Jump to content

Got infected. After removal/restart, MBAM will update, but not start.


Recommended Posts

My nightly scan randomly came up with 100+ infected/quarantined files. It said I had to reboot, so I did. Upon rebooting, it had me install the newest version of MBAM. Ever since then, MBAM will not start. Chameleon will at least get it to update, but I can't open the actual app to get it to scan. It looks like the process is quitting after a few seconds of being open. Here are the DDS logs:

Attach.txt

----------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/18/2010 9:29:37 PM

System Uptime: 1/8/2012 3:59:57 AM (1 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K52Jr

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | Socket 989 | 2267/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 60.563 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is FIXED (NTFS) - 1863 GiB total, 743.378 GiB free.

I: is FIXED (FAT32) - 20 GiB total, 18.548 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: USB 2.0 1.3M UVC WebCam

Device ID: USB\VID_04F2&PID_B071&MI_00\7&32D26C37&0&0000

Manufacturer: Chicony, (Sonix260)

Name: USB 2.0 1.3M UVC WebCam

PNP Device ID: USB\VID_04F2&PID_B071&MI_00\7&32D26C37&0&0000

Service: SNP2UVC

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

AC3Filter 1.63b

Acronis True Image Home

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Flash Player 10 ActiveX

Adobe Linguistics CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player 11.5

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Aiseesoft iPad Video Converter

Amazon Kindle For PC

ATK Package

Audacity 1.2.6

Audiosurf

AutoHotkey 1.0.48.05.L61

AviSynth 2.5

Balsamiq Mockups For Desktop

Beat Hazard

BIT.TRIP BEAT

Bitcoin

calibre

Camtasia Studio 7

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Connect

CoreAAC Audio Decoder (remove only)

CoreAVC Professional Edition (remove only)

CoreFLAC Audio Decoder+Source Filter (remove only)

D3DX10

dBpoweramp DSP Effects

dBpoweramp Music Converter

DirectVobSub (remove only)

Dropbox

DVD Flick 1.3.0.7

Evernote v. 4.1

ffdshow [rev 3299] [2010-03-03]

FileZilla Client 3.3.3

foobar2000 v1.0.1

Foxit Phantom

Foxit Reader

Google Chrome

Google Talk Plugin

Google Update Helper

GoToMeeting 4.8.0.723

Gpg4win (2.1.0)

Grooveshark

GTK+ Runtime 2.14.7 rev a (remove only)

Haali Media Splitter

Hammerfight

HandBrake 0.9.5

HostsMan 3.2.73

IETester v0.4.11 (remove only)

ImgBurn

Intel® Rapid Storage Technology

Intel® Solid-State Drive Toolbox

Java Auto Updater

Java 6 Update 29

Jing

JMicron Ethernet Adapter NDIS Driver

JMicron Flash Media Controller Driver

KalemSoft Media Streamer

kuler

LAME v3.98.2 for Audacity

LastPass (uninstall only)

LifeFrame2

Livescribe Connect

Livescribe Desktop

LogMeIn Rescue AVI Codec

LogMeIn Rescue Technician Console

Malwarebytes Anti-Malware version 1.60.0.1800

Microsoft Silverlight

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft XNA Framework Redistributable 3.1

mkv2vob

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Manager

Native Instruments Controller Editor

Native Instruments Service Center

Notepad++

NVIDIA PhysX

OneLogin Plugin for Internet Explorer

OnLive

OpenAL

OpenVPN 2.1.1

Opera 11.51

Pamela Basic 4.8

Paragon Alignment Tool™ 3.0

PCSX2 - Playstation 2 Emulator

PdaNet for Android 2.45

PDF Settings CS4

Photoshop Camera Raw

Picasa 3

Pidgin

pomodairo

PuTTY version 0.60

QuickTime

ScreenSteps 2.9

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Skype Audio Player (remove only)

Skype™ 4.2

Snagit 10

Spotify

Steam

stunnel

Suite Shared Configuration CS4

Synergy+

TouchFreeze

TransMac version 8.1

trixbox eyeBeam 1.5.14

TrueCrypt

TVersity Codec Pack 1.7

TVersity Media Server 1.9.7

Tweet Adder 3

TweetDeck

Unlocker 1.8.9

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

ViewletBuilder6 Professional

VirtualCloneDrive

VLC media player 1.0.5

VNC Free Edition 4.1.3

VO-Pro

VueScan

Vuze

VVVVVV

WebEx

WebM Media Foundation Components

WinDirStat 1.1.2

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

WinFlash

WinPcap 4.1.2

WinSCP 4.2.7

Wireshark 1.6.4

Xiph.Org Open Codecs 0.85.17777

Xvid 1.2.2 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

1/8/2012 4:06:05 AM, Error: Service Control Manager [7031] - The TVersity Media Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

1/8/2012 4:05:28 AM, Error: Service Control Manager [7031] - The TVersity Media Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

1/8/2012 4:01:13 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1/8/2012 4:01:10 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1/8/2012 4:00:14 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

1/8/2012 3:59:34 AM, Error: Service Control Manager [7034] - The Synergy+ Client service terminated unexpectedly. It has done this 1 time(s).

1/8/2012 3:47:20 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

1/8/2012 3:37:38 AM, Error: Ntfs [137] - The default transaction resource manager on volume O: encountered a non-retryable error and could not start. The data contains the error code.

1/8/2012 3:01:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft SharePoint Workspace 2010 (KB2566445), 64-Bit Edition.

1/8/2012 3:01:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Service Pack 1 for Microsoft Office 2010 (KB2510690 ) 64-bit Edition.

1/7/2012 9:33:56 PM, Error: srv [2011] - The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

1/5/2012 12:00:29 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Fantom.

.

==== End Of File ===========================

DDS.txt

-------

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Eric at 4:10:17 on 2012-01-08

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8045.5993 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Prey\platform\windows\cronsvc.exe

C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE

C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe

C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\amd64\novacomd.exe

C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe

C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Synergy+\bin\synergyc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Synergy+\bin\synergyc.exe

C:\Windows\system32\conhost.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe

C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Java\jre7\bin\javaw.exe

C:\Program Files (x86)\Texter\texter.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\ProgramData\TVersity\Media Server\MediaServer.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://google.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: OneLoginToolbar: {8ab573bb-1230-466d-8180-5fc7353c294a} - C:\Program Files (x86)\OneLogin, Inc\OneLogin Plugin for Internet Explorer\adxloader.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

uRun: [TrueCrypt] "C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe" /q preferences

uRun: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

uRun: [Google Update] "C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [MusicManager] "C:\Users\Eric\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-BDGKM.exe" /REG /REGSVRMODE

StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENVP~1.LNK - C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe

StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SECRET~1.LNK - C:\Users\Eric\.secretsync\ssexec.exe

StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Texter.lnk - C:\Program Files (x86)\Texter\texter.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {465BCC32-631A-4BEB-87CD-F2C4C776EB67} - C:\Program Files (x86)\OneLogin, Inc\OneLogin Plugin for Internet Explorer\OneLoginToolbar.IEModule.42119052.js

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: crmontarget.com\qwest

Trusted Zone: istockphoto.com\secure

Trusted Zone: istockphoto.com\www

Trusted Zone: logmeinrescue.com\secure

Trusted Zone: paypal.com

Trusted Zone: pb.com

Trusted Zone: qwestbusinessemail.com\schedule

Trusted Zone: qwestoffice.com\sitecontrol

Trusted Zone: siteprotect.com

DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab

DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5A262D18-5FFE-419F-9D07-74CBA1C07843} : DhcpNameServer = 192.168.42.129

TCP: Interfaces\{7815C63E-6089-43C1-9FA6-98FC88FB36D4} : NameServer = 4.2.2.1,4.2.2.2

TCP: Interfaces\{7815C63E-6089-43C1-9FA6-98FC88FB36D4} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F6885F97-31DA-4412-917E-8F2DAD9E62EF} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F6885F97-31DA-4412-917E-8F2DAD9E62EF}\3416274756C634F666665656C41626 : DhcpNameServer = 192.168.3.1

TCP: Interfaces\{F6885F97-31DA-4412-917E-8F2DAD9E62EF}\83637317775627479753330393 : DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{F6885F97-31DA-4412-917E-8F2DAD9E62EF}\C416020516C6F6D616 : DhcpNameServer = 4.2.2.2 66.181.240.12

TCP: Interfaces\{FF777CC2-2107-483E-A88E-FAD878F1F2AD} : DhcpNameServer = 216.131.94.5 216.131.95.20

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

BHO-X64: OneLoginToolbar: {8ab573bb-1230-466d-8180-5fc7353c294a} - C:\Program Files (x86)\OneLogin, Inc\OneLogin Plugin for Internet Explorer\adxloader.dll

BHO-X64: 0x1 - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO-X64: LastPass Browser Helper Object - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce-x64: [innoSetupRegFile.0000000001] "C:\Windows\is-BDGKM.exe" /REG /REGSVRMODE

IE-X64: {465BCC32-631A-4BEB-87CD-F2C4C776EB67} - C:\Program Files (x86)\OneLogin, Inc\OneLogin Plugin for Internet Explorer\OneLoginToolbar.IEModule.42119052.js

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

Hosts: 173.255.208.79 wpp.reachcastcontent.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\huzfvjwm.default\

FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com/

FF - component: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\huzfvjwm.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll

FF - plugin: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\huzfvjwm.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\huzfvjwm.default\extensions\TechnicianConsole@logmeinrescue.com\plugins\npRescue.dll

FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?]

R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?]

R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);C:\Windows\system32\DRIVERS\tdrpm251.sys --> C:\Windows\system32\DRIVERS\tdrpm251.sys [?]

R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-8-12 2326920]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]

R2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2011-3-2 224256]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-19 13336]

R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]

R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-8 652872]

R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2011-9-2 91456]

R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-8 5009920]

R2 NovacomD;Palm Novacom;C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\amd64\novacomd.exe [2011-6-24 72192]

R2 Palm_TCP_Relay;Palm TCP Relay;C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe [2011-7-19 11776]

R2 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-10-27 470528]

R2 Synergy+ Client;Synergy+ Client;C:\Program Files (x86)\Synergy+\bin\synergyc.exe [2010-6-12 657408]

R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-2-3 134760]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-5 136176]

S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]

S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]

S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-19 1038088]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-5 136176]

S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]

S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\system32\DRIVERS\PulseUsb.sys --> C:\Windows\system32\DRIVERS\PulseUsb.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\system32\drivers\vasdDev.sys --> C:\Windows\system32\drivers\vasdDev.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

.

=============== Created Last 30 ================

.

2012-01-08 11:08:00 709968 ----a-w- C:\Windows\is-BDGKM.exe

2012-01-08 11:01:31 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-01-08 06:07:01 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD0900FA-1791-4232-A257-586F3CE51EA9}\offreg.dll

2012-01-08 06:07:00 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD0900FA-1791-4232-A257-586F3CE51EA9}\mpengine.dll

2012-01-07 05:55:28 1454400 ----a-w- C:\Windows\System32\drivers\vasdDev.sys

2012-01-03 06:40:35 -------- d-----w- C:\Program Files (x86)\Xiph.Org

2012-01-03 06:40:33 -------- d-----w- C:\Program Files (x86)\TVersity Codec Pack

2012-01-03 06:40:26 -------- d-----w- C:\ProgramData\TVersity

2011-12-28 07:27:15 -------- d-----w- C:\Users\Eric\AppData\Local\Livescribe

2011-12-28 07:27:13 -------- d-----w- C:\ProgramData\Livescribe

2011-12-28 07:27:05 -------- d-----w- C:\Users\Eric\AppData\Roaming\com.livescribe.LivescribeConnect

2011-12-28 07:26:57 -------- d-----w- C:\Program Files (x86)\Common Files\Livescribe

2011-12-28 07:26:51 -------- d-----w- C:\Program Files (x86)\Livescribe

2011-12-26 01:35:47 -------- d-----w- C:\Users\Eric\AppData\Local\uTorrent

2011-12-21 05:46:07 -------- d-----w- C:\Users\Eric\AppData\Local\LogMeIn Rescue Applet

2011-12-20 17:53:30 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat

2011-12-20 17:51:09 -------- d-----w- C:\Prey

2011-12-17 21:22:21 -------- d-----w- C:\Users\Eric\AppData\Local\Windows Live

2011-12-13 21:07:33 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-13 21:07:33 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-13 21:07:32 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-13 21:07:32 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-13 21:07:30 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-13 21:07:30 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-11 20:26:56 -------- d-----w- C:\Windows\System32\catroot2

2011-12-10 21:37:20 -------- d-----w- C:\Users\Eric\AppData\Roaming\Wireshark

2011-12-10 21:14:18 -------- d-----w- C:\Program Files (x86)\WinPcap

2011-12-10 21:13:26 -------- d-----w- C:\Program Files\Wireshark

.

==================== Find3M ====================

.

2011-12-06 22:38:31 72080 ----a-w- C:\Users\Eric\g2mdlhlpx.exe

2011-11-12 17:42:24 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-10 21:00:12 172544 ----a-w- C:\Windows\SysWow64\RemoteControl.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-27 22:57:23 26112 ----a-w- C:\Windows\System32\drivers\PulseUsb.sys

2011-10-27 22:57:23 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

2011-10-16 20:36:22 627600 ----a-w- C:\Windows\System32\deployJava1.dll

.

============= FINISH: 4:10:41.00 ===============

This is what I see in windows 7's event viewer:

Faulting application name: mbam.exe, version: 1.60.0.59, time stamp: 0x4ef23d40

Faulting module name: mbamcore.DLL, version: 1.60.0.52, time stamp: 0x4eea37f7

Exception code: 0xc0000005

Fault offset: 0x00060ae0

Faulting process id: 0x1bf4

Faulting application start time: 0x01cccdf80250a8ee

Faulting application path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Faulting module path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.DLL

Report Id: 420b43eb-39eb-11e1-aac4-e0cb4e5043ef

Link to post
Share on other sites

  • 1 month later...

Hello,

Please advise if you have resolved your issue. IF you have not, and would like guided help, do the following.

IF we do not hear back from you in 3 days, this thread will be closed.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.