[SOLVED] Problem while performing antimalware program on win7 64bit

gonewild · Feb 7, 2015

Hi,
I've a problem with my notebook with win7 64bit.
Suddenly while performing Malwarebytes Anti-Malware, the program stops running when it reaches this folder:

c:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_11.2.9600.17280_none_3b37e92033643c0a\urlmon.dll

The pc become massively slow and once I've got a hard disk corrupted warning (something like "backup your file because windows find a damage in the hard disk"). If I reboot, I've got no problem.

I try running Microsoft Security Essentials and it stops at the same folder. I tried scandisk on windows partition but after the reboot, I got only a black screen (for a whole night).

Any idea?

Ps sorry for the newbie but i don't know what log must be attached

gonewild · Feb 7, 2015

Ok, i read the guide for posting (checkup and dds)

checkup:

Code:

Results of screen317's Security Check version 0.99.96   Windows 7 Service Pack 1 x64 [COLOR=red][B](UAC is disabled!)[/B][/COLOR]  
 Internet Explorer 11  
[B][U]``````````````Antivirus/Firewall Check:``````````````[/U][/B] 
 [COLOR=red][B]Windows Security Center service is not running! This report may not be accurate![/B][/COLOR] 
Microsoft Security Essentials   
 Antivirus up to date!  
[B][U]`````````Anti-malware/Other Utilities Check:`````````[/U][/B] 
 Java 7 Update 67  
 Java 8 Update 25  
 [COLOR=red][B]Java version 32-bit out of Date![/B][/COLOR] 
 [B][COLOR=green] Java 64-bit 8 Update 31[/COLOR][/B]  
  Adobe Flash Player 13.0.0.206 [B][COLOR=red]Flash Player out of Date![/COLOR][/B]  
 Adobe Reader XI  
 Mozilla Firefox 29.0 [COLOR=red][B]Firefox out of Date![/B][/COLOR]  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.94) 
[B][U]````````Process Check: objlist.exe by Laurent````````[/U][/B]  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
[B][U]`````````````````System Health check`````````````````[/U][/B] 
 Total Fragmentation on Drive C: 0% 
[B][U]````````````````````End of Log``````````````````````[/U][/B]

DDS

Code:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Giulio at 20:41:16 on 2015-02-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.3836.2487 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\System32\rundll32.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
C:\windows\system32\svchost.exe -k defragsvc
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\sppsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\notepad.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.it/
uDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Guida per l'accesso a Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office15\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Nuova nota - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Ritaglia immagine - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Ritaglia questa pagina - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Ritaglia selezionato - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Ritaglio URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~4\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{632E2326-A871-400E-AFF2-368A2427D865} : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{92F20DCC-C2D1-4462-9994-D354FFC33A61} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{92F20DCC-C2D1-4462-9994-D354FFC33A61} : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{92F20DCC-C2D1-4462-9994-D354FFC33A61}\14449516D60727 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{92F20DCC-C2D1-4462-9994-D354FFC33A61}\14E64627F696461405 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{92F20DCC-C2D1-4462-9994-D354FFC33A61}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{92F20DCC-C2D1-4462-9994-D354FFC33A61}\24573796E6563737D256F534F6273796 : DHCPNameServer = 8.8.8.8 151.99.125.3
TCP: Interfaces\{92F20DCC-C2D1-4462-9994-D354FFC33A61}\24573796E6563737D256F5F43707964796 : DHCPNameServer = 151.99.125.2 62.77.63.61
TCP: Interfaces\{92F20DCC-C2D1-4462-9994-D354FFC33A61}\26267757 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{92F20DCC-C2D1-4462-9994-D354FFC33A61}\A6F6E637E6F677 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-mSearch Page = www.google.com
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = www.google.com
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,C:\Users\Giulio\AppData\Roaming\WinLUA\WinLUA.exe,
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Giulio\AppData\Roaming\Mozilla\Firefox\Profiles\25irdpfg.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Giulio\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-8-25 79488]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-8-25 40064]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-4-20 283200]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-8-31 13824]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
R2 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2013-4-7 37888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-9-1 115216]
R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2011-10-30 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-10-30 39464]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-11-30 40432]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-9-1 186152]
R3 huawei_enumerator;huawei_enumerator;C:\windows\System32\drivers\ew_jubusenum.sys [2011-11-10 85504]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-8-31 533096]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-8-31 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2011-11-10 117248]
S3 huawei_cdcacm;huawei_cdcacm;C:\windows\System32\drivers\ew_jucdcacm.sys [2011-4-18 94208]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\windows\System32\drivers\ew_juextctrl.sys [2011-11-10 28672]
S3 huawei_wwanecm;huawei_wwanecm;C:\windows\System32\drivers\ew_juwwanecm.sys [2011-11-10 196608]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-12 114688]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;C:\windows\System32\drivers\qcusbser.sys [2013-6-20 238080]
S3 rt70x64;RT2500 USB Wireless LAN Driver for Vista;C:\windows\System32\drivers\netr7064.sys [2010-4-27 388448]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;C:\windows\System32\drivers\RTL2832U_IRHID.sys [2013-9-28 44320]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;C:\windows\System32\drivers\RTL2832UBDA.sys [2013-9-28 232680]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;C:\windows\System32\drivers\RTL2832UUSB.sys [2013-9-28 39528]
S3 TFsExDisk;TFsExDisk;C:\windows\System32\drivers\TFsExDisk.sys [2014-5-27 16448]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VBoxUSB;VirtualBox USB;C:\windows\System32\drivers\VBoxUSB.sys [2014-3-26 115488]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-31 1255736]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-8-25 204288]
S4 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-9-1 166704]
.
=============== File Associations ===============
.
FileExt: .chm: chm.file="C:\windows\hh.exe" %1 [UserChoice]
FileExt: .vbe: VBEFile=C:\windows\SysWow64\CScript.exe "%1" %*
FileExt: .vbs: VBSFile=C:\windows\SysWow64\CScript.exe "%1" %*
FileExt: .js: JSFile=C:\windows\SysWow64\CScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\windows\SysWow64\CScript.exe "%1" %*
FileExt: .wsf: WSFFile=C:\windows\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2015-02-07 11:18:03    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E57A628-429A-453A-BF62-BE0D566E4B63}\offreg.dll
2015-02-07 11:14:37    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88491C76-BA6D-4114-A574-806031B7E27A}\gapaengine.dll
2015-02-07 11:13:41    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E57A628-429A-453A-BF62-BE0D566E4B63}\mpengine.dll
2015-02-06 20:16:11    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
==================== Find3M  ====================
.
2015-02-04 18:44:34    129752    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-12-31 11:14:31    298120    ------w-    C:\windows\System32\MpSigStub.exe
2014-12-19 03:06:55    210432    ----a-w-    C:\windows\System32\profsvc.dll
2014-12-19 01:46:45    141312    ----a-w-    C:\windows\System32\drivers\mrxdav.sys
2014-12-13 05:09:01    144384    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-12-13 03:33:44    115712    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-12-12 05:35:10    5553592    ----a-w-    C:\windows\System32\ntoskrnl.exe
2014-12-12 05:31:49    503808    ----a-w-    C:\windows\System32\srcore.dll
2014-12-12 05:31:49    50176    ----a-w-    C:\windows\System32\srclient.dll
2014-12-12 05:31:22    296960    ----a-w-    C:\windows\System32\rstrui.exe
2014-12-12 05:11:44    3971512    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11:43    3916728    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07:44    43008    ----a-w-    C:\windows\SysWow64\srclient.dll
2014-12-11 17:47:17    87040    ----a-w-    C:\windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27    303616    ----a-w-    C:\windows\System32\nlasvc.dll
2014-12-06 03:50:19    52224    ----a-w-    C:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18    156672    ----a-w-    C:\windows\SysWow64\ncsi.dll
2014-12-04 02:50:55    413184    ----a-w-    C:\windows\System32\generaltel.dll
2014-12-04 02:50:45    741376    ----a-w-    C:\windows\System32\invagent.dll
2014-12-04 02:50:40    396800    ----a-w-    C:\windows\System32\devinv.dll
2014-12-04 02:50:38    830976    ----a-w-    C:\windows\System32\appraiser.dll
2014-12-04 02:50:37    227328    ----a-w-    C:\windows\System32\aepdu.dll
2014-12-04 02:50:37    192000    ----a-w-    C:\windows\System32\aepic.dll
2014-12-04 02:44:48    1083392    ----a-w-    C:\windows\System32\aeinv.dll
2014-12-01 23:28:44    1232040    ----a-w-    C:\windows\System32\aitstatic.exe
2014-11-29 19:36:21    98216    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-22 03:06:23    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39    66560    ----a-w-    C:\windows\System32\iesetup.dll
2014-11-22 02:50:10    580096    ----a-w-    C:\windows\System32\vbscript.dll
2014-11-22 02:49:54    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20    88064    ----a-w-    C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29    114688    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51    814080    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07    6039552    ----a-w-    C:\windows\System32\jscript9.dll
2014-11-22 02:26:31    968704    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16    77824    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43    501248    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17    62464    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32    47616    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02    64000    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30    620032    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10    1359360    ----a-w-    C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58    2125312    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04    60416    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26    4299264    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21    2358272    ----a-w-    C:\windows\System32\wininet.dll
2014-11-22 01:22:49    2052096    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57    1155072    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20    1888256    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-11-21 05:14:22    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-11-21 05:14:12    93400    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-11-21 05:14:08    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-11-18 19:47:50    1691816    ----a-w-    C:\windows\System32\FM20.DLL
2014-11-11 03:09:06    1424384    ----a-w-    C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52    241152    ----a-w-    C:\windows\System32\pku2u.dll
2014-11-11 03:08:48    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-11-11 02:44:45    1230336    ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32    186880    ----a-w-    C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26    119296    ----a-w-    C:\windows\System32\drivers\tdx.sys
.
============= FINISH: 20:42:05,55 ===============

attach

Read More:

gonewild · Feb 8, 2015

all "solved" by formatting and reinstalling win7

[SOLVED] Problem while performing antimalware program on win7 64bit

gonewild

New member

gonewild

New member

gonewild

New member