Jump to content

Appcrash stopping Malwarebytes


Recommended Posts

Hello and :welcome::

 

I understand that MBAM has crashed on your Vista computer - it's not clear if this was during a scan or an update or some other task?

In any event....

You report that you tried a clean reinstall once already.  However, it's not clear if the recommended method was used or what program version you are running.  So, I suggest that we start with this routine troubleshooting, please:

Please post back and let us know how it goes.

 

Thank You,

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014

Ran by Administrator (administrator) on 167193-PC on 08-06-2014 16:27:03

Running from C:\Users\Administrator\Downloads

Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast\afwServ.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe

(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe

(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe

(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast\avastui.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

 

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13631704 2013-06-28] (Realtek Semiconductor)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)

HKLM-x32\...\Run: [super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)

HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files (x86)\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-07] (AVAST Software)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] ()

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-7302448-3018311300-2524790234-500\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

HKU\S-1-5-21-7302448-3018311300-2524790234-500\...\MountPoints2: {4704356c-0f5a-11de-81c3-806e6f6e6963} - Explorer.exe monitor.htm

HKU\S-1-5-21-7302448-3018311300-2524790234-500\...\MountPoints2: {5871a44d-29e8-11e3-b985-8dbff0cd5713} - E:\laucher.exe

HKU\S-1-5-21-7302448-3018311300-2524790234-500\...\MountPoints2: {ad6e7a49-648f-11e1-a5da-899eadfb07f7} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-7302448-3018311300-2524790234-500\...\MountPoints2: {b7a0c754-29c9-11e2-b892-a43e3f4b5aa0} - E:\AutoRun.exe

HKU\S-1-5-21-7302448-3018311300-2524790234-500\...\MountPoints2: {bf1d7cc6-757c-11de-97bb-0024215938db} - F:\setupSNK.exe

HKU\S-1-5-21-7302448-3018311300-2524790234-500\...\MountPoints2: {e364988f-0dcc-11e0-a9fb-0024215938db} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-7302448-3018311300-2524790234-500\...\MountPoints2: {e36498c2-0dcc-11e0-a9fb-0024215938db} - E:\setup_vmc_lite.exe /checkApplicationPresence

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5974AEF98AB2CA01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {0297957C-8BDB-1097-2B52-6DF3C9416F3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM-x32 - {5181CD80-FB16-27C9-819F-774F9D7612F7} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKCU - DefaultScope {60E2D8F5-3E92-4C5D-A813-3AAF6FF3AA3E} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {0297957C-8BDB-1097-2B52-6DF3C9416F3A} URL = http://finderactive.com/find.php?cmp=&q={searchTerms}

SearchScopes: HKCU - {057BC452-2E18-4A7E-8DF9-595B17D60384} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

SearchScopes: HKCU - {60E2D8F5-3E92-4C5D-A813-3AAF6FF3AA3E} URL = https://www.google.com/search?q={searchTerms}

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Battleship%20-%20Fleet%20Command/Images/armhelper.ocx

DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:

========

FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uzebz8iv.default

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml

FF Extension: YouTube High Definition - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uzebz8iv.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-02-05]

FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uzebz8iv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-05]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-04]

FF Extension: avast! Online Security - C:\Program Files (x86)\AVAST Software\Avast\WebRep\FF [2013-09-18]

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files (x86)\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files (x86)\AVAST Software\Avast\WebRep\FF [2013-09-18]

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:

=======

CHR HomePage: hxxp://www.google.com

CHR StartupUrls: "hxxp://www.google.com/"

CHR DefaultSearchKeyword: google.co.uk

CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-10]

CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-10]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]

CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-10]

CHR Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-16]

CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-10]

CHR Extension: (avast! Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-05]

CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]

CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-10]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files (x86)\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-27]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files (x86)\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-27] (AVAST Software)

R2 avast! Firewall; C:\Program Files (x86)\AVAST Software\Avast\afwServ.exe [109048 2014-04-27] (AVAST Software)

R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)

R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [107624 2014-05-19] (RaMMicHaeL)

S4 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]

S4 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-27] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-27] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-27] (AVAST Software)

R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2014-04-27] (ALWIL Software)

R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [329456 2014-04-27] (AVAST Software)

R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-05-19] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-27] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software)

R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-04-27] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-27] ()

S3 BELKIN; C:\Windows\System32\DRIVERS\BLKWGU.sys [304160 2007-08-08] (Belkin Corporation.                           )

R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-25] (GFI Software)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)

S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [337120 2013-02-18] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95856 2013-02-18] (McAfee, Inc.)

R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)

R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)

S3 FLASHSYS; \??\C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [X]

S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S0 Lbd; system32\DRIVERS\Lbd.sys [X]

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 PCAMp60a64; System32\Drivers\PCAMp60a64.sys [X]

S3 PCASp60a64; System32\Drivers\PCASp60a64.sys [X]

S3 WPRO_40_1340; system32\drivers\WPRO_40_1340.sys [X]

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

 

2014-06-08 16:27 - 2014-06-08 16:27 - 00017979 _____ () C:\Users\Administrator\Downloads\FRST.txt

2014-06-08 16:26 - 2014-06-08 16:27 - 00000000 ____D () C:\FRST

2014-06-08 16:25 - 2014-06-08 16:25 - 02072576 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe

2014-06-07 21:47 - 2014-06-07 21:47 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-07 21:34 - 2014-06-07 21:34 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Administrator\Downloads\mbam-clean-2.0.2.0.exe

2014-06-07 21:15 - 2014-06-07 21:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2

2014-06-07 21:14 - 2014-06-07 21:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe

2014-06-03 21:26 - 2014-06-03 21:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2014-06-03 20:30 - 2014-06-03 20:30 - 00002075 _____ () C:\Users\Public\Desktop\Google Earth.lnk

2014-06-03 20:30 - 2014-06-03 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2014-06-03 20:28 - 2014-06-03 20:28 - 00918672 _____ (Google Inc.) C:\Users\Administrator\Downloads\googleupdatesetup.exe

2014-06-03 17:59 - 2014-06-03 17:59 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe

2014-06-03 17:40 - 2014-06-03 17:49 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-06-03 17:40 - 2014-06-03 17:40 - 10971424 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro_x64(3).exe

2014-06-03 17:40 - 2014-06-03 17:40 - 00001732 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2014-06-03 17:40 - 2014-06-03 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2014-06-03 17:40 - 2014-06-03 17:40 - 00000000 ____D () C:\Program Files\HitmanPro

2014-06-03 16:33 - 2014-06-03 16:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle

2014-06-03 16:33 - 2014-06-03 16:33 - 00000000 ____D () C:\ProgramData\Oracle

2014-06-03 16:32 - 2014-06-03 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-06-03 16:32 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-06-03 16:32 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-06-03 16:32 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-06-03 16:32 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-06-03 16:31 - 2014-06-03 16:32 - 00004001 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log

2014-05-31 16:46 - 2014-05-31 16:46 - 00001716 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-05-31 16:46 - 2014-05-31 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-05-31 16:46 - 2014-05-31 16:46 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-05-31 16:42 - 2014-05-31 16:42 - 41945432 _____ (Apple Inc.) C:\Users\Administrator\Downloads\QuickTimeInstaller(1).exe

2014-05-30 10:41 - 2014-05-30 10:41 - 00000235 _____ () C:\Users\Administrator\Downloads\vcard.vcf

2014-05-30 09:49 - 2014-05-30 09:49 - 05124208 _____ (F-Secure Corporation) C:\Users\Administrator\Downloads\F-SecureOnlineScanner-HC.exe

2014-05-20 14:22 - 2014-05-20 14:22 - 00000000 ____D () C:\Windows\CheckSur

2014-05-19 18:19 - 2014-05-17 17:50 - 06169608 _____ (Geek Uninstaller) C:\Users\Administrator\Desktop\geek.exe

2014-05-19 17:33 - 2014-05-19 17:33 - 00000042 _____ () C:\Windows\SysWOW64\AK083E209605E394C.lie

2014-05-19 17:32 - 2014-05-19 17:33 - 02685048 _____ (www.PerfectUninstaller.net ) C:\Users\Administrator\Downloads\PerfectUninstaller_Setup.exe

2014-05-19 17:09 - 2014-05-19 17:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia

2014-05-19 17:07 - 2014-05-19 17:07 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-05-19 17:07 - 2014-05-19 17:07 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-05-19 17:07 - 2014-05-19 17:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-19 17:06 - 2014-05-19 17:06 - 00282928 _____ (Mozilla) C:\Users\Administrator\Downloads\Firefox Setup Stub 29.0.1.exe

2014-05-19 17:01 - 2014-05-06 01:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-19 17:01 - 2014-05-06 01:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-19 17:01 - 2014-05-06 01:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-19 17:01 - 2014-05-06 00:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-19 17:01 - 2014-05-06 00:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-19 17:01 - 2014-05-06 00:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-19 17:01 - 2014-03-25 17:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-19 17:01 - 2014-03-25 14:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-05-19 16:29 - 2014-05-19 16:29 - 00001953 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk

2014-05-18 21:00 - 2014-05-18 21:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.1.1004(2).exe.part

==================== One Month Modified Files and Folders =======

2014-06-08 16:27 - 2014-06-08 16:27 - 00017979 _____ () C:\Users\Administrator\Downloads\FRST.txt

2014-06-08 16:27 - 2014-06-08 16:26 - 00000000 ____D () C:\FRST

2014-06-08 16:27 - 2009-03-12 16:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp

2014-06-08 16:25 - 2014-06-08 16:25 - 02072576 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe

2014-06-08 16:25 - 2008-01-21 02:53 - 01399842 _____ () C:\Windows\WindowsUpdate.log

2014-06-08 16:11 - 2006-11-02 13:46 - 00006608 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-08 16:07 - 2006-11-02 16:22 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-08 16:07 - 2006-11-02 16:22 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-08 16:06 - 2010-07-21 20:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-08 16:06 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-07 22:58 - 2006-11-02 16:42 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-06-07 22:35 - 2013-12-15 21:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-07 22:34 - 2010-07-21 20:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-07 22:23 - 2009-10-07 13:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps

2014-06-07 21:47 - 2014-06-07 21:47 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-07 21:38 - 2014-02-12 18:54 - 00053974 _____ () C:\Windows\PFRO.log

2014-06-07 21:35 - 2014-06-07 21:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2

2014-06-07 21:34 - 2014-06-07 21:34 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Administrator\Downloads\mbam-clean-2.0.2.0.exe

2014-06-07 21:14 - 2014-06-07 21:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe

2014-06-07 20:35 - 2013-12-08 21:42 - 00003722 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0EA09739-4E81-487D-A7C5-47B732F87B31}

2014-06-07 20:25 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-06-04 22:41 - 2013-08-08 11:42 - 00000000 ____D () C:\Users\Administrator\Documents\New Folder

2014-06-04 22:08 - 2009-03-28 18:35 - 00144896 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-06-04 20:06 - 2013-11-23 12:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\tixati

2014-06-03 21:26 - 2014-06-03 21:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2014-06-03 21:08 - 2013-08-16 10:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc

2014-06-03 20:30 - 2014-06-03 20:30 - 00002075 _____ () C:\Users\Public\Desktop\Google Earth.lnk

2014-06-03 20:30 - 2014-06-03 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2014-06-03 20:30 - 2010-07-21 20:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-06-03 20:30 - 2010-07-21 20:50 - 00000000 ____D () C:\Program Files (x86)\Google

2014-06-03 20:29 - 2014-01-16 21:15 - 00001985 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-06-03 20:28 - 2014-06-03 20:28 - 00918672 _____ (Google Inc.) C:\Users\Administrator\Downloads\googleupdatesetup.exe

2014-06-03 18:05 - 2014-04-13 16:55 - 00000000 ____D () C:\Users\Administrator\Documents\Game of Thrones

2014-06-03 17:59 - 2014-06-03 17:59 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe

2014-06-03 17:49 - 2014-06-03 17:40 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-06-03 17:40 - 2014-06-03 17:40 - 10971424 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro_x64(3).exe

2014-06-03 17:40 - 2014-06-03 17:40 - 00001732 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2014-06-03 17:40 - 2014-06-03 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2014-06-03 17:40 - 2014-06-03 17:40 - 00000000 ____D () C:\Program Files\HitmanPro

2014-06-03 16:33 - 2014-06-03 16:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle

2014-06-03 16:33 - 2014-06-03 16:33 - 00000000 ____D () C:\ProgramData\Oracle

2014-06-03 16:32 - 2014-06-03 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-06-03 16:32 - 2014-06-03 16:31 - 00004001 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log

2014-06-03 16:32 - 2009-03-20 10:04 - 00000000 ____D () C:\Program Files (x86)\Java

2014-05-31 16:46 - 2014-05-31 16:46 - 00001716 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-05-31 16:46 - 2014-05-31 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-05-31 16:46 - 2014-05-31 16:46 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-05-31 16:45 - 2009-03-20 22:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple Computer

2014-05-31 16:42 - 2014-05-31 16:42 - 41945432 _____ (Apple Inc.) C:\Users\Administrator\Downloads\QuickTimeInstaller(1).exe

2014-05-31 14:17 - 2009-03-12 16:12 - 00000732 _____ () C:\Users\Administrator\AppData\Local\d3d9caps64.dat

2014-05-30 10:41 - 2014-05-30 10:41 - 00000235 _____ () C:\Users\Administrator\Downloads\vcard.vcf

2014-05-30 09:49 - 2014-05-30 09:49 - 05124208 _____ (F-Secure Corporation) C:\Users\Administrator\Downloads\F-SecureOnlineScanner-HC.exe

2014-05-21 14:43 - 2013-10-12 02:23 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-05-21 14:34 - 2009-03-19 16:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe

2014-05-20 14:22 - 2014-05-20 14:22 - 00000000 ____D () C:\Windows\CheckSur

2014-05-20 10:54 - 2013-09-18 18:06 - 00004194 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-05-20 10:53 - 2009-03-12 18:10 - 00000000 ____D () C:\ProgramData\Creative

2014-05-19 22:06 - 2014-02-04 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-19 22:06 - 2012-04-17 14:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\BitTorrent

2014-05-19 22:06 - 2009-07-21 19:30 - 00000000 ____D () C:\Windows\Minidump

2014-05-19 22:03 - 2009-03-19 16:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia

2014-05-19 22:00 - 2009-03-19 17:06 - 00000000 ____D () C:\ProgramData\Apple

2014-05-19 19:35 - 2013-12-15 21:23 - 00003742 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-19 19:35 - 2013-12-03 17:35 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-19 19:35 - 2013-12-03 17:35 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-19 18:22 - 2014-04-03 17:18 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

2014-05-19 17:33 - 2014-05-19 17:33 - 00000042 _____ () C:\Windows\SysWOW64\AK083E209605E394C.lie

2014-05-19 17:33 - 2014-05-19 17:32 - 02685048 _____ (www.PerfectUninstaller.net ) C:\Users\Administrator\Downloads\PerfectUninstaller_Setup.exe

2014-05-19 17:09 - 2014-05-19 17:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia

2014-05-19 17:07 - 2014-05-19 17:07 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-05-19 17:07 - 2014-05-19 17:07 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-05-19 17:07 - 2014-05-19 17:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-19 17:06 - 2014-05-19 17:06 - 00282928 _____ (Mozilla) C:\Users\Administrator\Downloads\Firefox Setup Stub 29.0.1.exe

2014-05-19 17:04 - 2013-08-09 21:05 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-19 17:03 - 2006-11-02 13:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-05-19 16:29 - 2014-05-19 16:29 - 00001953 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk

2014-05-19 16:29 - 2014-04-27 16:27 - 00001893 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk

2014-05-19 16:29 - 2013-09-18 18:06 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2014-05-19 16:29 - 2013-09-18 18:06 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-05-19 16:29 - 2013-09-18 18:06 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys

2014-05-19 16:29 - 2010-07-21 20:50 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-19 16:29 - 2010-07-21 20:50 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-19 16:18 - 2009-03-12 16:12 - 00000000 ____D () C:\Users\Administrator

2014-05-19 16:17 - 2013-10-26 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-05-19 16:17 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\Msdtc

2014-05-19 16:14 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\spool

2014-05-19 16:14 - 2006-11-02 13:33 - 74186752 _____ () C:\Windows\system32\config\software_previous

2014-05-19 16:14 - 2006-11-02 13:33 - 55312384 _____ () C:\Windows\system32\config\components_previous

2014-05-19 16:14 - 2006-11-02 13:33 - 44826624 _____ () C:\Windows\system32\config\system_previous

2014-05-19 16:14 - 2006-11-02 13:33 - 05308416 _____ () C:\Windows\system32\config\default_previous

2014-05-19 16:14 - 2006-11-02 13:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous

2014-05-19 16:14 - 2006-11-02 13:33 - 00024576 _____ () C:\Windows\system32\config\security_previous

2014-05-19 16:13 - 2014-01-26 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky

2014-05-19 16:13 - 2014-01-26 20:15 - 00000000 ____D () C:\Program Files (x86)\Unchecky

2014-05-19 16:13 - 2014-01-16 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-05-19 16:13 - 2013-08-25 10:20 - 00000000 ___HD () C:\SuperChargerProfile

2014-05-19 16:13 - 2011-11-29 13:53 - 00000000 ____D () C:\ProgramData\ChessBase

2014-05-19 16:13 - 2009-03-20 17:51 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-05-19 16:13 - 2009-03-19 19:01 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ChessBase

2014-05-19 16:13 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\registration

2014-05-18 21:00 - 2014-05-18 21:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.1.1004(2).exe.part

2014-05-17 17:50 - 2014-05-19 18:19 - 06169608 _____ (Geek Uninstaller) C:\Users\Administrator\Desktop\geek.exe

 

Files to move or delete:

====================

C:\Users\Administrator\AppData\Roaming\settings.ini

 

Some content of TEMP:

====================

C:\Users\Administrator\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

LastRegBack: 2014-06-08 16:12

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Administrator at 2014-06-08 16:27:22
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

3D Sound Back Beta0.1 (HKLM-x32\...\{39DB116F-E088-486F-B13C-8925ECE7A6E5}) (Version: 0.1 - Realtek Semiconductor Corp.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AIO_Scan (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 10.10.0.40914 - ATI Technologies Inc.) Hidden
avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.)
BufferChm (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
ChessBase Reader (HKLM-x32\...\{1823A94C-6C68-4BB1-8F0D-AD29DC09D9EE}) (Version: 12.21.0.0 - ChessBase)
ChessBase Reader (HKLM-x32\...\{D6330700-4083-48DD-A03C-E209674E7836}) (Version: 2 - ChessBase)
ChessBase Reader (x32 Version: 2 - ChessBase) Hidden
Copy (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Destination Component (x32 Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (x32 Version: 90.0.236.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_doccd (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Fritz 13 (HKLM-x32\...\{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}) (Version: 13.0.0.0 - ChessBase)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HP Photosmart Essential2.01 (x32 Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Product Assistant (x32 Version: 100.000.001.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
MarketResearch (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Playchess (x32 Version: 1.00.000 - ChessBase) Hidden
PowerLine Utility (HKLM-x32\...\{5D1E5ED5-E436-4A0D-8812-953FFBDFF3B3}) (Version: 1.2.709 - TP-LINK)
PowerLine Utility (HKLM-x32\...\{90CEFC52-6FA1-42A3-88CE-4CA57F0F1582}) (Version: 1.1.510 - TP-LINK)
PSSWCORE (x32 Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.252.1109.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Rybka 3 (x32 Version: 3.0 - ChessBase) Hidden
Scan (x32 Version: 9.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shredder 11 (x32 Version: 11 - ChessBase) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Status (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Toolbox (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
Unchecky v0.2.14 (HKLM-x32\...\Unchecky) (Version: 0.2.14 - RaMMicHaeL)
UnloadSupport (x32 Version: 9.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Vista Codec Package (HKLM-x32\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.1.6 - Shark007)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WebReg (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

20-05-2014 13:21:48 Windows Update
21-05-2014 10:24:48 Scheduled Checkpoint
21-05-2014 22:35:28 Scheduled Checkpoint
27-05-2014 16:09:49 Windows Update
28-05-2014 11:36:54 Scheduled Checkpoint
29-05-2014 09:02:43 Scheduled Checkpoint
29-05-2014 23:16:21 Scheduled Checkpoint
31-05-2014 07:52:08 Windows Update
31-05-2014 15:44:15 Installed QuickTime 7
01-06-2014 20:11:48 Scheduled Checkpoint
03-06-2014 15:21:02 Windows Update
03-06-2014 15:31:18 Installed Java 7 Update 60
04-06-2014 08:40:32 Scheduled Checkpoint
07-06-2014 15:29:32 Windows Update

==================== Hosts content: ==========================

2006-11-02 13:34 - 2014-06-08 16:06 - 00450685 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    www.123moviedownload.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {29A24516-5E9E-45AC-8FBC-CE0340CEE782} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {30791AED-33BE-4284-AD8E-C083A7C40CAE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update
Task: {3CFB2248-0FEE-471D-AFD2-15B960EFF2D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-21] (Google Inc.)
Task: {5AC45B1F-4268-4616-86D4-2DF75B507CC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-21] (Google Inc.)
Task: {602080DF-D5EF-4EF4-8560-AB157FB82B75} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Task: {6E15E808-1073-4591-9CC9-3DA1EFCA6D7B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {828A083B-9113-4748-90CA-03E9C60CABAF} - System32\Tasks\Adobe Flash Player Updater
Task: {AF4BA836-D724-4A13-995D-9499CBE4C0D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {B8762117-BEF2-427E-A29C-9206795270A8} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
Task: {BA642E94-6B92-4AF9-B854-DFC1939EAE68} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] ()
Task: {C3E32799-B181-4401-9370-6DC35D9F37E9} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {DED1D482-FFB2-4016-AB94-59E275FD4EC8} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Administrator => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FA94AA30-A8CE-4B93-B507-DE5A7F9210CE} - System32\Tasks\avast! Emergency Update
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-16 20:37 - 2012-04-06 01:09 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-11-16 16:09 - 2012-11-16 16:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-06-08 16:07 - 2014-06-08 16:07 - 02775040 _____ () C:\Program Files (x86)\AVAST Software\Avast\defs\14060800\algo.dll
2009-03-12 17:33 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2009-03-12 17:33 - 2009-07-10 10:07 - 00166912 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2013-10-26 15:37 - 2013-10-26 15:38 - 19336120 _____ () C:\Program Files (x86)\AVAST Software\Avast\libcef.dll
2014-05-19 17:07 - 2014-05-07 03:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Public\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2014 04:11:53 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (06/08/2014 04:11:53 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (06/08/2014 04:06:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 10:23:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x1148, application start time 0xmbam.exe0.

Error: (06/07/2014 09:47:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x10cc, application start time 0xmbam.exe0.

Error: (06/07/2014 09:44:10 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (06/07/2014 09:44:10 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (06/07/2014 09:39:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 09:31:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x120c, application start time 0xmbam.exe0.

Error: (06/07/2014 09:18:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0xf30, application start time 0xmbam.exe0.


System errors:
=============
Error: (06/08/2014 04:06:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd

Error: (06/07/2014 09:39:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd

Error: (06/07/2014 09:02:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd

Error: (06/07/2014 08:51:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd

Error: (06/07/2014 04:37:26 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/07/2014 04:37:22 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/07/2014 04:30:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.175.1478.0){FC81F35D-30CB-4419-B7DF-9A86AE1C737B}200

Error: (06/07/2014 04:21:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd

Error: (06/05/2014 08:35:36 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (06/05/2014 08:35:30 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (06/08/2014 04:11:53 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (06/08/2014 04:11:53 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (06/08/2014 04:06:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 10:23:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd114801cf8296c657f71a

Error: (06/07/2014 09:47:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd10cc01cf8291b6968e68

Error: (06/07/2014 09:44:10 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (06/07/2014 09:44:10 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (06/07/2014 09:39:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 09:31:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd120c01cf828f620fb901

Error: (06/07/2014 09:18:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdf3001cf828da65c7a47


CodeIntegrity Errors:
===================================
  Date: 2014-06-07 21:47:40.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 21:47:39.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 21:47:39.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 21:47:39.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 21:16:01.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 21:16:01.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 21:16:01.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 21:16:01.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-30 14:56:01.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-30 14:56:01.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 4094.33 MB
Available physical RAM: 1996.89 MB
Total Pagefile: 12213.55 MB
Available Pagefile: 9690.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:261.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (BenQ_LCD) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
Drive f: (PNY TRNF) (Removable) (Total:30.27 GB) (Free:19.33 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 12277047)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================

Link to post
Share on other sites

Hello Cookieman,

 

If you had a paid license for MBAM, then I would like for you to be sure to save it and have it handy.   Before we go forward with a new install & other steps.

I am attaching 2 zip files here for you.  They will contain 2 tools that I will ask you to use.

And for the license retrieval tool, be sure you do not post here ( since this is a public open forum) nothing about the actual keys.

 

Save both zip files to your system first.  Then unzip the contents to your Desktop ( suggested for ease of location.).

 

Then run getmalwarebytes   GetGetmalwarebytesRegistration.exe

It will place your MBAM PRO product keys into a Notepad window.  Print it out.  Save the Notepad document and close.

{ just do not post anything here about your keys }.

 

That should show the license keys ( if you had paid and activated before this point).

 

Now then, it does appear that the pc has a confused set of installs for the Anti-Malware and we will have to do lots of extra work to get this in a better prepared state.

 

Double clean on mbam-clean.exe to start it.   This will remove traces of version 1.75

 

At the end, it will ask to restart the computer, please do that.   Report back here when these are done.

 

There is additional work for later.

 

 

mbam-clean.zip

GetMalwarebytesRegistration.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.