Jump to content

Malicious Website Protection still disabled after fix applied


Recommended Posts

Hi

Having trouble on a Windows 7 PC that has had Malwarebytes Premium running since 6/14. Recently, (perhaps after upgrade to 2.0.3.1025) Malicious Website protection has been disabled. This is still the case despite following instructions on Root Admin's post at least twice and then used the Mbam-clean to completely remove it and then re-installed it again. Finally, I cleaned it again and installed the earlier version 2.0.2.1012 which also showed MWP disabled as soon as I started the free trial. I have let update install the new version, closed it and restarted it and then the PC to no avail.

I have scanned with RKill, Kaspersky TDSSkiller, JRT, RogueKiller but they all come back clean so I don't think this is "BUG" related.

Link to post
Share on other sites

Hi

Thanks for your help in advance

 

Here are the logs requested: ( in multiple posts)

 

Frst

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 (ATTENTION: ====> FRST version is 73 days old and could be outdated)
Ran by home (administrator) on HOME-PC on 24-11-2014 17:53:10
Running from F:\Tools\newTools9-18-14\random-audio
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Windows\jmesoft\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
(Lenovo (Shenzhen) Electronic Co., Ltd.) C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Users\home\AppData\Roaming\U3\0877610284505F6C\LaunchPad.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\AutoUpdate.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [LenovoFSC] => C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3028798937-3693838314-2347457642-1001\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe [2562368 2013-12-02] (IObit)
HKU\S-1-5-21-3028798937-3693838314-2347457642-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-3028798937-3693838314-2347457642-1001\...\MountPoints2: {1b29895a-f0e9-11e3-99f2-4437e62a9b39} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3028798937-3693838314-2347457642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe [2562368 2013-12-02] (IObit)
HKU\S-1-5-21-3028798937-3693838314-2347457642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-3028798937-3693838314-2347457642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1b29895a-f0e9-11e3-99f2-4437e62a9b39} - E:\LaunchU3.exe -a
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {ED21CEE4-EC8D-46F5-A2B9-0C6A775E593A} URL = https://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Profile: C:\Users\home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-07]
CHR Extension: (Google Drive) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]
CHR Extension: (Google Search) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]
CHR Extension: (Google Wallet) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Gmail) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [886592 2013-11-15] (IObit)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe [646976 2013-11-28] (IOBit)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151232 2013-12-02] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bdfsfltr; C:\windows\system32\Drivers\bdfsfltr.sys [431176 2011-03-24] (BitDefender)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-06-10] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11848 2009-06-05] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-11-20] ()
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [329800 2011-11-21] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-24 17:53 - 2014-11-24 17:53 - 00000000 ____D () C:\FRST
2014-11-23 21:15 - 2014-11-24 17:47 - 00000112 _____ () C:\windows\setupact.log
2014-11-23 21:15 - 2014-11-23 21:15 - 00000592 _____ () C:\windows\PFRO.log
2014-11-23 21:15 - 2014-11-23 21:15 - 00000000 _____ () C:\windows\setuperr.log
2014-11-23 18:26 - 2014-11-23 18:26 - 00000000 ____D () C:\Users\home\AppData\Local\{A0A39584-6203-405B-BAF2-79759997713C}
2014-11-22 15:11 - 2014-11-22 15:11 - 00000000 ____D () C:\Users\home\AppData\Local\{2F23B26A-CD4F-4176-9C25-15B7154CD705}
2014-11-20 22:38 - 2014-11-24 17:47 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-20 22:38 - 2014-11-20 22:45 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-20 22:38 - 2014-11-20 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-20 22:38 - 2014-11-20 22:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-20 22:38 - 2014-11-20 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-20 22:38 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-20 22:38 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-20 22:38 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-20 12:14 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-20 12:13 - 2014-11-20 12:13 - 00004625 _____ () C:\windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-20 12:13 - 2014-11-20 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-20 12:13 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-20 12:13 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-20 12:13 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-20 12:04 - 2014-11-20 12:04 - 00321848 _____ (Malwarebytes Corporation) C:\Users\home\Downloads\mbam-clean-2.1.1.1001.exe
2014-11-20 11:43 - 2014-11-20 11:43 - 00000000 ____D () C:\Users\home\AppData\Local\{A5E1A318-D4D5-4059-9002-E8229BAB7850}
2014-11-19 10:34 - 2014-11-15 21:16 - 01707532 _____ (Thisisu) C:\Users\home\Desktop\JRT_NEW.exe
2014-11-19 10:27 - 2014-11-20 11:07 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-11-19 10:27 - 2014-11-19 10:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-16 17:23 - 2014-11-16 17:23 - 00000000 __SHD () C:\Users\home\AppData\Local\EmieBrowserModeList
2014-11-15 21:14 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-15 21:14 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-15 21:14 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-15 21:14 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-15 21:14 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-15 21:14 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-15 21:14 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-15 21:14 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-15 21:14 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-15 21:13 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-15 21:13 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-15 21:13 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-15 21:13 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-15 21:13 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-15 21:13 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-15 21:13 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-15 21:13 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-15 21:13 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-15 21:13 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-15 21:13 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-15 21:13 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-15 21:13 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-15 21:13 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-15 21:13 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-15 21:13 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-15 21:13 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-15 21:13 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-15 21:13 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-15 21:13 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-15 21:13 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-15 21:13 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-15 21:13 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-15 21:13 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-15 21:13 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-15 21:13 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-15 21:13 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-15 21:13 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-15 21:13 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-15 21:13 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-15 21:13 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-15 21:13 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-15 21:13 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-15 21:13 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-15 21:13 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-15 21:13 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-15 21:13 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-15 21:13 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-15 21:13 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-15 21:13 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-15 21:13 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-15 21:13 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-15 21:13 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-15 21:13 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-15 21:13 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-15 21:13 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-15 21:13 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-15 21:13 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-15 21:13 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-15 21:13 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-15 21:13 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-15 21:13 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-15 21:13 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-15 21:13 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-15 21:13 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-15 21:13 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-15 21:11 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-15 21:10 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-15 21:10 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-15 21:10 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-15 21:10 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-15 21:10 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-15 21:10 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-15 21:10 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-15 21:10 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-15 21:10 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-15 21:10 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-15 21:10 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-15 21:10 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-15 21:10 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-15 21:10 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-15 21:10 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-15 21:10 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-15 21:10 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-15 21:10 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-15 21:10 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-15 21:10 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-15 21:10 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-15 21:10 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-15 21:10 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-15 21:10 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-15 21:10 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-15 21:10 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-15 21:10 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-15 21:10 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-15 21:10 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-15 21:10 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-15 21:10 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-15 21:10 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-15 21:10 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-15 21:10 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-01 17:43 - 2014-11-20 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-24 17:53 - 2014-11-24 17:53 - 00000000 ____D () C:\FRST
2014-11-24 17:51 - 2009-07-14 00:13 - 00006514 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-24 17:48 - 2014-06-10 17:41 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-24 17:47 - 2014-11-23 21:15 - 00000112 _____ () C:\windows\setupact.log
2014-11-24 17:47 - 2014-11-20 22:38 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 17:47 - 2014-04-07 12:57 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-24 17:47 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-23 21:37 - 2014-04-07 12:57 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 21:23 - 2009-07-13 23:45 - 00017952 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 21:23 - 2009-07-13 23:45 - 00017952 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 21:18 - 2014-04-07 12:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 21:15 - 2014-11-23 21:15 - 00000592 _____ () C:\windows\PFRO.log
2014-11-23 21:15 - 2014-11-23 21:15 - 00000000 _____ () C:\windows\setuperr.log
2014-11-23 18:26 - 2014-11-23 18:26 - 00000000 ____D () C:\Users\home\AppData\Local\{A0A39584-6203-405B-BAF2-79759997713C}
2014-11-23 18:26 - 2011-09-17 05:48 - 00000000 ____D () C:\Users\home\AppData\Roaming\Skype
2014-11-22 15:11 - 2014-11-22 15:11 - 00000000 ____D () C:\Users\home\AppData\Local\{2F23B26A-CD4F-4176-9C25-15B7154CD705}
2014-11-22 15:09 - 2014-04-07 12:57 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-20 22:45 - 2014-11-20 22:38 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-20 22:45 - 2014-11-20 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-20 22:45 - 2014-11-20 22:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-20 22:38 - 2014-11-20 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-20 21:56 - 2011-06-07 23:05 - 01775052 _____ () C:\windows\WindowsUpdate.log
2014-11-20 12:41 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-11-20 12:15 - 2014-05-23 23:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-20 12:13 - 2014-11-20 12:13 - 00004625 _____ () C:\windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-20 12:13 - 2014-11-20 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-20 12:13 - 2012-05-07 16:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-20 12:04 - 2014-11-20 12:04 - 00321848 _____ (Malwarebytes Corporation) C:\Users\home\Downloads\mbam-clean-2.1.1.1001.exe
2014-11-20 11:50 - 2014-11-01 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-11-20 11:50 - 2011-12-29 21:28 - 00000000 ____D () C:\windows\Minidump
2014-11-20 11:43 - 2014-11-20 11:43 - 00000000 ____D () C:\Users\home\AppData\Local\{A5E1A318-D4D5-4059-9002-E8229BAB7850}
2014-11-20 11:07 - 2014-11-19 10:27 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-11-20 11:07 - 2014-06-10 16:54 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-19 10:37 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-11-19 10:27 - 2014-11-19 10:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-17 12:31 - 2012-08-03 14:33 - 00000000 ____D () C:\Users\home\AppData\Roaming\SoftGrid Client
2014-11-16 17:23 - 2014-11-16 17:23 - 00000000 __SHD () C:\Users\home\AppData\Local\EmieBrowserModeList
2014-11-16 12:21 - 2009-07-13 23:45 - 00263640 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-15 21:41 - 2013-08-13 22:53 - 00000000 ____D () C:\windows\system32\MRT
2014-11-15 21:39 - 2012-02-06 15:56 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-15 21:32 - 2014-04-07 12:57 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 21:32 - 2014-04-07 12:57 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 21:16 - 2014-11-19 10:34 - 01707532 _____ (Thisisu) C:\Users\home\Desktop\JRT_NEW.exe
2014-11-15 21:06 - 2014-06-10 17:41 - 00002290 _____ () C:\Users\Public\Desktop\Advanced SystemCare Ultimate 7.lnk
2014-11-11 21:18 - 2014-04-07 12:56 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 21:18 - 2014-04-07 12:56 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 21:18 - 2014-04-07 12:56 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-07 14:49 - 2014-11-15 21:13 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-07 14:23 - 2014-11-15 21:13 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-05 23:04 - 2014-11-15 21:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-05 23:03 - 2014-11-15 21:13 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-05 23:03 - 2014-11-15 21:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-05 22:47 - 2014-11-15 21:13 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-05 22:46 - 2014-11-15 21:13 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-05 22:46 - 2014-11-15 21:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-05 22:44 - 2014-11-15 21:13 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-05 22:43 - 2014-11-15 21:13 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-05 22:36 - 2014-11-15 21:13 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-05 22:35 - 2014-11-15 21:13 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-05 22:31 - 2014-11-15 21:13 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-05 22:30 - 2014-11-15 21:13 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-05 22:30 - 2014-11-15 21:13 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-05 22:29 - 2014-11-15 21:13 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-05 22:28 - 2014-11-15 21:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-05 22:23 - 2014-11-15 21:13 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-05 22:20 - 2014-11-15 21:13 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-05 22:16 - 2014-11-15 21:13 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-05 22:13 - 2014-11-15 21:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-05 22:13 - 2014-11-15 21:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-05 22:12 - 2014-11-15 21:13 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-05 22:10 - 2014-11-15 21:13 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-05 22:10 - 2014-11-15 21:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-05 22:07 - 2014-11-15 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-05 22:05 - 2014-11-15 21:13 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-05 22:04 - 2014-11-15 21:13 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-05 22:03 - 2014-11-15 21:13 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-05 22:02 - 2014-11-15 21:13 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-05 22:00 - 2014-11-15 21:13 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-05 22:00 - 2014-11-15 21:13 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-05 21:59 - 2014-11-15 21:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-05 21:58 - 2014-11-15 21:13 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-05 21:57 - 2014-11-15 21:13 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-05 21:48 - 2014-11-15 21:13 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-05 21:42 - 2014-11-15 21:13 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-05 21:41 - 2014-11-15 21:13 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-05 21:41 - 2014-11-15 21:13 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-05 21:39 - 2014-11-15 21:13 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-05 21:38 - 2014-11-15 21:13 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-05 21:37 - 2014-11-15 21:13 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-05 21:36 - 2014-11-15 21:13 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-05 21:34 - 2014-11-15 21:13 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-05 21:30 - 2014-11-15 21:13 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-05 21:22 - 2014-11-15 21:13 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-05 21:21 - 2014-11-15 21:13 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-05 21:21 - 2014-11-15 21:13 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-05 21:20 - 2014-11-15 21:13 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-05 21:17 - 2014-11-15 21:13 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-05 21:04 - 2014-11-15 21:13 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-05 21:03 - 2014-11-15 21:13 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-05 20:53 - 2014-11-15 21:13 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-05 20:52 - 2014-11-15 21:13 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-05 20:48 - 2014-11-15 21:13 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-05 20:47 - 2014-11-15 21:13 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-02 13:15 - 2011-09-17 04:29 - 00060896 _____ () C:\Users\home\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-02 13:15 - 2011-09-17 04:29 - 00000000 ____D () C:\Users\home\AppData\Local\Windows Live Writer
2014-11-01 15:29 - 2011-09-17 05:27 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-10-31 16:57 - 2011-09-17 05:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-31 16:56 - 2011-09-17 05:47 - 00000000 ____D () C:\ProgramData\Skype
2014-10-28 13:47 - 2014-04-09 01:28 - 00000000 ____D () C:\Users\home\Documents\Tricia
2014-10-28 13:15 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-18 10:45
 
==================== End Of Log ============================
 
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by home at 2014-11-24 17:54:11
Running from F:\Tools\newTools9-18-14\random-audio
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced SystemCare Ultimate 7 (HKLM-x32\...\Advanced SystemCare Ultimate_is1) (Version: 7.0.1 - IObit)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best of Slots II (HKLM-x32\...\Best of Slots II) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCScore (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESSCDBK (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSSONIC (x32 Version: 6.2.0001.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
FanSpeedControl (HKLM-x32\...\InstallShield_{0EC766C7-F444-42BF-A05F-4A790F5360EB}) (Version: 1.00.00.13 - Lenovo)
FanSpeedControl (x32 Version: 1.00.00.13 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.4.1099 - IObit)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcbase (x32 Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KSU (x32 Version: 632.62.0004.0001 - EASTMAN KODAK Company) Hidden
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.1.0.1311 - Lenovo)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo Tinian Fn PS/2 Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.0.11.0321 - Lenovo)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Masque IGT Slots Lil' Lady (HKLM-x32\...\{90A66DB0-9084-4586-8AD1-58BA8F9F6DE5}) (Version: 1.0.0 - Masque Publishing)
Masque Slots (HKLM-x32\...\Masque Slots) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mPlayer version 1.0 (HKLM-x32\...\{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1) (Version: 1.0 - Download Freely, LLC)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Notifier (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
PCDADDIN (x32 Version: 6.02.0001.0003 - EASTMAN KODAK Company) Hidden
PCDHELP (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
QuickTime (HKLM-x32\...\{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}) (Version: 7.1.3.100 - Apple Computer, Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
SFR (x32 Version: 6.02.0001.0001 - Eastman Kodak Company) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHASTA (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.4.17 - ShopAtHome.com) <==== ATTENTION
SKIN0001 (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
staticcr (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Ten Pro Board Games (HKLM-x32\...\Ten Pro Board Games) (Version:  - )
tooltips (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - W3i, LLC)
Uninstall Helper (x32 Version: 2.0.1.0 - W3i, LLC) Hidden
VPRINTOL (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WIRELESS (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
WMS Slots Reel 'em in (HKLM-x32\...\{B5E8EA9B-2DDB-427C-B18D-96C4B4B51999}) (Version: 1.00.0000 - Phantom EFX)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
25-10-2014 00:54:29 Windows Update
28-10-2014 18:49:03 Windows Update
29-10-2014 14:52:38 Windows Update
29-10-2014 15:39:26 Windows Update
02-11-2014 18:39:39 Windows Update
02-11-2014 20:47:37 Windows Update
07-11-2014 00:01:28 Windows Update
11-11-2014 01:53:27 Windows Update
16-11-2014 02:37:53 Windows Update
16-11-2014 17:53:06 Windows Update
16-11-2014 22:52:05 Windows Update
17-11-2014 16:42:46 Windows Update
17-11-2014 16:45:38 Windows Update
20-11-2014 17:12:28 Installed Java 7 Update 71
21-11-2014 02:55:09 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C99F811-700F-4958-96BF-D4B026622D9B} - System32\Tasks\{10191A5F-2DCC-4FFB-B000-67129ABBD7C4} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {407A0D46-DBC2-4674-AAE3-BEC03DEBB736} - System32\Tasks\ASCAntivirusScan => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe [2013-12-02] (IObit)
Task: {4CC2E91E-4238-4937-9D27-8C28FDEBBA5B} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe [2013-11-29] (IObit)
Task: {73A8A13F-244B-40D2-BA19-3BE1833ACAD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)
Task: {81020768-BC32-4F4F-A1B2-8B24CDA1CC6D} - System32\Tasks\ASC7U_SkipUac_home => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe [2013-12-02] (IObit)
Task: {84D36B72-625F-4C92-BA18-7DBF3C99E6FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)
Task: {953D4583-9334-458D-A48D-F438362F13E7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {A165F292-8850-4018-97DE-67BA87DCCE8A} - \MySearchDial No Task File <==== ATTENTION
Task: {B3738AF9-BEFE-4A83-925A-83BC88B3EA07} - \UpdaterEX No Task File <==== ATTENTION
Task: {D9A16210-D012-4FB9-BBEA-9BF32C04D431} - System32\Tasks\{B4747232-3CF6-4C29-A4DC-BC5143E1A9D9} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.120.259&LastError=404
Task: {F34067A6-3E70-4E5D-A49F-B639325704D0} - System32\Tasks\{A108AD88-87B8-4350-9753-0FF4188F5BE2} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {F97A6EF2-8A16-4247-A683-29B96FDC9939} - System32\Tasks\{B09827FD-1FBD-423A-A1BC-C5D0BDE6030D} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.120.259&LastError=404
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-17 05:27 - 2009-09-08 16:12 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-06-07 23:06 - 2011-03-15 22:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2008-05-04 16:02 - 2008-05-04 16:02 - 04603904 _____ () C:\Users\home\AppData\Roaming\U3\0877610284505F6C\LaunchPad.exe
2014-06-10 17:41 - 2013-01-15 17:47 - 00517440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\sqlite3.dll
2014-06-10 17:41 - 2013-11-14 15:02 - 00218944 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Antivirus\bdfltlib.dll
2014-06-10 17:41 - 2013-11-14 15:07 - 00225600 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Antivirus\smartscn.dll
2014-06-10 17:41 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madExcept_.bpl
2014-06-10 17:41 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madBasic_.bpl
2014-06-10 17:41 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madDisAsm_.bpl
2014-06-10 17:41 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\webres.dll
2007-10-23 09:23 - 2007-10-23 09:23 - 02600960 _____ () C:\Users\home\AppData\Roaming\U3\0877610284505F6C\u3dapi10.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\home\Desktop\Marie, Here are your August hotel offers.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
MSCONFIG\startupreg: ApnUpdater => 
MSCONFIG\startupreg: CanonMyPrinter => c:\program files\canon\myprinter\bjmyprt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => c:\program files (x86)\canon\solutionmenu\cnslmain.exe /logon
MSCONFIG\startupreg: HotKeysCmds => c:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => c:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: jmekey => c:\windows\jmesoft\hotkey.exe
MSCONFIG\startupreg: jmesoft => 
MSCONFIG\startupreg: mobilegeni daemon => 
MSCONFIG\startupreg: Persistence => c:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "c:\program files (x86)\quicktime\qttask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => c:\program files\realtek\audio\hda\ravcpl64.exe -s
MSCONFIG\startupreg: Skype => "c:\program files (x86)\skype\phone\skype.exe" /minimized /regrun
MSCONFIG\startupreg: UpdatePRCShortCut => "c:\program files\lenovo\onekey app\lenovo rescue system\muitransfer\muistartmenu.exe" "c:\program files\lenovo\onekey app\lenovo rescue system" updatewithcreateonce "software\lenovo\onekey app\onekey recovery"
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/24/2014 05:51:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (11/24/2014 05:51:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (11/24/2014 05:48:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/23/2014 09:23:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (11/23/2014 09:23:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (11/23/2014 09:20:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (11/23/2014 09:20:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (11/23/2014 07:13:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (11/23/2014 07:13:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (11/23/2014 05:57:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
 
System errors:
=============
Error: (11/24/2014 05:52:08 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
 
Error: (11/24/2014 05:52:08 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
 
Error: (11/24/2014 05:48:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/24/2014 05:48:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (11/24/2014 05:48:12 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (11/24/2014 05:48:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (11/24/2014 05:47:46 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
 
Error: (11/24/2014 05:47:46 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
 
Error: (11/24/2014 05:47:36 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
Error: (11/24/2014 05:47:33 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
 
Microsoft Office Sessions:
=========================
Error: (11/24/2014 05:51:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (11/24/2014 05:51:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (11/24/2014 05:48:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\Tools\newTools9-18-14\esetsmartinstaller_enu.exe
 
Error: (11/23/2014 09:23:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (11/23/2014 09:23:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (11/23/2014 09:20:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (11/23/2014 09:20:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (11/23/2014 07:13:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (11/23/2014 07:13:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (11/23/2014 05:57:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 33%
Total physical RAM: 4061.18 MB
Available physical RAM: 2695.9 MB
Total Pagefile: 8120.53 MB
Available Pagefile: 6516.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:906.34 GB) (Free:862.53 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.47 GB) (Free:3.6 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 05B20A32)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites

2nd post

MBAM CheckResults
mbam-check result log version:     2.1.1.1001
========================================
 
User Account type:                 Administrator
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build:         6.1.7601.0 
Malwarebytes Anti-Malware:         2.0.3.1025
Installed On:                      2014/11/20
Malware Database:                  2014.11.24.10
Rootkit Database:                  2014.11.22.01
Remediation Database:              2013.10.16.01
IP Database:                       0000.00.00.00
Domain Database:                   0000.00.00.00
License:                           Premium
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      1 (The service is not running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2014/11/24 18:28:56
Compatibility Flag Settings:
=================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Program Files (x86)\Skype\Phone\Skype.exeREG_SZ # WINXPSP2
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\windows\system32\drivers\mbam.sys
File Size: 25816     BYTES FileVersion: 0.1.15.0 MD5: [5c3669b71657f22e67a1d4bd49d2cbe7]
C:\windows\system32\drivers\mwac.sys
File Size: 63704     BYTES FileVersion: 1.0.6.0 MD5: [95ef63a7827d4e3a229cbbcb42619e93]
C:\windows\system32\drivers\mbamswissarmy.sys
File Size: 129752    BYTES FileVersion: 0.2.13.0 MD5: [26c43960c99ee861a5d0edc4dcf3b1c3]
C:\windows\system32\drivers\mbamchameleon.sys
File Size: 93400     BYTES FileVersion: 1.1.4.0 MD5: [d3311b31c470e7681b14d9b014cbf9ed]
 
--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1075
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: BFE
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
ErrorControl                  REG_DWORD 3
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
 
C:\windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES FileVersion: 6.1.7601.17514 MD5: [da6b67270fd9db3697b20fce94950741]
C:\windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96]
 
 
MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       true 
    LimitedMode:                                               false 
    StartSilentMode:                                           false 
    StartupDelay:                                              0 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          false 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       7000 
ScanHistory: 
    Duration_Complete:                                         100058 
    Duration_Driver:                                           0 
    Duration_Filesystem:                                       69 
    Duration_Heuristics:                                       440224 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 0 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          13713 
    Duration_Registry:                                         16061 
    Duration_Sector:                                           0 
    Duration_Startup:                                          6246 
    ItemCount_Complete:                                        262227 
    ItemCount_Driver:                                          0 
    ItemCount_Filesystem:                                      42005 
    ItemCount_Heuristics:                                      8939 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                0 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         0 
    ItemCount_Registry:                                        539 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         882 
    LastScanDateEpoch:                                         1416869269739 
    LastScanType:                                              1 (Threat Scan)
Update: 
    LastUpdate:                                                2014-11-24T23:03:37 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    7 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
--------------Account:--------------
  Account Status:                                              Premium 
  Expiration Time:                                             2034/11/20 23:00:56 
  Activation Time:                                             2014/11/20 23:00:56 
  Trial Used:                                                  true 
--------------Access Policies:--------------
 
Scheduler Queue:
================
 
tasks: 
    221cda88-6087-4dd4-b7b0-a00aa3983e4a:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             true 
        TaskType:                                              3 
      triggers:                                                 
        2dd7f2e8-a003-4f18-bed2-1f632ef296bd:                   
          dateinterval:                                        0:0:0 
          lastscheduled:                                       Mon, 24 Nov 2014 18:03:28.295032 -0500 
          lasttriggered:                                       Mon, 24 Nov 2014 18:03:28.295032 -0500 
          nextscheduled:                                       Mon, 24 Nov 2014 19:15:01.278844 -0500 
          recovery:                                            00:00:00 
          start:                                               Thu, 20 Nov 2014 23:03:28.278844 -0500 
          timeinterval:                                        01:00:00 
          type:                                                3 
          uuid:                                                2dd7f2e8-a003-4f18-bed2-1f632ef296bd 
      type:                                                    update 
      uuid:                                                    221cda88-6087-4dd4-b7b0-a00aa3983e4a 
    250d292c-9e2f-4e3a-b646-648ce2c8c68d:                       
      parameters:                                               
        CheckForUpdatesBeforeScanStart:                        true 
        ProcessLaunchedFromScheduler:                          true 
        ScanConfig:                                             
          ExitWhenNoMalwareDetected:                           false 
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          RebootSystemWhenMalwareDetected:                     false 
          RemoveMalwareAutomaticallyWhenScanEnds:              false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             2 
          ScanPUP:                                             2 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
          TerminateExplorerWhenMalwareIsRemoved:               false 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        0ea4d9ff-cab0-471e-a67d-a5377cf06b42:                   
          dateinterval:                                        1:0:0 
          lastscheduled:                                       Mon, 24 Nov 2014 17:47:35.784830 -0500 
          lasttriggered:                                       Mon, 24 Nov 2014 17:47:35.784830 -0500 
          nextscheduled:                                       Tue, 25 Nov 2014 02:04:41 -0500 
          recovery:                                            23:00:00 
          start:                                               Fri, 21 Nov 2014 02:06:54 -0500 
          timeinterval:                                        00:00:00 
          type:                                                4 
          uuid:                                                0ea4d9ff-cab0-471e-a67d-a5377cf06b42 
      type:                                                    scan 
      uuid:                                                    250d292c-9e2f-4e3a-b646-648ce2c8c68d 
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
PendingFileRenameOperations REG_MULTI_SZ \??\C:\Users\home\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
 
 
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type                          REG_DWORD 2
Start                         REG_DWORD 3
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ \??\C:\windows\system32\drivers\mbam.sys
Group                         REG_SZ FSFilter Anti-Virus
DependOnService               REG_MULTI_SZ FltMgr
 
WOW64                         REG_DWORD 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance               REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude                      REG_SZ 328800
Flags                         REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
PassThruFile                  REG_SZ mbampt.exe
ProductPath                   REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
0                             REG_SZ Root\LEGACY_MBAMPROTECTOR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
MBAMService Registry Values:
============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
DependOnService               REG_MULTI_SZ MBAMProtector
 
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware service
DelayedAutostart              REG_DWORD 0
 
MBAMScheduler Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware scheduler
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 2 (Automatic Startup)
 
Proxy Status: No proxy is Set
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume1
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP:  Language is English (United States)
MACCP:  Language is English (United States)
OEMCP:  Language is English (United States)
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Context Menu Entries:
=====================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 920888    BYTES FileVersion:  9.20.0.0       MD5: [ce5bab535bfa98530ddac4661a751dfe]
changes.txt                              File Size: 3104      BYTES FileVersion:  N/A            MD5: [3ac874d1e1bfd50e4ceb220f5dd73f67]
license.rtf                              File Size: 39478     BYTES FileVersion:  N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]
master.conf                              File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 579896    BYTES FileVersion:  1.0.16.0       MD5: [59569d4be0d79a2b8c3241c6dcea0034]
mbam.exe                                 File Size: 7229752   BYTES FileVersion:  1.0.1.711      MD5: [f89773dfa9b8c95a3ac2af1e7d99e483]
mbamcore.dll                             File Size: 1829176   BYTES FileVersion:  1.1.20.0       MD5: [a8d4b1d04a5fcd862321ce106da7ce4e]
mbamdor.exe                              File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [842c198bb5fb3a051c34d493f3a7dff4]
mbamext.dll                              File Size: 310584    BYTES FileVersion:  3.0.6.0        MD5: [c49fe57cfa679dc1427fd6737bdce551]
mbampt.exe                               File Size: 39736     BYTES FileVersion:  1.0.0.0        MD5: [03cfd2a07ddf755aafac6e459d2d855a]
mbamscheduler.exe                        File Size: 1871160   BYTES FileVersion:  3.1.1.0        MD5: [6d8a2ee4244630b290a837e79c0f37a1]
mbamservice.exe                          File Size: 968504    BYTES FileVersion:  3.0.8.0        MD5: [09d4503cbb6adb3a54e7c7a75090b728]
mbamsrv.dll                              File Size: 4463928   BYTES FileVersion:  1.2.0.0        MD5: [a422816a15cfac50567fd0f6582fd2cf]
msvcp100.dll                             File Size: 421688    BYTES FileVersion:  10.0.40219.325 MD5: [ca55500e2e0515fcc888c4a5e01e64b7]
msvcr100.dll                             File Size: 774456    BYTES FileVersion:  10.0.40219.325 MD5: [4c539e592e50633b21ab1e1fda40a32a]
QtCore4.dll                              File Size: 2732856   BYTES FileVersion:  4.8.4.0        MD5: [61af7614418ba5b9e8b4eb82e459be53]
QtGui4.dll                               File Size: 8575288   BYTES FileVersion:  4.8.4.0        MD5: [2954dc080087cf73818f959cb3ed9c13]
QtNetwork4.dll                           File Size: 909112    BYTES FileVersion:  4.8.4.0        MD5: [d36b759179ddd214743dcfb8ed791fa2]
unins000.dat                             File Size: 48426     BYTES FileVersion:  N/A            MD5: [fa1e1cb5bb7b83474b829c092c4074e6]
unins000.exe                             File Size: 718037    BYTES FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\accessible
qtaccessiblewidgets4.dll                 File Size: 198968    BYTES FileVersion:  4.8.4.0        MD5: [ac1481e30e75034928f50923c42a530d]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                            File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                              File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
firefox.exe                              File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
firefox.pif                              File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
firefox.scr                              File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
iexplore.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.com                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.exe                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.pif                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.scr                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-killer.exe                          File Size: 1188664   BYTES FileVersion:  3.0.2.0        MD5: [311251e69b0db0562be1a2d6b556e552]
rundll32.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
svchost.exe                              File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
windows.exe                              File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
winlogon.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                                File Size: 32568     BYTES FileVersion:  4.8.4.0        MD5: [ff014ac49ac32e5f1c7d6e271b320893]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                               File Size: 139423    BYTES FileVersion:  N/A            MD5: [9771d098e918204a99fa0068f431e6ba]
lang_bg.qm                               File Size: 147865    BYTES FileVersion:  N/A            MD5: [d250b37179f313e58267f7946e0522d4]
lang_bs.qm                               File Size: 145523    BYTES FileVersion:  N/A            MD5: [6ab7a6274d4f9f7553c944f5c66201ba]
lang_ca.qm                               File Size: 149256    BYTES FileVersion:  N/A            MD5: [0cc2735ee2f231ea5d964c323ca73e08]
lang_cs.qm                               File Size: 142601    BYTES FileVersion:  N/A            MD5: [8426f7126d2851a1e6ca1f1f7e45d2ec]
lang_da.qm                               File Size: 143131    BYTES FileVersion:  N/A            MD5: [6fe13d4a5a44a3390bf9940404eeb6c7]
lang_de.qm                               File Size: 151959    BYTES FileVersion:  N/A            MD5: [9517c7c9865b5641c5c250c84b51a6d1]
lang_el.qm                               File Size: 152327    BYTES FileVersion:  N/A            MD5: [4cd483236d99cf40e9d8cf534bac05e7]
lang_en.qm                               File Size: 137689    BYTES FileVersion:  N/A            MD5: [d34a8afc30bb472c443f7f088513ff04]
lang_es.qm                               File Size: 149211    BYTES FileVersion:  N/A            MD5: [1ee5f6535d02c94812e54e3ed65de6ac]
lang_et.qm                               File Size: 141939    BYTES FileVersion:  N/A            MD5: [f6faee4a33654bb27dcf2f9d4cf955ef]
lang_fi.qm                               File Size: 145730    BYTES FileVersion:  N/A            MD5: [9f4ff431ec70747591ef0e0eaf3ed2cb]
lang_fr.qm                               File Size: 153965    BYTES FileVersion:  N/A            MD5: [8dd69dd62ee617dc3ca4f25ab2c70af8]
lang_he.qm                               File Size: 134117    BYTES FileVersion:  N/A            MD5: [3ad149f1778e6e8f8f89ecfe67a1e62e]
lang_hr.qm                               File Size: 139841    BYTES FileVersion:  N/A            MD5: [3e3737fe86eb595c5f6817eebf731aa7]
lang_hu.qm                               File Size: 147806    BYTES FileVersion:  N/A            MD5: [7c3ae4dde80fa8759968b218a03a7a73]
lang_id.qm                               File Size: 145710    BYTES FileVersion:  N/A            MD5: [c2a0325d9dfb5c5fce7a4832837896e7]
lang_it.qm                               File Size: 148249    BYTES FileVersion:  N/A            MD5: [4766a519a653d8e6f6ad32094a2a059b]
lang_ja.qm                               File Size: 122782    BYTES FileVersion:  N/A            MD5: [339134f906b770b833653682264bdc23]
lang_ko.qm                               File Size: 119240    BYTES FileVersion:  N/A            MD5: [5042df441910dfe9f6a55d3c005b00c7]
lang_lt.qm                               File Size: 146950    BYTES FileVersion:  N/A            MD5: [5c0fca31ff0a6d2b3f6d1722940a2dc6]
lang_lv.qm                               File Size: 146072    BYTES FileVersion:  N/A            MD5: [8623ed6977cd81c0d520f5fd84788d93]
lang_nl.qm                               File Size: 147725    BYTES FileVersion:  N/A            MD5: [1b391d5599be4724018624a27014eb75]
lang_no.qm                               File Size: 144153    BYTES FileVersion:  N/A            MD5: [2d53348f8e74f26f065e0c83e8fff7fe]
lang_pl.qm                               File Size: 147483    BYTES FileVersion:  N/A            MD5: [ce39bae20f8a2b42f93f2f5a5c6dd63e]
lang_pt_BR.qm                            File Size: 146906    BYTES FileVersion:  N/A            MD5: [b337c75fa23ba36176719d54c0269560]
lang_pt_PT.qm                            File Size: 144956    BYTES FileVersion:  N/A            MD5: [b41016907930a96a11aadb348fd9a1b6]
lang_ro.qm                               File Size: 146821    BYTES FileVersion:  N/A            MD5: [69c447559268a873808d5ae48b425ad9]
lang_ru.qm                               File Size: 148179    BYTES FileVersion:  N/A            MD5: [51d4d0c155de54f24b09be7040a7ff15]
lang_sk.qm                               File Size: 144330    BYTES FileVersion:  N/A            MD5: [3a00a97315c24e6820f8939920ef14b4]
lang_sl.qm                               File Size: 144582    BYTES FileVersion:  N/A            MD5: [47db99ccdd98936e6a38957321c71317]
lang_sr.qm                               File Size: 143261    BYTES FileVersion:  N/A            MD5: [377d15c0da0249f4a7a58978b6307d81]
lang_sv.qm                               File Size: 145435    BYTES FileVersion:  N/A            MD5: [a2b33c0364aad3e9d7daafdd4f286ee1]
lang_th.qm                               File Size: 137957    BYTES FileVersion:  N/A            MD5: [6a24ece552172d805cd428853255d294]
lang_tr.qm                               File Size: 144262    BYTES FileVersion:  N/A            MD5: [18b7fec7611c038780ee77044e523f70]
lang_vi.qm                               File Size: 144480    BYTES FileVersion:  N/A            MD5: [708062759498e791186bbe64b7246d0c]
lang_zh_tr.qm                            File Size: 110870    BYTES FileVersion:  N/A            MD5: [f223d83580b1ee35edea13293cb2c80d]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                            File Size: 821560    BYTES FileVersion:  1.1.0.1010     MD5: [0d7dd0e7f98a4f414fed44af0b50128b]
 
C:\Users\home\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                              File Size: 314       BYTES FileVersion:  N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]
domains.ref                              File Size: 38        BYTES FileVersion:  N/A            MD5: [8c30b536b67543eb68e68b9640d4d498]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                  File Size: 33        BYTES FileVersion:  N/A            MD5: [8a1c580788ea8de3f32862c2c1cf373c]
mbam-setup.exe                           File Size: 19828376  BYTES FileVersion:  2.0.3.1025     MD5: [33398d340008a0577507fca7fd443622]
rules.ref                                File Size: 10267355  BYTES FileVersion:  N/A            MD5: [7586983e20fd5488e61fab39ab082e24]
swissarmy.ref                            File Size: 24132     BYTES FileVersion:  N/A            MD5: [5441d75bac9a39c8dac2c1f691720f26]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4575      BYTES FileVersion:  N/A            MD5: [d7db71e480e60c35659288dd471688b6]
database.conf                            File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 586       BYTES FileVersion:  N/A            MD5: [a9278a8f2807df300a30fb3f555f0b65]
manifest.conf                            File Size: 1716      BYTES FileVersion:  N/A            MD5: [78b2a3e4ab36cf7bb1dc7c8e83c0e869]
marketing.conf                           File Size: 1434      BYTES FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                 File Size: 6072      BYTES FileVersion:  N/A            MD5: [ecff826c256b02bdf6340be8c499c553]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 2234      BYTES FileVersion:  N/A            MD5: [c1c6e99f3e9777f19a80e334fe1acd69]
settings.conf                            File Size: 1990      BYTES FileVersion:  N/A            MD5: [2036f4b97cd52adbc0a7ed6443f2ef7d]
statistics.conf                          File Size: 597       BYTES FileVersion:  N/A            MD5: [adbe110d61d7841d06a3993f0a05f6a2]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                               File Size: 4155      BYTES FileVersion:  N/A            MD5: [287475cbeda24d01fe8d34660bc35e1c]
database.conf                            File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                            File Size: 1566      BYTES FileVersion:  N/A            MD5: [29b928c33aec22293649d003ea4ef224]
marketing.conf                           File Size: 1434      BYTES FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                 File Size: 5344      BYTES FileVersion:  N/A            MD5: [973e9c5714cc0c56a7b9c83d876754dd]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                            File Size: 1725      BYTES FileVersion:  N/A            MD5: [06c52d7137dac16e1661f7cf004f2e4d]
statistics.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-11-21 (02-14-37).xml       File Size: 2500      BYTES FileVersion:  N/A            MD5: [16c9c44b7ebc782fff19602fd3ad34c7]
mbam-log-2014-11-22 (15-00-25).xml       File Size: 2492      BYTES FileVersion:  N/A            MD5: [fb9acb07ecbb337858f240579dcab812]
mbam-log-2014-11-23 (13-24-48).xml       File Size: 2500      BYTES FileVersion:  N/A            MD5: [55f6a247715fdf4859cfb27949a42823]
mbam-log-2014-11-24 (17-47-48).xml       File Size: 2498      BYTES FileVersion:  N/A            MD5: [6a0a60cd79e06d2ffc52baeafb0364ad]
protection-log-2014-11-20.xml            File Size: 11667     BYTES FileVersion:  N/A            MD5: [f71d30239fa37fa5bb7c340185b36d63]
protection-log-2014-11-21.xml            File Size: 5586      BYTES FileVersion:  N/A            MD5: [d13c7f225fc5132efee075c33d62e1a3]
protection-log-2014-11-22.xml            File Size: 12874     BYTES FileVersion:  N/A            MD5: [b966d9faae5fa4537afd26a3f9ea0aaa]
protection-log-2014-11-23.xml            File Size: 8789      BYTES FileVersion:  N/A            MD5: [fb15b4483a02f5c6e2388c3d03fa4bc2]
protection-log-2014-11-24.xml            File Size: 3899      BYTES FileVersion:  N/A            MD5: [9d9833e2619c4a361d98894e068ea379]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
 
Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
===============================================================
END OF FILE
Link to post
Share on other sites

Hello CCSwells:
 
1. Unfortunately your version of FRST64.exe was far too old to be at its maximum usefulness. Farbar can occasionally issue more than one revision per day.
2. You were requested to ATTACH all diagnostic output report text files in your reply. Please do not copy and paste, compress, PDF, or upload to a file hosting service.
 
Please download/run a version of FRST64.exe that's current. (probably v23.11.2014.1 or later)  Also, please download and run from an Administrator's desktop, booted up in Normal mode.
 
All 3 output files can then be ATTACHED to the same single reply. The mbam-check output file was probably okay if it was run as instructed above.

 

Some of us with very old eyes will appreciate your extra efforts,
 
Thank you.

Link to post
Share on other sites

Hi:
 
Until Firefox and 1PW return... :)
 
Actually your first set of logs show at least PUPs and other unwanted items, AND one of the critical Windows services needed for MBAM function (BFE) is not running.
This can be a sign of malware damage.

So, cleaning this up will require deeper work.

We can't work on malware diagnostics and removal in this sub-section of the forum.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the preliminary steps to expedite the process.
A malware analyst will guide you through the cleanup process and through getting MBAM up and running.

 

>>>As you have already run FRST, you just need to start a NEW, SEPARATE topic in the malware removal section -- with these same logs attached to it. :)

Then, please wait for one of the experts to assist you.

Thanks,

Link to post
Share on other sites

Hello and welcome, jaynyc:
 
Problems that sound the same often are not.
As each computer is unique, problem-solving also requires an individualized approach.
As such, it's best NOT to "piggyback" onto a topic created by another user.
Doing so creates confusion for everyone.
 
Having said that, your logs indicate that the computer may be infected and/or damaged from malware.
We can't work on malware diagnostics and removal in this sub-section of the forum.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the preliminary steps to expedite the process.
A malware analyst will guide you through the cleanup process and will help you to get MBAM up and running.

 

>>As you have already run FRST, you just need to start a NEW, SEPARATE topic in the malware removal section of the forum -- please attach the same logs to that new post. Then please wait for one of the experts to assist you.

Thanks,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.