Jump to content

Search the Community

Showing results for tags 'system'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 15 results

  1. I have a Z87-g45 gaming motherboard and I can't get it to boot to usb. My computer completely crashed after I ran hitman and malewarbytes. I ran both scans and each told me a restart was needed so I waited for both to finish since they both required a restart. Prob was not good idea since now my computer won't boot at all. Once I was prompted of a failed startup I chose to restart from last known good configuration. It just got hung on the starting Windows screen for over 3 hours. So I tried changing the bios to ufei instead of legacy+ufei and tried to see if that helped. It didn't. I've tried restoring bios to defaults to see if it helped it did not. Stuck on loading Windows screen. I took the battery out of the mother board and left it out for 5 mins and tried to start it. Same thing stuck on loading Windows. After trying to load to safe mode with network and without network and trying to load to command prompt and it all still getting stuck I decided to go purchase a new computer to try to get some recovery software to try to fix the problem. So my first choice of programs to try is Hiren. I downloaded Hiren and it was an iso file. So I formatted my usb thumbnail to Fat32 and used PowerISO to burn the Hiren ISO to the usb. (Using the create bootable usb option) after it was finished burning to the usb. I removed it from computer and put it into broken PC. Booted PC up and push F10 till I got to the bios. Changed boot priority to #1 uefi usb #2 usb. Saved changes and restarted. Went to stuck loading Windows screen. Power off, power on F10 changed bios from uefi+legacy to just uefi and booted usb first priority. Saved and rebooted. Went to stuck loading Windows screen. Figured I'd just try to see if command promp would work. Power off, power on F10 changed to default bios settings saved and restarted. Windows failed to load restart with command promp. Stuck on Windows loading screen but it finally worked and I was in command promp. Trying several commands to figure out what drive the usb was and looking on Google trying to find list of commands to use with command prompt. The computer automatically just restarted and I didn't even execute any command. Now unsure I can get to command prompt again. Tried rebooting again and again about 4 or 5 times and get stuck on Windows loading screen and no option of boot to command prompt. I can get to efi shell easily but don't think that's gonna help me with what I need. I honestly don't know what I should run off of hirens even if I do get it to run. I'll use to research Google as I go. My biggest problem is trying to get the usb to load then if someone would like to walk me to diagnose the problem id be forever grateful! Please help me. I've repaired computers that have crashed before but this is first time this computer with this motherboard has crashed and I just can't get it to do right and it's been killing many days just watching a stuck screen. Please! TY in advance!
  2. I just got on my computer today and did my daily startup scan, only to be greeted with pid.dll and its registry keys counted as an emotet trojan. I haven't been on any strange sites, and others are also having this issue, so it's safe to conclude that this may just be a false positive. I have successfully quarantined it by simply rebooting (although the computer didn't like it that much). It did come back after each scan like the emotet trojan, but that could just be because of how system files work sometimes.pid.dll False Positive.txt
  3. Hi guys. you can consider for the antimalware starts with the system in the free version , once you completed the 14 days off, and stay icon on the taskbar?
  4. In attempt to resolve the "Cannot "Allow" MalwareBytes system extension with 10.13 (High Sierra)" issue I disconnected my TeamViewer session and had the client click on Allow. Then took another remote session. The Security setting was allowed and the installer completed successfully. Then I restarted. The iMac no longer starts up. Apple Logo, progress bar slowly moves toward 100% but never completes. I tried having her boot into Safe Mode but that didn't work either. Even if it is Apple's fault. The computer was not having problems prior to installing Malwarebytes for Mac. This is terrible behavior for Malwarebytes and makes me look bad. I mean I'm a Malwarebytes partner and I recommended installing this application. Now I cannot charge for the hours of support. This client is also a friend and she is 265 miles from my office. So I either have to walk this 80 years-of-age woman through booting the iMac into Recovery mode and restoring her computer from her Time Machine backup, or I have to drive up there to fix this. This is the last time I install Malwarebytes remotely. I am hoping someone has seen this and has a simple fix, fingers crossed!
  5. Hello I am running Malwarebytes 3 v3.6.0 and when i run it on Windows 10 it uses a huge amount of memory like 1 gigabyte, I tried to find the option that appears in the usage guide to prevent this behaviour from happening because this is a machine of low resources but I didn't find any option on how scans affects my system. Even on safe mode, it stalls and when I try to open back Malwarebytes it says pagination file too little but it doesn't even run it and stalls. any help would be greatly appreciated. Thanks
  6. This is a weird one that I came across this morning. I have a client that runs Malwarebytes Pro and Advanced SystemCare 9.4. Both are paid versions. I'm well aware of the IOBit theft, but I can't convince this client to remove it since it was paid and annually renewed. They upgraded to version 9.4 yesterday, and have an automatic Malwarebytes scan scheduled daily for 3am. This morning, they called me in a panic because all of their systems shows malware scan results of 474 PUPs. When I reviewed, the log, the majority were PUP.Optional.AdvancedSystemCare and PUP.Optional.DriverBooster, but there were 3 entries found for PUP.Optional.Venis. I'm not sure if these are associated with Venis Ransomware or if these are something else. There are no symptoms of an infection and the entries point to Advanced System Care registry keys. Are all of these entries false flags? Are they safe to ignore? Were these additions to the database intentional due to an actual threat, or is it due to bad blood with IOBit? I'm trying to give a recommendation based on facts, so I thought I'd inquire. Thanks in advance!
  7. Hi Acronis and Disks Management says that the disks are healthy and a sfc scan revealed no corruption svchost.exe, "System", MsMpEng.exe, and ExpressCache.exe are the highest in the I/O read/write bytes columns in Task Manager (not sure what that means) Ran MWB but nothing turned up Appreciate any help, thanks
  8. I found a post "Android Installer Hijacking Vulnerability" and then installed an app 'Installer Hijacking Scanner' from Palo Alto Networks and tested my device for vulnerability. Well, there are many people tried this app. Some found their phone safe and some do not. there is one more post in this forum asked the same issue. What is this Android Installer Hijacking and how to fix phones infected with it. Please suggest a solution for all possible versions of android. i am on jelly bean right now. Thank you so much!~
  9. First, I have a problem with my desktop disappearance so I decided to try it one of the clamwin Anti-virus http://www.clamwin.com/So Here's what happened. ! I have downloaded this anti-virus and install it on my system, there are also pending Microsoft updates for installation! I did install the latest updates and i have run hijackthis tool to kill all startup item and i do restart the system and log in again, but there is no desktop? All I have is a blank desktop any idea ? and i had to do a mlware check with many malware scanner and they find nothing Except Norton Power Eraser it finded a Suspicious Registry key and I am now puzzled Do I need to delete this Registry key entry path ? it like a Suspicious for my?
  10. I had to do a system restore on my computer because of some issues I had with another program. When the computer restarted, I got an error message in Malwarebytes. When I opened the dashboard, it says in large letters "Your system is not fully protected" and lower down, there is a red x which says "Malicious website protection disabled". Also on the top is the button that says "Fix Now". When I press Fix Now, nothing happens. When I go to settings, under Detection and Protection, I saw that Malicious Website protection was indeed disabled, so I checked off the Enabled button. The message on the dashboard did not change. I also checked under Advanced Settings, and Enable Malware Protection when Malwarebytes starts and Enable Malicious Website Protection when Malwarebytes starts are both checked off. I rebooted the computer. When Malwarebytes started up, there was the same message, and in addition, under Detection and Protection, Malicious Website protection was Disabled again. So I'm not sure what todo at this point.
  11. Okay this morning I had a popup from Malware telling me my system was not fully protected. I click on the popup and see what is in the image below I click on the Fix Now button and nothing happens. I went to settings and saw this So I put the little dot in Enabled. After going back to the dashboard I still see what is in the first image. I have restarted my computer and tried again. Nothing changed. So what have I done wrong?
  12. Program version: Under Vista 32 bit. 1 GB RAM Hi. Malwarebytes seems to use a lot of memory resources, Can I make it use less without compromising efficiency? Thanks
  13. Hi, i need help with this issue im having im having. I have installed Malaware bytes and ran a scan, once it finished it deleted a bunch of files that were infected. Now iam having a pop up system error saying that a miner.dll program is missing and i must install it now to fix the problem. It pops up every 5 minutes. I went through a few different other topics with the same problem and downloaded DDS and ran it, saved the two notepads to my desktop and ill post the DDS.txt in this topic and ill attach the Attach.txt to this as well. DDS.txt contents: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2Run by Calum at 18:06:51 on 2013-08-17Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16375.13889 [GMT 9.5:30].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\taskhost.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\sppsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\iPod\bin\iPodService.exeC:\Users\Calum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exeC:\Users\Calum\AppData\Local\Temp\RarSFX1\Cloudll.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============. mWinlogon: Userinit = userinit.exe,BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>uRun: [GameTracker] C:\Program Files (x86)\GameTracker\GTLite.exeuRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automountuRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStartmRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /smRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\Calum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Adobe.lnk - C:\Users\Calum\AppData\Roaming\data\Adobe.vbsStartupFolder: C:\Users\Calum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLOUDL~1.LNK - C:\Users\Calum\AppData\Local\Temp\RarSFX1\Cloudll.exeStartupFolder: C:\Users\Calum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeStartupFolder: C:\Users\Calum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UPDATE~1.LNK - C:\Program Files (x86)\ESET\MiNODLogin\launcher.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: NameServer = Interfaces\{B8A342E0-651B-4194-BDA9-3F12AF7F73CF} : DHCPNameServer = skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>x64-Run: [CL2 Launcher] C:\Program Files (x86)\City Life RPG\CL2 Launcher\CL2Launcher.exex64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-17 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-17 701512]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-24 370688]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-11 4308320]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-17 25928]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-6 75624]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-5-11 49152]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-8-10 57840]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-16 19456]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-16 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-16 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2007-8-17 30336]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-9 1255736]S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2013-8-16 14544].=============== Created Last 30 ================.2013-08-17 07:41:42 -------- d-----w- C:\Users\Calum\AppData\Roaming\data2013-08-17 06:12:36 -------- d-----w- C:\Users\Calum\AppData\Roaming\Malwarebytes2013-08-17 06:12:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-08-17 06:12:32 -------- d-----w- C:\ProgramData\Malwarebytes2013-08-17 06:12:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-16 16:54:49 -------- d-----w- C:\Program Files (x86)\ESET2013-08-16 16:51:37 -------- d-----w- C:\Users\Calum\AppData\Local\ESET2013-08-16 16:35:35 -------- d-sh--r- C:\Users\Calum\AppData\Roaming\-4674609872013-08-16 13:44:25 -------- d-----w- C:\Program Files (x86)\RAR Password Unlocker2013-08-16 11:50:15 -------- d-----w- C:\Users\Calum\AppData\Local\Origin2013-08-16 11:34:31 -------- d-----w- C:\ProgramData\Electronic Arts2013-08-16 11:34:30 -------- d-----w- C:\Program Files (x86)\Origin2013-08-16 11:19:59 -------- d-----w- C:\Users\Calum\AppData\Local\Razer2013-08-14 03:25:32 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-08-11 10:21:09 -------- d-----w- C:\Program Files (x86)\TeamViewer2013-08-11 09:38:03 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AA71D0FD-1225-4649-A713-5ABD9E7F267B}\mpengine.dll2013-08-10 13:59:38 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2013-08-10 13:54:57 -------- d-----w- C:\Users\Calum\Tracing2013-08-10 13:53:31 -------- d-----w- C:\Windows\en2013-08-10 13:52:55 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition2013-08-10 13:52:04 57840 ----a-w- C:\Windows\System32\drivers\fssfltr.sys2013-08-10 13:51:36 -------- d-----w- C:\Windows\PCHEALTH2013-08-10 13:49:06 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll2013-08-10 13:47:58 -------- d-----w- C:\Users\Calum\AppData\Local\Windows Live2013-08-10 13:47:53 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live2013-08-09 15:41:10 298584 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2013-08-09 15:41:05 -------- d-----w- C:\Users\Calum\AppData\Local\PunkBuster2013-08-09 15:39:46 298584 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2013-08-09 15:39:46 298584 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02013-08-09 15:39:42 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2013-08-09 15:04:40 1837683 ----a-w- C:\Users\Calum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe2013-08-09 14:52:32 -------- d-----w- C:\Ubisoft2013-08-09 05:01:56 804384 ----a-w- C:\Windows\SysWow64\fmodex.dll2013-08-09 05:01:56 312864 ----a-w- C:\Windows\SysWow64\fmod_event.dll2013-08-08 14:19:08 -------- d-----w- C:\Users\Calum\AppData\Local\WarThunder2013-08-08 14:19:08 -------- d-----w- C:\ProgramData\WarThunder2013-08-08 14:18:59 -------- d-----w- C:\Program Files (x86)\WarThunder2013-08-05 13:02:09 -------- d-----w- C:\Users\Calum\AppData\Local\PAYDAY 22013-08-04 03:55:25 -------- d-----w- C:\Program Files\Ventrilo2013-08-04 03:54:53 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard2013-08-03 14:32:38 -------- d-----w- C:\Users\Calum\AppData\Local\ArmaAddonSync20092013-08-03 14:32:37 -------- d-----w- C:\Users\Calum\AppData\Local\Yoma_Tools2013-08-03 11:12:56 -------- d-----w- C:\Fraps2013-08-01 16:52:58 -------- d-----w- C:\Users\Calum\AppData\Roaming\SpinTires2013-07-31 07:26:19 -------- d-----w- C:\Users\Calum\AppData\Roaming\.minecraft2013-07-29 08:55:13 -------- d-----w- C:\Program Files (x86)\Call of Juarez Gunslinger2013-07-28 08:29:41 -------- d-----w- C:\Users\Calum\AppData\Roaming\Origin2013-07-28 08:29:15 -------- d-----w- C:\ProgramData\Origin2013-07-25 09:03:30 -------- d-----w- C:\Windows\System32\MRT2013-07-25 07:37:12 -------- d-----w- C:\Program Files\Common Files\EasyInfo2013-07-25 07:31:41 75472 ----a-w- C:\Windows\DSETUP.dll2013-07-25 07:31:41 2245840 ----a-w- C:\Windows\dsetup32.dll2013-07-19 05:47:53 -------- d-----w- C:\Users\Calum\AppData\Local\4A Games2013-07-19 05:29:55 -------- d-----w- C:\Program Files (x86)\Metro Last Light2013-07-18 12:23:49 -------- d-----w- C:\Users\Calum\jagexcache2013-07-18 12:22:50 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll.==================== Find3M ====================.2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-18 12:22:47 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-07-18 12:22:47 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys2013-06-08 18:36:01 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2013-06-08 18:36:00 971680 ----a-w- C:\Windows\System32\deployJava1.dll2013-06-08 18:36:00 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-06-04 17:32:36 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-05-31 00:45:08 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys2013-05-31 00:45:08 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys2013-05-19 15:34:18 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys.============= FINISH: 18:07:13.03 =============== In addition i downloaded the gmer program, scanned and saved the ark.txt file which i will include the contents of that under this: Ark.txt contents: GMER 2.1.19163 - http://www.gmer.netRootkit scan 2013-08-17 18:20:31Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3500413AS rev.JC45 465.76GBRunning: yedzfvjx.exe; Driver: C:\Users\Calum\AppData\Local\Temp\agloqpog.sys ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort4 fffffa800ca4f2c0Device \Driver\atapi \Device\Ide\IdePort0 fffffa800ca4f2c0Device \Driver\atapi \Device\Ide\IdePort5 fffffa800ca4f2c0Device \Driver\atapi \Device\Ide\IdePort1 fffffa800ca4f2c0Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 fffffa800ca4f2c0Device \Driver\atapi \Device\Ide\IdePort2 fffffa800ca4f2c0Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 fffffa800ca4f2c0Device \Driver\atapi \Device\Ide\IdePort3 fffffa800ca4f2c0Device \Driver\akslu0n3 \Device\Scsi\akslu0n31 fffffa800e3c22c0Device \Driver\akslu0n3 \Device\Scsi\akslu0n31Port7Path0Target0Lun0 fffffa800e3c22c0Device \Driver\VClone \Device\Scsi\VClone1 fffffa800e4442c0Device \Driver\VClone \Device\Scsi\VClone1Port6Path0Target0Lun0 fffffa800e4442c0Device \FileSystem\Ntfs \Ntfs fffffa800d3872c0Device \Driver\NetBT \Device\NetBT_Tcpip_{B8A342E0-651B-4194-BDA9-3F12AF7F73CF} fffffa800e0882c0Device \Driver\USBSTOR \Device\0000007e fffffa800ebe32c0Device \Driver\akslu0n3 \Device\ScsiPort7 fffffa800e3c22c0Device \Driver\usbehci \Device\USBPDO-1 fffffa800e3532c0Device \Driver\cdrom \Device\CdRom0 fffffa800e05b2c0Device \Driver\cdrom \Device\CdRom1 fffffa800e05b2c0Device \Driver\cdrom \Device\CdRom2 fffffa800e05b2c0Device \Driver\usbehci \Device\USBFDO-0 fffffa800e3532c0Device \Driver\USBSTOR \Device\0000007c fffffa800ebe32c0Device \Driver\usbehci \Device\USBFDO-1 fffffa800e3532c0Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800e0882c0Device \Driver\atapi \Device\ScsiPort0 fffffa800ca4f2c0Device \Driver\usbehci \Device\USBPDO-0 fffffa800e3532c0Device \Driver\atapi \Device\ScsiPort1 fffffa800ca4f2c0Device \Driver\atapi \Device\ScsiPort2 fffffa800ca4f2c0Device \Driver\atapi \Device\ScsiPort3 fffffa800ca4f2c0Device \Driver\atapi \Device\ScsiPort4 fffffa800ca4f2c0Device \Driver\atapi \Device\ScsiPort5 fffffa800ca4f2c0Device \Driver\VClone \Device\ScsiPort6 fffffa800e4442c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800ca4f2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa800ca4f2c0Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800dbee060] fffffa800dbee060Trace 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa800d867580] fffffa800d867580Trace 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa800d868060] fffffa800d868060Trace \Driver\atapi[0xfffffa800d82dcb0] -> IRP_MJ_CREATE -> 0xfffffa800ca4f2c0 fffffa800ca4f2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\akslu0n3.SYS fffff8800539c000-fffff880053e8000 (311296 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4772:4388] 000007fefbc72a7cThread C:\Windows\System32\svchost.exe [4016:3816] 000007feed399688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x28 0xB8 0x7C 0xF1 ...Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6B 0xC1 0x39 0x98 ...Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x35 0xEA 0x00 ...Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x28 0xB8 0x7C 0xF1 ...Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6B 0xC1 0x39 0x98 ...Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x35 0xEA 0x00 ... ---- EOF - GMER 2.1 ---- attach.txt
  14. Pro version. In an office of 10+ computers, several with XP SP3, I find myself as the only one dealing with this recent update problem. Icon remains grayed out, cannot enable services even with clicking on them directly. Starts grayed out with windows. Have tried multiple restarts, have done uninstall (with clean tool) and reinstall. Termincal services is automatic. Attached info that seems necessary. Only have 2 protection logs present. Looking for immediate assistance. Thanks. ------------- mbam-check result log version: Malwarebytes Version: REG_SZ Date Log Created: 09/13/12 Time Log Created: 10:29:20 32 bit Operating System Product Name: REG_SZ Microsoft Windows XP Current Build Number: 2600 Current Version Number: 5.1 Current CSDVersion: Service Pack 3 OS Product Info: Professional Proxy Status: No proxy is Set Proxy Override: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyOverride REG_SZ <local> LAN Settings: ============= No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 4 (The service is running.) (State is stopped) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 2 (Automatic Startup) Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers c:\Program Files\Kofax\ImgCtls\bin\Vrs.ScanApp.Admin.exeREG_SZ RUNASADMIN c:\Program Files\Kofax\ImgCtls\DesktopProductivity\bin\Vrs.ScanApp.Admin.exeREG_SZ RUNASADMIN C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exeREG_SZ EnableNXShowUI HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers c:\Program Files\Kofax\ImgCtls\bin\Vrs.ScanApp.Admin.exeREG_SZ RUNASADMIN c:\Program Files\Kofax\ImgCtls\DesktopProductivity\bin\Vrs.ScanApp.Admin.exeREG_SZ RUNASADMIN Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked MBAM Startup Entries: ===================== Service and Driver Status: ========================== MBAMProtector: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMService: ============== Type : 16 State : 4 (The service is running.) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr DependOnGroup REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum 0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" DependOnService REG_MULTI_SZ MBAMProtector DependOnGroup REG_DWORD 0 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Enum 0 REG_SZ Root\LEGACY_MBAMSERVICE\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAM DLL's and Runtime Files: ============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid (Default): REG_SZ vbAccelerator Grid Control HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid (Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid (Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid (Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid (Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ ISubclass HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ CTimer HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ vbalGrid HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 MBAM Registry Settings and License Info: ======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware advancedheuristics REG_DWORD 1 downloadprogram REG_DWORD 1 hidereg REG_DWORD 0 detectp2p REG_DWORD 0 detectpum REG_DWORD 1 detectpup REG_DWORD 2 updatewarn REG_DWORD 1 updatewarndays REG_DWORD 7 useproxy REG_DWORD 0 useauthentication REG_DWORD 0 contextmenu REG_DWORD 1 reportthreats REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 startipdisabled REG_DWORD 0 silentipmode REG_DWORD 0 notifyinstallprogram REG_DWORD 1 trialpromptshown REG_DWORD 0 InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malware dbdate REG_SZ Thu, 13 Sep 2012 13:41:54 GMT dbversion REG_SZ v2012.09.13.07 programversion REG_SZ ID XXXXX-XXXXX This is hidden data. Key XXXX-XXXX-XXXX-XXXX This is hidden data. SchedulerQueue REG_MULTI_SZ 6148, 30249149, 994728896, 1, 23 | 30249395, 1522243132 HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 0 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 Language REG_SZ English.lng selectedrives REG_SZ C:\| HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1 Inno Setup: Setup Version REG_SZ 5.4.3 (a) Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware InstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware Inno Setup: User REG_SZ conport Inno Setup: Selected Tasks REG_DWORD 0 Inno Setup: Deselected Tasks REG_SZ desktopicon,quicklaunchicon Inno Setup: Language REG_SZ English DisplayName REG_SZ Malwarebytes Anti-Malware version DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe UninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT DisplayVersion REG_SZ Publisher REG_SZ Malwarebytes Corporation URLInfoAbout REG_SZ http://www.malwarebytes.org NoModify REG_DWORD 1 NoRepair REG_DWORD 1 InstallDate REG_SZ 20120912 MajorVersion REG_DWORD 1 MinorVersion REG_DWORD 65 Scheduler Queue: ================ Scheduled Item: Update Schedule Options: | Daily | Random Start Time: 2012-09-12 08:04 Repeating Every: 1 Recover if missed by: 23 Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ MBAM Drivers: ============= C:\WINDOWS\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: Required Dependencies: ====================== fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr Type REG_DWORD 2 Start REG_DWORD 0 ErrorControl REG_DWORD 1 Tag REG_DWORD 1 ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys DisplayName REG_SZ FltMgr Group REG_SZ FSFilter Infrastructure Description REG_SZ File System Filter Manager Driver AttachWhenLoaded REG_DWORD 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512 C:\WINDOWS\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: C:\WINDOWS\system32\mscomctl.ocx File Size: 1070352 BYTES FileVersion: C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512 List of MBAM Related Directories: ================================= C:\Program Files\Malwarebytes' Anti-Malware unins000.dat File Size: 15328 BYTES unins000.exe File Size: 711240 BYTES FileVersion: mbamext.dll File Size: 80968 BYTES FileVersion: mbam.dll File Size: 499784 BYTES FileVersion: mbamcore.dll File Size: 1089608 BYTES FileVersion: mbamnet.dll File Size: 2168392 BYTES FileVersion: mbam.exe File Size: 981656 BYTES FileVersion: mbamgui.exe File Size: 766536 BYTES FileVersion: mbamservice.exe File Size: 676936 BYTES FileVersion: mbamscheduler.exe File Size: 399432 BYTES FileVersion: mbampt.exe File Size: 40008 BYTES FileVersion: mbam.chm File Size: 582708 BYTES license.txt File Size: 11141 BYTES changes.txt File Size: 2780 BYTES ssubtmr6.dll File Size: 46416 BYTES FileVersion: vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: unins000.msg File Size: 10550 BYTES C:\Program Files\Malwarebytes' Anti-Malware\Languages arabic.lng File Size: 21110 BYTES belarusian.lng File Size: 26026 BYTES bosnian.lng File Size: 26236 BYTES bulgarian.lng File Size: 26678 BYTES catalan.lng File Size: 27226 BYTES chineseSI.lng File Size: 10642 BYTES chineseTR.lng File Size: 11588 BYTES croatian.lng File Size: 25844 BYTES czech.lng File Size: 23894 BYTES danish.lng File Size: 25750 BYTES dutch.lng File Size: 27282 BYTES english.lng File Size: 23742 BYTES estonian.lng File Size: 24112 BYTES finnish.lng File Size: 24990 BYTES french.lng File Size: 28790 BYTES german.lng File Size: 28870 BYTES greek.lng File Size: 28316 BYTES hebrew.lng File Size: 18714 BYTES hungarian.lng File Size: 27548 BYTES italian.lng File Size: 27186 BYTES japanese.lng File Size: 15814 BYTES korean.lng File Size: 13710 BYTES latvian.lng File Size: 26208 BYTES lithuanian.lng File Size: 26920 BYTES macedonian.lng File Size: 27830 BYTES norwegian.lng File Size: 24216 BYTES polish.lng File Size: 25726 BYTES portugueseBR.lng File Size: 27720 BYTES portuguesePT.lng File Size: 28056 BYTES romanian.lng File Size: 27308 BYTES russian.lng File Size: 26352 BYTES serbian.lng File Size: 25970 BYTES slovak.lng File Size: 24752 BYTES slovenian.lng File Size: 23998 BYTES spanish.lng File Size: 29010 BYTES swedish.lng File Size: 25132 BYTES thai.lng File Size: 25190 BYTES turkish.lng File Size: 25046 BYTES vietnamese.lng File Size: 28574 BYTES C:\Program Files\Malwarebytes' Anti-Malware\Chameleon chameleon.chm File Size: 186068 BYTES mbam-killer.exe File Size: 896072 BYTES mbam-chameleon.exe File Size: 218696 BYTES mbam-chameleon.com File Size: 218696 BYTES mbam-chameleon.pif File Size: 218696 BYTES mbam-chameleon.scr File Size: 218696 BYTES svchost.exe File Size: 218696 BYTES firefox.exe File Size: 218696 BYTES firefox.com File Size: 218696 BYTES firefox.pif File Size: 218696 BYTES firefox.scr File Size: 218696 BYTES iexplore.exe File Size: 218696 BYTES winlogon.exe File Size: 218696 BYTES rundll32.exe File Size: 218696 BYTES C:\Documents and Settings\conport\Application Data\Malwarebytes\Malwarebytes' Anti-Malware C:\Documents and Settings\conport\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs mbam-log-2012-09-13 (09-09-51).txt File Size: 1926 BYTES mbam-log-2012-09-13 (09-28-37).txt File Size: 1956 BYTES C:\Documents and Settings\conport\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine =============================================================== END OF FILE protection-log-2012-09-13.txt protection-log-2012-09-12.txt attach.txt dds.txt
  15. Hey all, I was infected with the system check virus and I was able to remove it. For a day my computer seemed fine, but then the next day my google searches started redirecting me to random sites and my computer was noticeably slower. Malwarebytes found an infection and then my computer was fine for a night. But then again the next day google searches started redirecting and computer was slow. I ran many scans on Malwarebytes, but all of them come out with 0 infections found. Thanks in advance for your help. Attached below is the quick scan that found the infection. Malwarebytes Anti-Malware www.malwarebytes.org Database version: v2012.01.17.01 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Jchau :: JCHAU-PC [administrator] 16/01/2012 10:04:07 PM mbam-log-2012-01-16 (22-04-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205242 Time elapsed: 6 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) This is my most recent one Malwarebytes Anti-Malware (Trial) www.malwarebytes.org Database version: v2012.01.20.04 Windows 7 x64 NTFS (Safe Mode/Networking) Internet Explorer 8.0.7600.16385 Jchau :: JCHAU-PC [administrator] Protection: Disabled 20/01/2012 6:59:32 PM mbam-log-2012-01-20 (18-59-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204658 Time elapsed: 3 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.