Jump to content

Malwarebytes Program Schedule error.


Alikhan

Recommended Posts

Hi all,

 

I can't seem to access the Malwarebytes scheduler and neither for them schedules to work. I've tried a clean install and posted in the Malwarebytes Help forum:

 

https://forums.malwarebytes.org/index.php?showtopic=142281

 

The conclusion was to come here to see a chance of possible infection or cause.

 

The Malwarebytes scan came out clean (full scan)

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518
Run by Shazia Begum at 15:30:09 on 2014-02-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4008.2188 [GMT 0:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
 
 
mWinlogon: Userinit = userinit.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8736B2BA-9B16-44EB-BBB2-38AB6716E96B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8736B2BA-9B16-44EB-BBB2-38AB6716E96B}\14C69602D20223E2437484A7 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-11-14 709144]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48872]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;C:\Windows\System32\fsKMgr.dll [2012-8-1 24936]
R2 IdcSrv;IDCSRV Service;C:\Program Files (x86)\IdeaCom\IDCMgr\IdcSrv.exe [2014-2-2 252928]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-9 244624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-14 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2014-2-3 36864]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2014-2-3 145448]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-2-2 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-5-11 31216]
R3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-9-24 164056]
R3 fsvidmir_service;fsvidmir_service;C:\Windows\System32\drivers\fsvidmir.sys [2012-8-1 13672]
R3 IdcFltr;HID Touch Screen Driver;C:\Windows\System32\drivers\idcfltr.sys [2014-2-2 46208]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-14 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-9 412776]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2014-2-3 694376]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2008-7-11 58664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-11 111616]
S3 JTVNCProxy_13.0;JTVNCProxy_13.0;C:\Program Files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe [2012-8-1 20360]
S3 PowerBrl;powerBraille System Driver;C:\Windows\System32\drivers\powerbrl.sys [2012-8-1 17768]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-4 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-11 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-4 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-3 1255736]
SUnknown MBAMScheduler;MBAMScheduler; [x]
.
=============== Created Last 30 ================
.
2014-02-14 14:31:20 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\Malwarebytes
2014-02-14 14:31:09 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-14 14:31:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-14 14:31:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-13 20:17:32 78848 ----a-w- C:\Windows\KMSEmulator.exe
2014-02-11 20:40:44 53248 ----a-w- C:\Windows\SysWow64\zlib.dll
2014-02-11 20:37:44 6573056 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-11 20:37:44 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-11 19:52:01 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-02-11 19:52:00 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-02-11 19:42:52 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-11 19:40:15 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-02-05 20:16:29 -------- d-----w- C:\ProgramData\Nuance
2014-02-05 20:16:27 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\Nuance
2014-02-05 16:38:40 -------- d-----w- C:\Program Files\Adblock Plus for IE
2014-02-05 16:38:37 -------- d-----w- C:\ProgramData\Package Cache
2014-02-05 16:35:57 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\RealNetworks
2014-02-05 16:35:36 -------- d-----w- C:\ProgramData\RealNetworks
2014-02-05 16:35:36 -------- d-----w- C:\Program Files (x86)\RealNetworks
2014-02-05 16:35:09 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2014-02-05 16:18:59 -------- d--h--w- C:\VTRoot
2014-02-05 16:07:43 -------- d-s---w- C:\ProgramData\Shared Space
2014-02-05 16:07:30 -------- d-----w- C:\Program Files\COMODO
2014-02-05 16:07:14 -------- d-----w- C:\ProgramData\Comodo
2014-02-05 16:07:13 -------- d-----w- C:\ProgramData\Comodo Downloader
2014-02-05 15:54:05 -------- d-----w- C:\Program Files (x86)\MSECache
2014-02-05 15:53:20 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\ESET
2014-02-05 15:53:17 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\uTorrent
2014-02-05 15:52:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 15:52:25 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-05 15:52:05 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Adobe
2014-02-05 15:51:24 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Skype
2014-02-05 15:51:02 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-05 15:44:33 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Programs
2014-02-05 15:34:17 -------- d-----w- C:\Program Files\ESET
2014-02-05 15:06:49 -------- d-----w- C:\Program Files (x86)\BYOND
2014-02-04 20:47:01 -------- d-----w- C:\Windows\Migration
2014-02-04 19:43:19 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2014-02-04 19:43:19 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-02-04 19:43:19 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-02-04 19:43:18 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-02-04 19:43:18 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-02-04 19:43:18 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-02-04 19:43:18 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-02-04 19:39:07 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-02-04 19:39:07 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-02-04 19:38:59 2871808 ----a-w- C:\Windows\explorer.exe
2014-02-04 19:38:59 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2014-02-04 19:38:57 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 19:38:57 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 19:38:50 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-02-04 19:38:50 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-02-04 19:38:29 67072 ----a-w- C:\Windows\splwow64.exe
2014-02-04 19:38:29 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-02-04 18:26:03 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-02-04 18:26:03 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-02-04 18:26:03 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-02-04 18:26:02 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-02-04 18:23:54 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F3B98CA4-975B-44D5-A0E2-1B595D70B9FD}\mpengine.dll
2014-02-04 17:49:03 -------- d-----w- C:\Windows\System32\MRT
2014-02-03 18:50:42 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-02-03 18:50:24 -------- d-----w- C:\Windows\PCHEALTH
2014-02-03 18:50:24 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-02-03 18:48:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-03 18:47:21 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-02-03 18:05:19 -------- d-----w- C:\Windows\System32\kodak
2014-02-03 18:04:31 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Eastman_Kodak_Company
2014-02-03 18:03:50 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Eastman Kodak Company
2014-02-03 18:03:38 -------- d-----w- C:\Windows\SysWow64\kodak
2014-02-03 18:02:59 -------- d-----w- C:\Program Files (x86)\Kodak
2014-02-03 18:01:36 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\Temp
2014-02-03 18:01:36 -------- d-----w- C:\ProgramData\Kodak
2014-02-03 18:00:08 -------- d-----w- C:\Program Files\CCleaner
2014-02-03 17:30:26 -------- d-----w- C:\Windows\SysWow64\Wat
2014-02-03 17:30:26 -------- d-----w- C:\Windows\System32\Wat
2014-02-03 17:25:02 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-02-03 17:16:44 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2014-02-03 17:09:41 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-02-03 17:09:41 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-02-03 17:09:41 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-02-03 17:09:41 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-02-03 17:09:41 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-02-03 17:09:41 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-02-03 17:09:41 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-02-03 17:05:55 1572864 ----a-w- C:\Windows\System32\quartz.dll
2014-02-03 17:04:59 197120 ----a-w- C:\Windows\System32\credui.dll
2014-02-03 17:00:36 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-02-03 16:59:45 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-03 16:58:57 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2014-02-03 16:57:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-02-03 16:57:17 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-02-03 16:57:09 751104 ----a-w- C:\Windows\System32\win32spl.dll
2014-02-03 16:57:09 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2014-02-03 16:57:02 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-02-03 16:57:02 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-02-03 16:57:01 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Google
2014-02-03 16:55:50 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2014-02-03 16:52:30 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\Freedom Scientific
2014-02-03 16:52:03 -------- d--h--w- C:\Program Files\Freedom Scientific Installation Information
2014-02-03 16:52:03 -------- d-----w- C:\ProgramData\Freedom Scientific
2014-02-03 16:52:03 -------- d-----w- C:\Program Files\ssce
2014-02-03 16:43:21 145448 ----a-w- C:\Windows\System32\drivers\sentinel64.sys
2014-02-03 16:43:17 -------- d-----w- C:\Program Files (x86)\Common Files\SafeNet Sentinel
2014-02-03 16:43:11 -------- d-----w- C:\Windows\Downloaded Installations
2014-02-03 16:42:37 -------- d-----w- C:\Windows\System32\HJSMEM
2014-02-03 16:42:30 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-03 16:42:25 -------- d-----w- C:\Program Files\Freedom Scientific
2014-02-03 16:42:12 -------- d-----w- C:\Program Files (x86)\Freedom Scientific
2014-02-03 16:38:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-02-03 16:38:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-02-03 16:38:13 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-02-03 16:33:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-02-03 16:33:37 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-02-03 16:33:26 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-02-03 16:33:26 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-02-03 16:28:50 -------- d-----w- C:\Program Files (x86)\Cisco
2014-02-03 16:28:22 694376 ----a-r- C:\Windows\System32\drivers\rtl8192su.sys
2014-02-03 16:28:20 595968 ----a-w- C:\Windows\System32\Rtlihvs.dll
2014-02-03 16:28:00 380928 ----a-w- C:\Windows\RtlUI2.exe
2014-02-03 16:27:59 595968 ------w- C:\Windows\SysWow64\Rtlihvs.dll
2014-02-03 16:27:59 188416 ------w- C:\Windows\SysWow64\RTLExtUI.dll
2014-02-03 16:27:58 451072 ------w- C:\Windows\SysWow64\ISSRemoveSP.exe
2014-02-02 05:40:46 69464 ------w- C:\Windows\SysWow64\XAPOFX1_3.dll
2014-02-02 05:40:46 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2014-02-02 05:40:46 515416 ------w- C:\Windows\SysWow64\XAudio2_5.dll
2014-02-02 05:40:46 453456 ------w- C:\Windows\SysWow64\d3dx10_42.dll
2014-02-02 05:40:44 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2014-02-02 05:40:44 3426072 ------w- C:\Windows\SysWow64\d3dx9_32.dll
2014-02-02 05:31:06 -------- d-----w- C:\Program Files (x86)\Microsoft
2014-02-02 05:28:45 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2014-02-02 05:28:41 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2014-02-02 05:26:20 46208 ----a-w- C:\Windows\System32\drivers\idcfltr.sys
2014-02-02 05:26:20 -------- d-----w- C:\Program Files (x86)\IdeaCom
2014-02-02 05:14:32 -------- d-----w- C:\Windows\NAPP_Dism_Log
2014-02-01 22:04:40 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\OEM
2014-02-01 22:03:39 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Acer PowerSaver
2014-02-01 22:02:40 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Acer
2014-02-01 22:02:24 -------- d-----w- C:\Program Files\Accessory Store
2014-01-29 23:02:44 279000 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 16:34:57 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-02-05 16:34:57 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-02-04 17:57:30 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-29 23:02:42 64000 ----a-w- C:\Windows\System32\igfxsrvc.dll
2014-01-16 09:59:44 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
.
============= FINISH: 15:32:12.62 ===============
 
.
==== Installed Programs ======================
.
Acer eRecovery Management
Acer PowerSaver
Acer ScreenSaver
Acer Updater
Adblock Plus for IE
Adblock Plus for IE (32-bit and 64-bit)
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
aioscnnr
µTorrent
BYOND
CCleaner
center
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
COMODO Firewall
CyberLink YouCam
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET NOD32 Antivirus
essentials
Freedom Scientific Braille
Freedom Scientific Document Server
Freedom Scientific Elevation
Freedom Scientific FSReader 2.0
Freedom Scientific JAWS 13.0
Freedom Scientific Ocr
Freedom Scientific OmniPage
Freedom Scientific Synth
Freedom Scientific Synthesizer Eloquence
Freedom Scientific Talking Installer 13.0
Freedom Scientific Utilities
Freedom Scientific Video Intercept
Freedom Scientific WOW64 Proxy
Google Chrome
Google Update Helper
IdeaCom Touch Screen 3.3.0000.26
Identity Card
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Kodak AIO Printer
KODAK AiO Software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
ocr
PreReq
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver and Utility
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863902) 32-Bit Edition
Sentinel System Driver Installer 7.5.0
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.13
TouchSettings
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
WinRAR 5.01 (64-bit)
.
==== End Of File ===========================
 

 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe

Important - Save it to your desktop.

Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).

Give permission if necessary, and click Search For Files.

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify the file saved. Please run the program once only.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

Next,

 

Run the MGA Diagnostic Tool and post back the report it creates:

 

  •  

     

  • Download MGADiag from here: http://go.microsoft.com/fwlink/?linkid=52012 and save it to your desktop.

     

     

  • Double-click on MGADiag.exe to launch the program

     

     

  • Click "Continue"

     

     

  • Ensure that the "Windows" tab is selected (it should be by default).

     

     

  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.

     

     

  • Paste the MGA Diagnostic Report back here in your next reply.

     

     

 

 

Kevin...

Link to post
Share on other sites

Removed utorrent.

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe
c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe.config
scanner sequence 3.CA.11.KFNATZ
 ----- EOF ----- 
 
 
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
 
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-R6B6D-***** (added in asterisks)
Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
Windows Product ID: 00359-OEM-8992687-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {F909A005-6C35-4EFC-BB62-D50A99730E21}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F909A005-6C35-4EFC-BB62-D50A99730E21}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-449845940-201004789-23021097</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire Z1801</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P01-B2</Version><SMBIOSVersion major="2" minor="7"/><Date>20110805000000.000000+000</Date></BIOS><HWID>411C3607018400FE</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Software licensing service version: 6.1.7601.17514
 
Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800006-02-1033-7601.0000-1892011
Installation ID: 011966551520975376395684078691140622302994415650716402
Partial Product Key: 7QJB7
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 15/02/2014 15:42:11
 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 2:4:2014 20:21
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
 
 
HWID Data-->
HWID Hash Current: MAAAAAEAAgABAAIAAAABAAAAAgABAAEA6GHwLpxO5Bx86fBVcn3AKFwuzpRnCy5z
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC ACRSYS ACRPRDCT
  FACP ACRSYS ACRPRDCT
  HPET ACRSYS ACRPRDCT
  MCFG ACRSYS ACRPRDCT
  SSDT AMICPU PROC
  SLIC ACRSYS ACRPRDCT
Link to post
Share on other sites

Yes the second run is correct, there should be two entries in the log as can clearly be seen....

 

The first run was somewhat different, there should have been four entries. Two entries were removed

 

There is also illegal software on your system:

 

2014-02-13 20:17:32 78848 ----a-w- C:\Windows\KMSEmulator.exe

 

Whilst you amend logs and run illegal software I cannot continue to help, the thread will have to be closed.

Link to post
Share on other sites

I never ammended any logs.

 

The DDS was ran at 3:30PM yesterday and I removed KMSEmulator, Utorrent and AutoKMS today before I did your next instructions.

 

If I were to have ammended the logs, I could have easily removed the KMSEmulator from the DDS log.

 

Do you want me to post an updated DDS?

 

I don't have a malware issue and it was suggested for me to report here to try a see what the cause is of the Malwarebytes Scheduler not functioning correctly.

Link to post
Share on other sites

  • Root Admin

I will take over but as a reminder.  You need to ensure that you have removed all illegal software as if we find anymore beyond this point then your topic will be closed.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

I think I've got rid of it fully now. Removed it from task scheduler and it also isn't located anymore at C:\Windows\KMSEmulator.exe.

 

Log is also attached.

 

ComboFix 14-02-14.01 - Shazia Begum 16/02/2014  15:00:52.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4008.2530 [GMT 0:00]
Running from: c:\users\Shazia Begum\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SSCE5432.DLL
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-16 to 2014-02-16  )))))))))))))))))))))))))))))))
.
.
2014-02-16 15:13 . 2014-02-16 15:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-15 15:42 . 2014-02-15 15:42 -------- d-----w- C:\MGADiagToolOutput
2014-02-15 15:41 . 2014-02-15 15:41 -------- d-----w- c:\programdata\Office Genuine Advantage
2014-02-14 14:31 . 2014-02-14 14:31 -------- d-----w- c:\programdata\Malwarebytes
2014-02-14 14:31 . 2013-04-04 14:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-14 14:31 . 2014-02-14 14:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-11 20:40 . 2014-02-11 20:40 53248 ----a-w- c:\windows\SysWow64\zlib.dll
2014-02-11 20:37 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-11 20:37 . 2013-11-26 22:49 6573056 ----a-w- c:\windows\system32\mstscax.dll
2014-02-11 19:52 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-11 19:52 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2014-02-11 19:42 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-11 19:40 . 2013-12-04 02:27 485888 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-05 20:16 . 2014-02-05 20:16 -------- d-----w- c:\programdata\Nuance
2014-02-05 16:38 . 2014-02-05 16:38 -------- d-----w- c:\program files\Adblock Plus for IE
2014-02-05 16:38 . 2014-02-05 16:38 -------- d-----w- c:\programdata\Package Cache
2014-02-05 16:35 . 2014-02-05 16:35 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2014-02-05 16:34 . 2014-02-05 16:35 -------- d-----w- c:\program files (x86)\Real
2014-02-05 16:18 . 2014-02-05 16:35 -------- d-----w- C:\VTRoot
2014-02-05 16:07 . 2014-02-05 16:08 -------- d-s---w- c:\programdata\Shared Space
2014-02-05 16:07 . 2014-02-05 16:07 -------- d-----w- c:\program files\COMODO
2014-02-05 16:07 . 2014-02-05 16:08 -------- d-----w- c:\programdata\Comodo
2014-02-05 16:07 . 2014-02-05 16:07 -------- d-----w- c:\programdata\Comodo Downloader
2014-02-05 16:02 . 2014-02-05 16:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-02-05 15:54 . 2014-02-05 15:54 -------- d-----w- c:\program files (x86)\MSECache
2014-02-05 15:52 . 2014-02-05 15:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 15:52 . 2014-02-05 15:52 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 15:52 . 2014-02-05 15:52 -------- d-----w- c:\windows\system32\Macromed
2014-02-05 15:51 . 2014-02-05 15:51 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-02-05 15:51 . 2014-02-05 15:51 -------- d-----r- c:\program files (x86)\Skype
2014-02-05 15:50 . 2014-02-05 15:51 -------- d-----w- c:\programdata\Skype
2014-02-05 15:34 . 2014-02-05 15:34 -------- d-----w- c:\program files\ESET
2014-02-05 15:06 . 2014-02-05 15:06 -------- d-----w- c:\program files (x86)\BYOND
2014-02-04 20:52 . 2014-02-04 20:52 -------- d-----w- c:\program files\WinRAR
2014-02-04 20:47 . 2014-02-04 20:47 -------- d-----w- c:\windows\Migration
2014-02-04 20:44 . 2014-02-04 20:59 -------- d-----w- c:\program files\Microsoft Silverlight
2014-02-04 20:44 . 2014-02-04 20:59 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-02-04 19:48 . 2013-10-14 18:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-02-04 19:43 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-02-04 19:43 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2014-02-04 19:43 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-02-04 19:43 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-02-04 19:43 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-02-04 19:43 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-02-04 19:43 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-02-04 19:39 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-02-04 19:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-02-04 19:38 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2014-02-04 19:38 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2014-02-04 19:38 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 19:38 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 19:38 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-02-04 19:38 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-02-04 19:38 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2014-02-04 19:38 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2014-02-04 18:26 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-02-04 18:26 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-02-04 18:26 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-02-04 18:26 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-02-04 18:26 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-02-04 18:23 . 2013-12-16 01:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3B98CA4-975B-44D5-A0E2-1B595D70B9FD}\mpengine.dll
2014-02-04 17:49 . 2014-02-11 19:54 -------- d-----w- c:\windows\system32\MRT
2014-02-03 18:50 . 2014-02-03 18:50 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2014-02-03 18:50 . 2014-02-03 18:50 -------- d-----w- c:\windows\PCHEALTH
2014-02-03 18:50 . 2014-02-03 18:50 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2014-02-03 18:50 . 2014-02-03 18:50 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-02-03 18:48 . 2014-02-03 18:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2014-02-03 18:47 . 2014-02-03 18:47 -------- d-----w- c:\program files\Microsoft Office
2014-02-03 18:47 . 2014-02-03 18:47 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-02-03 18:05 . 2014-02-03 18:05 -------- d-----w- c:\windows\system32\kodak
2014-02-03 18:03 . 2014-02-03 18:03 -------- d-----w- c:\windows\SysWow64\kodak
2014-02-03 18:02 . 2014-02-03 18:03 -------- d-----w- c:\program files (x86)\Kodak
2014-02-03 18:01 . 2014-02-16 14:53 -------- d-----w- c:\programdata\Kodak
2014-02-03 18:00 . 2014-02-03 18:00 -------- d-----w- c:\program files\CCleaner
2014-02-03 17:30 . 2014-02-03 17:30 -------- d-----w- c:\windows\SysWow64\Wat
2014-02-03 17:30 . 2014-02-03 17:30 -------- d-----w- c:\windows\system32\Wat
2014-02-03 17:25 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-02-03 17:16 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-02-03 17:09 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-02-03 17:09 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-02-03 17:09 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-02-03 17:09 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-02-03 17:09 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-02-03 17:09 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-02-03 17:09 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-02-03 17:05 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2014-02-03 17:04 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-02-03 17:00 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-02-03 16:59 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-03 16:58 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2014-02-03 16:57 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2014-02-03 16:57 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2014-02-03 16:57 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2014-02-03 16:57 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2014-02-03 16:57 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2014-02-03 16:57 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2014-02-03 16:57 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-02-03 16:57 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-02-03 16:57 . 2014-02-03 16:57 -------- d-----w- c:\program files (x86)\Google
2014-02-03 16:55 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2014-02-03 16:52 . 2014-02-03 16:52 -------- d--h--w- c:\program files\Freedom Scientific Installation Information
2014-02-03 16:52 . 2014-02-03 16:52 -------- d-----w- c:\programdata\Freedom Scientific
2014-02-03 16:52 . 2014-02-03 16:52 -------- d-----w- c:\program files\ssce
2014-02-03 16:43 . 2008-07-11 07:05 145448 ----a-w- c:\windows\system32\drivers\sentinel64.sys
2014-02-03 16:43 . 2014-02-03 16:43 -------- d-----w- c:\program files (x86)\Common Files\SafeNet Sentinel
2014-02-03 16:43 . 2014-02-03 16:43 -------- d-----w- c:\windows\Downloaded Installations
2014-02-03 16:42 . 2014-02-03 16:51 -------- d-----w- c:\windows\system32\HJSMEM
2014-02-03 16:42 . 2014-02-03 16:52 -------- d-----w- c:\program files\Freedom Scientific
2014-02-03 16:42 . 2014-02-03 16:42 -------- d-----w- c:\program files (x86)\Freedom Scientific
2014-02-03 16:38 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2014-02-03 16:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2014-02-03 16:38 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-02-03 16:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2014-02-03 16:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2014-02-03 16:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2014-02-03 16:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2014-02-03 16:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2014-02-03 16:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2014-02-03 16:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2014-02-03 16:33 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2014-02-03 16:33 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-02-03 16:28 . 2014-02-03 16:28 -------- d-----w- c:\program files (x86)\Cisco
2014-02-03 16:28 . 2011-08-11 05:46 694376 ----a-r- c:\windows\system32\drivers\rtl8192su.sys
2014-02-03 16:28 . 2011-07-06 23:31 595968 ----a-w- c:\windows\system32\Rtlihvs.dll
2014-02-03 16:28 . 2009-03-31 14:31 380928 ----a-w- c:\windows\RtlUI2.exe
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 16:34 . 2011-05-20 19:13 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-02-05 16:34 . 2011-05-20 19:13 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-01-29 23:02 . 2011-07-09 07:44 64000 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-01-29 23:02 . 2011-07-09 07:44 9007616 ----a-w- c:\windows\system32\igfxress.dll
2014-01-29 23:02 . 2011-07-09 07:44 12859392 ----a-w- c:\windows\system32\igd10umd64.dll
2014-01-29 23:02 . 2011-07-09 07:44 110592 ----a-w- c:\windows\system32\hccutils.dll
2014-01-16 09:59 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JTVNCProxy_13.0;JTVNCProxy_13.0;c:\program files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe;c:\program files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 PowerBrl;powerBraille System Driver;c:\windows\system32\Drivers\powerbrl.sys;c:\windows\SYSNATIVE\Drivers\powerbrl.sys [x]
R3 PQAWRwa;PQAWRwa;c:\windows\SysWOW64\PQAWDrv.sys;c:\windows\SysWOW64\PQAWDrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;c:\windows\system32\fsKMgr.dll;c:\windows\SYSNATIVE\fsKMgr.dll [x]
S2 IdcSrv;IDCSRV Service;c:\program files (x86)\IdeaCom\IDCMgr\IdcSrv.exe;c:\program files (x86)\IdeaCom\IDCMgr\IdcSrv.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
S3 fsvidmir_service;fsvidmir_service;c:\windows\system32\DRIVERS\fsvidmir.sys;c:\windows\SYSNATIVE\DRIVERS\fsvidmir.sys [x]
S3 IdcFltr;HID Touch Screen Driver;c:\windows\system32\DRIVERS\idcfltr.sys;c:\windows\SYSNATIVE\DRIVERS\idcfltr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 18:03 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 15:52]
.
2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03 16:57]
.
2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf2995fa7e584e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03 16:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-05-06 153416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-11-11 1612504]
.
------- Supplementary Scan -------
.
 
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MACHINE\SOFTWARE\CLASSES\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MACHINE\SOFTWARE\CLASSES\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
Completion time: 2014-02-16  15:34:36
ComboFix-quarantined-files.txt  2014-02-16 15:34
.
Pre-Run: 441,402,576,896 bytes free
Post-Run: 441,394,233,344 bytes free
.
- - End Of File - - BE15B33ED6112DCF795C96FEC5F691DD
A36C5E4F47E84449FF07ED3517B43A31
 

ComboFix.txt

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

www.malwarebytes.org
 
Database version: v2014.02.17.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Shazia Begum :: SHAZIABEGUM-PC [administrator]
 
17/02/2014 14:57:31
mbar-log-2014-02-17 (14-57-31).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 237353
Time elapsed: 6 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16518
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4202729472, free: 2414075904
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16518
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4202729472, free: 2396127232
 
Downloaded database version: v2014.02.17.05
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
     02/17/2014 14:57:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\fsvidmir.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\idcfltr.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\SNTUSB64.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\Sentinel64.sys
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\??\C:\Windows\system32\fsKMgr.dll
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\sechost.dll
\Windows\System32\usp10.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008821790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa8006c59b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004bde060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800466b060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004bde060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004bdeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004bde060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004731090, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800466b060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2126F88B
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 45056000
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 45058048  Numsec = 204800
    Partition is not bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 45262848  Numsec = 954124288
 
    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 999387136  Numsec = 954135984
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8008821790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006c58b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008821790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006c59b60, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
=======================================
 
 
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-45058048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Shazia Begum on 17/02/2014 at 16:24:01.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/02/2014 at 16:37:32.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.019 - Report created 17/02/2014 at 16:40:31
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Shazia Begum - SHAZIABEGUM-PC
# Running from : C:\Users\Shazia Begum\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Shazia Begum\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [788 octets] - [17/02/2014 16:39:24]
AdwCleaner[s0].txt - [710 octets] - [17/02/2014 16:40:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [769 octets] ##########
 

JRT.txt

mbar-log-2014-02-17 (14-57-31).txt

system-log.txt

Link to post
Share on other sites

Malwarebytes and ESET online scanner found nothing, however, scheduler is still not working. FRST and additions.txt are attached since they are too long.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.17.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Shazia Begum :: SHAZIABEGUM-PC [administrator]
 
Protection: Enabled
 
17/02/2014 16:46:11
mbam-log-2014-02-17 (16-46-11).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218711
Time elapsed: 2 minute(s), 36 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=391b5ab774486f488cc51efc6c4355e1
# engine=17105
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-17 05:27:38
# local_time=2014-02-17 05:27:38 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 2620 26610498 0 0
# compatibility_mode=5893 16776574 100 94 1111903 145123108 0 0
# scanned=126942
# found=0
# cleaned=0
# scan_time=1706
# nod_component=V3 Build:0x30000000
 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

The computer is running 2 different antivirus programs.

ESET NOD32
COMODO Internet Security


Please choose one of them only and FULLY uninstall the other one.


You also have items configured to not load using MSCONFIG. The tool MSCONFIG is a diagnostic tool not a start up manager. Please either uninstall items you don't want to use or use a tool like AutoRuns from Microsoft or WinPatrol do do start up management. Then run MSCONFIG and set it back to NORMAL and reboot

 

As you have it used now the MSCONFIG tool cannot be used as a Diagnostic tool for which is was meant to be used.

Autoruns
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Winpatrol
http://www.winpatrol.com/


MSCONFIG\startupreg: Acer PowerSaver => C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IdeaCom Calibration => C:\Program Files (x86)\IdeaCom\IDCMgr\StartUT.exe calibration_check
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s




Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

Link to post
Share on other sites

I'm actually only running "COMODO Firewall" with Defence + and it was a customized install.

 

On the installer, it says internet security but it's actually the Firewall which is running with the HIPS and D+.

 

Regarding the startups, I knew it was possible to do it with Msconfig but I did it through CCleaner. (on the infected PC)

 

Also, on another Asus laptop it has a software called Fastboot developed by Asus. That also changes the startup type on MSconfig.

 

Example from Asus laptop (not with any issues) screenshot:

 

 

 

 

post-89152-0-93361000-1392679051_thumb.j

Link to post
Share on other sites

  • Root Admin

Many users try to configure Commodo only but according to other posts the antivirus engine is running.  Up to you as I really don't care what you run on the box but for me pretty much useless - the built-in firewall is more than enough firewall security (IMHO)

 

Also don't care what ASUS does - if they're using MSCONFIG as a Start Up configuration tool then they simply don't understand what the tool is really for and are abusing it.  Again, up to you as it has no real change/outcome on your topic here and is only information.

 

Please run the following.

 

MBAM Clean Removal Process
 

 

Then restart the computer and run the following and post back the log.

 

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post


 

 

Thanks

Link to post
Share on other sites

Is there any other good firewall you'd recommend other than COMODO?

 

Good news, first...

 

The mbamscheduler error has gone : https://forums.malwarebytes.org/index.php?showtopic=142281

 

The screenshot of the error was in that message.

 

However, the scheduling is still not working for updates nor scans.

 

I have noticed that in the protection log it states:

 

2014/02/18 15:45:49 GMT SHAZIABEGUM-PC (null) ERROR Scheduled update failed:  No address found failed with error code 0

 

I have attached the checkresults log too..

 

mbam-check result log version: 2.0.0.1000
 
Malwarebytes Version: REG_SZ 1.75.0.1300
 
Date Log Created: 02/18/14
Time Log Created: 15:48:43
 
User Account type: Administrator
 
64 bit Operating System
 
Product Name: REG_SZ Windows 7 Home Premium
 
Current Build Number: 7601
 
Current Version Number: 6.1
 
Current CSDVersion: Service Pack 1
 
Proxy Status: No proxy is Set
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ HH:mm:ss
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: 850 Please refer to this link for details: Here 
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
TERMService:
==============
Type : 32
State : 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE : 1077
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Compatibility Flag Settings (Any MBAM file listings should be removed):
=======================================================================
 
 
 
 
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
 
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Service and Driver Status:
==========================
 
MBAMProtector:
==============
Type : 2
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
MBAMService:
==============
Type : 16
State : 4 (The service is running.)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
MBAMScheduler:
==============
Type : 16
State : 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
 
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type                          REG_DWORD 2
Start                         REG_DWORD 3
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys
Group                         REG_SZ FSFilter Anti-Virus
DependOnService               REG_MULTI_SZ FltMgr
 
WOW64                         REG_DWORD 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance               REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude                      REG_SZ 328800
Flags                         REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
0                             REG_SZ Root\LEGACY_MBAMPROTECTOR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
MBAMService Registry Values:
============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
DependOnService               REG_MULTI_SZ MBAMProtector
 
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware service
DelayedAutostart              REG_DWORD 0
MBAMScheduler Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware scheduler
 
MBAM DLL's and Runtime Files:
=============================
 
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid
(Default):                    REG_SZ vbAccelerator Grid Control
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid
(Default):                    REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}
 
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid
(Default):                    REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}
 
HKEY_CLASSES_ROOT\SSubTimer6.CTimer
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid
(Default):                    REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}
 
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid
(Default):                    REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}
 
 
 
 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
 
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default):                    REG_SZ vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default):                    REG_SZ 2
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default):                    REG_SZ vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default):                    REG_SZ 2
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default):                    REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default):                    REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ _ISubclass
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ __CTimer
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ CTimer
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default):                    REG_SZ __vbalGrid
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default):                    REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version                       REG_SZ 1.1
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default):                    REG_SZ vbalGrid
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default):                    REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version                       REG_SZ 1.1
MBAM Registry Settings and License Info:
========================================
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
advancedheuristics            REG_DWORD 1
downloadprogram               REG_DWORD 1
hidereg                       REG_DWORD 0
detectp2p                     REG_DWORD 0
detectpum                     REG_DWORD 1
detectpup                     REG_DWORD 1
updatewarn                    REG_DWORD 1
updatewarndays                REG_DWORD 7
useproxy                      REG_DWORD 0
useauthentication             REG_DWORD 0
contextmenu                   REG_DWORD 1
reportthreats                 REG_DWORD 0
startwithwindows              REG_DWORD 1
startfsdisabled               REG_DWORD 0
startipdisabled               REG_DWORD 0
silentipmode                  REG_DWORD 0
autoquarantine                REG_DWORD 1
notifyinstallprogram          REG_DWORD 1
trialpromptshown              REG_DWORD 0
autoquarantinenotify          REG_DWORD 1
alwaysscanarchives            REG_DWORD 1
InstallPath                   REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
dbdate                        REG_SZ Tue, 18 Feb 2014 15:13:48 GMT
dbversion                     REG_SZ v2014.02.18.04
programversion                REG_SZ 1.75.0.1300
programbuild                  REG_SZ consumer
ID                            XXXXX This is hidden data.
Key                           XXXX-XXXX-XXXX-XXXX This is hidden data.
SchedulerQueue                REG_MULTI_SZ 2101250, 30354620, 817492480, 1, 0 | 0, 0
4160, 0, 0, 0, 0 | 0, 0
 
 
 
HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
autosavelog                   REG_DWORD 1
openlog                       REG_DWORD 1
defaultscan                   REG_DWORD 0
terminateie                   REG_DWORD 0
Language                      REG_SZ English.lng
selectedrives                 REG_SZ C:\|D:\|
HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
autosavelog                   REG_DWORD 1
openlog                       REG_DWORD 1
defaultscan                   REG_DWORD 0
terminateie                   REG_DWORD 0
HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
autosavelog                   REG_DWORD 1
openlog                       REG_DWORD 1
defaultscan                   REG_DWORD 0
terminateie                   REG_DWORD 0
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
Inno Setup: Setup Version     REG_SZ 5.5.3-dev (a)
Inno Setup: App Path          REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
InstallLocation               REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\
Inno Setup: Icon Group        REG_SZ Malwarebytes' Anti-Malware
Inno Setup: User              REG_SZ Shazia Begum
Inno Setup: Selected Tasks    REG_SZ desktopicon
Inno Setup: Deselected Tasks  REG_SZ quicklaunchicon
Inno Setup: Language          REG_SZ English
DisplayName                   REG_SZ Malwarebytes Anti-Malware version 1.75.0.1300
DisplayIcon                   REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
UninstallString               REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
QuietUninstallString          REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT
DisplayVersion                REG_SZ 1.75.0.1300
Publisher                     REG_SZ Malwarebytes Corporation
URLInfoAbout                  REG_SZ http://www.malwarebytes.org
NoModify                      REG_DWORD 1
NoRepair                      REG_DWORD 1
InstallDate                   REG_SZ 20140218
MajorVersion                  REG_DWORD 1
MinorVersion                  REG_DWORD 75
EstimatedSize                 REG_DWORD 19743
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
 
Scheduler Queue:
================
 
Scheduled Item: Update Schedule Options: | Hourly | Wake From Sleep
Start Time: 2014-02-18 15:15 Repeating Every: 1 Recover if missed by: 0
Scheduled Item: Update Schedule Options: | OnReboot
Start Time: OnReboot
 
 
 
Context Menu Entries:
=====================
 
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
 
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
(Default):                    REG_SZ IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt
 
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
 
MBAM Drivers:
=============
 
C:\Windows\system32\drivers\mbam.sys File Size: 25928     BYTES FileVersion: 1.60.2.0
 
 
Required Dependencies:
======================
 
BFE:
==============
Type : 32
State : 4 (The service is running.)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ErrorControl                  REG_DWORD 1
Start                         REG_DWORD 2
Type                          REG_DWORD 32
DependOnService               REG_MULTI_SZ RpcSs
 
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data
 
{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data
 
{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data
 
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data
 
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data
 
fltmgr:
==============
Type : 2
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
ErrorControl                  REG_DWORD 3
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
C:\Windows\system32\drivers\fltmgr.sys File Size: 289664    BYTES FileVersion: 6.1.7601.17514
C:\Windows\SysWOW64\mscomctl.ocx File Size: 1070152   BYTES FileVersion: 6.1.98.34
C:\Windows\SysWOW64\olepro32.dll File Size: 90112     BYTES FileVersion: 6.1.7601.17514
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files (x86)\Malwarebytes' Anti-Malware
7z.dll                         File Size:    914432 BYTES FileVersion: 9.20.0.0
changes.txt                   File Size:       200 BYTES
license.rtf                   File Size:     17916 BYTES
mbam.chm                       File Size:    474148 BYTES
mbam.dll                       File Size:    527944 BYTES FileVersion: 1.70.0.0
mbam.exe                       File Size:    887432 BYTES FileVersion: 1.75.0.1
mbamcore.dll                   File Size:   1127496 BYTES FileVersion: 1.70.0.0
mbamext.dll                   File Size:     95304 BYTES FileVersion: 1.70.0.0
mbamgui.exe                   File Size:    532040 BYTES FileVersion: 1.70.0.0
mbamnet.dll                   File Size:   2191944 BYTES FileVersion: 1.70.0.0
mbampt.exe                     File Size:     40008 BYTES FileVersion: 1.70.0.0
mbamscheduler.exe             File Size:    418376 BYTES FileVersion: 1.70.0.0
mbamservice.exe               File Size:    701512 BYTES FileVersion: 1.70.0.0
ssubtmr6.dll                   File Size:     46416 BYTES FileVersion: 1.1.0.3
unins000.dat                   File Size:     15533 BYTES
unins000.exe                   File Size:    712264 BYTES FileVersion: 51.52.0.0
unins000.msg                   File Size:     11277 BYTES
vbalsgrid6.ocx                 File Size:    496976 BYTES FileVersion: 2.0.0.40
 
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon
chameleon.chm                 File Size:    186068 BYTES
firefox.com                   File Size:    218184 BYTES
firefox.exe                   File Size:    218184 BYTES
firefox.pif                   File Size:    218184 BYTES
firefox.scr                   File Size:    218184 BYTES
iexplore.exe                   File Size:    218184 BYTES
mbam-chameleon.com             File Size:    218184 BYTES
mbam-chameleon.exe             File Size:    218184 BYTES
mbam-chameleon.pif             File Size:    218184 BYTES
mbam-chameleon.scr             File Size:    218184 BYTES
mbam-killer.exe               File Size:    896072 BYTES
rundll32.exe                   File Size:    218184 BYTES
svchost.exe                   File Size:    218184 BYTES
winlogon.exe                   File Size:    218184 BYTES
 
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages
arabic.lng                     File Size:     21894 BYTES
belarusian.lng                 File Size:     26884 BYTES
bosnian.lng                   File Size:     27108 BYTES
bulgarian.lng                 File Size:     27574 BYTES
catalan.lng                   File Size:     28252 BYTES
chineseSI.lng                 File Size:     11024 BYTES
chineseTR.lng                 File Size:     11952 BYTES
croatian.lng                   File Size:     26670 BYTES
czech.lng                     File Size:     24874 BYTES
danish.lng                     File Size:     26582 BYTES
dutch.lng                     File Size:     28342 BYTES
english.lng                   File Size:     24542 BYTES
estonian.lng                   File Size:     25146 BYTES
finnish.lng                   File Size:     25950 BYTES
french.lng                     File Size:     29830 BYTES
german.lng                     File Size:     29894 BYTES
greek.lng                     File Size:     29300 BYTES
hebrew.lng                     File Size:     19362 BYTES
hungarian.lng                 File Size:     28666 BYTES
indonesian.lng                 File Size:     26854 BYTES
italian.lng                   File Size:     28194 BYTES
japanese.lng                   File Size:     16266 BYTES
korean.lng                     File Size:     14188 BYTES
latvian.lng                   File Size:     27100 BYTES
lithuanian.lng                 File Size:     27838 BYTES
norwegian.lng                 File Size:     25116 BYTES
polish.lng                     File Size:     26644 BYTES
portugueseBR.lng               File Size:     28654 BYTES
portuguesePT.lng               File Size:     29062 BYTES
romanian.lng                   File Size:     28290 BYTES
russian.lng                   File Size:     27302 BYTES
serbian.lng                   File Size:     26804 BYTES
slovak.lng                     File Size:     25644 BYTES
slovenian.lng                 File Size:     24852 BYTES
spanish.lng                   File Size:     30060 BYTES
swedish.lng                   File Size:     25992 BYTES
thai.lng                       File Size:     26092 BYTES
turkish.lng                   File Size:     25876 BYTES
vietnamese.lng                 File Size:     29528 BYTES
 
C:\Users\Shazia Begum\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware
 
C:\Users\Shazia Begum\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
 
C:\Users\Shazia Begum\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware
exclusions.dat                 File Size:       403 BYTES
rules.ref                     File Size:   7263349 BYTES
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration
build.conf                     File Size:       140 BYTES
config.conf                   File Size:      4076 BYTES
custom.conf                   File Size:        20 BYTES
database.conf                 File Size:       432 BYTES
html.conf                     File Size:      2904 BYTES
local.conf                     File Size:       531 BYTES
manifest.conf                 File Size:      1752 BYTES
messaging.conf                 File Size:      1430 BYTES
news.conf                     File Size:       265 BYTES
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs
protection-log-2014-02-18.txt File Size:      5338 BYTES
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
 
===============================================================
END OF FILE
 

CheckResults.txt

Link to post
Share on other sites

  • Root Admin

Well that would seem to indicate that it cannot find a server or cannot bind to your network card for some reason.

Please see if you can change your International Settings in Control Panel to match what it "Should be" and see if that helps or not.


Time Format Settings:
=====================

Should be:
h:mm:ss tt
AM
PM
:

Currently:
REG_SZ HH:mm:ss
REG_SZ AM
REG_SZ PM
REG_SZ :




Please download and run the following tool and post back the log

CDN Traceroute Tool

 

Thanks

Link to post
Share on other sites

All the time and region settings (time zone etc/ country) are correct. Below is the log requested and attached.

 

Traceroute Malwarebytes CDN version 1.5 
 
19/02/2014 
16:22:50.29 
 
Phase #1 
Tracerouting: data-cdn.mbamupdates.com 
 
Tracing route to mwbyte.vo.llnwd.net [87.248.210.253]
over a maximum of 30 hops:
 
  1     6 ms     2 ms     2 ms  routerlogin.net [192.168.0.1] 
  2    12 ms    16 ms    10 ms  cpc12-perr12-2-0-gw.perr.cable.virginm.net [82.46.138.1] 
  3     9 ms    10 ms    12 ms  perr-core-2a-ae6-617.network.virginmedia.net [80.1.68.9] 
  4    27 ms    12 ms    19 ms  manc-bb-1c-ae5-0.network.virginmedia.net [62.255.149.65] 
  5    14 ms    15 ms    23 ms  brhm-bb-1b-et-400-0.network.virginmedia.net [62.253.175.69] 
  6    23 ms    18 ms    16 ms  teln-ic-1-ae0-0.network.virginmedia.net [212.43.163.250] 
  7    24 ms    24 ms    24 ms  cpc2-gree4-4-0-cust98.brnt.cable.ntl.com [213.105.159.98] 
  8    23 ms    33 ms    16 ms  ve5.fr3.lon.llnw.net [69.28.171.137] 
  9    18 ms    16 ms    21 ms  cdn-87-248-210-253.lon.llnw.net [87.248.210.253] 
 
Trace complete.
 
DNS Info 
Server:  routerlogin.net
Address:  192.168.0.1
 
Name:    mwbyte.vo.llnwd.net
Addresses:  87.248.210.254
 87.248.210.253
Aliases:  data-cdn.mbamupdates.com
 
============================================================ 
 
 
 
Phase #2 
Tracerouting: llnw.data-cdn.mbamupdates.com 
 
Tracing route to mwbyte.vo.llnwd.net [87.248.210.254]
over a maximum of 30 hops:
 
  1     2 ms     3 ms     2 ms  routerlogin.net [192.168.0.1] 
  2    12 ms    13 ms    13 ms  cpc12-perr12-2-0-gw.perr.cable.virginm.net [82.46.138.1] 
  3     8 ms    12 ms    10 ms  perr-core-2b-ae6-714.network.virginmedia.net [80.1.68.173] 
  4     9 ms    11 ms    11 ms  brhm-bb-1c-ae14-0.network.virginmedia.net [62.255.149.69] 
  5     *        *       13 ms  brhm-bb-1b-ae11-0.network.virginmedia.net [62.253.174.101] 
  6    16 ms    20 ms    15 ms  teln-ic-1-ae0-0.network.virginmedia.net [212.43.163.250] 
  7    22 ms    29 ms    19 ms  cpc2-gree4-4-0-cust98.brnt.cable.ntl.com [213.105.159.98] 
  8     *       14 ms    15 ms  cdn-87-248-210-254.lon.llnw.net [87.248.210.254] 
 
Trace complete.
 
DNS Info 
Server:  routerlogin.net
Address:  192.168.0.1
 
Name:    mwbyte.vo.llnwd.net
Addresses:  87.248.210.253
 87.248.210.254
Aliases:  llnw.data-cdn.mbamupdates.com
 
============================================================ 
 
 
 
Phase #3 
Tracerouting: edge.data-cdn.mbamupdates.com 
 
Tracing route to gs1.wpc.v2cdn.net [93.184.221.133]
over a maximum of 30 hops:
 
  1     2 ms     2 ms     2 ms  routerlogin.net [192.168.0.1] 
  2    13 ms    13 ms    14 ms  cpc12-perr12-2-0-gw.perr.cable.virginm.net [82.46.138.1] 
  3    12 ms    15 ms    12 ms  perr-core-2a-ae6-617.network.virginmedia.net [80.1.68.9] 
  4    38 ms    16 ms    15 ms  manc-bb-1c-ae5-0.network.virginmedia.net [62.255.149.65] 
  5    16 ms    15 ms    15 ms  manc-bb-1d-ae2-0.network.virginmedia.net [62.253.174.93] 
  6     *       27 ms    28 ms  213.242.120.97 
  7    28 ms    29 ms    30 ms  ae-1-60.edge3.Paris1.Level3.net [4.69.168.6] 
  8    24 ms    25 ms    26 ms  telia-level3-ge.paris1.Level3.net [4.68.62.126] 
  9    27 ms    27 ms    28 ms  edgecast-ic-151886-prs-b7.c.telia.net [80.239.128.254] 
 10    24 ms    23 ms    24 ms  93.184.221.133 
 
Trace complete.
 
DNS Info 
Server:  routerlogin.net
Address:  192.168.0.1
 
Name:    gs1.wpc.v2cdn.net
Address:  93.184.221.133
Aliases:  edge.data-cdn.mbamupdates.com
 wpc.1D00.edgecastcdn.net
 
============================================================ 
 
Finished at: 16:23:41.06 
 

traceroute_malwarebytes_cdn.txt

Link to post
Share on other sites

  • Root Admin

Odd, okay let me get the following scans.

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 
 

 

Next, Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Link to post
Share on other sites

Fully removed COMODO firewall hoping it would fix the issue but it never. I have disabled Windows Defender since it has possible conflicts with Eset.

 

Both are attached.

 

Farbar Service Scanner Version: 16-02-2014
Ran by Shazia Begum (administrator) on 20-02-2014 at 16:16:19
Running from "C:\Users\Shazia Begum\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

Result.txt

FSS.txt

Link to post
Share on other sites

  • Root Admin

ESET Services Repair


Please download the ESET services repair from here and save the file to your desktop.
On XP double click to run it.  On Vista/Win7/Win8 please right click and choose "Run as administrator"
Once the tool has finished please restart the computer.
 

Then run a new MBAM CLEAN

 

MBAM Clean Removal Process
 

 

Please run a Quick Scan with Malwarebytes and post the log:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.
 

Link to post
Share on other sites

After doing another MBAM clean install:

 

The hourly updates have started to work a bit now. Sometimes they work and sometimes they don't. I don't put my PC to sleep. However, the on reboot ones are still not working.

 

On another note, since doing this Eset fix.. Windows say I don't have any virus protection even though Eset is working fine.

 

Log Opened: 2014-02-21 @ 14:16:22
14:16:22 - -----------------
14:16:22 - | Begin Logging |
14:16:22 - -----------------
14:16:22 - Fix started on a WIN_7 X64 computer
14:16:22 - Prep in progress.  Please Wait.
14:16:23 - Prep complete
14:16:23 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
 
SetACL finished successfully.
14:16:25 - Services Repair Complete.
14:16:37 - Reboot Initiated
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.21.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Shazia Begum :: SHAZIABEGUM-PC [administrator]
 
Protection: Enabled
 
21/02/2014 14:27:04
mbam-log-2014-02-21 (14-27-04).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219667
Time elapsed: 3 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

SvcRepair.log

Link to post
Share on other sites

  • Root Admin

Let's run Combofix again then and see what it says.

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.