Jump to content

Search the Community

Showing results for tags 'not'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 24 results

  1. Hello and apologies if I have posted this in the incorrect place. I recently installed PyInstaller for Python and afterwards did a scan of my PC and the results showed two threats labeled as Trojans. I have attached the scan results (just removed my name from them, no other modifications). I have quarantined them for now but wanted to make sure they weren't false positives. I uploaded the two files onto VirusTotal and here are the results: pyinstaller-4.0-py3-none-any https://www.virustotal.com/gui/file/d08ba7024bf330aafc9c405966368c9755d69f00b0ac3dc9f7203407acb2b9f4/detection run.exe https://www.virustotal.com/gui/file/7ab9f7780fc2c4c634aa9cfd618afc406d2e82cac207ea833050e0a5808f5e2f/detection Are these files something to be worried about/should I keep them in quarantine or can I put them back? Thanks in advance! results.txt
  2. Whatever this thing is it's running circles around malwarebytes that it has found nothing on top of acting wonky even after a fullscan. Sadly this occurred at the same exact time as those "malwarebytes not opening proper" and "tray icon not showing up" issues started coming in enmasse around 8-8-2020 on the forum making me believe it was a false positive. -Origin is most likely from malicious gelbooru ads around the time of 8-7-2020 (Sadly I did not get the memo that the current administrator is a scumbag who collaborates with malicious "ad" services when I went back there for the first time since about a decade to look for an old joke picture for someone) Completely bypassed both noscript and uBlock Origin. -All browser-type connections sluggish and do not load initially, game internets work fine (as fine as they normally do at least) quite noticeably sluggish internet on browsers that lasts roughly about 2 minutes or more, and only on the initial starting portion of the browser. Afterwards it seems to work just fine as long as I don't close and reopen it in which the issue repeats itself. -Browsers effected Includes: Firefox, Steam, and IE -Other symptom: Attempting to access the windows firewall via clicking on it via search from the control panel makes the window explorer "not responding" until I click the x off. -Having just activated steps taken: -Malwarebytes fullscan has found nothing and is likely compromised by the fact I recently activated a burner e-mail so I could turn its premium functions on (I dare not log in to my actual e-mail with this thing ongoing). -Activating premium functions has caused it not to open now, apparently the cause does not fear the regular/scheduled scanner, but will shutdown active defense. I have not restarted since this has been done. -adwcleaner 8.0_7 only cleared out old things I never bothered with like that yahoo toolbar and other preinstalled garbage such as Cyberlink,HP, Lenovo, and WildTangent to name those. -I have not done the basic repair functions that accomodate adwcleaner. -After it did this, I noticed that my windows virus definitions had updated automatically without my input when I went to do so manually. Is this a result of adwcleaner or the malicious thing? -Next step will likely be FSRT64.
  3. Hi, I am unable to switch on exploit protection on my premium account? I downloaded the latest version today, is that causing an issue for some reason? Any help would be great. I tried switching on and off and running as administrator but neither helped. Thanks
  4. Hey, Gabe... don't give up now! Stay with it. Carol aka Dkchoco from MS Community. P.S. Sorry Aura, for butting in. I'm the one who referred him here and want to make sure he gets this taken care of.
  5. I believe I got a virus from a download a few days ago, however I don't know exactly what it came from. Windows Defender was working for the first 2 or 3 days, removing some files. Then, files with random names would appear the next day. These include applications that create chrome popups that I can't do anything about. I also see a large Yahoo icon on some websites. I appear to have gotten rid of some files however the virus is definitely still here. Today, Windows Defender was turned off. It reads: Threat service has stopped. Restart it now." with a large Restart button. However nothing happens when I click this button. Also, if I open Window Defender Antivirus and try to click Start Now, I get an error message that says "This service couldn't be started." If i try to download Malwarebytes, my pc instantly blocks and removes it, which i have found no way to get around. I need help finding the source of the virus and getting rid of it, because there are still some popups and random command prompts that open and close before I can read anything. If you need more details please ask, thanks.
  6. Hello. I recently downloaded a file because I was stupid and got ratted. They bought stuff using my paypal. Good thing I canceled my credit card and refunded the payments. I reformated my whole computer but it said some personal files were not deleted. I scanned and couldn't find anything, right when I thought I was clean my PC shutdown. Help?! FRST.txt Addition.txt
  7. Hello, I know that many people are having problems after downloading Malwarebytes Anti-Exploit on Windows 10 computers. You will try to run the program and it will give you an error message. If you're savvy enough to go into task manager, the process will be there but nothing will happen. This error could be due to a corrupt file when downloading the program, it could be due to an antivirus conflict, or it may have been due to encrypting the hard drive with bitlocker or truecrypt. Here is how to fix this: Go to your command prompt. (windows key, type 'cmd' , ctrl +shift +enter) - or Right click on 'command prompt' and select 'run as administrator' Type in 'cd' and then the location of the malware bytes file (it's usually under program files). For example: cd c:\program files (86x)\malwarebytes anti-exploit\ Type 'mbae-svc -install' after the extension. For example: c:\program files (86x)\malwarebytes anti-exploit\mbae-svc -install\ This should start working immediately. I was frustrated that a program I paid for was not working so I took a few minutes to play around with it. You're Welcome. -Lando.
  8. Hi, I have been facing a lot of redirecting problems on my google chrome for Mac OS X El Captain 10.11.2 on an iMac. 1. If I type to search any parameter in the omnibox with google, no redirection occurs and google search results appear normally 2. If I click on any of the link in the search results, the website first opens and then gets redirected 3. If I visit a particular website by entering the URL in the omnibox, the website opens and then gets redirected. 4. However if I click on "Stop/X" before the entire page loads, it does not get redirected and browsing on the website normally works just fine, with other links on the page opening without any redirection 5. Sites such as those for flights etc, open a new tab with some russian porn sites etc. In most cases the redirection first goes to: hxxps://repmbuycurl.com/v/c8480152-a938-11e5-93e6-01506583babe/c/77da5c6f-980d-11e5-b565-02f6361de079/?i=1&s=af5399fa-a86a-11e5-833a-1150407b5816&r=repmbuycurl.com&rcid=5FRy4hbTzbu_HJvp86sJ-Qc_i7PGKJpj_fKatOmC1t9xKwSV4XNWsDJ0FB7F8PiWhfube7DAgkI&d=1|0|-330|0|1|1|||2560x1440|74-d8cbb4b0|1|0|10 Followed by hxxp://topoffers.click/r/d3f6ec66-a938-11e5-a707-115062c5523a/1/ and finally lands on facebook.com with my profile page opening up I have done the following 1. Installed malwarebytes, run a scan - it did show some malware, which was cleaned and the iMac was restarted 2. Chrome browser settings were reset (after resetting for that period the browser worked just fine, however next day it was back) 3. Malwarebytes shows there is NO more malware 4. I deleted chrome and all the .plist and other entries from my library, and reinstalled chrome but the same matter exists 5. Safari is not affected by the same and I can browse normally on safari 6. I isolated the router and firewall to check if they have an internal problem, and used another internet connection, however the problem is still there 7. It occurs with authentic websites such as mailchimp etc. 8. Even ran an antivirus scan with avast but the results were all negative. 9. Please note all extensions have been removed as well. Please advise how can I solve this problem? (Edited by moderator to break the links.)
  9. After recovery of my windows 10 i try to activated my MAB id and key i got this message Error code 404 The License Key was not found There is a problem with your license key and we are unable to activate your license. Please check your license details and try entering your key again. If you continue to have trouble, please contact Malwarebytes Support for assistance. how do i do with this problem i just buy the key from website please help! ps. sorry for my bad english. thank you very much!
  10. hello the site www.anonshare.info is not malicious and malwarebytes is blocking it please make it available thank you
  11. I have a gaming java application that is executed from a batch file. When I run it, the shielded applications counter doesn't increment which leaves me concerned. JPCSP download: http://buildbot.orphis.net/jpcsp/ Although I am running 64-bit Windows 8.1, I am running 32-bit JRE and JPCSP. I could also reproduce this on another PC running Windows 7 x64. Malwarebytes Anti-Exploit.zip
  12. Hello Malwarebytes forum! My computer has been running very slow and the CPU usage is constantly at 90 to 100%. When I try to type something online, I have to type very slowly, otherwise the letters will not show up properly (I have to wait for each letter to show up before typing the next one). I have searched around the web but cannot find a solution. There are 4 processes that take up the most CPU. These are: - dllhost.exe (COM Surrogate 32bit) - TiWorker.exe (Windows Module Installer Worker) - upnpcont.exe (UPNP Device Host Container 32bit) - dvdupgrd.exe (DVDUpgrd 32bit) I ran a Malwarebytes scan but nothing showed up, and no folders or files were quarantined. I'm a novice with computers, so I need some help fixing up my PC. Thank you!
  13. Hi I found your site by this thread https://forums.malwarebytes.org/index.php?/topic/134869-redirects-and-proxy-server-not-found/ I am trying to repair a friends computer and they had many problems and this one is the biggest so far that haven't be able to conquer. the proxy error is I have cleaned up all of the spyware, junk, removed files, hopefully successfully removed the driver performer threat that was downloaded. but now i am not able to conquer this one and need your help. I downloaded and scanned the roguekiller 32 bit and this is the report. Please help RogueKiller V10.0.5.0 [Nov 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : user [Administrator] Mode : Scan -- Date : 11/11/2014 13:07:34 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 20 ¤¤¤ [PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Found [PUP] HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Found [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found [suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | snp2uvc : C:\Windows\vsnp2uvc.exe -> Found [PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CltMngSvc (C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe) -> Found [PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CltMngSvc (C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe) -> Found [PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CltMngSvc (C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe) -> Found [PUM.Proxy] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=;https= -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{073E698D-3D8B-435F-B169-267847DFD891} | DhcpNameServer : [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7CD6D6E7-87E5-48F4-B82B-1DC53BB0D34D} | DhcpNameServer : [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{073E698D-3D8B-435F-B169-267847DFD891} | DhcpNameServer : [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7CD6D6E7-87E5-48F4-B82B-1DC53BB0D34D} | DhcpNameServer : [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{073E698D-3D8B-435F-B169-267847DFD891} | DhcpNameServer : [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7CD6D6E7-87E5-48F4-B82B-1DC53BB0D34D} | DhcpNameServer : [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-3091518469-1345478979-959343681-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Found [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3091518469-1345478979-959343681-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3091518469-1345478979-959343681-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++ --- User --- [MBR] f5bfffae8366345e0e2d27f36b56ffe5 [bSP] bd21da049e19e2309e613595902b038e : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Ricoh SD/MMC Disk Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! ([32] The request is not supported. ) Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: SanDisk Cruzer USB Device +++++ --- User --- [MBR] a124dc1f32b91ceacb765c7a5ad6ec2e [bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 15266 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )
  14. MBAM version seems to work fine, but updated version ( does not. First start of the program immediately becomes 'not responding', after which I can start the program but attempt to scan immediately puts the program into 'not responding' state every time. Not sure if caused by infection or other problems (clashing with other programs, etc.). I am currently trying MBAM-Chameleon but MBAM still freezes when scan is attempted and I do not where to go from here. Please help! Windows 7 FRST.txt, Addition.txt attached Thanks! FRST.txt Addition.txt
  15. Hello Malwarebytes-community! My name is Danique and I have a problem regarding the usage and (un-)installation of Malwarebytes Anti-Malware. I will describe it as clear as possible. Two days ago, I started my computer, having in mind scanning it after it booted. After the pc was booted completely, I double-clicked the .exe file on my desktop. "The program this icon is referring to doesn't exist anymore. Do you want to delete it?" showed up on my screen. Strange, but okay, it's happened more in the past, so I decided to check if the program was still installed. It was stated as so, but I couldn't launch it... I double checked everything and since it was clear for me that it was just another little failure of my pc, I wanted to delete everything regarding Malwarebytes to install the newest version after. But when I launched the installation, I received an error (see first attachment "help1.jpg") (it is Dutch, translation to English: 'Setup can't create the folder "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware". Error 5: Access denied.'). Update 04-23-2014, 14:44: tried to install another virusscanner, without success (see second attachment "help2.jpg"). Update 04-23-2014, 14:52: tried to install another kind of software, Gimp, that too without succes (see third attachment "help3.jpg"). I am looking forward to a reply, thank you in advance for that! Best, Danique
  16. Hi guys, I run Malwarebytes and Comodo AV. Comodo is not working - Defense+ is not working properly. Malwarebytes is not working even through chameleon, so I tried uninstalling and reinstalling but now cannot reinstall as it states I do not have access to the folder. Here are the DDS and attach logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2Run by Alex at 9:24:14 on 2014-03-20Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5998.3238 [GMT 0:00].AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exeC:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exeC:\Program Files\Sony\VAIO Smart Network\VSNService.exeC:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Windows\SysWOW64\DllHost.exeC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Program Files\Sony\VAIO Power Management\SPMService.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\COMODO\COMODO Internet Security\cavwp.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Apoint\Apoint.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files\COMODO\COMODO Internet Security\cistray.exeC:\Users\Alex\AppData\Local\Akamai\netsession_win.exeC:\Program Files\Apoint\ApMsgFwd.exeC:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exeC:\Users\Alex\Data\SpotifyWebHelper.exeC:\Windows\system32\taskeng.exeC:\Program Files\Sony\VAIO Smart Network\VSNClient.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Users\Alex\AppData\Local\Akamai\netsession_win.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Apoint\Apvfb.exeC:\Program Files\COMODO\COMODO Internet Security\cis.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Alex\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Alex\AppData\Local\Temp\nsaE810.tmp\PEV.DATC:\Users\Alex\AppData\Local\Temp\nsgCC56.tmp\PEV.DATC:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyServer = proxy.bucksgfl.org.uk:8080uURLSearchHooks: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - <orphaned>uURLSearchHooks: <No Name>: - LocalServer32 - <no file>mURLSearchHooks: <No Name>: - LocalServer32 - <no file>BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [Akamai NetSession Interface] "C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe"uRun: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [f.lux] "C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe" /noshowuRun: [spotify Web Helper] "C:\Users\Alex\Data\SpotifyWebHelper.exe"uRun: [iFunBox Price Watch] C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /traymRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exemRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" amlmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: DisableStartupSound = dword:1IE: Clip Image - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: New Note - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: NameServer = Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA} : DHCPNameServer = Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\377756C6C6 : DHCPNameServer = Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\377756C6C6370247A6E676 : DHCPNameServer = text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: VESWinlogon - VESWinlogon.dllAppInit_DLLs= c:\windows\syswow64\guard32.dll c:\progra~2\sprote~1\sprote~1.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exex64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2012-8-6 157696]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-22 55280]R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-6-18 48872]R1 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2012-4-29 73000]R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-2-16 43112]R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 202752]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-19 13336]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-5-22 14112]R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-5-19 93696]R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2012-8-6 81920]R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-5-19 75776]R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-11-28 845312]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-19 56344]R3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-8-8 158976]R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2013-12-1 15360]R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-5-19 11392]R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-22 571248]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-5-19 395264]RUnknown mbamchameleon;mbamchameleon; [x]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-10 2320920]S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2013-12-1 36256]S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-8-2 49152]S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-5-19 52264]S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-5-19 35104]S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 164056]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-16 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-5-19 244736]S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-12-25 117520]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-23 19456]S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-5-22 167424]S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-5-22 120104]S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-5-22 70952]S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-5-22 427304]S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-5-22 75048]S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-5-22 91432]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-23 57856]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-5-22 480624]S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-5-22 361840]S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-5-22 110960]S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-11 1255736]S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088].=============== Created Last 30 ================.2014-03-20 09:14:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-18 22:12:18 -------- d-----w- C:\Users\Alex\AppData\Roaming\iFunbox_UserCache2014-03-18 22:05:39 -------- d-----w- C:\Users\Alex\AppData\Roaming\iFunBox.NXGen2014-03-18 22:05:36 -------- d-----w- C:\Program Files (x86)\iFunbox 20142014-03-12 21:55:46 624128 ----a-w- C:\Windows\System32\qedit.dll2014-03-12 21:55:46 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2014-03-12 21:55:44 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2014-03-12 21:55:44 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2014-03-07 09:30:55 -------- d-----w- C:\Users\Alex\AppData\Local\Aiseesoft Studio2014-03-07 09:30:38 -------- d-----w- C:\Users\Alex\AppData\Roaming\Aiseesoft Studio2014-03-07 09:30:38 -------- d-----w- C:\Program Files (x86)\Aiseesoft Studio2014-03-05 22:51:12 -------- d-----w- C:\Program Files (x86)\Anvisoft2014-03-05 21:38:55 62464 ----a-w- C:\Users\Alex\SpotifyLauncher.exe2014-03-02 19:01:40 -------- d-----w- C:\Users\Alex\AppData\Roaming\REAPER2014-03-02 19:01:31 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software2014-03-02 19:01:27 -------- d-----w- C:\Program Files\REAPER (x64)2014-02-26 22:52:23 -------- d-----w- C:\Users\Alex\AppData\Local\Wisdom-soft2014-02-26 22:51:29 -------- d-----w- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free2014-02-26 20:45:00 -------- d-----w- C:\ProgramData\AVS4YOU2014-02-26 20:44:53 -------- d-----w- C:\Users\Alex\AppData\Roaming\AVS4YOU2014-02-26 20:43:09 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll2014-02-26 20:43:09 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia2014-02-26 20:43:08 -------- d-----w- C:\Program Files (x86)\AVS4YOU2014-02-26 20:38:37 -------- d-----w- C:\Users\Alex\AppData\Local\{C8C5207B-434E-4ABB-A072-39F141D634A6}2014-02-26 20:28:09 -------- d-----w- C:\Users\Alex\AppData\Roaming\avidemux2014-02-26 20:27:57 -------- d-----w- C:\Program Files (x86)\Avidemux 2.62014-02-20 12:36:14 -------- d-----w- C:\Users\Alex\AppData\Local\FluxSoftware.==================== Find3M ====================.2014-03-12 13:50:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-12 13:50:18 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-03-05 21:38:55 6118400 ----a-w- C:\Users\Alex\spotify.exe2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll.============= FINISH: 9:40:42.22 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 10/10/2010 14:46:50System Uptime: 20/03/2014 08:29:56 (1 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Core i5 CPU M 430 @ 2.27GHz | N/A | 2267/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 287 GiB total, 40.579 GiB free.D: is RemovableE: is RemovableF: is CDROM ()G: is FIXED (FAT) - 0 GiB total, 0.39 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP565: 18/03/2014 17:00:15 - Windows UpdateRP566: 18/03/2014 21:09:51 - Installed Universal Adb DriverRP567: 18/03/2014 21:14:13 - Device Driver Package Install: Google, Inc. Android DeviceRP568: 18/03/2014 21:15:10 - Device Driver Package Install: Google, Inc. Android DeviceRP569: 18/03/2014 21:30:25 - Device Driver Package Install: Google, Inc. Android DeviceRP570: 20/03/2014 07:53:43 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 20/03/2014 07:57:31 - Revo Uninstaller's restore point - BitTorrent.==== Installed Programs ======================..==== End Of File =========================== Thanks for the help in advance guys!
  17. Hi I need to know if I have a rat on my pc or not, so the other day my steam library randomly opened when I was watching a video also when I’m playing cs go it will randomly alt tab to my desk top. Also when I'm watching youtube videos in full screen the video progress bar will appear and disappear every few videos when I'm not touching the mouse. The same type of things don’t happen on my other PC . My antivirus is Bit Defender 2013 and Malwarebytes, I have also ran TDSS Killer , All of them came up clean. Please Help!
  18. Hello everyone. I am trying to get to the website http://wotreplays.com/ but Malwarebytes Anti-Malware won't allow it. After I try to get to the website, Chrome says that it's access has been denied and a little notification pops up saying that it stopped the website. After that little notification pops up, I right click on the Anti-Malware icon in the system tray and click on the only IP address that is available in the Add To Ignore List menu but Chrome still says that I can't access that website. Solutions?
  19. Hey guys. So I have just gotten Malware Anti-Malware Bytes Pro about 2 weeks ago, and my Scheduler has not worked at all. I have daily quick scans and weekly full scans set to occur, but they never do. I am running a Windows 7 64 bit laptop computer. Database Version: v2013.09.15.06 I would appreciate any help with the issue. Thanks.
  20. Hello, My windows 7 Laptop is infected. I am unable to open malwarebytes. I have tried Malware Chameleon(all options) and also Rkill as per the FAQ's in the forum. None of the options have worked and I am not able to open Malwarebytes. I have Mcafee installed on the system and I am also not able to open Mcafee too. I am also note able to open task manager (shows disabled). I have run DDS and attaching the logs. Please help DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 Run by Mahendran at 20:18:19 on 2013-04-03 . ============== Running Processes ================ . C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\SysWOW64\IoctlSvc.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\SysWOW64\config\systemprofile\423405D2E4142544E4548414D4\winlogon.exe C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mahendran\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://40v8m72k3358976.directorio-w.com uLocal Page = hxxp://hy1607i95u65t02.directorio-w.com uSearch Page = hxxp://x5h1791cy7php72.directorio-w.com uDefault_Page_URL = hxxp://l9k7915ivi839qb.directorio-w.com uDefault_Search_URL = hxxp://5s5tjj78emv48rz.directorio-w.com mStart Page = hxxp://26m2x2yglfl03cj.directorio-w.com mLocal Page = hxxp://0kjz0og707t1ci4.directorio-w.com mSearch Page = hxxp://r775118i1vd0ow1.directorio-w.com mDefault_Page_URL = hxxp://eq70k0k926br4o1.directorio-w.com mDefault_Search_URL = hxxp://mjz3h99049b9d58.directorio-w.com uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned> BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120821140947.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray uRun: [3405D2E4142544E4548414D4] C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe uRunOnce: [uninstall C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" uRunOnce: [uninstall C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" mRun: [instantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe mRun: [3405D2E4142544E4548414D4] C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoFile = dword:1 uPolicies-Explorer: NoFolderOptions = dword:1 uPolicies-Explorer: NoRun = dword:1 uPolicies-System: DisableRegistryTools = dword:1 uPolicies-System: DisableTaskMgr = dword:1 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoFolderOptions = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://asia-ml04.asia.csc.com/dwa8W.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = TCP: Interfaces\{A4EDE4BF-2498-4C9F-AA76-1ADCB6E4E1CB} : DHCPNameServer = TCP: Interfaces\{DDC75227-7677-4D61-9127-DC8A42B7C631} : DHCPNameServer = Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> IFEO: a2servic.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IFEO: ackwin32.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IFEO: acs.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IFEO: advxdwin.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IFEO: agentsvr.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" x64-mWinlogon: Userinit = userinit.exe x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned> x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120821140947.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-IFEO: a2servic.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" x64-IFEO: ackwin32.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" x64-IFEO: acs.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" x64-IFEO: advxdwin.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" x64-IFEO: agentsvr.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" . Note: multiple IFEO entries found. Please refer to Attach.txt Hosts: viabcp.com Hosts: www.viabcp.com Hosts: bcpzonasegura.viabcp.com Hosts: www.produbanco.com Hosts: produbanco.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mahendran\AppData\Roaming\Mozilla\Firefox\Profiles\9rgbcmep.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://i6k751ekh9drkwz.directorio-w.com FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=060612_5_&babsrc=KW_ss&mntrId=9264cb080000000000000026b90a2841&q= FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Mahendran\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\Mahendran\AppData\Local\Google\Update\\npGoogleUpdate3.dll FF - plugin: C:\Users\Mahendran\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Mahendran\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1167637.dll FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1168638.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_5_ FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 9264cb080000000000000026b90a2841 FF - user.js: extensions.BabylonToolbar_i.hardId - 9264cb080000000000000026b90a2841 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15518 FF - user.js: extensions.BabylonToolbar_i.vrsn - FF - user.js: extensions.BabylonToolbar_i.vrsni - FF - user.js: extensions.BabylonToolbar_i.vrsnTs - FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R? CLBStor;InstantBurn Storage Helper Driver R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service R? fssfltr;fssfltr R? fsssvc;Windows Live Family Safety Service R? HipShieldK;McAfee Inc. HipShieldK R? McShield;McAfee McShield R? SkypeUpdate;Skype Updater R? Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service R? UDisk Monitor;UDisk Monitor R? USBAAPL64;Apple Mobile USB Driver R? WatAdminSvc;Windows Activation Technologies Service R? ztemtusbser;ZTEMT Legacy Serial Communication S? AMD External Events Utility;AMD External Events Utility S? cfwids;McAfee Inc. cfwids S? CLBUDF;CyberLink InstantBurn UDF Filesystem S? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0 S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service S? McMPFSvc;McAfee Personal Firewall Service S? McNaiAnn;McAfee VirusScan Announcer S? McProxy;McAfee Proxy Service S? mfeavfk;McAfee Inc. mfeavfk S? mfefire;McAfee Firewall Core Service S? mfefirek;McAfee Inc. mfefirek S? mfehidk;McAfee Inc. mfehidk S? mfevtp;McAfee Validation Trust Protection Service S? mfewfpk;McAfee Inc. mfewfpk S? netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit S? Skype C2C Service;Skype C2C Service . =============== Created Last 30 ================ . 2013-04-03 04:20:14 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-03 04:20:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-03 03:43:07 -------- d-----w- C:\Users\Mahendran\AppData\Local\Programs 2013-04-03 03:41:31 -------- d-----w- C:\Stinger_Quarantine 2013-04-03 03:41:21 -------- d-----w- C:\Program Files (x86)\stinger 2013-04-02 05:14:17 -------- d-sha-r- C:\Users\Mahendran\E6162746E6568616D4 2013-03-25 20:39:46 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2013-03-17 02:39:00 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ==================== Find3M ==================== . 2013-03-15 06:15:26 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-15 06:15:26 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-19 08:29:06 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2013-02-19 08:26:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2013-02-19 08:26:14 182752 ----a-w- C:\Windows\System32\mfevtps.exe 2013-02-19 08:25:26 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2013-02-19 08:25:14 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys 2013-02-19 08:24:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2013-02-19 08:23:42 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2013-02-19 08:23:02 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2013-02-19 08:22:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys 2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-05 05:57:43 5500776 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-05 05:02:17 3957608 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:02:17 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-01-04 05:41:01 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-04 05:40:54 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-01-04 05:37:01 362496 ----a-w- C:\Windows\System32\wow64win.dll 2013-01-04 05:37:00 243200 ----a-w- C:\Windows\System32\wow64.dll 2013-01-04 05:37:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2013-01-04 05:36:33 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-01-04 05:33:49 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2013-01-04 05:30:34 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2013-01-04 05:27:03 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-01-04 05:27:02 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-01-04 05:27:01 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-04 05:27:01 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-01-04 05:27:00 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-04 05:27:00 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-04 05:27:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-04 04:51:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-01-04 04:51:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-01-04 03:22:49 3150848 ----a-w- C:\Windows\System32\win32k.sys 2013-01-04 03:19:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-01-04 02:48:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-01-04 02:48:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-01-04 02:48:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-01-04 02:48:33 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-01-04 02:43:35 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-04 02:43:34 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-01-04 02:43:34 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-04 02:43:34 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 20:19:08.29 =============== . Attach.txt
  21. I have a Toshiba laptop that all of a sudden is not connecting to the network. On the wireless network connection it says The specified service does not exist as an installed service. I'm also getting this message when looking at event viewer, control panel, trying to install new programs, etc.... Computer seems unusable. I tried a system restore, but did not have a restore point. In safe mode, I am able to access all of these. I have McAfee Internet security installed and it will not let me uninstall in safe mode (was going to install Avira or Avast instead). I have Malware bytes, and it found Win.Rogue Antivirus. I removed it, but still have this The specified service does not exist as an installed service problem. The problem started when my mcafee anti virus removed ZEROACCESS trojans from my system. After the scan was completed, my system rebooted and I lost control of all Administrator permissions. I can open user files but cannot access any of the Windows system functions. Whenever I try to execute a program with a shield icon (run as administrator) I get the message "The specified service does not exist as an installed service." I tried the system file scan in safe mode but it didn't show any errors. The message it returned was "Windows Resource protection did not find any integrity violations." I tried system restore in safe mode but there were no restore points. I also ran anti virus scan one more time (with newly updated protection files) but there were no viruses reported. Can only run programs in safe mode, have tried running "fsc" also "msconfig" to disable all startup items, but unable to do so.
  22. New problem for this laptop. So anyways, as I was turning on my laptop I decided I would change my mind and turn it off in the midst of it loading. I held the power button and turned it off. Hours later, I come back to my computer finding out that my computer changed? I'm not sure what happened, but this message, "Windows 7 Build This copy of Windows is not genuine" appeared on the bottom-right corner of the screen. I'm not sure what this means, but I do know that I've had this computer for a long, long time. So I know my windows is genuine. Each time I log in, the background turns black and it asks me for a product key. I don't have a product key anymore cause that's long gone. What do I do? I'm not sure if it's a virus, but here's the report of the scanner anyways. Malwarebytes Anti-Malware www.malwarebytes.org Database version: v2012.05.24.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Tito :: TOPNET [administrator] 5/24/2012 5:12:54 PM mbam-log-2012-05-24 (17-12-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 224528 Time elapsed: 3 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  23. Hello, all in all Malwarebytes has been a very nice piece of software, nice job. I recently bought a PRO license and encouraged all my family and friends to do the same too (I know several of them bought it). What really worries me about the software is that if I specify an EXE file to be ignored why its IP blocking utility still blocks IPs? I receive blocking from Skype.exe and from utorrent.exe which I really don't want Malwarebytes to block. I still want to use the IP Blocking utility to be safe on the browser side. Wouldn't be really GREAT to just add a checkbox beside the ignore lists EXE that will allow us to indicate Malwarebytes that ALSO we want the software not to check on IP Blocking for that specific EXE? This will allow me to use my software without any issues and no more logs like this will occur: Thank you 2012/02/08 00:01:35 -0300 CASA Surferride IP-BLOCK (Type: outgoing, Port: 56314, Process: utorrent.exe) 2012/02/08 00:01:35 -0300 CASA Surferride IP-BLOCK (Type: outgoing, Port: 63000, Process: utorrent.exe) 2012/02/08 00:01:35 -0300 CASA Surferride IP-BLOCK (Type: outgoing, Port: 63000, Process: utorrent.exe) 2012/02/08 00:03:51 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:03:59 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:03:59 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:04:31 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:04:39 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:04:39 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:04:55 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:06:09 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:06:17 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:06:17 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:06:33 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:06:57 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:08:17 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:08:25 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:08:25 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:08:25 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:08:33 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:08:33 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:08:41 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:08:57 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:09:21 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:10:41 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:10:49 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:12:26 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:12:34 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:12:50 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:12:58 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:12:58 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:13:06 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:13:14 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:13:14 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:14:26 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:18:02 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:18:11 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:18:19 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:19:07 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:19:07 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) 2012/02/08 00:19:15 -0300 CASA Surferride IP-BLOCK (Type: incoming, Port: 63000, Process: utorrent.exe) The list continues of course...
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.