Makaveli Posted July 5, 2014 ID:849508 Share Posted July 5, 2014 Hey all, I've been using Malwarebytes for quite some time now, and this is my first time encountering any type of problem with it. I tried the clean uninstall / reinstall with no success. It won't even begin scanning before it says that the program has stopped working.I've been doing some research here on the forums and saw that diagnostic logs are a good way to find the cause of the error...so here are mine.. I will also attach the mbam-check log...I'm a bit of a noob with all of this so hopefully I've done it correctly... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01Ran by HP (administrator) on HP-ELITE on 05-07-2014 13:19:00Running from C:\Users\HP\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe() C:\Program Files\pcreg\pcreg.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-08-24] (Hewlett-Packard )HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation)HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134416 2007-04-11] (Logitech Inc.)HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-06-01] ()HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exeHKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)HKLM-x32\...\Run: [fst_us_113] => [X]HKLM-x32\...\Run: [t4pc_en_6] => [X]Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKLM\...\Policies\Explorer: [HideSCAHealth] 1HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-4135122001-3849731273-3069520198-1000\...\Run: [GoogleChromeAutoLaunch_AF07ADB424B82216064A05A2CAB71EA4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)HKU\S-1-5-21-4135122001-3849731273-3069520198-1000\...\Run: [GetNowUpdater] => "C:\Users\HP\AppData\Roaming\GetNowUpdater\update.0\bin\GetNowUpdater.exe" /autoupdateHKU\S-1-5-21-4135122001-3849731273-3069520198-1000\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-4135122001-3849731273-3069520198-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exeHKU\S-1-5-21-4135122001-3849731273-3069520198-1000\...\MountPoints2: K - K:\HTC_Sync_Manager_PC.exeHKU\S-1-5-21-4135122001-3849731273-3069520198-1000\...\MountPoints2: {130b5a50-4e1f-11e2-8d85-806e6f6e6963} - F:\HTC_Sync_Manager_PC.exeHKU\S-1-5-21-4135122001-3849731273-3069520198-1000\...\MountPoints2: {130b5a8d-4e1f-11e2-8d85-446d57853d5b} - F:\HTC_Sync_Manager_PC.exeHKU\S-1-5-21-4135122001-3849731273-3069520198-1000\...\MountPoints2: {5df4381c-c8c3-11e2-8ee8-446d57853d5b} - K:\HTC_Sync_Manager_PC.exeHKU\S-1-5-21-4135122001-3849731273-3069520198-1000\...\MountPoints2: {63cf54f1-613c-11e2-ab5c-446d57853d5b} - F:\HTC_Sync_Manager_PC.exeHKU\S-1-5-21-4135122001-3849731273-3069520198-1000\...\MountPoints2: {c4020ac7-8326-11e2-8c8f-446d57853d5b} - F:\HTC_Sync_Manager_PC.exeHKU\S-1-5-21-4135122001-3849731273-3069520198-1000\...\MountPoints2: {e7643abc-4ad9-11e2-9daf-446d57853d5b} - J:\HTC_Sync_Manager_PC.exeAppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not FoundShellIconOverlayIdentifiers: 4SyncIconOverlayEnable -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => C:\PROGRA~2\4Sync\ShellExt.dll No FileShellIconOverlayIdentifiers: 4SyncIconOverlayError -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\PROGRA~2\4Sync\ShellExt.dll No FileShellIconOverlayIdentifiers: 4SyncIconOverlayOk -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\PROGRA~2\4Sync\ShellExt.dll No FileShellIconOverlayIdentifiers: 4SyncIconOverlayUpdate -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\PROGRA~2\4Sync\ShellExt.dll No FileGroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4FA754BDA16ACD01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?type=hp&ts=1401661285&from=vtt&uid=M4-CT128M4SSD2_000000001223090C806F&i=psd&t=3437489f6HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1401661285&from=vtt&uid=M4-CT128M4SSD2_000000001223090C806F&i=psd&t=3437489f6SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1401661285&from=vtt&uid=M4-CT128M4SSD2_000000001223090C806F&i=psd&t=3437489f6&q={searchTerms}SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1401661285&from=vtt&uid=M4-CT128M4SSD2_000000001223090C806F&i=psd&t=3437489f6&q={searchTerms}SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {6F6E96E1-E003-422B-96C9-34986317716D} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtDtCzyyCtDtC0F0A0CtN0D0Tzu0SyByEyBtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=100941819&ir=SearchScopes: HKCU - {ECA220AD-E59B-4CF6-804F-191940C3E317} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140519,19669,0,GC34,7743SearchScopes: HKCU - {F2C7AC5C-B9C3-44BA-B644-A73511ED08E3} URL = http://www.mysearchresults.com/search?&c=2646&t=03&q={searchTerms}BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} Hosts: 54.221.22.25 epjpfmkiegfpfhiaohimeiamofnpdkgjTcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No FileFF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\HP\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-08] Chrome: =======CHR HomePage: hxxp://verizon.yahoo.com/CHR StartupUrls: "hxxp://verizon.yahoo.com/"CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (Google Wallet) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\HP\AppData\Local\speedial.crx [2013-08-21]CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\HP\AppData\Local\mysearchdial-speeddial.crx [2013-08-21]CHR HKCU\...\Chrome\Extension: [jeedhehdfjahfpjhaedmaohbfcdkoolg] - C:\Users\HP\AppData\Local\CRE\jeedhehdfjahfpjhaedmaohbfcdkoolg.crx [2013-01-16]CHR HKLM-x32\...\Chrome\Extension: [jeedhehdfjahfpjhaedmaohbfcdkoolg] - C:\Users\HP\AppData\Local\CRE\jeedhehdfjahfpjhaedmaohbfcdkoolg.crx [2013-01-16] ==================== Services (Whitelisted) ================= S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-07-16] (Nero AG)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-04-10] (Intel Corporation)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed]R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-07-31] ()R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-02-20] (Razer, Inc.)S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X] ==================== Drivers (Whitelisted) ==================== R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-05] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)R1 MpKsl37c42c89; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A14E5922-42E0-4ED6-AFF7-6A7702EF9666}\MpKsl37c42c89.sys [45352 2014-07-05] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-02-20] (Razer, Inc.)S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-14] (Razer Inc)R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2014-02-20] (Razer, Inc.)S3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [34984 2013-11-14] (Razer Inc) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-05 13:19 - 2014-07-05 13:19 - 00019255 _____ () C:\Users\HP\Downloads\FRST.txt2014-07-05 13:18 - 2014-07-05 13:19 - 00000000 ____D () C:\FRST2014-07-05 13:18 - 2014-07-05 13:18 - 02084352 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe2014-07-05 13:07 - 2014-07-05 13:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-05 13:05 - 2014-07-05 13:05 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-05 13:05 - 2014-07-05 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-05 13:05 - 2014-07-05 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-05 13:05 - 2014-07-05 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-05 13:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-05 13:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-05 13:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-07-05 13:04 - 2014-07-05 13:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\HP\Downloads\mbam-setup-2.0.2.1012 (2).exe2014-07-05 13:01 - 2014-07-05 13:01 - 00321848 _____ (Malwarebytes Corporation) C:\Users\HP\Downloads\mbam-clean-2.1.1.1001.exe2014-07-05 12:41 - 2014-07-05 12:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\HP\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-07-05 12:35 - 2014-07-05 12:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\HP\Downloads\mbam-setup-2.0.2.1012.exe2014-06-27 14:36 - 2014-06-26 10:34 - 00464160 _____ (Sendori) C:\Windows\system32\Sendori64.dll2014-06-22 21:28 - 2014-06-22 21:28 - 697332780 _____ () C:\Users\HP\Downloads\MY FAVORITE PAWG IN LEGGINGS EVER!.mp42014-06-22 11:36 - 2014-06-22 11:36 - 00000000 ____D () C:\Users\HP\AppData\Local\Adobe2014-06-20 12:09 - 2014-06-20 12:09 - 00000000 ____D () C:\Program Files (x86)\predm2014-06-20 12:07 - 2014-06-20 12:07 - 00000000 ____D () C:\ProgramData\3743113802014-06-20 12:05 - 2014-06-20 12:05 - 00003120 _____ () C:\Windows\System32\Tasks\{D0DAF671-2131-436B-9814-AC88968BB3A4}2014-06-20 12:04 - 2014-06-20 12:06 - 00000000 ____D () C:\Program Files (x86)\globalUpdate2014-06-20 12:04 - 2014-06-20 12:04 - 00000000 ____D () C:\Users\HP\AppData\Local\globalUpdate2014-06-20 12:04 - 2014-06-20 12:04 - 00000000 ____D () C:\Users\HP\AppData\Local\com2014-06-20 12:03 - 2014-06-20 12:03 - 01390920 _____ () C:\Users\HP\Downloads\Setup.exe2014-06-20 12:03 - 2014-06-20 12:03 - 01390920 _____ () C:\Users\HP\Downloads\Setup (1).exe2014-06-20 07:01 - 2014-06-20 07:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c9028ba18b0.job2014-06-17 22:18 - 2014-06-17 22:18 - 00000003 _____ () C:\Users\HP\AppData\Local\proxy.log2014-06-12 22:34 - 2014-06-12 22:34 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Oracle2014-06-12 22:33 - 2014-06-12 22:33 - 00005499 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log2014-06-12 22:33 - 2014-06-12 22:33 - 00000000 ____D () C:\Windows\Sun2014-06-12 22:33 - 2014-06-12 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-06-12 22:19 - 2014-06-12 22:19 - 00284224 _____ (Mozilla) C:\Users\HP\Downloads\Firefox Setup Stub 30.0.exe2014-06-11 15:24 - 2014-05-28 11:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-06-11 15:24 - 2014-05-28 11:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-06-11 15:24 - 2014-05-28 11:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-06-11 15:24 - 2014-05-28 11:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-06-11 15:24 - 2014-05-28 11:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-06-11 15:24 - 2014-05-28 11:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-06-11 15:24 - 2014-05-28 11:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-06-11 15:24 - 2014-05-28 11:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-06-11 15:24 - 2014-05-28 11:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-06-11 15:24 - 2014-05-28 11:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-06-11 15:24 - 2014-05-28 11:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-06-11 15:24 - 2014-05-28 11:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-06-11 15:24 - 2014-05-28 11:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-06-11 15:24 - 2014-05-28 11:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-06-11 15:24 - 2014-05-28 11:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-06-11 15:24 - 2014-05-28 11:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-06-11 15:24 - 2014-05-28 11:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-06-11 15:24 - 2014-05-28 11:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-06-11 15:24 - 2014-05-28 11:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-06-11 15:24 - 2014-05-28 11:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-06-11 15:24 - 2014-05-28 11:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-06-11 15:24 - 2014-05-28 09:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-06-11 15:24 - 2014-05-28 09:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-06-11 15:24 - 2014-05-28 09:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-06-11 15:24 - 2014-05-28 09:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-06-11 15:24 - 2014-05-28 09:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-06-11 15:24 - 2014-05-28 09:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-06-11 15:24 - 2014-05-28 09:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-06-11 15:24 - 2014-05-28 09:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-06-11 15:24 - 2014-05-28 09:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-06-11 15:24 - 2014-05-28 09:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-06-11 15:24 - 2014-05-28 09:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-06-11 15:24 - 2014-05-28 09:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-06-11 15:24 - 2014-05-28 09:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-06-11 15:24 - 2014-05-28 09:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-06-11 15:24 - 2014-05-28 09:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2014-06-11 15:24 - 2014-05-28 09:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-06-11 15:24 - 2014-05-28 09:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-06-11 15:24 - 2014-05-28 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-06-11 15:24 - 2014-05-28 09:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2014-06-11 15:24 - 2014-05-28 09:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2014-06-11 15:24 - 2014-05-28 09:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-06-11 15:24 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-06-11 15:24 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll2014-06-11 15:24 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll2014-06-11 15:24 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll2014-06-11 15:24 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2014-06-11 15:24 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS2014-06-11 15:24 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll2014-06-11 15:24 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-06-11 15:24 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll2014-06-11 15:24 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-06-11 15:24 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2014-06-11 15:24 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-06-11 15:24 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll2014-06-11 15:24 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-06-11 15:24 - 2013-11-26 04:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys ==================== One Month Modified Files and Folders ======= 2014-07-05 13:19 - 2014-07-05 13:19 - 00019255 _____ () C:\Users\HP\Downloads\FRST.txt2014-07-05 13:19 - 2014-07-05 13:18 - 00000000 ____D () C:\FRST2014-07-05 13:18 - 2014-07-05 13:18 - 02084352 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe2014-07-05 13:14 - 2014-07-05 13:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-05 13:13 - 2009-07-13 21:45 - 00015136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-05 13:13 - 2009-07-13 21:45 - 00015136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-05 13:12 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-05 13:11 - 2014-04-29 00:40 - 00000000 ____D () C:\Program Files (x86)\Steam2014-07-05 13:09 - 2012-07-25 12:15 - 01803505 ____N () C:\Windows\WindowsUpdate.log2014-07-05 13:06 - 2013-02-28 11:44 - 00000000 ____D () C:\Users\HP\AppData\Local\HTC MediaHub2014-07-05 13:06 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-05 13:05 - 2014-07-05 13:05 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-05 13:05 - 2014-07-05 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-05 13:05 - 2014-07-05 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-05 13:05 - 2014-07-05 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-05 13:04 - 2014-07-05 13:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\HP\Downloads\mbam-setup-2.0.2.1012 (2).exe2014-07-05 13:01 - 2014-07-05 13:01 - 00321848 _____ (Malwarebytes Corporation) C:\Users\HP\Downloads\mbam-clean-2.1.1.1001.exe2014-07-05 12:50 - 2012-07-25 14:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-05 12:49 - 2014-05-14 22:48 - 00000280 _____ () C:\Windows\Tasks\MySearchDial.job2014-07-05 12:41 - 2014-07-05 12:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\HP\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-07-05 12:38 - 2012-07-25 12:16 - 00000000 ____D () C:\Users\HP2014-07-05 12:35 - 2014-07-05 12:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\HP\Downloads\mbam-setup-2.0.2.1012.exe2014-07-05 12:32 - 2012-07-25 22:33 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-05 12:29 - 2014-05-08 19:25 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys2014-07-05 11:58 - 2014-03-09 21:21 - 00000000 ____D () C:\Users\HP\AppData\Local\Battle.net2014-06-26 10:34 - 2014-06-27 14:36 - 00464160 _____ (Sendori) C:\Windows\system32\Sendori64.dll2014-06-25 19:27 - 2014-03-09 21:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-06-22 21:28 - 2014-06-22 21:28 - 697332780 _____ () C:\Users\HP\Downloads\MY FAVORITE PAWG IN LEGGINGS EVER!.mp42014-06-22 11:36 - 2014-06-22 11:36 - 00000000 ____D () C:\Users\HP\AppData\Local\Adobe2014-06-20 12:09 - 2014-06-20 12:09 - 00000000 ____D () C:\Program Files (x86)\predm2014-06-20 12:07 - 2014-06-20 12:07 - 00000000 ____D () C:\ProgramData\3743113802014-06-20 12:07 - 2013-01-22 12:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-06-20 12:06 - 2014-06-20 12:04 - 00000000 ____D () C:\Program Files (x86)\globalUpdate2014-06-20 12:05 - 2014-06-20 12:05 - 00003120 _____ () C:\Windows\System32\Tasks\{D0DAF671-2131-436B-9814-AC88968BB3A4}2014-06-20 12:04 - 2014-06-20 12:04 - 00000000 ____D () C:\Users\HP\AppData\Local\globalUpdate2014-06-20 12:04 - 2014-06-20 12:04 - 00000000 ____D () C:\Users\HP\AppData\Local\com2014-06-20 12:04 - 2013-12-04 23:33 - 00000000 _____ () C:\END2014-06-20 12:04 - 2012-07-25 13:33 - 00000000 ____D () C:\ProgramData\Temp2014-06-20 12:03 - 2014-06-20 12:03 - 01390920 _____ () C:\Users\HP\Downloads\Setup.exe2014-06-20 12:03 - 2014-06-20 12:03 - 01390920 _____ () C:\Users\HP\Downloads\Setup (1).exe2014-06-20 07:01 - 2014-06-20 07:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c9028ba18b0.job2014-06-18 15:12 - 2014-05-05 12:46 - 00000000 ____D () C:\Program Files (x86)\Bench2014-06-17 22:18 - 2014-06-17 22:18 - 00000003 _____ () C:\Users\HP\AppData\Local\proxy.log2014-06-17 22:18 - 2012-09-27 00:24 - 00000000 ____D () C:\temp2014-06-17 22:18 - 2009-07-13 22:08 - 00032570 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-06-13 08:53 - 2014-06-01 15:32 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-06-12 22:34 - 2014-06-12 22:34 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Oracle2014-06-12 22:33 - 2014-06-12 22:33 - 00005499 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log2014-06-12 22:33 - 2014-06-12 22:33 - 00000000 ____D () C:\Windows\Sun2014-06-12 22:33 - 2014-06-12 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-06-12 22:33 - 2013-12-04 23:26 - 00000000 ____D () C:\ProgramData\Oracle2014-06-12 22:33 - 2013-03-27 21:16 - 00000000 ____D () C:\Program Files (x86)\Java2014-06-12 22:28 - 2012-07-25 14:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-06-12 22:28 - 2012-07-25 14:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-06-12 22:28 - 2012-07-25 14:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-06-12 22:19 - 2014-06-12 22:19 - 00284224 _____ (Mozilla) C:\Users\HP\Downloads\Firefox Setup Stub 30.0.exe2014-06-12 03:02 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT2014-06-12 03:01 - 2012-07-25 12:53 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-28 00:20 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01Ran by HP at 2014-07-05 13:20:09Running from C:\Users\HP\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: - )Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)CPUID CPU-Z 1.61.3 (HKLM\...\CPUID CPU-Z_is1) (Version: - )EA SPORTS Game Face Browser Plugin 1.5.3.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.5.3.0 - Electronic Arts)eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenFL Studio 9 (HKLM-x32\...\FL Studio 9) (Version: - Image-Line)GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Hardcore (HKLM-x32\...\Hardcore) (Version: - Image-Line)iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) HiddenLogitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)MAGIX Goya burnR (MSI) (Version: 4.3.1.6 - MAGIX AG) HiddenMAGIX Music Maker 2013 (Version: 19.0.0.29 - MAGIX AG) HiddenMAGIX Music Maker 2013 Soundpools (Version: 1.0.0.0 - MAGIX AG) HiddenMAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft)Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) HiddenNVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) HiddenNVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) HiddenNVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) HiddenNVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)PoiZone (HKLM-x32\...\PoiZone) (Version: - Image-Line)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Sawer (HKLM-x32\...\Sawer) (Version: - Image-Line)SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) HiddenToxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version: - Image-Line)Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Vita 2 (Version: 1.0.0.0 - MAGIX AG) HiddenVita Rock Drums (Version: 1.0.0.0 - MAGIX AG) HiddenVita String Ensemble (Version: 1.0.0.0 - MAGIX AG) HiddenVLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION ==================== Restore Points ========================= 23-06-2014 18:40:41 Windows Update28-06-2014 05:55:14 Windows Update02-07-2014 05:37:34 Windows Update ==================== Hosts content: ========================== 2009-07-13 19:34 - 2014-05-05 12:46 - 00000871 ____A C:\Windows\system32\Drivers\etc\hosts54.221.22.25 epjpfmkiegfpfhiaohimeiamofnpdkgj ==================== Scheduled Tasks (whitelisted) ============= Task: {0C95CDC0-D893-42BF-A928-48E062EC2D07} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {0FB88ED8-705F-4AAD-B8E8-4796D1AA6C7B} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-05] (Microsoft Corporation)Task: {12F6A12A-76BD-42CB-B041-2A16A1CBAA74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)Task: {14B3278A-28FA-4B4D-B1DB-CC9410D8CB9D} - System32\Tasks\PCSpeedClean_Start => C:\Program Files (x86)\PC Speed Clean\PCSpeedClean.exeTask: {2313F634-C8D9-48D9-941F-727B8417D50B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {3CB955C6-BDC4-498A-8CB9-2AA200AD5058} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-06-01] () <==== ATTENTIONTask: {57537F23-2DCB-487C-B89C-C88C4487A02F} - System32\Tasks\Digital Sites => C:\Users\HP\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: {7A7E0A14-35E2-4E2B-AC63-EA3A7B3490B1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {7B5604C1-45F0-4EAF-96DA-B2E6D3C0BA50} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {E9A6B7F0-4CD0-404C-8012-343767067579} - System32\Tasks\PCSpeedClean_Popup => C:\Program Files (x86)\PC Speed Clean\Splash.exeTask: {ED942BBF-27AE-47FD-8977-26DB59BC51D5} - System32\Tasks\MySearchDial => C:\Users\HP\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: {F1B63059-C80B-4B0A-9666-AD751EB53CFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25] (Google Inc.)Task: {FEFAAE0B-998F-438B-9D6F-B109683308FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\Digital Sites.job => C:\Users\HP\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c9028ba18b0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\MySearchDial.job => C:\Users\HP\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2012-07-25 13:28 - 2014-05-19 18:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2012-10-08 17:04 - 2012-10-08 17:04 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe2014-04-25 01:13 - 2014-04-25 01:13 - 00249024 _____ () C:\Program Files\pcreg\pcreg.exe2012-07-25 20:46 - 2012-07-31 11:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2012-09-26 19:14 - 2012-09-26 19:14 - 00168864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2012-09-26 19:11 - 2012-09-26 19:11 - 00024496 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll2012-09-26 19:12 - 2012-09-26 19:12 - 00466256 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll2012-09-26 19:12 - 2012-09-26 19:12 - 00043944 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll2012-09-26 19:12 - 2012-09-26 19:12 - 00035776 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll2012-09-26 19:15 - 2012-09-26 19:15 - 00223152 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll2012-07-25 12:35 - 2012-04-10 21:13 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-06-13 08:53 - 2014-06-05 06:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll2014-06-13 08:53 - 2014-06-05 06:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll2014-06-13 08:53 - 2014-06-05 06:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll2014-06-13 08:53 - 2014-06-05 06:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll2014-06-13 08:53 - 2014-06-05 06:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:373E1720 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/05/2014 01:14:44 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1724Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3 Error: (07/05/2014 01:14:16 PM) (Source: Windows Search Service) (EventID: 1019) (User: )Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-4135122001-3849731273-3069520198-1000}/">. Error: (07/05/2014 01:11:44 PM) (Source: Windows Search Service) (EventID: 1019) (User: )Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-4135122001-3849731273-3069520198-1000}/">. Error: (07/05/2014 01:08:17 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0xa68Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3 Error: (07/05/2014 01:07:06 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0xc10Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3 Error: (07/05/2014 00:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x388Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3 Error: (07/05/2014 00:57:21 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x2f8Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3 Error: (07/05/2014 00:55:11 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1168Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3 Error: (07/05/2014 00:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x338Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3 Error: (07/05/2014 00:36:59 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x2538Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3 System errors:=============Error: (07/05/2014 01:06:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147467259 Error: (07/05/2014 01:06:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Function Discovery Resource Publication service terminated with the following error: %%-2147467259 Error: (07/05/2014 01:06:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: %%2 Error: (07/05/2014 01:02:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Function Discovery Resource Publication service terminated with the following error: %%-2147467259 Error: (07/05/2014 01:02:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147467259 Error: (07/05/2014 01:02:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: %%2 Error: (07/05/2014 01:01:23 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (07/05/2014 00:40:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147467259 Error: (07/05/2014 00:40:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Function Discovery Resource Publication service terminated with the following error: %%-2147467259 Error: (07/05/2014 00:39:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: %%2 Microsoft Office Sessions:=========================Error: (07/05/2014 01:14:44 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd172401cf988dbc86e05eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll00625e54-0481-11e4-bb1e-446d57853d5b Error: (07/05/2014 01:14:16 PM) (Source: Windows Search Service) (EventID: 1019) (User: )Description: 300x80040d07iehistory://{S-1-5-21-4135122001-3849731273-3069520198-1000}/ Error: (07/05/2014 01:11:44 PM) (Source: Windows Search Service) (EventID: 1019) (User: )Description: 300x80040d07iehistory://{S-1-5-21-4135122001-3849731273-3069520198-1000}/ Error: (07/05/2014 01:08:17 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fda6801cf988cda142f47C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll19c08202-0480-11e4-bb1e-446d57853d5b Error: (07/05/2014 01:07:06 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdc1001cf988cafdd47ebC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllef65e602-047f-11e4-bb1e-446d57853d5b Error: (07/05/2014 00:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd38801cf988b8ab4e5ddC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllcc8253b7-047e-11e4-90b6-446d57853d5b Error: (07/05/2014 00:57:21 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd2f801cf988b506610a2C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll92b51b7a-047e-11e4-90b6-446d57853d5b Error: (07/05/2014 00:55:11 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd116801cf9889f24121f3C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll45456ee6-047e-11e4-90b6-446d57853d5b Error: (07/05/2014 00:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd33801cf9889349275f7C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll73b4b8e2-047c-11e4-90b6-446d57853d5b Error: (07/05/2014 00:36:59 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd253801cf98887739b823C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllba3efa41-047b-11e4-b7dc-446d57853d5b ==================== Memory info =========================== Percentage of memory in use: 17%Total physical RAM: 10197.41 MBAvailable physical RAM: 8407.24 MBTotal Pagefile: 20393 MBAvailable Pagefile: 18415.19 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:119.02 GB) (Free:15.4 GB) NTFSDrive d: (Data) (Fixed) (Total:1862.89 GB) (Free:1813.16 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 119 GB) (Disk ID: 51433B80) Partition: GPT Partition Type. ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Any help is greatly appreciated!! Thanks for your time CheckResults.txt Link to post Share on other sites More sharing options...
daledoc1 Posted July 5, 2014 ID:849517 Share Posted July 5, 2014 Hi: Preliminary review of your logs show some abnormalities suggestive of possible infection. As such, you might want to take advantage of the free, one-on-one assistance of our malware experts.So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.A malware analyst will assist you with looking into your issue and with getting MBAM up and running.Since you have already run FRST, you just need to start a new topic over in the malware removal section >>here<< and include these same logs, as ATTACHMENTS, in your new post.Thanks, Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 5, 2014 ID:849519 Share Posted July 5, 2014 uhmmm, when you say <<It won't even begin scanning before it says that the program has stopped working.>> are you seeing any message like the screen captures shown here What to do: Runtime error - database stuck on 2014.03.04 - program stopped Let me know. Link to post Share on other sites More sharing options...
Makaveli Posted July 5, 2014 Author ID:849533 Share Posted July 5, 2014 Not exactly like those screen captures... It says.. Malwarebytes Anti-Malware has stopped workingWindows can check online for a solution to the problem.--->Check online for a solution and close the program--->Close the program This happens after I either click scan (before it scans anything, not mid-scan) or even when I try to update it...When I click update now, same thing happens. Also, I will go ahead and post in the forum that daledoc1 suggested. Thanks for the replies Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 5, 2014 ID:849543 Share Posted July 5, 2014 I am moving your topic to the malware removal forum. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 5, 2014 ID:849544 Share Posted July 5, 2014 Hi Makaveli,I understand your description, I still would like for you to do what that post suggests.Then you let me know the result afterwards. Link to post Share on other sites More sharing options...
Makaveli Posted July 5, 2014 Author ID:849556 Share Posted July 5, 2014 Maurice, you're awesome! I followed the link you posted step by step and it worked perfectly! Updated my Malwarebytes and ran a scan..found 15 or so threats on there. Thank you very much! No way did I expect to get this resolved so quickly! Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 5, 2014 ID:849560 Share Posted July 5, 2014 Good.Now then, after the scan has finished, I want you to put a copy of the scan log here. and also, do a new run of FRST tooland post a copy of the latest FRST log too. Link to post Share on other sites More sharing options...
Makaveli Posted July 6, 2014 Author ID:849573 Share Posted July 6, 2014 Alright I saved the log where the threats were detected and ran the FRST tool again. I'll attach the saved files..not sure if you need the addition log again or not but I will include that just incase.Malware Scan Log.txtFRST-2.txtAddition-2.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 6, 2014 ID:849660 Share Posted July 6, 2014 Please go forward and do these next steps. Step 1Save the attached file Fixlist.txt to the same location where you have FRST.exe ---- the DesktopIt needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite an existing one please allow)Run FRST again but this time press the "Fix" button just once and wait.When finished, it will make a log (fixlog.txt) next to FRST.Please attach the Fixlog.txt into a reply. Step 2Close any open work documents, if any, saving your work.Make sure to close any other programs that you started before.Please download Junkware Removal Tool by Thisisu to your Desktophttp://thisisudax.org/downloads/JRT.exePlease close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.The tool will open and display information and disclaimer in a Command prompt window.I'd suggest you close all internet browsers at this point. Press a key on keyboard to start scanning your system.Please be very patient as this will take several minutes to complete, depending on your system's specifications.There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.Please attach JRT.txt into a new reply. Step 3Please download **AdwCleaner** and save it to your desktop.http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleanerNow Close all browsers, all open apps.Run **AdwCleaner** and click on "scan"After the scan has completed I want you to click on "clean"Once done it will ask to reboot, allow the rebootOn reboot a log will be produced, please attach the log to your next replyFixlist.txt Link to post Share on other sites More sharing options...
Makaveli Posted July 6, 2014 Author ID:849721 Share Posted July 6, 2014 I really appreciate all of the continued help. I've attached the 3 documents with all of the above steps completed.Fixlog.txtJRT.txtAdwCleanerS0.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2014 ID:849979 Share Posted July 7, 2014 Hello Makaveli. Very worthwhile runs. The FRST fix took care of a unwanted restriction on Google Chrome. And the other two tools removed unwamted addon-crud. Please do this next:Please do a Threat & Rootkit Scan:Start the Anti-Malware program.Click the Settings icon ( on the top bar) > then click **Detection and Protection** subtab, Detection Options, tick the box 'Scan for rootkits'.Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.A Threat Scan will begin.With _some infections_, you may see this message box.'Could not load DDA driver'Click 'Yes' to this message, to allow the driver to load after a restart.Allow the computer to restart. Continue with the rest of these instructions.When the scan is complete, click Apply Actions.Wait for the prompt to restart the computer to appear, then click on Yes.After the scan has completed, Click on the **History tab** > Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click **'Copy to Clipboard'**Paste the contents of the clipboard into your reply. Link to post Share on other sites More sharing options...
Makaveli Posted July 7, 2014 Author ID:849988 Share Posted July 7, 2014 Hello. I did recognize a few of those addon names that the programs found and removed. I thought they had previously been deleted from the PC but I guess not! I ran the rootkits scan and it came up clean. Here are the results... Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/7/2014Scan Time: 7:28:40 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.07.04Rootkit Database: v2014.07.03.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: HP Scan Type: Threat ScanResult: CompletedObjects Scanned: 279755Time Elapsed: 2 min, 51 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2014 ID:849994 Share Posted July 7, 2014 This last run is all fine. I do suggest that you get the Premium License so that you can have realtime protection going forward. Do this online scan for viruses and pests ( free ):Close all open browsers at this point.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programshttp://www.bleepingcomputer.com/forums/index.php?showtopic=114351Do NOT turn off the firewallStart Internet ExplorerUsing Internet Explorer browser only, go to BitDefender Quickscan website:http://quickscan.bitdefender.comand click "Start Scan".Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.If prompted, reply yes to allow it to run.Press the Allow button and follow prompts.Press the "Start Scan" once more.You'll see the EULA in a pop-up window. Click the "I accept" & then the OK buttonNote: The FAQ is here --> http://quickscan.bitdefender.com/faq/and that QuickScan has no removal capability.The site boasts a 60-second scan. Do have patience as it likely will take longer.It may seem to stall at moments, but have patience; it will move on.You'll see a progress bar at top right of window.Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.The log report will show in your text editor. Save the log.Then attach the log with your next reply.When all done, Re-Enable your antivirus program. Step 2Save and close any work documents, close any apps that you started.Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Centerhttp://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=enIt is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.logThe file may be opened and viewed with Notepad or similar text editor.For 64-bit Windows systems:If and only if your system is Windows 7 x64, Vista x64, Windows XP x64 and Windows 2008/2003 x64 computers.Get Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64http://www.microsoft.com/downloads/details.aspx?familyid=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enAdditional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.microsoft.com/?kbid=890830If no infections were found, you will see in your logResults Summary:----------------No infection found.Step 3Download and Save McAfee Stinger to your Desktophttp://www.mcafee.com/us/downloads/free-tools/stinger.aspxClose all browsers before starting. Disable your antivirus program and anti-malware,if any.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsOn Windows 7 & Vista systems, Right Click and select Run as Administrator.On XP, double-click to start it.The GUI interface will look like thisThe C drive is the default for scanning.Press the Preferences button. In the top right-block "On virus detection", click Report onlyIn the bottom block "Heuristic network check for suspicious files" select HighClick the Scan Now button.When done, use the File menu and select Save report to fileStinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.It is not intended as virus protection. Link to post Share on other sites More sharing options...
Makaveli Posted July 7, 2014 Author ID:850010 Share Posted July 7, 2014 Alright I've completed the 3 steps you posted above...pretty sure they were done correctly, but if not let me know and I can rerun them. Here are the reports from each..Report 2014-07-07 08.20.39.txtmrt.logStinger.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2014 ID:850022 Share Posted July 7, 2014 Hello, The Adobe Reader on this system is version 10, now long since obsolete; and is a security risk.Older versions of Adobe Reader pose a potential security risk.De-install your Adobe Reader: Use Control Panel's Add-or-Remove Programs, Un-install Adobe "Reader". Then do either of (a) or (b)(a)Consider getting an alternate tool like Sumatra PDF as mentioned by Corrine on her Security Garden blog.http://securitygarden.blogspot.com/2013/02/replacing-adobe-reader-with-sumatra-pdf.html OR (b)Get latest Adobe Reader versionhttp://get.adobe.com/reader/]http://get.adobe.com/reader/Be sure to un-check the box for "Free McAfee Security Scan" or any "toolbar" (if offered ) You may now delete these tools & items:FRST64.exembam-check.exeFixlist.txtFixlog.txtFRST.txtAddition.txtJRT.exeStinger.exe To remove AdwCleaner:Double click on AdwCleaner.exe to run the tool.Click on UninstallConfirm with yes You should get the Premium license for the Anti-Malware so that your pc gets benefits of realtime protections. Your pc is good to go. Please let me know if you have any questions or need further assistance. Link to post Share on other sites More sharing options...
Makaveli Posted July 7, 2014 Author ID:850042 Share Posted July 7, 2014 Alrighty everything is taken care of. I truly appreciate all of the time you took to help me out here. I probably will go ahead and get the premium license...I looked into it and it's a lot more affordable that I expected. Better safe than sorry! Thanks again man, you're the best! Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2014 ID:850043 Share Posted July 7, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts