Author Topic: [Inactive] Can not enable Windows Defender. (Read 1172 times)

Raschal · « **on:** March 28, 2012, 07:20:43 AM »

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by raschal at 8:09:33 on 2012-03-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2568 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxeccoms.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Users\Kelly Coffer\Documents\RCA Detective\RCADetective.exe
C:\Windows\system32\viakaraokesrv.exe
F:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [Easy Dock]
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Easy Dock]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\KELLYC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\Kelly Coffer\Documents\RCA Detective\RCADetective.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3A21DF34-CA67-42C1-9E02-B7559EE5DFDC} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Easy Dock]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 lxec_device;lxec_device;C:\Windows\system32\lxeccoms.exe -service --> C:\Windows\system32\lxeccoms.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-14 652360]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-3-20 517632]
R2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2012-3-20 315392]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-28 13:05:14   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6B0B529-5433-42BB-AD49-02FA35D29E01}\offreg.dll
2012-03-28 13:04:50   8669240   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6B0B529-5433-42BB-AD49-02FA35D29E01}\mpengine.dll
2012-03-25 20:45:00   388096   ----a-r-   C:\Users\Kelly Coffer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-25 20:45:00   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-03-25 05:23:37   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Local\libimobiledevice
2012-03-24 03:26:50   --------   d-----w-   C:\Program Files (x86)\UtilityChest_49EI
2012-03-21 05:01:31   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Local\WindowsUpdate
2012-03-20 22:17:16   --------   d-----w-   C:\Program Files\ATT-SST
2012-03-20 22:17:10   --------   d-----w-   C:\Program Files (x86)\ATT-SST
2012-03-20 21:20:02   --------   d-----w-   C:\Program Files (x86)\Common Files\Motive
2012-03-20 21:19:58   --------   d-----w-   C:\Program Files\Common Files\Motive
2012-03-20 18:37:19   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Local\Amazon
2012-03-19 03:33:22   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Roaming\Coby Media Manager
2012-03-18 23:35:26   --------   d-----r-   C:\Users\Kelly Coffer\Virtual Machines
2012-03-18 23:32:40   3584   ----a-w-   C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui
2012-03-18 21:41:47   --------   d-----w-   C:\Users\Kelly Coffer\VirtualBox VMs
2012-03-18 21:36:12   224048   ----a-w-   C:\Windows\System32\drivers\VBoxDrv.sys
2012-03-18 21:36:09   130864   ----a-w-   C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-03-18 20:51:06   --------   d-----w-   C:\Users\Kelly Coffer\.VirtualBox
2012-03-15 03:32:43   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Local\Cranium
2012-03-14 23:23:00   147248   ----a-w-   C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-03-14 23:22:56   117040   ----a-w-   C:\Windows\System32\drivers\VBoxUSB.sys
2012-03-14 23:22:42   320816   ----a-w-   C:\Windows\System32\VBoxNetFltNobj.dll
2012-03-14 23:05:10   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Roaming\RealNetworks
2012-03-14 22:54:07   --------   d-----w-   C:\Program Files (x86)\Common Files\xing shared
2012-03-14 22:36:30   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Roaming\Malwarebytes
2012-03-14 22:36:27   41272   ----a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-14 22:36:26   --------   d-----w-   C:\ProgramData\Malwarebytes
2012-03-14 22:36:23   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-03-14 22:36:23   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-14 22:11:44   5559152   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-03-14 22:11:44   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:11:43   3913584   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 12:58:35   3145728   ----a-w-   C:\Windows\System32\win32k.sys
2012-03-14 12:58:35   1544192   ----a-w-   C:\Windows\System32\DWrite.dll
2012-03-14 12:58:35   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-03-14 12:57:33   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
2012-03-14 12:57:33   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-03-14 12:57:33   77312   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-03-14 12:57:33   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 12:57:33   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 12:57:33   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-03-14 12:57:33   1112064   ----a-w-   C:\Windows\System32\rdpcorets.dll
2012-03-14 12:57:33   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-03-13 14:31:04   --------   d-----w-   C:\Program Files (x86)\AMD AVT
2012-03-13 14:31:03   --------   d-----w-   C:\Program Files\AMD
2012-03-13 14:31:02   --------   d-----w-   C:\Program Files (x86)\AMD APP
2012-03-11 13:32:15   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Roaming\NCH Software
2012-03-11 12:50:51   --------   d-----w-   C:\ProgramData\FreeRIP
2012-03-11 12:50:19   --------   d-----w-   C:\Program Files\iTunes
2012-03-11 12:50:19   --------   d-----w-   C:\Program Files\iPod
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-03-11 05:36:02   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Roaming\enabler
2012-03-08 05:49:09   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Local\WinZip
2012-03-08 05:37:41   --------   d-----w-   C:\Windows\SysWow64\{userdocs}
2012-03-06 15:47:54   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Roaming\pdfforge
2012-03-06 15:47:51   87040   ----a-w-   C:\Windows\System32\pdfcmnnt.dll
2012-03-06 15:47:51   662288   ----a-w-   C:\Windows\SysWow64\MSCOMCT2.OCX
2012-03-06 15:47:51   137000   ----a-w-   C:\Windows\SysWow64\MSMAPI32.OCX
2012-03-06 15:47:50   23552   ----a-w-   C:\Windows\SysWow64\MSMPIDE.DLL
.
==================== Find3M ====================
.
2012-03-21 11:10:28   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 22:53:53   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2012-03-14 22:53:53   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2012-02-15 16:01:50   52736   ----a-w-   C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50   4547944   ----a-w-   C:\Windows\System32\usbaaplrc.dll
2012-02-15 03:48:32   10856960   ----a-w-   C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24   25839104   ----a-w-   C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56   159744   ----a-w-   C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40   791040   ----a-w-   C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04   957952   ----a-w-   C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56   442368   ----a-w-   C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40   496128   ----a-w-   C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00   235520   ----a-w-   C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42   120320   ----a-w-   C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58   21504   ----a-w-   C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54   59392   ----a-w-   C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48   43520   ----a-w-   C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44   6200320   ----a-w-   C:\Windows\SysWow64\atidxx32.dll
2012-02-15 03:05:32   69632   ----a-w-   C:\Windows\System32\OpenVideo64.dll
2012-02-15 03:05:26   59904   ----a-w-   C:\Windows\SysWow64\OpenVideo.dll
2012-02-15 03:05:20   61952   ----a-w-   C:\Windows\System32\OVDecode64.dll
2012-02-15 03:05:16   54784   ----a-w-   C:\Windows\SysWow64\OVDecode.dll
2012-02-15 03:05:08   16507904   ----a-w-   C:\Windows\System32\amdocl64.dll
2012-02-15 03:04:26   13238272   ----a-w-   C:\Windows\SysWow64\amdocl.dll
2012-02-15 03:03:44   54272   ----a-w-   C:\Windows\System32\OpenCL.dll
2012-02-15 03:03:38   48128   ----a-w-   C:\Windows\SysWow64\OpenCL.dll
2012-02-15 02:58:56   19392000   ----a-w-   C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:52:28   7646208   ----a-w-   C:\Windows\System32\atidxx64.dll
2012-02-15 02:41:28   1113088   ----a-w-   C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54   1828864   ----a-w-   C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42   4958208   ----a-w-   C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56   51200   ----a-w-   C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54   46080   ----a-w-   C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46   44544   ----a-w-   C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44   44032   ----a-w-   C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36   5954048   ----a-w-   C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30   13859840   ----a-w-   C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52   5062656   ----a-w-   C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50   11561984   ----a-w-   C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06   7551488   ----a-w-   C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38   58880   ----a-w-   C:\Windows\System32\coinst.dll
2012-02-15 02:14:00   512000   ----a-w-   C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50   356352   ----a-w-   C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36   17408   ----a-w-   C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32   14336   ----a-w-   C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32   14336   ----a-w-   C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28   39936   ----a-w-   C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20   33280   ----a-w-   C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12   327680   ----a-w-   C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22   43008   ----a-w-   C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14   33280   ----a-w-   C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08   39936   ----a-w-   C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00   30208   ----a-w-   C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22   53248   ----a-w-   C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16   54784   ----a-w-   C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16   54784   ----a-w-   C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10   53760   ----a-w-   C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10   53760   ----a-w-   C:\Windows\SysWow64\amdpcom32.dll
2012-01-31 12:44:20   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2012-01-31 11:02:26   21504   ----a-w-   C:\Windows\System32\kdbsdk64.dll
2012-01-31 11:00:24   16896   ----a-w-   C:\Windows\SysWow64\kdbsdk32.dll
2012-01-29 04:58:56   0   ----a-w-   C:\Windows\ativpsrm.bin
2012-01-04 10:44:20   509952   ----a-w-   C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41   442880   ----a-w-   C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08   515584   ----a-w-   C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56   478720   ----a-w-   C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 8:09:45.65 ===============

Hoov · « **Reply #1 on:** March 28, 2012, 10:35:33 AM »

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

I am not sure why you are trying to turn on Windows Defender. Are you having a problem?

If you are not having any other problems that Windows Defender will not run, then this is simple.

Microsoft Security Essentials disables Windows Defender by default. It basically has windows defender in it. So if you were able to start it up again you would essentially have two copies of Windows Defender running on your computer.

Let me know what problems, if any, that you are having other than the windows defender issue.

Raschal · « **Reply #2 on:** April 01, 2012, 12:32:56 PM »

Hoov,

Yes, Local Area Connection Status.

Thanks,
Raschal

Hoov · « **Reply #3 on:** April 01, 2012, 12:37:24 PM »

The large amount of data going into and out of your computer that you described in your PM indicates to me that your computer may be serving spam or has been taken over for some other reason. With Microsoft Security Essentials running, you do not need Windows Defender.

Please run ccleaner to remove temporary files from your system, and to improve the scanning time of the other scans we may be running. Then please run Malwarebytes'' Anti-Malware to check for malware. Both sets of instructions are below

1.Download and scan with CCleaner
When you get to the website, there is a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box. Below that light grey box is where the download links are at. The pay amount is for paid support.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot''s Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes'' Anti-Malware
Launch Malwarebytes'' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click ''Show Results'' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Also I need you to run DDS again and post both DDS.txt and Attach.txt in your reply. If you need more than one reply to be able to paste them into the reply, go ahead and do that.

Raschal · « **Reply #4 on:** April 01, 2012, 09:31:17 PM »

Ok, now I understand about Windows Defender.
However I am receiveing a message whenever I click on a link sent to my email, however this only happens in Microsoft Outlook. (This operation has been cancelled due to restrictions on this computer. Please contact system administrator.)
And I have made no changes to Outlook.
I have recently downloaded a free pdf creator from Cnet.
The main concern is the tremendous activity showing up in the local area connection status.
Over 30,000,000 bytes in 10 hours and climbing.

Hoov · « **Reply #5 on:** April 01, 2012, 09:41:05 PM »

Go ahead and run Ccleaner and Malwarebytes' Anti-Malware. Post the log generated by Malwarebytes' Anti-Malware after removing anything it finds, or if it finds nothing post that log.

Raschal · « **Reply #6 on:** April 01, 2012, 10:14:48 PM »

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Kelly Coffer at 23:13:37 on 2012-04-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2779 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\DAODx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxeccoms.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
F:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - F:\Program Files (x86)\Java\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - F:\Program Files (x86)\Java\bin\jp2ssv.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\KELLYC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\RCADET~1.LNK - C:\Users\Kelly Coffer\Documents\RCA Detective\RCADetective.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: $talisma_url$
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3A21DF34-CA67-42C1-9E02-B7559EE5DFDC} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\bin\jp2ssv.dll
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kelly Coffer\AppData\Roaming\Mozilla\Firefox\Profiles\09thvou9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: F:\Program Files (x86)\Java\bin\plugin2\npdeployJava1.dll
FF - plugin: F:\Program Files (x86)\Java\bin\plugin2\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 lxec_device;lxec_device;C:\Windows\system32\lxeccoms.exe -service --> C:\Windows\system32\lxeccoms.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-14 652360]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-3-20 517632]
R2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2012-3-20 315392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-30 1153368]
R2 UsbService;ASUS Virtual MFP Service;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2012-3-31 334848]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 vuhub;Virtual Usb Hub;C:\Windows\system32\DRIVERS\vuhub.sys --> C:\Windows\system32\DRIVERS\vuhub.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxecserv.exe [2010-4-14 45736]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2012-3-31 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-02 02:50:02   8669240   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79578FA3-6829-4FDA-9944-50499DDFC134}\mpengine.dll
2012-04-01 05:14:22   --------   d-----w-   C:\MRI_Updates
2012-04-01 04:24:39   --------   d-----w-   C:\ProgramData\Geek Squad
2012-03-31 22:32:30   --------   d-----w-   C:\ProgramData\Lexmark Pro800-Pro900 Series
2012-03-31 21:44:38   --------   d-----w-   C:\Program Files (x86)\ASUS
2012-03-31 21:02:42   41280   ----a-w-   C:\Windows\SysWow64\drivers\PCASp50a64.sys
2012-03-31 21:02:41   61440   ----a-w-   C:\Windows\SysWow64\ASIW32N50.dll
2012-03-31 21:02:41   52800   ----a-w-   C:\Windows\SysWow64\drivers\PCASp50.sys
2012-03-31 21:02:41   16302   ----a-w-   C:\Windows\SysWow64\ASINDIS5.sys
2012-03-31 21:02:41   15577   ----a-w-   C:\Windows\SysWow64\ASINDIS3.vxd
2012-03-31 20:53:45   47616   ----a-w-   C:\Windows\System32\drivers\vuhub.sys
2012-03-31 19:04:13   38912   ----a-r-   C:\Windows\SysWow64\drivers\PcaSp60.sys
2012-03-31 19:04:13   38912   ----a-r-   C:\Windows\System32\drivers\PcaSp60.sys
2012-03-31 18:51:48   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-03-31 18:08:34   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Local\Mozilla
2012-03-31 16:35:28   --------   d-----w-   C:\ProgramData\Ezprint
2012-03-31 16:33:37   --------   d-----w-   C:\Lexmark
2012-03-30 10:45:29   --------   d-----w-   C:\ProgramData\Spybot - Search & Destroy
2012-03-30 10:45:29   --------   d-----w-   C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-25 20:45:00   388096   ----a-r-   C:\Users\Kelly Coffer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-25 20:45:00   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-03-25 05:23:37   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Local\libimobiledevice
2012-03-24 03:26:50   --------   d-----w-   C:\Program Files (x86)\UtilityChest_49EI
2012-03-21 05:01:31   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Local\WindowsUpdate
2012-03-20 22:17:16   --------   d-----w-   C:\Program Files\ATT-SST
2012-03-20 22:17:10   --------   d-----w-   C:\Program Files (x86)\ATT-SST
2012-03-20 21:20:02   --------   d-----w-   C:\Program Files (x86)\Common Files\Motive
2012-03-20 21:19:58   --------   d-----w-   C:\Program Files\Common Files\Motive
2012-03-20 18:37:19   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Local\Amazon
2012-03-19 03:33:22   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Roaming\Coby Media Manager
2012-03-18 23:35:26   --------   d-----r-   C:\Users\Kelly Coffer\Virtual Machines
2012-03-18 23:32:40   3584   ----a-w-   C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui
2012-03-18 21:41:47   --------   d-----w-   C:\Users\Kelly Coffer\VirtualBox VMs
2012-03-18 21:36:12   224048   ----a-w-   C:\Windows\System32\drivers\VBoxDrv.sys
2012-03-18 21:36:09   130864   ----a-w-   C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-03-18 20:51:06   --------   d-----w-   C:\Users\Kelly Coffer\.VirtualBox
2012-03-15 03:32:43   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Local\Cranium
2012-03-14 23:23:00   147248   ----a-w-   C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-03-14 23:22:56   117040   ----a-w-   C:\Windows\System32\drivers\VBoxUSB.sys
2012-03-14 23:22:42   320816   ----a-w-   C:\Windows\System32\VBoxNetFltNobj.dll
2012-03-14 23:05:10   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Roaming\RealNetworks
2012-03-14 22:36:30   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Roaming\Malwarebytes
2012-03-14 22:36:27   41272   ----a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-14 22:36:26   --------   d-----w-   C:\ProgramData\Malwarebytes
2012-03-14 22:36:23   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-03-14 22:36:23   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-14 22:11:44   5559152   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-03-14 22:11:44   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:11:43   3913584   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 12:58:35   3145728   ----a-w-   C:\Windows\System32\win32k.sys
2012-03-14 12:58:35   1544192   ----a-w-   C:\Windows\System32\DWrite.dll
2012-03-14 12:58:35   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-03-14 12:57:33   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
2012-03-14 12:57:33   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-03-14 12:57:33   77312   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-03-14 12:57:33   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 12:57:33   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 12:57:33   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-03-14 12:57:33   1112064   ----a-w-   C:\Windows\System32\rdpcorets.dll
2012-03-14 12:57:33   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-03-13 14:31:04   --------   d-----w-   C:\Program Files (x86)\AMD AVT
2012-03-13 14:31:03   --------   d-----w-   C:\Program Files\AMD
2012-03-13 14:31:02   --------   d-----w-   C:\Program Files (x86)\AMD APP
2012-03-11 13:32:15   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Roaming\NCH Software
2012-03-11 12:50:51   --------   d-----w-   C:\ProgramData\FreeRIP
2012-03-11 12:50:19   --------   d-----w-   C:\Program Files\iTunes
2012-03-11 12:50:19   --------   d-----w-   C:\Program Files\iPod
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-03-11 12:44:33   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-03-11 05:36:02   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Roaming\enabler
2012-03-08 05:49:09   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Local\WinZip
2012-03-08 05:37:41   --------   d-----w-   C:\Windows\SysWow64\{userdocs}
2012-03-06 15:47:54   --------   d-----w-   C:\Users\Kelly Coffer\AppData\Roaming\pdfforge
2012-03-06 15:47:51   87040   ----a-w-   C:\Windows\System32\pdfcmnnt.dll
2012-03-06 15:47:51   662288   ----a-w-   C:\Windows\SysWow64\MSCOMCT2.OCX
2012-03-06 15:47:51   137000   ----a-w-   C:\Windows\SysWow64\MSMAPI32.OCX
2012-03-06 15:47:50   23552   ----a-w-   C:\Windows\SysWow64\MSMPIDE.DLL
.
==================== Find3M ====================
.
2012-03-21 11:10:28   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 22:53:53   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2012-03-14 22:53:53   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2012-02-15 16:01:50   52736   ----a-w-   C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50   4547944   ----a-w-   C:\Windows\System32\usbaaplrc.dll
2012-02-15 03:48:32   10856960   ----a-w-   C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24   25839104   ----a-w-   C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56   159744   ----a-w-   C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40   791040   ----a-w-   C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04   957952   ----a-w-   C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56   442368   ----a-w-   C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40   496128   ----a-w-   C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00   235520   ----a-w-   C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42   120320   ----a-w-   C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58   21504   ----a-w-   C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54   59392   ----a-w-   C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48   43520   ----a-w-   C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44   6200320   ----a-w-   C:\Windows\SysWow64\atidxx32.dll
2012-02-15 03:05:32   69632   ----a-w-   C:\Windows\System32\OpenVideo64.dll
2012-02-15 03:05:26   59904   ----a-w-   C:\Windows\SysWow64\OpenVideo.dll
2012-02-15 03:05:20   61952   ----a-w-   C:\Windows\System32\OVDecode64.dll
2012-02-15 03:05:16   54784   ----a-w-   C:\Windows\SysWow64\OVDecode.dll
2012-02-15 03:05:08   16507904   ----a-w-   C:\Windows\System32\amdocl64.dll
2012-02-15 03:04:26   13238272   ----a-w-   C:\Windows\SysWow64\amdocl.dll
2012-02-15 03:03:44   54272   ----a-w-   C:\Windows\System32\OpenCL.dll
2012-02-15 03:03:38   48128   ----a-w-   C:\Windows\SysWow64\OpenCL.dll
2012-02-15 02:58:56   19392000   ----a-w-   C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:52:28   7646208   ----a-w-   C:\Windows\System32\atidxx64.dll
2012-02-15 02:41:28   1113088   ----a-w-   C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54   1828864   ----a-w-   C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42   4958208   ----a-w-   C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56   51200   ----a-w-   C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54   46080   ----a-w-   C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46   44544   ----a-w-   C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44   44032   ----a-w-   C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36   5954048   ----a-w-   C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30   13859840   ----a-w-   C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52   5062656   ----a-w-   C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50   11561984   ----a-w-   C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06   7551488   ----a-w-   C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38   58880   ----a-w-   C:\Windows\System32\coinst.dll
2012-02-15 02:14:00   512000   ----a-w-   C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50   356352   ----a-w-   C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36   17408   ----a-w-   C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32   14336   ----a-w-   C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32   14336   ----a-w-   C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28   39936   ----a-w-   C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20   33280   ----a-w-   C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12   327680   ----a-w-   C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22   43008   ----a-w-   C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14   33280   ----a-w-   C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08   39936   ----a-w-   C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00   30208   ----a-w-   C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22   53248   ----a-w-   C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16   54784   ----a-w-   C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16   54784   ----a-w-   C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10   53760   ----a-w-   C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10   53760   ----a-w-   C:\Windows\SysWow64\amdpcom32.dll
2012-01-31 12:44:20   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2012-01-31 11:02:26   21504   ----a-w-   C:\Windows\System32\kdbsdk64.dll
2012-01-31 11:00:24   16896   ----a-w-   C:\Windows\SysWow64\kdbsdk32.dll
2012-01-29 04:58:56   0   ----a-w-   C:\Windows\ativpsrm.bin
2012-01-04 10:44:20   509952   ----a-w-   C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41   442880   ----a-w-   C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 23:13:56.29 ===============

Raschal · « **Reply #7 on:** April 01, 2012, 10:16:16 PM »

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/28/2012 8:42:30 PM
System Uptime: 4/1/2012 7:46:27 PM (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO
Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 19.017 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0.083 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 23.6 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 171.412 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 94.18 GiB free.
H: is CDROM ()
I: is CDROM (CDFS)
J: is CDROM (CDFS)
K: is CDROM ()
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP98: 3/31/2012 9:41:26 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player Plugin
Adobe Reader X (10.1.2)
Amazon Kindle
AMD USB Filter Driver
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
ASUS RT-N66U Wireless Router Utilities
AT&T Troubleshoot & Resolve Tool
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dragon NaturallySpeaking 10
eyeQ
HiJackThis
iPhoneBrowser
Java Auto Updater
Java(TM) 6 Update 31
JMicron JMB36X Driver
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NeatWorks
NeatWorks Core Files
PDFCreator
Pinnacle Instant DVD Recorder
Platform
QuickTime
RCA Detective™ 3.0.3.0
RCA easyRip 2.5.7.0
RCA Updater 2.1.7.0
Realtek Ethernet Controller Driver For Windows 7
Realtek HDMI Audio Driver for ATI
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Spybot - Search & Destroy
Studio 11
TuneUp Companion 2.4.2.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VIA Platform Device Manager
WinZip 15.0
Yahoo! Desktop Login
.
==== Event Viewer Messages From Past Week ========
.
4/1/2012 12:14:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/1/2012 12:13:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxecCATSCustConnectService service to connect.
4/1/2012 12:13:15 PM, Error: Service Control Manager [7000] - The lxecCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/1/2012 12:13:15 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
4/1/2012 12:09:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.123.842.0    Update Source: Microsoft Update Server    Update Stage: Download    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8202.0    Error code: 0x8024001e    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/1/2012 12:09:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.123.842.0    Update Source: Microsoft Update Server    Update Stage: Download    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8202.0    Error code: 0x8024001e    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/31/2012 4:52:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x0000000000000000, 0xfffff880031776a8, 0xfffff88003176f00). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 033112-13150-01.
3/31/2012 4:45:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff88009001323, 0xfffff880031696a8, 0xfffff88003168f00). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 033112-12651-01.
3/31/2012 3:54:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff88009248323, 0xfffff8800317e6a8, 0xfffff8800317df00). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 033112-13478-01.
3/31/2012 12:12:20 PM, Error: Disk [11] - The driver detected a controller error on \...\DR4.
3/31/2012 10:29:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RT-N66U that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3A21DF34-CA67-42C1-9E02-B7559EE5DFDC}. The master browser is stopping or an election is being forced.
3/30/2012 6:04:16 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/30/2012 4:54:04 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/30/2012 4:54:04 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
3/28/2012 8:44:35 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/27/2012 9:20:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/25/2012 11:14:06 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom2.
.
==== End Of File ===========================

Raschal · « **Reply #8 on:** April 01, 2012, 10:17:38 PM »

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Raschal :: KJC-CP [administrator]

Protection: Enabled

4/1/2012 11:05:39 PM
mbam-log-2012-04-01 (23-05-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 191928
Time elapsed: 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Raschal · « **Reply #9 on:** April 01, 2012, 10:18:42 PM »

No, this is a personal computer.

Raschal · « **Reply #10 on:** April 02, 2012, 08:30:59 AM »

Hoov,

I have recently uninstall Google Chrome.
I have repaired the problems in Outlook.
However the tremendous activity on the LAN is still a worry.

Hoov · « **Reply #11 on:** April 02, 2012, 08:42:07 AM »

Is it a steady constant activity all the time, or does it happen in groups occasionally all day long?

Hoov · « **Reply #12 on:** April 06, 2012, 05:50:49 PM »

Raschal, do you still need help?

Hoov · « **Reply #13 on:** April 17, 2012, 07:08:16 PM »

This thread is being closed due to inactivity. If you need it reopened send me a PM. This applies to the originator only. Anyone else please start a new thread.

News:

Author Topic: [Inactive] Can not enable Windows Defender. (Read 1172 times)

Raschal

[Inactive] Can not enable Windows Defender.

Hoov

Re: [In Progress] Can not enable Windows Defender.

Raschal

Re: [In Progress] Can not enable Windows Defender.

Hoov

Re: [In Progress] Can not enable Windows Defender.

Raschal

Re: [In Progress] Can not enable Windows Defender.

Hoov

Re: [In Progress] Can not enable Windows Defender.

Raschal

Re: [In Progress] Can not enable Windows Defender.

Raschal

Re: [In Progress] Can not enable Windows Defender.

Raschal

Re: [In Progress] Can not enable Windows Defender.

Raschal

Re: [In Progress] Can not enable Windows Defender.

Raschal

Re: [In Progress] Can not enable Windows Defender.

Hoov

Re: [In Progress] Can not enable Windows Defender.

Hoov

Re: [In Progress] Can not enable Windows Defender.

Hoov

Re: [In Progress] Can not enable Windows Defender.