Jump to content

Recommended Posts

Hi,  I have the same problem with Malwarebytes 2.0.2.1012 that fails to run or update and displays the "stopped working" error message. I loaded a fresh install of Malwarebytes and then tried Camelion. Whenever Camelion launches Malwarebytes I get the same error when Malwarebytes tries to update its definitions.  When I dismiss the error message and close Malwarebytes this is what the DOS window shows:


 


MBAM-Chameleon ver. 3.1.4

Press any key to continue

Installing Driver...

Protected Path: C:\Users\Laptop\Downloads\chameleon\Windows\

...Done!

Trying to start Malwarebytes Anti-Malware, please wait...

...Done!

 

Updating MBAM...

 

Failed to determine update state - press a key when the update is complete.

Killing known malicious processes, please wait...

 

Mbam-killer Timeout set to 1800 seconds.

Mbam-killer is scanning - Press C to cancel...

Mbam-killer scan is complete.

Mbam-killer is exiting.

 

Malwarebytes Anti-Malware has terminated - unable to start the scan.

Removing protection driver...

...Done!

Press any key to continue

 

I tried only 7 of the possible links on Camelion then stopped since I didn't think it was working.   Thanks in advance for your help.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy

 

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin....

Link to post
Share on other sites

Here is the data from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by Laptop (administrator) on LAPTOP-HP on 04-07-2014 11:56:41
Running from C:\Users\Laptop\Desktop\Malwarebytes
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\pcreg\pcreg.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-06-14] (RealNetworks, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-24] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-198528947-600383985-1673766480-1000\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKU\S-1-5-21-198528947-600383985-1673766480-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-198528947-600383985-1673766480-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-198528947-600383985-1673766480-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-198528947-600383985-1673766480-1000\...\MountPoints2: {fab71af2-dd46-11e3-a98d-a02bb852093d} - G:\IronKey.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PastaQuotes.lnk
ShortcutTarget: PastaQuotes.lnk -> C:\Program Files (x86)\pastaleads\PastaLeadsWinApp.exe (No File)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {3AAE6C41-8587-4D5D-BC23-FC0D95807B48} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-14]
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-12]
CHR Extension: (Google Drive) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (Google Search) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (RealDownloader) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-14]
CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12]
CHR Extension: (Gmail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
==================== Services (Whitelisted) =================
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
 
==================== Drivers (Whitelisted) ====================
 
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-16] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2988760 2014-05-23] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U3 McMPFSvc; 
U3 McNaiAnn; 
U3 mfecore; 
U3 MSK80Service; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-04 11:56 - 2014-07-04 11:56 - 00000000 ____D () C:\FRST
2014-07-04 11:49 - 2014-07-04 11:56 - 00000000 ____D () C:\Users\Laptop\Desktop\Malwarebytes
2014-07-03 10:20 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-03 10:20 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-03 10:20 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-03 10:20 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-03 10:20 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-03 10:20 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-03 10:20 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-03 10:20 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-06-29 14:37 - 2014-06-29 14:37 - 00001786 _____ () C:\Users\Laptop\Downloads\Fundraising_2014.csv
2014-06-29 13:02 - 2014-06-29 13:02 - 00000655 _____ () C:\Users\Laptop\Desktop\cameleon test 1 after timeout.txt
2014-06-28 11:04 - 2014-06-28 11:04 - 00000000 ____D () C:\Users\Laptop\Downloads\chameleon
2014-06-28 11:03 - 2014-06-28 11:03 - 04872677 _____ () C:\Users\Laptop\Downloads\mbam-chameleon-3.1.4.0.zip
2014-06-28 10:52 - 2014-06-29 14:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 10:52 - 2014-06-29 13:18 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 10:52 - 2014-06-28 10:52 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 10:52 - 2014-06-28 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 10:52 - 2014-06-28 10:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 10:52 - 2014-06-28 10:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 10:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-28 10:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-28 10:51 - 2014-06-28 10:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Laptop\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-06-28 10:45 - 2014-06-28 10:45 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Laptop\Downloads\mbam-clean-2.0.2.0.exe
2014-06-28 10:05 - 2014-06-28 10:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Laptop\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-06-28 10:01 - 2014-06-28 10:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Laptop\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-28 09:59 - 2014-06-28 09:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Laptop\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-25 19:37 - 2014-06-25 19:37 - 00000378 _____ () C:\Windows\Tasks\ReclaimerResumeInstall_Laptop.job
2014-06-22 09:53 - 2014-06-22 09:53 - 00003024 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp FLAC Codec.dat
2014-06-22 09:53 - 2014-06-22 09:52 - 00033846 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2014-06-22 09:52 - 2014-06-22 09:52 - 00522928 _____ () C:\Users\Laptop\Downloads\dBpoweramp-Codec-FLAC.exe
2014-06-22 09:45 - 2014-06-22 09:54 - 00000388 _____ () C:\Windows\CDPlayer.ini
2014-06-22 08:38 - 2014-06-22 08:38 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Laptop\Downloads\revosetup.exe
2014-06-22 08:38 - 2014-06-22 08:38 - 00001264 _____ () C:\Users\Laptop\Desktop\Revo Uninstaller.lnk
2014-06-22 08:38 - 2014-06-22 08:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-18 21:43 - 2014-06-18 21:43 - 00012335 _____ () C:\Users\Laptop\Downloads\Sponsors_2013.csv
2014-06-18 20:30 - 2014-06-18 20:30 - 00000000 ____D () C:\Users\Carol\AppData\Roaming\Real
2014-06-14 11:14 - 2014-06-28 10:48 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-198528947-600383985-1673766480-1000
2014-06-14 11:14 - 2014-06-28 10:48 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-198528947-600383985-1673766480-1000
2014-06-14 11:14 - 2014-06-14 11:14 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\RealNetworks
2014-06-14 11:12 - 2014-06-25 19:37 - 00000000 ____D () C:\ProgramData\Real
2014-06-14 11:12 - 2014-06-14 11:12 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-06-14 11:12 - 2014-06-14 11:12 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-06-14 11:12 - 2014-06-14 11:12 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2014-06-14 11:12 - 2014-06-14 11:12 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2014-06-14 11:12 - 2014-06-14 11:12 - 00001264 _____ () C:\Users\Public\Desktop\RealPlayer.lnk
2014-06-14 11:12 - 2014-06-14 11:12 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-06-14 11:12 - 2014-06-14 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-06-14 11:12 - 2014-06-14 11:12 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-06-14 11:12 - 2014-06-14 11:12 - 00000000 ____D () C:\Program Files (x86)\Real
2014-06-14 11:11 - 2014-06-25 19:37 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Real
2014-06-14 11:03 - 2014-06-14 11:11 - 38501472 _____ (RealNetworks, Inc.) C:\Users\Laptop\Downloads\RealPlayer.exe
2014-06-13 16:25 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-13 16:25 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-13 16:25 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-13 16:25 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-13 16:25 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-13 16:25 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-13 16:25 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-13 16:25 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-13 16:25 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-13 16:25 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-13 16:25 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-13 16:25 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-13 16:25 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-13 16:25 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-13 16:25 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-13 16:25 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-13 16:25 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-13 16:25 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-13 16:25 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-13 16:25 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-13 16:25 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-13 16:25 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-13 16:25 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-13 16:25 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-13 16:25 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-13 16:25 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-13 16:25 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-13 16:25 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-13 16:25 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-13 16:25 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-13 16:25 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-13 16:25 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-13 16:25 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-13 16:25 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-13 16:25 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-13 16:25 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-13 16:25 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-13 16:25 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-13 16:25 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-13 16:25 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-13 16:25 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-13 16:25 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-13 16:25 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-13 16:25 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-13 16:25 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-13 16:25 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-13 16:25 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-13 16:25 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-13 16:25 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-13 16:25 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-13 16:25 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-13 16:25 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-13 16:25 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-13 16:25 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-13 16:25 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-13 16:25 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-13 16:25 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-13 16:25 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-13 16:25 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-13 16:25 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-13 16:25 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-13 16:25 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-13 16:25 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-13 16:25 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-13 16:24 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-13 16:24 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-13 16:18 - 2014-06-13 16:18 - 00000861 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-06-08 15:32 - 2014-06-08 15:32 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-08 15:32 - 2014-06-08 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-08 15:31 - 2014-06-08 15:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-08 15:31 - 2014-06-08 15:31 - 00000000 ____D () C:\Program Files\iTunes
2014-06-08 15:31 - 2014-06-08 15:31 - 00000000 ____D () C:\Program Files\iPod
2014-06-08 15:31 - 2014-06-08 15:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-08 12:28 - 2014-06-08 12:28 - 00001834 _____ () C:\Users\Laptop\Desktop\dBpowerAMP Music Converter.lnk
2014-06-08 12:28 - 2014-06-08 12:28 - 00001834 _____ () C:\Users\Carol\Desktop\dBpowerAMP Music Converter.lnk
2014-06-08 12:28 - 2014-06-08 12:28 - 00001818 _____ () C:\Users\Laptop\Desktop\dMC Audio CD Input.lnk
2014-06-08 12:28 - 2014-06-08 12:28 - 00001818 _____ () C:\Users\Carol\Desktop\dMC Audio CD Input.lnk
2014-06-08 12:22 - 2014-06-22 09:52 - 00522928 _____ () C:\Windows\SysWOW64\SpoonUninstall.exe
2014-06-08 12:22 - 2014-06-08 12:22 - 00036610 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpowerAMP Music Converter.dat
2014-06-08 12:22 - 2014-06-08 12:22 - 00033846 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpowerAMP Music Converter.bmp
2014-06-08 12:22 - 2014-06-08 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpowerAMP Music Converter
2014-06-08 12:22 - 2014-06-08 12:22 - 00000000 ____D () C:\Program Files (x86)\Illustrate
2014-06-08 11:57 - 2014-06-08 11:57 - 01111445 _____ () C:\Users\Laptop\Downloads\pmc-badge-pms.ai
2014-06-08 11:06 - 2014-06-08 11:06 - 00000039 _____ () C:\Users\Laptop\Downloads\wumbfast.ram
2014-06-08 11:06 - 2014-06-08 11:06 - 00000039 _____ () C:\Users\Laptop\Downloads\wumbfast.asx
2014-06-06 22:25 - 2014-06-25 22:27 - 00000000 ____D () C:\Program Files (x86)\ACD Systems
2014-06-06 22:25 - 2014-06-06 22:25 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\ACD Systems
2014-06-06 22:25 - 2014-06-06 22:25 - 00000000 ____D () C:\Users\Laptop\AppData\Local\ACD Systems
2014-06-06 22:23 - 2014-06-06 22:23 - 12986768 _____ () C:\Users\Laptop\Downloads\acdsee-free.exe
2014-06-06 22:22 - 2014-06-06 22:22 - 00656864 _____ () C:\Users\Laptop\Downloads\acdseefree-setup.exe
2014-06-06 22:17 - 2014-06-06 22:17 - 00357704 _____ (Softonic) C:\Users\Laptop\Downloads\SoftonicDownloader_for_acdsee-free.exe
2014-06-05 22:04 - 2014-06-05 22:04 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
 
==================== One Month Modified Files and Folders =======
 
2014-07-04 11:56 - 2014-07-04 11:56 - 00000000 ____D () C:\FRST
2014-07-04 11:56 - 2014-07-04 11:49 - 00000000 ____D () C:\Users\Laptop\Desktop\Malwarebytes
2014-07-04 11:48 - 2014-05-12 20:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-04 11:48 - 2014-05-12 20:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 11:48 - 2014-05-12 20:40 - 00000000 ____D () C:\Users\Laptop\Documents\Youcam
2014-07-04 11:47 - 2014-05-25 18:43 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-07-04 11:47 - 2013-12-23 16:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 12:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-03 10:36 - 2014-05-23 13:08 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForLaptop.job
2014-07-03 10:29 - 2014-05-12 20:33 - 01489731 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 10:23 - 2009-07-14 00:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 10:23 - 2009-07-14 00:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 10:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 10:16 - 2009-07-14 00:51 - 00048740 _____ () C:\Windows\setupact.log
2014-07-01 22:07 - 2014-05-23 13:07 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-01 22:07 - 2014-05-23 13:07 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-01 20:58 - 2014-05-12 20:39 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{81C4B396-FEFE-41B9-83B0-9EF8BBF1EC44}
2014-06-29 14:37 - 2014-06-29 14:37 - 00001786 _____ () C:\Users\Laptop\Downloads\Fundraising_2014.csv
2014-06-29 14:11 - 2014-06-28 10:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 13:18 - 2014-06-28 10:52 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-29 13:02 - 2014-06-29 13:02 - 00000655 _____ () C:\Users\Laptop\Desktop\cameleon test 1 after timeout.txt
2014-06-28 11:04 - 2014-06-28 11:04 - 00000000 ____D () C:\Users\Laptop\Downloads\chameleon
2014-06-28 11:03 - 2014-06-28 11:03 - 04872677 _____ () C:\Users\Laptop\Downloads\mbam-chameleon-3.1.4.0.zip
2014-06-28 10:52 - 2014-06-28 10:52 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 10:52 - 2014-06-28 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 10:52 - 2014-06-28 10:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 10:52 - 2014-06-28 10:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 10:51 - 2014-06-28 10:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Laptop\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-06-28 10:48 - 2014-06-14 11:14 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-198528947-600383985-1673766480-1000
2014-06-28 10:48 - 2014-06-14 11:14 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-198528947-600383985-1673766480-1000
2014-06-28 10:48 - 2010-11-20 23:47 - 00179036 _____ () C:\Windows\PFRO.log
2014-06-28 10:45 - 2014-06-28 10:45 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Laptop\Downloads\mbam-clean-2.0.2.0.exe
2014-06-28 10:05 - 2014-06-28 10:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Laptop\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-06-28 10:01 - 2014-06-28 10:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Laptop\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-28 09:59 - 2014-06-28 09:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Laptop\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-28 09:53 - 2014-05-17 18:22 - 00000000 ____D () C:\temp
2014-06-25 22:27 - 2014-06-06 22:25 - 00000000 ____D () C:\Program Files (x86)\ACD Systems
2014-06-25 19:37 - 2014-06-25 19:37 - 00000378 _____ () C:\Windows\Tasks\ReclaimerResumeInstall_Laptop.job
2014-06-25 19:37 - 2014-06-14 11:12 - 00000000 ____D () C:\ProgramData\Real
2014-06-25 19:37 - 2014-06-14 11:11 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Real
2014-06-22 09:54 - 2014-06-22 09:45 - 00000388 _____ () C:\Windows\CDPlayer.ini
2014-06-22 09:53 - 2014-06-22 09:53 - 00003024 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp FLAC Codec.dat
2014-06-22 09:52 - 2014-06-22 09:53 - 00033846 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2014-06-22 09:52 - 2014-06-22 09:52 - 00522928 _____ () C:\Users\Laptop\Downloads\dBpoweramp-Codec-FLAC.exe
2014-06-22 09:52 - 2014-06-08 12:22 - 00522928 _____ () C:\Windows\SysWOW64\SpoonUninstall.exe
2014-06-22 08:38 - 2014-06-22 08:38 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Laptop\Downloads\revosetup.exe
2014-06-22 08:38 - 2014-06-22 08:38 - 00001264 _____ () C:\Users\Laptop\Desktop\Revo Uninstaller.lnk
2014-06-22 08:38 - 2014-06-22 08:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-22 08:37 - 2014-05-18 11:55 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-06-20 16:36 - 2014-05-23 13:08 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLaptop
2014-06-18 22:22 - 2011-02-10 15:23 - 00000000 ____D () C:\SWSetup
2014-06-18 21:43 - 2014-06-18 21:43 - 00012335 _____ () C:\Users\Laptop\Downloads\Sponsors_2013.csv
2014-06-18 20:30 - 2014-06-18 20:30 - 00000000 ____D () C:\Users\Carol\AppData\Roaming\Real
2014-06-18 20:30 - 2014-05-16 10:39 - 00000000 ____D () C:\Users\Carol\Documents\Youcam
2014-06-16 20:02 - 2014-05-13 21:26 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Windows Live Writer
2014-06-14 15:59 - 2014-05-12 20:52 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-14 15:59 - 2014-05-12 20:52 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-14 12:33 - 2014-06-02 21:35 - 00000000 ____D () C:\Users\Laptop\Documents\filelib
2014-06-14 11:39 - 2009-07-14 01:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-14 11:14 - 2014-06-14 11:14 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\RealNetworks
2014-06-14 11:12 - 2014-06-14 11:12 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-06-14 11:12 - 2014-06-14 11:12 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-06-14 11:12 - 2014-06-14 11:12 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2014-06-14 11:12 - 2014-06-14 11:12 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2014-06-14 11:12 - 2014-06-14 11:12 - 00001264 _____ () C:\Users\Public\Desktop\RealPlayer.lnk
2014-06-14 11:12 - 2014-06-14 11:12 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-06-14 11:12 - 2014-06-14 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-06-14 11:12 - 2014-06-14 11:12 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-06-14 11:12 - 2014-06-14 11:12 - 00000000 ____D () C:\Program Files (x86)\Real
2014-06-14 11:12 - 2003-03-18 20:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-06-14 11:11 - 2014-06-14 11:03 - 38501472 _____ (RealNetworks, Inc.) C:\Users\Laptop\Downloads\RealPlayer.exe
2014-06-14 09:17 - 2014-05-16 08:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-14 09:15 - 2014-05-16 08:29 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-14 09:13 - 2014-05-15 22:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-13 16:18 - 2014-06-13 16:18 - 00000861 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-06-08 15:32 - 2014-06-08 15:32 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-08 15:32 - 2014-06-08 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-08 15:31 - 2014-06-08 15:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-08 15:31 - 2014-06-08 15:31 - 00000000 ____D () C:\Program Files\iTunes
2014-06-08 15:31 - 2014-06-08 15:31 - 00000000 ____D () C:\Program Files\iPod
2014-06-08 15:31 - 2014-06-08 15:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-08 12:28 - 2014-06-08 12:28 - 00001834 _____ () C:\Users\Laptop\Desktop\dBpowerAMP Music Converter.lnk
2014-06-08 12:28 - 2014-06-08 12:28 - 00001834 _____ () C:\Users\Carol\Desktop\dBpowerAMP Music Converter.lnk
2014-06-08 12:28 - 2014-06-08 12:28 - 00001818 _____ () C:\Users\Laptop\Desktop\dMC Audio CD Input.lnk
2014-06-08 12:28 - 2014-06-08 12:28 - 00001818 _____ () C:\Users\Carol\Desktop\dMC Audio CD Input.lnk
2014-06-08 12:22 - 2014-06-08 12:22 - 00036610 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpowerAMP Music Converter.dat
2014-06-08 12:22 - 2014-06-08 12:22 - 00033846 _____ () C:\Windows\SysWOW64\SpoonUninstall-dBpowerAMP Music Converter.bmp
2014-06-08 12:22 - 2014-06-08 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpowerAMP Music Converter
2014-06-08 12:22 - 2014-06-08 12:22 - 00000000 ____D () C:\Program Files (x86)\Illustrate
2014-06-08 11:57 - 2014-06-08 11:57 - 01111445 _____ () C:\Users\Laptop\Downloads\pmc-badge-pms.ai
2014-06-08 11:06 - 2014-06-08 11:06 - 00000039 _____ () C:\Users\Laptop\Downloads\wumbfast.ram
2014-06-08 11:06 - 2014-06-08 11:06 - 00000039 _____ () C:\Users\Laptop\Downloads\wumbfast.asx
2014-06-08 05:13 - 2014-06-13 16:24 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-13 16:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 22:25 - 2014-06-06 22:25 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\ACD Systems
2014-06-06 22:25 - 2014-06-06 22:25 - 00000000 ____D () C:\Users\Laptop\AppData\Local\ACD Systems
2014-06-06 22:23 - 2014-06-06 22:23 - 12986768 _____ () C:\Users\Laptop\Downloads\acdsee-free.exe
2014-06-06 22:22 - 2014-06-06 22:22 - 00656864 _____ () C:\Users\Laptop\Downloads\acdseefree-setup.exe
2014-06-06 22:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2014-06-06 22:17 - 2014-06-06 22:17 - 00357704 _____ (Softonic) C:\Users\Laptop\Downloads\SoftonicDownloader_for_acdsee-free.exe
2014-06-05 22:08 - 2013-12-23 16:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-06-05 22:08 - 2013-12-23 16:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-05 22:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2014-06-05 22:05 - 2013-12-23 16:30 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-05 22:04 - 2014-06-05 22:04 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-06-05 22:03 - 2014-05-12 20:37 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\hpqlog
2014-06-05 22:03 - 2013-12-23 16:39 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
 
Some content of TEMP:
====================
C:\Users\Laptop\AppData\Local\Temp\Extract.exe
C:\Users\Laptop\AppData\Local\Temp\file_140724.exe
C:\Users\Laptop\AppData\Local\Temp\file_3798607242.exe
C:\Users\Laptop\AppData\Local\Temp\file_to_run551785.exe
C:\Users\Laptop\AppData\Local\Temp\file_to_run551960.exe
C:\Users\Laptop\AppData\Local\Temp\nsd5AFF.exe
C:\Users\Laptop\AppData\Local\Temp\nsd67E.exe
C:\Users\Laptop\AppData\Local\Temp\nsdCCF7.exe
C:\Users\Laptop\AppData\Local\Temp\nsdD2C2.exe
C:\Users\Laptop\AppData\Local\Temp\nsdD655.exe
C:\Users\Laptop\AppData\Local\Temp\nsk1900.exe
C:\Users\Laptop\AppData\Local\Temp\nsn5EE6.exe
C:\Users\Laptop\AppData\Local\Temp\nsoDA3D.exe
C:\Users\Laptop\AppData\Local\Temp\nst2E5.exe
C:\Users\Laptop\AppData\Local\Temp\SHSetup.exe
C:\Users\Laptop\AppData\Local\Temp\sp64126.exe
C:\Users\Laptop\AppData\Local\Temp\SP64996.exe
C:\Users\Laptop\AppData\Local\Temp\SP66686.exe
C:\Users\Laptop\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Laptop\AppData\Local\Temp\_is8CED.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-03 10:51
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by Laptop at 2014-07-04 11:57:21
Running from C:\Users\Laptop\Desktop\Malwarebytes
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite HL-2280DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.5.6902 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.5.3416 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.2.3302 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dBpoweramp FLAC Codec (HKLM-x32\...\dBpoweramp FLAC Codec) (Version: Release 14 (FLAC 1.2.1) - Illustrate)
dBpowerAMP Music Converter (HKLM-x32\...\dBpowerAMP Music Converter) (Version:  - )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E1ACF120-CD69-47F0-B202-9A4B95C436D8}) (Version: 5.1.5 - Hewlett-Packard)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Extended Update (HKCU\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{5B6F604A-7144-40C1-B73C-20781779B944}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Postscript Converter (Version: 4.5.12202 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{DB97D0DE-0AA1-413C-8398-92C7FA3F4A67}) (Version: 4.6.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.1.1000 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
13-06-2014 20:27:27 Windows Update
14-06-2014 13:12:59 Windows Update
18-06-2014 11:25:22 Windows Update
19-06-2014 02:21:19 HPSF Applying updates
21-06-2014 16:34:08 Windows Update
22-06-2014 12:36:16 Removed SpyHunter
25-06-2014 23:47:37 Windows Update
29-06-2014 16:26:21 Windows Update
03-07-2014 14:19:55 Windows Update
03-07-2014 14:28:45 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0A2D141A-2A0A-4187-81D2-4FD3777A751C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {1E739FCD-C9BE-4059-9E5F-58BCD3D2A198} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {3D8B4FEC-01D8-474F-B894-3C0CBF511D87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4A0AFCF0-EBC1-4A95-AFD6-89E824705246} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe
Task: {624DD72F-A21A-47BF-A6DB-3D3A67280CF8} - System32\Tasks\UpdaterEX => C:\Users\Laptop\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6A65DFD5-A932-47A0-8EA1-3D8B86818514} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {6FB5CD3D-0277-4393-8C97-ED394D0A63B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-23] (Adobe Systems Incorporated)
Task: {8137E433-8CC2-4A31-9C2C-3B90B0058848} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: {862D50A1-CFE2-499E-8E3B-13DE0CB294C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {86D56B4E-607D-4CBB-AD6E-50897CB5BE39} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-04-25] () <==== ATTENTION
Task: {90660734-5CAB-456D-BCC2-EF7D507B9631} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {B84CA084-6D2A-40CA-9406-DFE2451B2739} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: {CDC6F4B2-6E91-4CC9-A4F2-D81F41989594} - System32\Tasks\HPCeeScheduleForLaptop => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {DA38AE83-0341-4917-A7B0-566D83BF6B91} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-198528947-600383985-1673766480-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DC7DD872-8CA8-46CE-9962-6E787F0442A5} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {E4645894-69DF-4BD4-941E-868C36AC7015} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E4B0851E-FB58-4C29-B05D-EBF6BA03270F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-198528947-600383985-1673766480-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F0D34CEE-289B-41D7-AD57-C7E44A6790AC} - System32\Tasks\{6E5DD548-B1F2-4520-9B96-81E080B5FEE9} => C:\Program Files (x86)\Exact Audio Copy\Flac\flac.exe [2007-09-17] ()
Task: {F8E3E761-DB15-4976-B0E7-9F21B4B69AC0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLaptop.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ReclaimerResumeInstall_Laptop.job => C:\Users\Laptop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Laptop\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-25 04:13 - 2014-04-25 04:13 - 00249024 _____ () C:\Program Files\pcreg\pcreg.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-28 14:44 - 2013-09-03 21:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-05-16 17:55 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-12-28 15:05 - 2013-08-05 03:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 19:48 - 2013-08-05 19:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2014-06-13 17:00 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 17:00 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-13 17:00 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 17:00 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 17:00 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/03/2014 10:53:38 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/03/2014 10:18:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/01/2014 08:55:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/29/2014 01:53:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 198012
 
Error: (06/29/2014 01:53:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 198012
 
Error: (06/29/2014 01:53:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/29/2014 01:53:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 196967
 
Error: (06/29/2014 01:53:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 196967
 
Error: (06/29/2014 01:53:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/29/2014 01:50:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4071
 
 
System errors:
=============
Error: (07/04/2014 11:53:46 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Connect Now - Config Registrar service terminated with service-specific error %%-2147024662.
 
Error: (07/04/2014 11:48:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147467259
 
Error: (07/04/2014 11:48:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147467259
 
Error: (07/03/2014 10:16:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147467259
 
Error: (07/01/2014 08:55:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147467259
 
Error: (07/01/2014 08:55:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147467259
 
Error: (07/01/2014 08:55:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147467259
 
Error: (06/29/2014 01:53:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147467259
 
Error: (06/29/2014 01:53:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147467259
 
Error: (06/29/2014 01:01:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Connect Now - Config Registrar service terminated with service-specific error %%-2147024662.
 
 
Microsoft Office Sessions:
=========================
Error: (07/03/2014 10:53:38 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (07/03/2014 10:18:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/01/2014 08:55:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/29/2014 01:53:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 198012
 
Error: (06/29/2014 01:53:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 198012
 
Error: (06/29/2014 01:53:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/29/2014 01:53:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 196967
 
Error: (06/29/2014 01:53:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 196967
 
Error: (06/29/2014 01:53:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/29/2014 01:50:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4071
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 28%
Total physical RAM: 8126.3 MB
Available physical RAM: 5841.34 MB
Total Pagefile: 16250.77 MB
Available Pagefile: 13958.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:676.44 GB) (Free:615.08 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:21.9 GB) (Free:2.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 9561F80E)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Let me see those logs...

 

Kevin

 

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-07-2014

Ran by Laptop at 2014-07-04 15:45:07 Run:1

Running from C:\Users\Laptop\Desktop\Malwarebytes

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()

HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()

C:\Program Files\pcreg\service.exe

C:\Program Files\pcreg\pcreg.exe

C:\Program Files\pcreg

HKU\S-1-5-21-198528947-600383985-1673766480-1000\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()

HKU\S-1-5-21-198528947-600383985-1673766480-1000\...\MountPoints2: {fab71af2-dd46-11e3-a98d-a02bb852093d} - G:\IronKey.exe

ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

U3 McMPFSvc; 

U3 McNaiAnn; 

U3 mfecore; 

U3 MSK80Service; 

C:\Users\Laptop\AppData\Local\Temp\Extract.exe

C:\Users\Laptop\AppData\Local\Temp\file_140724.exe

C:\Users\Laptop\AppData\Local\Temp\file_3798607242.exe

C:\Users\Laptop\AppData\Local\Temp\file_to_run551785.exe

C:\Users\Laptop\AppData\Local\Temp\file_to_run551960.exe

C:\Users\Laptop\AppData\Local\Temp\nsd5AFF.exe

C:\Users\Laptop\AppData\Local\Temp\nsd67E.exe

C:\Users\Laptop\AppData\Local\Temp\nsdCCF7.exe

C:\Users\Laptop\AppData\Local\Temp\nsdD2C2.exe

C:\Users\Laptop\AppData\Local\Temp\nsdD655.exe

C:\Users\Laptop\AppData\Local\Temp\nsk1900.exe

C:\Users\Laptop\AppData\Local\Temp\nsn5EE6.exe

C:\Users\Laptop\AppData\Local\Temp\nsoDA3D.exe

C:\Users\Laptop\AppData\Local\Temp\nst2E5.exe

C:\Users\Laptop\AppData\Local\Temp\SHSetup.exe

C:\Users\Laptop\AppData\Local\Temp\sp64126.exe

C:\Users\Laptop\AppData\Local\Temp\SP64996.exe

C:\Users\Laptop\AppData\Local\Temp\SP66686.exe

C:\Users\Laptop\AppData\Local\Temp\UninstallHPSA.exe

C:\Users\Laptop\AppData\Local\Temp\_is8CED.exe

Extended Update (HKCU\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION

Task: {624DD72F-A21A-47BF-A6DB-3D3A67280CF8} - System32\Tasks\UpdaterEX => C:\Users\Laptop\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {86D56B4E-607D-4CBB-AD6E-50897CB5BE39} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-04-25] () <==== ATTENTION

Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Laptop\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

End

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.

C:\Program Files\pcreg\service.exe => Moved successfully.

C:\Program Files\pcreg\pcreg.exe => Moved successfully.

C:\Program Files\pcreg => Moved successfully.

HKU\S-1-5-21-198528947-600383985-1673766480-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.

'HKU\S-1-5-21-198528947-600383985-1673766480-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fab71af2-dd46-11e3-a98d-a02bb852093d}' => Key deleted successfully.

'HKCR\CLSID\{fab71af2-dd46-11e3-a98d-a02bb852093d}'=> Key not found.

'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1' => Key deleted successfully.

'HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.

'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2' => Key deleted successfully.

'HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.

'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3' => Key deleted successfully.

'HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.

'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1' => Key deleted successfully.

'HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.

'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2' => Key deleted successfully.

'HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.

'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3' => Key deleted successfully.

'HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.

McMPFSvc => Service deleted successfully.

McNaiAnn => Service deleted successfully.

mfecore => Service deleted successfully.

MSK80Service => Service deleted successfully.

C:\Users\Laptop\AppData\Local\Temp\Extract.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\file_140724.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\file_3798607242.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\file_to_run551785.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\file_to_run551960.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\nsd5AFF.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\nsd67E.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\nsdCCF7.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\nsdD2C2.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\nsdD655.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\nsk1900.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\nsn5EE6.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\nsoDA3D.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\nst2E5.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\SHSetup.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\sp64126.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\SP64996.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\SP66686.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.

C:\Users\Laptop\AppData\Local\Temp\_is8CED.exe => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{624DD72F-A21A-47BF-A6DB-3D3A67280CF8}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{624DD72F-A21A-47BF-A6DB-3D3A67280CF8}' => Key deleted successfully.

C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86D56B4E-607D-4CBB-AD6E-50897CB5BE39}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86D56B4E-607D-4CBB-AD6E-50897CB5BE39}' => Key deleted successfully.

C:\Windows\System32\Tasks\pcreg => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg' => Key deleted successfully.

C:\Windows\Tasks\UpdaterEX.job => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

# AdwCleaner v3.214 - Report created 04/07/2014 at 15:50:13

# Updated 29/06/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Laptop - LAPTOP-HP

# Running from : C:\Users\Laptop\Desktop\Malwarebytes\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Laptop\AppData\Roaming\UpdaterEX

Folder Deleted : C:\Users\Laptop\Documents\PC Speed Maximizer

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\UpdaterEX

Key Deleted : HKLM\Software\installedbrowserextensions

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17126

 

 

-\\ Google Chrome v35.0.1916.153

 

[ File : C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

[ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [2067 octets] - [04/07/2014 15:49:27]

AdwCleaner[s0].txt - [1792 octets] - [04/07/2014 15:50:13]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1852 octets] ##########
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Laptop on Fri 07/04/2014 at 15:59:16.12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{73753692-A863-4C62-8E73-E9255D9203D1}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{73753692-A863-4C62-8E73-E9255D9203D1}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 07/04/2014 at 16:05:06.67

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Usually logs I work with similar problems to you are fixed with malware/infection removal and/or a fresh clean install of Malwarebytes. There have also been software clashes, and security clashes

 

I`ve never heard of any undiagnosed problems related to MB. One point, i`m not a staff member of this forum, the majority of helpers are the same as me, a volunteer...

 

What exactly is the error message you get when you try to download new definitions, post a screen shot if possible or post the error codes if applicable...

 

Run your system in a "Clean Boot" mode, then try to update Malwarebytes, any improvement?

 

The instructions are at this link: http://support.microsoft.com/kb/929135  Expand "How to perform a clean boot" then the option for Windows 7. Aclean boot turns off all none MS services, make sure any related to you internet connection are left running...

 

Kevin

Link to post
Share on other sites

I have the free version. Got the same error in Safe Mode. The problem started in June when MS-Security Essentials detected a threat ( see attached).  I then started a MBAM scan and as part of that process MBAM was updated to the current version.  This is the version that fails to work. The previous version I had was working.

post-167947-0-54473400-1404820526_thumb.

Link to post
Share on other sites

Thanks for the update, I do believe a standard definition update would create the issue we see at the moment. Since using FRST we have done a clean reinstall, and also run a Clean Boot to stop all 3rd party services in case there was software clash. It is starting to indicate a possibility that there may still be an infection on your system.

 

To rule out that possibility run the following:

 

Please download aswMBR from here: http://files.avast.com/files/rootkit-scanner/aswmbr.exe Save to your desktop.

  • Double click theaswMBR.exe icon, and click Run
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.



Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

Next,

 

Download TDSSKiller and save it to your Desktop.

 

Make sure TDSSKiller.exe  is on the Desktop itself, not within a folder on the desktop.

 

Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

 

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

 

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.

If Malicious objects are found, do NOT select Delete or Cure. Change the action to Skip, When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

 

Thank you,

 

Kevin....

Link to post
Share on other sites

 aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software

Run date: 2014-07-08 21:40:33

-----------------------------

21:40:33.803    OS Version: Windows x64 6.1.7601 Service Pack 1

21:40:33.803    Number of processors: 4 586 0x4501

21:40:33.804    ComputerName: LAPTOP-HP  UserName: Laptop

21:40:35.191    Initialize success

21:40:35.300    VM: initialized successfully

21:40:35.320    VM: Intel CPU BiosDisabled

21:40:41.032    VM: disk I/O iaStorA.sys

21:55:28.362    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061

21:55:28.371    Disk 0 Vendor: ST750LM0 2BA3 Size: 715404MB BusType: 8

21:55:28.510    Disk 0 MBR read successfully

21:55:28.515    Disk 0 MBR scan

21:55:28.520    Disk 0 Windows 7 default MBR code

21:55:28.526    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048

21:55:28.531    Disk 0 default boot code

21:55:28.539    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       692674 MB offset 409600

21:55:28.565    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        22427 MB offset 1419005952

21:55:28.590    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      102 MB offset 1464936448

21:55:28.628    Disk 0 scanning C:\Windows\system32\drivers

21:55:35.436    Service scanning

21:55:49.204    Modules scanning

21:55:49.214    Disk 0 trace - called modules:

21:55:49.244    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStorF.sys storport.sys hal.dll iaStorA.sys

21:55:49.254    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082a8060]

21:55:49.262    3 CLASSPNP.SYS[fffff880015c843f] -> nt!IofCallDriver -> [0xfffffa8007f07950]

21:55:49.271    5 hpdskflt.sys[fffff880017e042b] -> nt!IofCallDriver -> [0xfffffa8007f06a90]

21:55:49.280    7 iaStorF.sys[fffff88001813f84] -> nt!IofCallDriver -> \Device\00000061[0xfffffa8007d78060]

21:55:49.289    Scan finished successfully

21:56:08.788    Disk 0 MBR has been saved successfully to "C:\Users\Laptop\Desktop\MBR.dat"

21:56:08.842    The log file has been saved successfully to "C:\Users\Laptop\Desktop\aswMBR.txt"

Link to post
Share on other sites

Not really sure what HP Support Assistant is or what it does, I would have thought it probably was disabled when your system was in a "Clean Boot" mode, MB failed in that mode. The only way to find out is to totally disable HPSA and try MB again..

 

With HPSA totally disabled uninstall Malwarebytes via programs and features, re-boot. (It is essential to re-boot) If HPSA is re-enabled after reboot ensure to totally disable again, Next:

 

Download and run mbam-clean from this link http://www.malwarebytes.org/mbam-clean.exe Another re-boot should happen, if not please do that yourself. Next,

 

Download a fresh version of Mlawarebytes from here: http://www.malwarebytes.org/mwb-download/

 

When the install completes open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 1 month later...

I am now ready to continue finding a solution to my problem.  I followed the directions in the last post, totally removed HP Support Assistant from PC, rebooted, removed MWB, rebooted, ran the cleanup program, rebooted, installed the latest version of  MWB- still the same error message when MWB tries to update itself.  What next?

Link to post
Share on other sites

If your login account does not have administrator level rights, then before starting MBAM, do this:  Locate the shortcut link Right-click the icon and select Run as Administrator and allow to run  ( answer YES).

 

If you have both realtime protection as well as self-protection selected in MBAM, you need to first turn off the self-protection using the programs Settings >>Advanced Settings screen.

 

Next, ( but only if the program is running) let's shutdown the realtime Malwarebytes Anti-Malware. Go to the desktop Taskbar. See the blue-color MBAM icon in the notification area.

 

Do a Right-click on it with your mouse, and select EXIT.

 

{ if you are only running the Free mode program, you will not see that, so in that case you can ignore that step.}.

 

If you are unable to update Malwarebytes Anti-Malware's database, please follow the steps below :

 

1: Download the netconf replacement tool from the link below:

 

https://malwarebytes.box.com/shared/static/4pro228sfm3mzl3f7eyl.zip

 

2: Unzip the zip file to Extract the "Net Conf Fix" folder on your desktop.

 

3: Once extracted, open the **Net Conf Fix** folder.

 

4: Double click on the net-replacement.bat file. If you are using Windows Vista or higher, please Right-click the net-replacement.bat file and click Run as Administrator from the menu.

 

5: After the tool has run, launch Malwarebytes Anti-Malware and click Update Now

 

Let me know if you are able to update the database after running this tool.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.