Jump to content

Recommended Posts

Hello and welcome back...

Please run the tools below and ATTACH (do not copy and paste) the logs so someone can better assist you.

Please post an mbam-check log:

Create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please attach the CheckResults.txt file which should now be located on your desktop to your next reply
Next:

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply "as an attachment": DDS.txt and Attach.txt

    You can ignore the note about zipping the Attach.txt file in most cases.

Link to post
Share on other sites

Completing DDS soon

 

MBAM Check Log:

 


mbam-check result log version: 2.0.0.1000
 
Malwarebytes Version: REG_SZ 1.75.0.1300
 
Date Log Created: 02/14/14
Time Log Created: 15:27:31
 
User Account type: Administrator
 
64 bit Operating System
 
Product Name: REG_SZ Windows 7 Home Premium
 
Current Build Number: 7601
 
Current Version Number: 6.1
 
Current CSDVersion: Service Pack 1
 
Proxy Status: No proxy is Set
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ HH:mm:ss
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: 850 Please refer to this link for details: Here
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
TERMService:
==============
Type : 32
State : 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE : 1077
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Compatibility Flag Settings (Any MBAM file listings should be removed):
=======================================================================
 
 
 
 
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
 
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Malwarebytes Anti-Malware     REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Service and Driver Status:
==========================
 
MBAMProtector:
==============
Type : 2
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
MBAMService:
==============
Type : 16
State : 4 (The service is running.)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
MBAMScheduler:
==============
Type : 16
State : 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
 
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type                          REG_DWORD 2
Start                         REG_DWORD 3
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys
Group                         REG_SZ FSFilter Anti-Virus
DependOnService               REG_MULTI_SZ FltMgr
 
WOW64                         REG_DWORD 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance               REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude                      REG_SZ 328800
Flags                         REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
0                             REG_SZ Root\LEGACY_MBAMPROTECTOR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
MBAMService Registry Values:
============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
DependOnService               REG_MULTI_SZ MBAMProtector
 
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware service
DelayedAutostart              REG_DWORD 0
MBAMScheduler Registry Values:
==============================
 
 
 
MBAM DLL's and Runtime Files:
=============================
 
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid
(Default):                    REG_SZ vbAccelerator Grid Control
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid
(Default):                    REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}
 
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid
(Default):                    REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}
 
HKEY_CLASSES_ROOT\SSubTimer6.CTimer
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid
(Default):                    REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}
 
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid
(Default):                    REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}
 
 
 
 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
 
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default):                    REG_SZ vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default):                    REG_SZ 2
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default):                    REG_SZ vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default):                    REG_SZ 2
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default):                    REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default):                    REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ _ISubclass
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ __CTimer
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ CTimer
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default):                    REG_SZ __vbalGrid
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default):                    REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version                       REG_SZ 1.1
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default):                    REG_SZ vbalGrid
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default):                    REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version                       REG_SZ 1.1
MBAM Registry Settings and License Info:
========================================
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
advancedheuristics            REG_DWORD 1
downloadprogram               REG_DWORD 1
hidereg                       REG_DWORD 0
detectp2p                     REG_DWORD 0
detectpum                     REG_DWORD 1
detectpup                     REG_DWORD 1
updatewarn                    REG_DWORD 1
updatewarndays                REG_DWORD 1
useproxy                      REG_DWORD 0
useauthentication             REG_DWORD 0
contextmenu                   REG_DWORD 1
reportthreats                 REG_DWORD 0
startwithwindows              REG_DWORD 1
startfsdisabled               REG_DWORD 0
startipdisabled               REG_DWORD 0
silentipmode                  REG_DWORD 0
autoquarantine                REG_DWORD 1
notifyinstallprogram          REG_DWORD 1
trialpromptshown              REG_DWORD 0
autoquarantinenotify          REG_DWORD 1
alwaysscanarchives            REG_DWORD 1
InstallPath                   REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
dbdate                        REG_SZ Fri, 14 Feb 2014 14:13:58 GMT
dbversion                     REG_SZ v2014.02.14.06
programversion                REG_SZ 1.75.0.1300
programbuild                  REG_SZ consumer
ID                            XXXXX This is hidden data.
Key                           XXXX-XXXX-XXXX-XXXX This is hidden data.
SchedulerQueue                REG_MULTI_SZ 6148, 30353743, 3663231072, 1, 23 | 0, 0
 
 
 
HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
autosavelog                   REG_DWORD 1
openlog                       REG_DWORD 1
defaultscan                   REG_DWORD 0
terminateie                   REG_DWORD 0
Language                      REG_SZ English.lng
selectedrives                 REG_SZ C:\|D:\|
HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
autosavelog                   REG_DWORD 1
openlog                       REG_DWORD 1
defaultscan                   REG_DWORD 0
terminateie                   REG_DWORD 0
HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
autosavelog                   REG_DWORD 1
openlog                       REG_DWORD 1
defaultscan                   REG_DWORD 0
terminateie                   REG_DWORD 0
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
Inno Setup: Setup Version     REG_SZ 5.5.3-dev (a)
Inno Setup: App Path          REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
InstallLocation               REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\
Inno Setup: Icon Group        REG_SZ Malwarebytes' Anti-Malware
Inno Setup: User              REG_SZ Shazia Begum
Inno Setup: Selected Tasks    REG_SZ desktopicon
Inno Setup: Deselected Tasks  REG_SZ quicklaunchicon
Inno Setup: Language          REG_SZ English
DisplayName                   REG_SZ Malwarebytes Anti-Malware version 1.75.0.1300
DisplayIcon                   REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
UninstallString               REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
QuietUninstallString          REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT
DisplayVersion                REG_SZ 1.75.0.1300
Publisher                     REG_SZ Malwarebytes Corporation
URLInfoAbout                  REG_SZ http://www.malwarebytes.org
NoModify                      REG_DWORD 1
NoRepair                      REG_DWORD 1
InstallDate                   REG_SZ 20140214
MajorVersion                  REG_DWORD 1
MinorVersion                  REG_DWORD 75
EstimatedSize                 REG_DWORD 19743
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
PendingFileRenameOperations REG_MULTI_SZ \??\C:\Program Files (x86)\Google\Update\1.3.22.3
 
 
 
Scheduler Queue:
================
 
Scheduled Item: Update Schedule Options: | Daily | Random
Start Time: 2014-02-14 06:41 Repeating Every: 1 Recover if missed by: 23
 
 
 
Context Menu Entries:
=====================
 
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
 
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
(Default):                    REG_SZ IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt
 
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
 
MBAM Drivers:
=============
 
C:\Windows\system32\drivers\mbam.sys File Size: 25928     BYTES FileVersion: 1.60.2.0
 
 
Required Dependencies:
======================
 
BFE:
==============
Type : 32
State : 4 (The service is running.)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ErrorControl                  REG_DWORD 1
Start                         REG_DWORD 2
Type                          REG_DWORD 32
DependOnService               REG_MULTI_SZ RpcSs
 
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data
 
{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data
 
{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data
 
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data
 
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data
 
fltmgr:
==============
Type : 2
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
ErrorControl                  REG_DWORD 3
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
C:\Windows\system32\drivers\fltmgr.sys File Size: 289664    BYTES FileVersion: 6.1.7601.17514
C:\Windows\SysWOW64\mscomctl.ocx File Size: 1070152   BYTES FileVersion: 6.1.98.34
C:\Windows\SysWOW64\olepro32.dll File Size: 90112     BYTES FileVersion: 6.1.7601.17514
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files (x86)\Malwarebytes' Anti-Malware
7z.dll                         File Size:    914432 BYTES FileVersion: 9.20.0.0
changes.txt                   File Size:       200 BYTES
license.rtf                   File Size:     17916 BYTES
mbam.chm                       File Size:    474148 BYTES
mbam.dll                       File Size:    527944 BYTES FileVersion: 1.70.0.0
mbam.exe                       File Size:    887432 BYTES FileVersion: 1.75.0.1
mbamcore.dll                   File Size:   1127496 BYTES FileVersion: 1.70.0.0
mbamext.dll                   File Size:     95304 BYTES FileVersion: 1.70.0.0
mbamgui.exe                   File Size:    532040 BYTES FileVersion: 1.70.0.0
mbamnet.dll                   File Size:   2191944 BYTES FileVersion: 1.70.0.0
mbampt.exe                     File Size:     40008 BYTES FileVersion: 1.70.0.0
mbamscheduler.exe             File Size:    418376 BYTES FileVersion: 1.70.0.0
mbamservice.exe               File Size:    701512 BYTES FileVersion: 1.70.0.0
ssubtmr6.dll                   File Size:     46416 BYTES FileVersion: 1.1.0.3
unins000.dat                   File Size:     15533 BYTES
unins000.exe                   File Size:    712264 BYTES FileVersion: 51.52.0.0
unins000.msg                   File Size:     11277 BYTES
vbalsgrid6.ocx                 File Size:    496976 BYTES FileVersion: 2.0.0.40
 
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon
chameleon.chm                 File Size:    186068 BYTES
firefox.com                   File Size:    218184 BYTES
firefox.exe                   File Size:    218184 BYTES
firefox.pif                   File Size:    218184 BYTES
firefox.scr                   File Size:    218184 BYTES
iexplore.exe                   File Size:    218184 BYTES
mbam-chameleon.com             File Size:    218184 BYTES
mbam-chameleon.exe             File Size:    218184 BYTES
mbam-chameleon.pif             File Size:    218184 BYTES
mbam-chameleon.scr             File Size:    218184 BYTES
mbam-killer.exe               File Size:    896072 BYTES
rundll32.exe                   File Size:    218184 BYTES
svchost.exe                   File Size:    218184 BYTES
winlogon.exe                   File Size:    218184 BYTES
 
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages
arabic.lng                     File Size:     21894 BYTES
belarusian.lng                 File Size:     26884 BYTES
bosnian.lng                   File Size:     27108 BYTES
bulgarian.lng                 File Size:     27574 BYTES
catalan.lng                   File Size:     28252 BYTES
chineseSI.lng                 File Size:     11024 BYTES
chineseTR.lng                 File Size:     11952 BYTES
croatian.lng                   File Size:     26670 BYTES
czech.lng                     File Size:     24874 BYTES
danish.lng                     File Size:     26582 BYTES
dutch.lng                     File Size:     28342 BYTES
english.lng                   File Size:     24542 BYTES
estonian.lng                   File Size:     25146 BYTES
finnish.lng                   File Size:     25950 BYTES
french.lng                     File Size:     29830 BYTES
german.lng                     File Size:     29894 BYTES
greek.lng                     File Size:     29300 BYTES
hebrew.lng                     File Size:     19362 BYTES
hungarian.lng                 File Size:     28666 BYTES
indonesian.lng                 File Size:     26854 BYTES
italian.lng                   File Size:     28194 BYTES
japanese.lng                   File Size:     16266 BYTES
korean.lng                     File Size:     14188 BYTES
latvian.lng                   File Size:     27100 BYTES
lithuanian.lng                 File Size:     27838 BYTES
norwegian.lng                 File Size:     25116 BYTES
polish.lng                     File Size:     26644 BYTES
portugueseBR.lng               File Size:     28654 BYTES
portuguesePT.lng               File Size:     29062 BYTES
romanian.lng                   File Size:     28290 BYTES
russian.lng                   File Size:     27302 BYTES
serbian.lng                   File Size:     26804 BYTES
slovak.lng                     File Size:     25644 BYTES
slovenian.lng                 File Size:     24852 BYTES
spanish.lng                   File Size:     30060 BYTES
swedish.lng                   File Size:     25992 BYTES
thai.lng                       File Size:     26092 BYTES
turkish.lng                   File Size:     25876 BYTES
vietnamese.lng                 File Size:     29528 BYTES
 
C:\Users\Shazia Begum\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware
 
C:\Users\Shazia Begum\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
 
C:\Users\Shazia Begum\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware
exclusions.dat                 File Size:       484 BYTES
rules.ref                     File Size:   7221940 BYTES
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration
build.conf                     File Size:       140 BYTES
config.conf                   File Size:      4076 BYTES
custom.conf                   File Size:        20 BYTES
database.conf                 File Size:       432 BYTES
html.conf                     File Size:      2904 BYTES
local.conf                     File Size:       420 BYTES
manifest.conf                 File Size:      1752 BYTES
messaging.conf                 File Size:      1430 BYTES
news.conf                     File Size:       265 BYTES
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs
protection-log-2014-02-14.txt File Size:       708 BYTES
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
 
===============================================================
END OF FILE
 

dds.txt

attach.txt

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518
Run by Shazia Begum at 15:30:09 on 2014-02-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4008.2188 [GMT 0:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8736B2BA-9B16-44EB-BBB2-38AB6716E96B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8736B2BA-9B16-44EB-BBB2-38AB6716E96B}\14C69602D20223E2437484A7 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-11-14 709144]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48872]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;C:\Windows\System32\fsKMgr.dll [2012-8-1 24936]
R2 IdcSrv;IDCSRV Service;C:\Program Files (x86)\IdeaCom\IDCMgr\IdcSrv.exe [2014-2-2 252928]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-9 244624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-14 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2014-2-3 36864]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2014-2-3 145448]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-2-2 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-5-11 31216]
R3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-9-24 164056]
R3 fsvidmir_service;fsvidmir_service;C:\Windows\System32\drivers\fsvidmir.sys [2012-8-1 13672]
R3 IdcFltr;HID Touch Screen Driver;C:\Windows\System32\drivers\idcfltr.sys [2014-2-2 46208]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-14 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-9 412776]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2014-2-3 694376]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2008-7-11 58664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-11 111616]
S3 JTVNCProxy_13.0;JTVNCProxy_13.0;C:\Program Files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe [2012-8-1 20360]
S3 PowerBrl;powerBraille System Driver;C:\Windows\System32\drivers\powerbrl.sys [2012-8-1 17768]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-4 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-11 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-4 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-3 1255736]
SUnknown MBAMScheduler;MBAMScheduler; [x]
.
=============== Created Last 30 ================
.
2014-02-14 14:31:20 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\Malwarebytes
2014-02-14 14:31:09 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-14 14:31:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-14 14:31:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-13 20:17:32 78848 ----a-w- C:\Windows\KMSEmulator.exe
2014-02-11 20:40:44 53248 ----a-w- C:\Windows\SysWow64\zlib.dll
2014-02-11 20:37:44 6573056 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-11 20:37:44 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-11 19:52:01 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-02-11 19:52:00 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-02-11 19:42:52 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-11 19:40:15 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-02-05 20:16:29 -------- d-----w- C:\ProgramData\Nuance
2014-02-05 20:16:27 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\Nuance
2014-02-05 16:38:40 -------- d-----w- C:\Program Files\Adblock Plus for IE
2014-02-05 16:38:37 -------- d-----w- C:\ProgramData\Package Cache
2014-02-05 16:35:57 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\RealNetworks
2014-02-05 16:35:36 -------- d-----w- C:\ProgramData\RealNetworks
2014-02-05 16:35:36 -------- d-----w- C:\Program Files (x86)\RealNetworks
2014-02-05 16:35:09 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2014-02-05 16:18:59 -------- d--h--w- C:\VTRoot
2014-02-05 16:07:43 -------- d-s---w- C:\ProgramData\Shared Space
2014-02-05 16:07:30 -------- d-----w- C:\Program Files\COMODO
2014-02-05 16:07:14 -------- d-----w- C:\ProgramData\Comodo
2014-02-05 16:07:13 -------- d-----w- C:\ProgramData\Comodo Downloader
2014-02-05 15:54:05 -------- d-----w- C:\Program Files (x86)\MSECache
2014-02-05 15:53:20 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\ESET
2014-02-05 15:53:17 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\uTorrent
2014-02-05 15:52:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 15:52:25 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-05 15:52:05 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Adobe
2014-02-05 15:51:24 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Skype
2014-02-05 15:51:02 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-05 15:44:33 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Programs
2014-02-05 15:34:17 -------- d-----w- C:\Program Files\ESET
2014-02-05 15:06:49 -------- d-----w- C:\Program Files (x86)\BYOND
2014-02-04 20:47:01 -------- d-----w- C:\Windows\Migration
2014-02-04 19:43:19 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2014-02-04 19:43:19 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-02-04 19:43:19 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-02-04 19:43:18 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-02-04 19:43:18 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-02-04 19:43:18 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-02-04 19:43:18 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-02-04 19:39:07 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-02-04 19:39:07 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-02-04 19:38:59 2871808 ----a-w- C:\Windows\explorer.exe
2014-02-04 19:38:59 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2014-02-04 19:38:57 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 19:38:57 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 19:38:50 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-02-04 19:38:50 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-02-04 19:38:29 67072 ----a-w- C:\Windows\splwow64.exe
2014-02-04 19:38:29 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-02-04 18:26:03 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-02-04 18:26:03 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-02-04 18:26:03 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-02-04 18:26:02 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-02-04 18:23:54 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F3B98CA4-975B-44D5-A0E2-1B595D70B9FD}\mpengine.dll
2014-02-04 17:49:03 -------- d-----w- C:\Windows\System32\MRT
2014-02-03 18:50:42 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-02-03 18:50:24 -------- d-----w- C:\Windows\PCHEALTH
2014-02-03 18:50:24 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-02-03 18:48:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-03 18:47:21 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-02-03 18:05:19 -------- d-----w- C:\Windows\System32\kodak
2014-02-03 18:04:31 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Eastman_Kodak_Company
2014-02-03 18:03:50 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Eastman Kodak Company
2014-02-03 18:03:38 -------- d-----w- C:\Windows\SysWow64\kodak
2014-02-03 18:02:59 -------- d-----w- C:\Program Files (x86)\Kodak
2014-02-03 18:01:36 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\Temp
2014-02-03 18:01:36 -------- d-----w- C:\ProgramData\Kodak
2014-02-03 18:00:08 -------- d-----w- C:\Program Files\CCleaner
2014-02-03 17:30:26 -------- d-----w- C:\Windows\SysWow64\Wat
2014-02-03 17:30:26 -------- d-----w- C:\Windows\System32\Wat
2014-02-03 17:25:02 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-02-03 17:16:44 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2014-02-03 17:09:41 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-02-03 17:09:41 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-02-03 17:09:41 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-02-03 17:09:41 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-02-03 17:09:41 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-02-03 17:09:41 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-02-03 17:09:41 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-02-03 17:05:55 1572864 ----a-w- C:\Windows\System32\quartz.dll
2014-02-03 17:04:59 197120 ----a-w- C:\Windows\System32\credui.dll
2014-02-03 17:00:36 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-02-03 16:59:45 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-03 16:58:57 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2014-02-03 16:57:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-02-03 16:57:17 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-02-03 16:57:09 751104 ----a-w- C:\Windows\System32\win32spl.dll
2014-02-03 16:57:09 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2014-02-03 16:57:02 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-02-03 16:57:02 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-02-03 16:57:01 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Google
2014-02-03 16:55:50 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2014-02-03 16:52:30 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\Freedom Scientific
2014-02-03 16:52:03 -------- d--h--w- C:\Program Files\Freedom Scientific Installation Information
2014-02-03 16:52:03 -------- d-----w- C:\ProgramData\Freedom Scientific
2014-02-03 16:52:03 -------- d-----w- C:\Program Files\ssce
2014-02-03 16:43:21 145448 ----a-w- C:\Windows\System32\drivers\sentinel64.sys
2014-02-03 16:43:17 -------- d-----w- C:\Program Files (x86)\Common Files\SafeNet Sentinel
2014-02-03 16:43:11 -------- d-----w- C:\Windows\Downloaded Installations
2014-02-03 16:42:37 -------- d-----w- C:\Windows\System32\HJSMEM
2014-02-03 16:42:30 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-03 16:42:25 -------- d-----w- C:\Program Files\Freedom Scientific
2014-02-03 16:42:12 -------- d-----w- C:\Program Files (x86)\Freedom Scientific
2014-02-03 16:38:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-02-03 16:38:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-02-03 16:38:13 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-02-03 16:33:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-02-03 16:33:37 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-02-03 16:33:26 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-02-03 16:33:26 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-02-03 16:28:50 -------- d-----w- C:\Program Files (x86)\Cisco
2014-02-03 16:28:22 694376 ----a-r- C:\Windows\System32\drivers\rtl8192su.sys
2014-02-03 16:28:20 595968 ----a-w- C:\Windows\System32\Rtlihvs.dll
2014-02-03 16:28:00 380928 ----a-w- C:\Windows\RtlUI2.exe
2014-02-03 16:27:59 595968 ------w- C:\Windows\SysWow64\Rtlihvs.dll
2014-02-03 16:27:59 188416 ------w- C:\Windows\SysWow64\RTLExtUI.dll
2014-02-03 16:27:58 451072 ------w- C:\Windows\SysWow64\ISSRemoveSP.exe
2014-02-02 05:40:46 69464 ------w- C:\Windows\SysWow64\XAPOFX1_3.dll
2014-02-02 05:40:46 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2014-02-02 05:40:46 515416 ------w- C:\Windows\SysWow64\XAudio2_5.dll
2014-02-02 05:40:46 453456 ------w- C:\Windows\SysWow64\d3dx10_42.dll
2014-02-02 05:40:44 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2014-02-02 05:40:44 3426072 ------w- C:\Windows\SysWow64\d3dx9_32.dll
2014-02-02 05:31:06 -------- d-----w- C:\Program Files (x86)\Microsoft
2014-02-02 05:28:45 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2014-02-02 05:28:41 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2014-02-02 05:26:20 46208 ----a-w- C:\Windows\System32\drivers\idcfltr.sys
2014-02-02 05:26:20 -------- d-----w- C:\Program Files (x86)\IdeaCom
2014-02-02 05:14:32 -------- d-----w- C:\Windows\NAPP_Dism_Log
2014-02-01 22:04:40 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\OEM
2014-02-01 22:03:39 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Acer PowerSaver
2014-02-01 22:02:40 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Acer
2014-02-01 22:02:24 -------- d-----w- C:\Program Files\Accessory Store
2014-01-29 23:02:44 279000 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 16:34:57 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-02-05 16:34:57 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-02-04 17:57:30 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-29 23:02:42 64000 ----a-w- C:\Windows\System32\igfxsrvc.dll
2014-01-16 09:59:44 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
.
============= FINISH: 15:32:12.62 ===============
 
.
==== Installed Programs ======================
.
Acer eRecovery Management
Acer PowerSaver
Acer ScreenSaver
Acer Updater
Adblock Plus for IE
Adblock Plus for IE (32-bit and 64-bit)
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
aioscnnr
µTorrent
BYOND
CCleaner
center
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
COMODO Firewall
CyberLink YouCam
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET NOD32 Antivirus
essentials
Freedom Scientific Braille
Freedom Scientific Document Server
Freedom Scientific Elevation
Freedom Scientific FSReader 2.0
Freedom Scientific JAWS 13.0
Freedom Scientific Ocr
Freedom Scientific OmniPage
Freedom Scientific Synth
Freedom Scientific Synthesizer Eloquence
Freedom Scientific Talking Installer 13.0
Freedom Scientific Utilities
Freedom Scientific Video Intercept
Freedom Scientific WOW64 Proxy
Google Chrome
Google Update Helper
IdeaCom Touch Screen 3.3.0000.26
Identity Card
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Kodak AIO Printer
KODAK AiO Software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
ocr
PreReq
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver and Utility
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863902) 32-Bit Edition
Sentinel System Driver Installer 7.5.0
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.13
TouchSettings
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
WinRAR 5.01 (64-bit)
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

  • Root Admin

Those logs do not provide enough information to determine exactly what is causing this.  Perhaps file exclusions are needed for your ESET NOD32 ?

Perhaps there is some other software conflict or an infection.  Either of which would require further analysis using tools we cannot use in this sub-section of the forum.

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thanks

Link to post
Share on other sites

Last week, I done a factory reset of the affected machine. I doubt it would be infected since this issue occurred the day I installed it without even going online. I just thought it would fix itself.

 

I use the exact same security combination on 2 other machines on the exact same operating systems with mutual exclusions set between Eset and Malwarebytes. The other 2 are working fine apart from this one. Odd.

Link to post
Share on other sites

Please follow the instructions by AdvancedSetup above, he did not say you were infected, just that there is not enough info in your logs to tell us exactly what is going on. The tools that need to be run can not be run on this section of the forum, this is why he is requesting you post in the other section of the forum, to rule out any possible infection, and also to figure out what is causing the issue.  It also seems you have two anti virus programs installed on this computer. This in itself can cause issues.  The experts will help you sort it all out.

 

Thanks for understanding...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.