda5-11dd-81b8-00248c07366c}device partition=C:path \Windows\system32\winresume.exedescription Windows Resume Applicationlocale en-USinherit {resumeloadersettings}filedevice partition=C:filepath \hiberfil.sysdebugoptionenabled No Windows Memory Tester---------------------identifier {memdiag}device partition=C:path \boot\memtest.exedescription Windows Memory Diagnosticlocale en-USinherit {globalsettings}badmemoryaccess Yes Windows Legacy OS Loader------------------------identifier {ntldr}device partition=C:path \ntldrdescription Earlier Version of Windows EMS Settings------------identifier {emssettings}bootems Yes Debugger Settings-----------------identifier {dbgsettings}debugtype Serialdebugport 1baudrate 115200 RAM Defects-----------identifier {badmemory} Global Settings---------------identifier {globalsettings}inherit {dbgsettings} {emssettings} {badmemory}extendedinput Yes Boot Loader Settings--------------------identifier {bootloadersettings}inherit {globalsettings} Resume Loader Settings----------------------identifier {resumeloadersettings}inherit {globalsettings} Device options--------------identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}description Ramdisk Device Optionsramdisksdidevice partition=D:ramdisksdipath \boot\boot.sdi Setup Ramdisk Options---------------------identifier {ramdiskoptions}description RAM Disk Settingsramdisksdidevice partition=D:ramdisksdipath \boot\boot.sdi LastRegBack: 2014-04-22 13:47 ==================== End Of Log ============================
  20. Hello, I have reinstalled Windows Vista on my computer due to virus infections. However, I assume because the Windows.old folder was kept, my computer is most likely still infected. Malwarebytes has worked the first day and removed some threats, but now after a few days it doesn't start anymore. I tried the chameleon steps with the same results. These are the Farbar Recovery Scan Tool results: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014Ran by alex at 2014-04-29 09:14:31Running from C:\Users\alex\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenMalwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenSearch Protection (HKCU\...\Search Protection) (Version: 8.9.0.1 - Spigot, Inc.)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) ==================== Restore Points ========================= 27-04-2014 02:40:51 Windows Update27-04-2014 04:33:53 Windows Update27-04-2014 07:33:00 Installed 7-Zip 9.20 (x64 edition)27-04-2014 07:51:36 Device Driver Package Install: BITDEFENDER S.R.L. System devices27-04-2014 15:57:29 Windows Update27-04-2014 17:07:54 Windows Update28-04-2014 06:09:16 Device Driver Package Install: HP Printers28-04-2014 06:15:39 Windows Update29-04-2014 06:52:17 Windows Update29-04-2014 10:00:20 Windows Update ==================== Hosts content: ========================== 2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntriesTask: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {A2D8AB4C-50FB-4633-8F96-6AA196446E00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26] (Google Inc.)Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: {EA868E30-8292-43F2-99D6-6DB4CA880853} - System32\Tasks\SUPERAntiSpyware Scheduled Task 1da181de-5176-4b02-9b47-20d10aed9ce1 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)Task: {EBB82B29-6963-4D9F-AC23-CF81F81A12DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26] (Google Inc.)Task: {FD9C4197-13E7-4616-B2D6-A3B2BF60C4C4} - System32\Tasks\SUPERAntiSpyware Scheduled Task d996228e-f086-46e4-9d21-840a9a16af5a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1da181de-5176-4b02-9b47-20d10aed9ce1.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeTask: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d996228e-f086-46e4-9d21-840a9a16af5a.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-27 00:51 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll2014-04-27 00:51 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll2002-01-01 06:01 - 2011-04-19 16:21 - 00045056 _____ () C:\Windows\system32\atitmp64.dll2014-04-26 21:19 - 2014-04-23 17:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll2014-04-26 21:19 - 2014-04-23 17:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll2014-04-26 21:19 - 2014-04-23 17:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll2014-04-26 21:19 - 2014-04-23 17:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll2014-04-26 21:19 - 2014-04-23 17:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\alex\Downloads\FRST64.exe:BDUAlternateDataStreams: C:\Users\alex\Downloads\rkill.com:BDUAlternateDataStreams: C:\Users\alex\Downloads\SUPERAntiSpyware.exe:BDU ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: 802.11n Wireless LAN Card #2Description: 802.11n Wireless LAN CardClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Ralink Technology, Corp.Service: netr28xProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Standard PS/2 KeyboardDescription: Standard PS/2 KeyboardClass Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard keyboards)Service: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors:==================Error: (04/29/2014 09:14:29 AM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x102c, application start time 0xmbam.exe0. Error: (04/29/2014 09:01:04 AM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x10fc, application start time 0xmbam.exe0. Error: (04/29/2014 08:59:12 AM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0xc7c, application start time 0xmbam.exe0. Error: (04/29/2014 03:23:56 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 11:45:15 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 11:44:35 PM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0xcb0, application start time 0xmbam.exe0. Error: (04/28/2014 00:14:37 AM) (Source: Application Error) (User: )Description: Faulting application winlog.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x1220, application start time 0xwinlog.exe0. Error: (04/28/2014 00:13:17 AM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0xf2c, application start time 0xmbam.exe0. Error: (04/28/2014 00:12:08 AM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x115c, application start time 0xmbam.exe0. Error: (04/28/2014 00:07:59 AM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x13c0, application start time 0xmbam.exe0. System errors:=============Error: (04/29/2014 08:58:23 AM) (Source: PlugPlayManager) (User: )Description: The device '802.11n Wireless LAN Card' (PCI\VEN_1814&DEV_3060&SUBSYS_30601814&REV_00\4&1542fbd&0&08F0) disappeared from the system without first being prepared for removal. Error: (04/29/2014 03:22:26 AM) (Source: HTTP) (User: )Description: \Device\Http\ReqQueueKerberos Error: (04/29/2014 03:21:10 AM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/28/2014 11:43:44 PM) (Source: HTTP) (User: )Description: \Device\Http\ReqQueueKerberos Error: (04/28/2014 09:49:49 PM) (Source: HTTP) (User: )Description: \Device\Http\ReqQueueKerberos Error: (04/28/2014 00:15:09 AM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/27/2014 11:53:22 PM) (Source: Service Control Manager) (User: )Description: MBAMService1 Error: (04/27/2014 11:53:22 PM) (Source: Service Control Manager) (User: )Description: MBAMScheduler%%1053 Error: (04/27/2014 11:53:22 PM) (Source: Service Control Manager) (User: )Description: 30000MBAMScheduler Error: (04/27/2014 11:51:50 PM) (Source: HTTP) (User: )Description: \Device\Http\ReqQueueKerberos Microsoft Office Sessions:=========================Error: (04/29/2014 09:14:29 AM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd102c01cf63c619080480 Error: (04/29/2014 09:01:04 AM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd10fc01cf63c438731e10 Error: (04/29/2014 08:59:12 AM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdc7c01cf63c3f688b280 Error: (04/29/2014 03:23:56 AM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 11:45:15 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 11:44:35 PM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdcb001cf63767a553961 Error: (04/28/2014 00:14:37 AM) (Source: Application Error)(User: )Description: winlog.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd122001cf62b1835cad93 Error: (04/28/2014 00:13:17 AM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdf2c01cf62b153a73cf3 Error: (04/28/2014 00:12:08 AM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd115c01cf62b12a932f93 Error: (04/28/2014 00:07:59 AM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd13c001cf62b0962b9bd3 CodeIntegrity Errors:=================================== Date: 2014-04-29 09:14:25.077 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:25.045 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:25.013 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.982 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.803 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.768 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.732 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.699 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.666 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.634 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 43%Total physical RAM: 4094.18 MBAvailable physical RAM: 2330.78 MBTotal Pagefile: 8407.67 MBAvailable Pagefile: 6155.64 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.51 GB) (Free:826.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (Misc) (Fixed) (Total:465.76 GB) (Free:427.4 GB) NTFSDrive e: (CDROM) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFSDrive g: () (Removable) (Total:7.48 GB) (Free:4.37 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: E06E9AF5)Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 77845C23)Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ========================================================Disk: 2 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Here is the Addition log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014Ran by alex at 2014-04-29 09:14:31Running from C:\Users\alex\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenMalwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenSearch Protection (HKCU\...\Search Protection) (Version: 8.9.0.1 - Spigot, Inc.)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) ==================== Restore Points ========================= 27-04-2014 02:40:51 Windows Update27-04-2014 04:33:53 Windows Update27-04-2014 07:33:00 Installed 7-Zip 9.20 (x64 edition)27-04-2014 07:51:36 Device Driver Package Install: BITDEFENDER S.R.L. System devices27-04-2014 15:57:29 Windows Update27-04-2014 17:07:54 Windows Update28-04-2014 06:09:16 Device Driver Package Install: HP Printers28-04-2014 06:15:39 Windows Update29-04-2014 06:52:17 Windows Update29-04-2014 10:00:20 Windows Update ==================== Hosts content: ========================== 2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntriesTask: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {A2D8AB4C-50FB-4633-8F96-6AA196446E00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26] (Google Inc.)Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: {EA868E30-8292-43F2-99D6-6DB4CA880853} - System32\Tasks\SUPERAntiSpyware Scheduled Task 1da181de-5176-4b02-9b47-20d10aed9ce1 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)Task: {EBB82B29-6963-4D9F-AC23-CF81F81A12DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26] (Google Inc.)Task: {FD9C4197-13E7-4616-B2D6-A3B2BF60C4C4} - System32\Tasks\SUPERAntiSpyware Scheduled Task d996228e-f086-46e4-9d21-840a9a16af5a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1da181de-5176-4b02-9b47-20d10aed9ce1.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeTask: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d996228e-f086-46e4-9d21-840a9a16af5a.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-27 00:51 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll2014-04-27 00:51 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll2002-01-01 06:01 - 2011-04-19 16:21 - 00045056 _____ () C:\Windows\system32\atitmp64.dll2014-04-26 21:19 - 2014-04-23 17:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll2014-04-26 21:19 - 2014-04-23 17:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll2014-04-26 21:19 - 2014-04-23 17:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll2014-04-26 21:19 - 2014-04-23 17:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll2014-04-26 21:19 - 2014-04-23 17:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\alex\Downloads\FRST64.exe:BDUAlternateDataStreams: C:\Users\alex\Downloads\rkill.com:BDUAlternateDataStreams: C:\Users\alex\Downloads\SUPERAntiSpyware.exe:BDU ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: 802.11n Wireless LAN Card #2Description: 802.11n Wireless LAN CardClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Ralink Technology, Corp.Service: netr28xProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Standard PS/2 KeyboardDescription: Standard PS/2 KeyboardClass Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard keyboards)Service: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors:==================Error: (04/29/2014 09:14:29 AM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x102c, application start time 0xmbam.exe0. Error: (04/29/2014 09:01:04 AM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x10fc, application start time 0xmbam.exe0. Error: (04/29/2014 08:59:12 AM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0xc7c, application start time 0xmbam.exe0. Error: (04/29/2014 03:23:56 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 11:45:15 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 11:44:35 PM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0xcb0, application start time 0xmbam.exe0. Error: (04/28/2014 00:14:37 AM) (Source: Application Error) (User: )Description: Faulting application winlog.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x1220, application start time 0xwinlog.exe0. Error: (04/28/2014 00:13:17 AM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0xf2c, application start time 0xmbam.exe0. Error: (04/28/2014 00:12:08 AM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x115c, application start time 0xmbam.exe0. Error: (04/28/2014 00:07:59 AM) (Source: Application Error) (User: )Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x13c0, application start time 0xmbam.exe0. System errors:=============Error: (04/29/2014 08:58:23 AM) (Source: PlugPlayManager) (User: )Description: The device '802.11n Wireless LAN Card' (PCI\VEN_1814&DEV_3060&SUBSYS_30601814&REV_00\4&1542fbd&0&08F0) disappeared from the system without first being prepared for removal. Error: (04/29/2014 03:22:26 AM) (Source: HTTP) (User: )Description: \Device\Http\ReqQueueKerberos Error: (04/29/2014 03:21:10 AM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/28/2014 11:43:44 PM) (Source: HTTP) (User: )Description: \Device\Http\ReqQueueKerberos Error: (04/28/2014 09:49:49 PM) (Source: HTTP) (User: )Description: \Device\Http\ReqQueueKerberos Error: (04/28/2014 00:15:09 AM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/27/2014 11:53:22 PM) (Source: Service Control Manager) (User: )Description: MBAMService1 Error: (04/27/2014 11:53:22 PM) (Source: Service Control Manager) (User: )Description: MBAMScheduler%%1053 Error: (04/27/2014 11:53:22 PM) (Source: Service Control Manager) (User: )Description: 30000MBAMScheduler Error: (04/27/2014 11:51:50 PM) (Source: HTTP) (User: )Description: \Device\Http\ReqQueueKerberos Microsoft Office Sessions:=========================Error: (04/29/2014 09:14:29 AM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd102c01cf63c619080480 Error: (04/29/2014 09:01:04 AM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd10fc01cf63c438731e10 Error: (04/29/2014 08:59:12 AM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdc7c01cf63c3f688b280 Error: (04/29/2014 03:23:56 AM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 11:45:15 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 11:44:35 PM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdcb001cf63767a553961 Error: (04/28/2014 00:14:37 AM) (Source: Application Error)(User: )Description: winlog.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd122001cf62b1835cad93 Error: (04/28/2014 00:13:17 AM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdf2c01cf62b153a73cf3 Error: (04/28/2014 00:12:08 AM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd115c01cf62b12a932f93 Error: (04/28/2014 00:07:59 AM) (Source: Application Error)(User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd13c001cf62b0962b9bd3 CodeIntegrity Errors:=================================== Date: 2014-04-29 09:14:25.077 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:25.045 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:25.013 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.982 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.803 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.768 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.732 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.699 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.666 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-29 09:14:24.634 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 43%Total physical RAM: 4094.18 MBAvailable physical RAM: 2330.78 MBTotal Pagefile: 8407.67 MBAvailable Pagefile: 6155.64 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.51 GB) (Free:826.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (Misc) (Fixed) (Total:465.76 GB) (Free:427.4 GB) NTFSDrive e: (CDROM) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFSDrive g: () (Removable) (Total:7.48 GB) (Free:4.37 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: E06E9AF5)Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 77845C23)Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ========================================================Disk: 2 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ I have no problem reinstalling Windows but this doesn't seem to help! I would appreciate any help you can give me.
  21. Hi, hoping someone can help Malwarebytes Anti-Malware (Premium) 2.0.1.1004 hangs everytime I try to run a "Custom Scan" If I select the Option "Scan for Rookits" and If I click on "Cancel Scan" nothing happens, I need to force MBAM to quit the program and reboot. Specially in the following paths: C:\Windows\WindowsMobile\es-ES\ *.* C:\Windows\WindowsMobile\es-ES\rapimgr.dll.mui I can't save the log, the scan never finish Should I attach the files where MBAM hangs? Thanks in advance Came
  22. I'm using MalwareBytes 1.0.0.500, installed via mbam-setup-2.0.1.1004.exe, on Vista Home Premium (64 bit). I've been working at this for 4 days to fix the problem and find out what triggered it. Finally narrowed it down to removing FreeMake video converter from desktop using MalwareBytes. MBAM had found PUP.Optional.OpenCandy in this file (the executable rather than a shortcut was on my desktop). I had installed MBAM (free version) and launched it from the installer. Next restart of Vista, the desktop icons were rearranged. The only way I found to stop this was a System Restore, which of course removed MBAM and restored the offending file. Since I'd launched MalwareBytes from the installer, I wanted to see whether just installing the program triggered the problem. I installed it again without launching it - no problem. Then I right-clicked on FreeMake and analyzed it with the 3 anti-malware programs now on the machine: Webroot, ESET and MalwareBytes. MalwareBytes was the only one that found the bad guy. I canceled out of MalwareBytes without removing the file, then terminated (via the key sequence in Start Menu) and restarted (via Task Manager) Explorer.exe. Icons did not rearrange. This time, I deleted FreeMake from the desktop manually, then ran CCleaner to check the registry. I removed one entry that referenced the executable on the desktop. Everything seems to be working now. A year ago (roughly), I had installed a 3rd party extension, LAYOUT.DLL and its companion LAYOUT.REG to combat this stubborn behavior of Vista, which would happen even if I had auto-arrange turned off. It has worked for me ever since until this happened, and seems to be working again. I haven't found any posts about others encountering this, so I guess I'm unique. Question is, why did this happen, and other question is, is it likely to happen again? Also, just in case someone here can answer the question, where does Vista save the desktop layout info?
  23. I just downloaded MBAM on windows vista and it says it hasnt been updated in 318 days. So I said sure lets update where I was met with a forever running -update connecting to server screen. and then it finally told me "An error has occurred.Please let the team know... PROGRAM_ERROR_UPDATING (0,0, Timeout) the update version is listed as v2013.04.04.07 I am connected to the internet while trying to update and I added MBAM to the firewall exclusion list ( I think), Also tried disabling firewall while trying to update. Good news is I ran the quick scan and it came up with nothing. I will run full scan overnight. Please be gentle I normally use an iMac so while I am at least partially computer literate I have not used a windows regularly in 5+yrs (this is my dads laptop) so I am not vista literate Thank you
  24. Windows Explorer and keyboard commands (Windows Key, Ctrl+Alt+Del) do not respond around the Welcome screen or shortly after. This only happens when Malwarebytes is actively protecting the system and the services are set to startup on boot. The Caps Lock and Numlock key still responds, and the cursor responds to the touchpad. The computer has passed hardware diagnostics. Windows is also running with Norton Anti-Virus. We've disabled everything else in the startup group, and Windows still stops responding to commands. Norton, Malwarebytes, and the Kaspersky Rescue Disk scans come up clean. A Combofix scan removed a Shop-at-Home toolbar. We've completely uninstalled Norton Anti-Virus and Malwarebytes, running the cleanup/removal tools for both, and reinstalled Malwarebytes. We've performed an in-place upgrade of Windows. We've performed a system restore to a date before the problem started. The computer still stops responding to commands around the Welcome screen. The computer is running Windows Vista SP2. Thanks, -Justin
  25. My Vista laptoop Has been having troubles, but I have been able to get on up til now. Today I was able to get to the Windows signon, then sighnon, but then the computer went into an endless 'welcome' loop. Eventually forced shutdown. Have tried to get on in Safe Mode. Same thing Finally I got the following Windows error message: The instruction at 0x00bf1e8e referenced memory at 0x000001fe. The memory could not be written. Click OK to terminate program. Anyone got any ideas as to how to get past this? Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.