Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Freezes and shuts itself down [Solved]


  • This topic is locked This topic is locked

#31
geric16

geric16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
SystemLook 30.07.11 by jpshortstuff
Log created at 12:48 on 03/01/2014 by Geric
Administrator - Elevation successful

========== filefind ==========

Searching for "We-care"
No files found.

Searching for "WeCareReminder"
No files found.

========== regfind ==========

Searching for "We-care"
No data found.

Searching for "WeCareReminder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\defaults\preferences\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\defaults\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\components\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\chrome\logo\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\chrome\"=""

========== Folderfind ==========

Searching for "We-care"
No folders found.

Searching for "WeCareReminder"
No folders found.

-= EOF =-

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-03 13:01:26
-----------------------------
13:01:26.340 OS Version: Windows x64 6.1.7601 Service Pack 1
13:01:26.340 Number of processors: 8 586 0x1E05
13:01:26.340 ComputerName: GERIC-PC UserName: Geric
13:01:28.196 Initialize success
13:01:31.691 AVAST engine defs: 14010201
13:02:40.019 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:02:40.019 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
13:02:40.175 Disk 0 MBR read successfully
13:02:40.175 Disk 0 MBR scan
13:02:40.175 Disk 0 Windows VISTA default MBR code
13:02:40.206 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:02:40.222 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 597107 MB offset 3074048
13:02:40.253 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11872 MB offset 1225949184
13:02:40.393 Disk 0 scanning C:\windows\system32\drivers
13:02:52.047 Service scanning
13:03:37.287 Modules scanning
13:03:37.302 Disk 0 trace - called modules:
13:03:37.333 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys
13:03:37.848 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006bf3060]
13:03:37.848 3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006b6e710]
13:03:39.580 AVAST engine scan C:\windows
13:03:43.215 AVAST engine scan C:\windows\system32
13:06:32.662 AVAST engine scan C:\windows\system32\drivers
13:06:48.075 AVAST engine scan C:\Users\Geric
13:15:58.772 AVAST engine scan C:\ProgramData
13:17:39.860 Scan finished successfully
13:18:23.308 Disk 0 MBR has been saved successfully to "C:\Users\Geric\Desktop\MBR.dat"
13:18:23.308 The log file has been saved successfully to "C:\Users\Geric\Desktop\aswMBR.txt"
  • 0

Advertisements


#32
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,967 posts
Backup your registry once again.

Registry Modifications

Download the enclosed folder. Attached File  Regfix.zip   315bytes   33 downloads

Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder, right click on the Regfix.reg file and select Merge. Confirm the Merge.

Restart and run Systemlook again to confirm. Include WeCareReminder as it appears above.

How is the computer doing?
  • 0

#33
geric16

geric16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
Havent done too much with it besides what we have been doing. Last time I ran Malwarebytes it hung still and found one object infected in Websteroids.

SystemLook 30.07.11 by jpshortstuff
Log created at 17:45 on 03/01/2014 by Geric
Administrator - Elevation successful

========== filefind ==========

Searching for "We-care"
No files found.

Searching for "WeCareReminder"
No files found.

========== regfind ==========

Searching for "We-care"
No data found.

Searching for "WeCareReminder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\defaults\preferences\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\defaults\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\components\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\chrome\logo\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\chrome\"=""

========== Folderfind ==========

Searching for "We-care"
No folders found.

Searching for "WeCareReminder"
No folders found.

-= EOF =-
  • 0

#34
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,967 posts
Lets take a look at that:

  • Double-click SystemLook.exe (or SystemLook_x64.exe) to run the application.
  • Copy the content of the following quote box into the main textfield:

    :filefind
    Websteroids

    :regfind
    Websteroids

    :Folderfind
    Websteroids

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#35
geric16

geric16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
SystemLook 30.07.11 by jpshortstuff
Log created at 18:17 on 03/01/2014 by Geric
Administrator - Elevation successful

========== filefind ==========

Searching for "Websteroids"
No files found.

========== regfind ==========

Searching for "Websteroids"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d.websteroidsapp.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websteroidsapp.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}]
"ad"="websteroidsapp.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}]
"HelpLink"="http://www.websteroi...com/about.html"
[HKEY_USERS\S-1-5-21-3855451286-3944966642-1798097057-1000\Software\Conduit\DistributionEngine\Download\54841447-1719-451B-8D9B-8AF7B0EB5599\825467]
"error"="http://websteroids_U...nvironmentID=3"
[HKEY_USERS\S-1-5-21-3855451286-3944966642-1798097057-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d.websteroidsapp.com]
[HKEY_USERS\S-1-5-21-3855451286-3944966642-1798097057-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websteroidsapp.com]

========== Folderfind ==========

Searching for "Websteroids"
C:\ProgramData\Websteroids d------ [14:02 16/12/2013]
C:\Users\All Users\Websteroids d------ [14:02 16/12/2013]

-= EOF =-
  • 0

#36
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,967 posts
Lets use FRST64.

Download the enclosed file. Attached File  fixlist.txt   2.26KB   44 downloads

Save it in the location FRST64 is.

Run FRST64 and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST64 is as (Fixlog.txt). Please post it to your reply.
  • 0

#37
geric16

geric16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014
Ran by Geric at 2014-01-03 19:07:17 Run:2
Running from C:\Users\Geric\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
unlock: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\" /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\[email protected]\" 'f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\[email protected]\defaults\preferences\" /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\[email protected]\defaults\" /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\[email protected]\components\" /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\[email protected]\chrome\logo\" /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\[email protected]\chrome\" /f
Reg: Reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d.websteroidsapp.com" /f
Reg: Reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websteroidsapp.com" /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}" /v "ad" /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" /v "HelpLink" /f
Reg: Reg delete "HKEY_USERS\S-1-5-21-3855451286-3944966642-1798097057-1000\Software\Conduit\DistributionEngine\Download\54841447-1719-451B-8D9B-8AF7B0EB5599\825467" /v "error" /f
Reg: Reg delete "HKEY_USERS\S-1-5-21-3855451286-3944966642-1798097057-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d.websteroidsapp.com" /f
Reg: Reg delete "HKEY_USERS\S-1-5-21-3855451286-3944966642-1798097057-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websteroidsapp.com" /f
C:\ProgramData\Websteroids
C:\Users\All Users\Websteroids
End
*****************

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" => Key unlocked successfully.

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\" /f =========

Delete the registry value C:\ProgramData\WeCareReminder" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\[email protected]\" 'f =========

Delete the registry value C:\ProgramData\WeCareReminder\[email protected]" 'f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\[email protected]\defaults\preferences\" /f =========

Delete the registry value C:\ProgramData\WeCareReminder\[email protected]\defaults\preferences" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\[email protected]\defaults\" /f =========

Delete the registry value C:\ProgramData\WeCareReminder\[email protected]\defaults" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\[email protected]\components\" /f =========

Delete the registry value C:\ProgramData\WeCareReminder\[email protected]\components" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\[email protected]\chrome\logo\" /f =========

Delete the registry value C:\ProgramData\WeCareReminder\[email protected]\chrome\logo" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\WeCareReminder\[email protected]\chrome\" /f =========

Delete the registry value C:\ProgramData\WeCareReminder\[email protected]\chrome" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d.websteroidsapp.com" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websteroidsapp.com" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}" /v "ad" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" /v "HelpLink" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_USERS\S-1-5-21-3855451286-3944966642-1798097057-1000\Software\Conduit\DistributionEngine\Download\54841447-1719-451B-8D9B-8AF7B0EB5599\825467" /v "error" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_USERS\S-1-5-21-3855451286-3944966642-1798097057-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d.websteroidsapp.com" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg delete "HKEY_USERS\S-1-5-21-3855451286-3944966642-1798097057-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websteroidsapp.com" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

C:\ProgramData\Websteroids => Moved successfully.
"C:\Users\All Users\Websteroids" => File/Directory not found.

==== End of Fixlog ====
  • 0

#38
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,967 posts
Some of the items failed to be removed. Lets use the old way. Backup your registry once again.

Registry Modifications

Download the enclosed folder. Attached File  Regfix.zip   624bytes   31 downloads

Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder, right click on the Regfix.reg file and select Merge. Confirm the Merge.

Restart and run Systemlook again to confirm. Include WeCareReminder and websteroids.

How is the computer doing?
  • 0

#39
geric16

geric16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
SystemLook 30.07.11 by jpshortstuff
Log created at 19:43 on 03/01/2014 by Geric
Administrator - Elevation successful

========== filefind ==========

Searching for "Websteroids"
No files found.

========== regfind ==========

Searching for "Websteroids"
No data found.

========== Folderfind ==========

Searching for "Websteroids"
C:\FRST\Quarantine\Websteroids d------ [14:02 16/12/2013]

-= EOF =-

SystemLook 30.07.11 by jpshortstuff
Log created at 19:48 on 03/01/2014 by Geric
Administrator - Elevation successful

========== filefind ==========

Searching for "We-care"
No files found.

Searching for "WeCareReminder"
No files found.

========== regfind ==========

Searching for "We-care"
No data found.

Searching for "WeCareReminder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\defaults\preferences\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\defaults\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\components\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\chrome\logo\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\[email protected]\chrome\"=""

========== Folderfind ==========

Searching for "We-care"
No folders found.

Searching for "WeCareReminder"
No folders found.

-= EOF =-
  • 0

#40
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,967 posts
I won't worry about those entries left, as the folders are in quarantined.

RKill is a program developed at BleepingComputer.com that was originally designed for the use in our virus removal guides. It was created so that we could have an easy to use tool that kills known processes and remove Windows Registry entries that stop a user from using their normal security applications. Simple as that. Nothing fancy. Just kill known malware processes and clean up some Registry keys so that your security programs can do their job.

So in summary, RKill just kills 32-bit and 64-bit malware processes and scans the registry for entries that would not allow you to run various legitimate programs. When scanning the Registry, Rkill will search for malicious Image File Execution Objects, DisallowRuns entries, executable hijacks, and policies that restrict your use of various Windows utilities. When changing Windows Registry entries it will create a backup of these entries and save them in the rkill folder on your desktop. Each registry backup will contain a time stamp so that the backups are not overwritten on subsequent runs of Rkill.

Since RKill only terminates processes and does not remove the offending files, when it is finished you should not reboot your computer. If you do, these malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.

RKill can be downloaded from the following location:

http://www.bleepingc...download/rkill/

A report, rkill.log will be created in the root directory, usualy C:\. Post that report on your next reply

After running Rkill, attempt Malwarebytes Antimalware.
  • 0

Advertisements


#41
geric16

geric16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
Did as you said, then ran Malwarebytes but it still does the same thing. Scans until it gets to additional items then it hangs and doesn't respond.

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 01/04/2014 02:38:28 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/04/2014 02:41:01 PM
Execution time: 0 hours(s), 2 minute(s), and 32 seconds(s)
  • 0

#42
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,967 posts
It is very odd.

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

  • 0

#43
geric16

geric16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
mbam check file

Attached Files


  • 0

#44
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,967 posts
Nothing that can help us determine what is the problem with MBAM. Your copy of AVAST, however, is outdated. You should update the program and definitions. Then, after a restart, right click on the AVAST systray orb and disable all shields for an hour. Attempt a Quick scan with MBAM.

Run FRST, let it update by itself, put a checkmark on Addition and post both, the FRST.txt and Additional.txt reports.
  • 0

#45
geric16

geric16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
Went into avast and clicked updates on virus and program but it told me already up to date. Rebooted and ran the program. Also ran malwarebytes after disabling avast, does the same thing scans til additional items then hangs.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Geric (administrator) on GERIC-PC on 05-01-2014 18:12:52
Running from C:\Users\Geric\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-08] (Intel® Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-26] (AVAST Software)
HKU\Jessica\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Jessica\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x483587C1F007CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {13F3E64E-CEF0-4694-AED4-BFEB989D8805} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM-x32 - {2605296E-10C5-46EE-8743-42F7E5B90CFE} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKCU - DefaultScope {13F3E64E-CEF0-4694-AED4-BFEB989D8805} URL =
SearchScopes: HKCU - {2605296E-10C5-46EE-8743-42F7E5B90CFE} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKCU - {687B506D-CFE6-4098-A089-AFD68F4087BC} URL = http://www.google.co...ND_enUS404US404
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Geric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.1_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-26] (AVAST Software)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2013-12-26] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-23] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1034464 2013-12-26] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [422216 2013-12-26] (AVAST Software)
S3 aswStm; C:\windows\system32\drivers\aswStm.sys [79672 2013-12-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-26] ()
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15400 2009-12-08] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-05 13:08 - 2014-01-05 13:08 - 00353352 _____ (Malwarebytes Corporation) C:\Users\Geric\Desktop\mbam-check-2.0.0.1000.exe
2014-01-05 13:08 - 2014-01-05 13:08 - 00030830 _____ C:\Users\Geric\Desktop\CheckResults.txt
2014-01-04 14:37 - 2014-01-04 14:37 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Geric\Desktop\rkill.exe
2014-01-03 13:18 - 2014-01-03 13:18 - 00001893 _____ C:\Users\Geric\Desktop\aswMBR.txt
2014-01-03 13:18 - 2014-01-03 13:18 - 00000512 _____ C:\Users\Geric\Desktop\MBR.dat
2014-01-03 13:01 - 2014-01-03 13:01 - 04745728 _____ (AVAST Software) C:\Users\Geric\Desktop\aswmbr.exe
2014-01-02 14:23 - 2014-01-03 19:27 - 00000000 ____D C:\Users\Geric\Desktop\Regfix
2014-01-02 14:22 - 2014-01-02 14:22 - 00000939 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-01-02 14:22 - 2014-01-02 14:22 - 00000939 _____ C:\Users\Jessica\Desktop\NTREGOPT.lnk
2014-01-02 14:22 - 2014-01-02 14:22 - 00000939 _____ C:\Users\Geric\Desktop\NTREGOPT.lnk
2014-01-02 14:22 - 2014-01-02 14:22 - 00000920 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-01-02 14:22 - 2014-01-02 14:22 - 00000920 _____ C:\Users\Jessica\Desktop\ERUNT.lnk
2014-01-02 14:22 - 2014-01-02 14:22 - 00000920 _____ C:\Users\Geric\Desktop\ERUNT.lnk
2014-01-02 14:22 - 2014-01-02 14:22 - 00000000 ____D C:\Program Files (x86)\ERUNT
2014-01-02 14:20 - 2014-01-02 14:20 - 00791393 _____ (Lars Hederer ) C:\Users\Geric\Desktop\erunt-setup.exe
2014-01-02 09:42 - 2014-01-02 09:42 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Malwarebytes
2014-01-02 09:41 - 2014-01-02 09:41 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-02 09:41 - 2014-01-02 09:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-02 09:41 - 2014-01-02 09:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 09:41 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-02 09:36 - 2014-01-02 09:36 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Geric\Desktop\mbam-clean-1.60.2.0003.exe
2014-01-02 09:24 - 2014-01-03 19:53 - 00003048 _____ C:\Users\Geric\Desktop\SystemLook.txt
2014-01-02 09:22 - 2014-01-02 09:22 - 00165376 _____ C:\Users\Geric\Desktop\SystemLook_x64.exe
2013-12-30 13:57 - 2013-12-30 13:57 - 00001279 _____ C:\Users\Geric\Desktop\Revo Uninstaller.lnk
2013-12-30 13:57 - 2013-12-30 13:57 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-12-28 19:59 - 2013-12-28 19:59 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-28 15:02 - 2013-12-28 15:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Geric\Desktop\tdsskiller.exe
2013-12-27 23:23 - 2013-12-27 23:25 - 00000441 _____ C:\Users\Geric\Desktop\BIOS Launcher.lnk
2013-12-27 23:20 - 2013-12-27 23:23 - 00000000 ____D C:\saw6v240
2013-12-27 23:17 - 2013-12-27 23:17 - 06829872 _____ C:\Users\Geric\Desktop\saw6v240.exe
2013-12-27 22:44 - 2013-12-27 22:44 - 00024878 _____ C:\ComboFix.txt
2013-12-27 21:49 - 2013-12-27 21:49 - 05158590 ____R (Swearware) C:\Users\Geric\Desktop\ComboFix.exe
2013-12-27 20:13 - 2014-01-04 14:41 - 00002122 _____ C:\Users\Geric\Desktop\Rkill.txt
2013-12-27 19:11 - 2013-12-27 20:01 - 00000000 ____D C:\ProgramData\Fighters
2013-12-27 19:10 - 2013-12-27 19:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Geric\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-27 19:02 - 2013-12-27 19:04 - 00000000 ____D C:\AdwCleaner
2013-12-27 18:59 - 2013-12-27 19:00 - 01233962 _____ C:\Users\Geric\Desktop\adwcleaner.exe
2013-12-27 18:58 - 2013-12-27 18:58 - 00002037 _____ C:\Users\Geric\Desktop\JRT.txt
2013-12-27 17:41 - 2013-12-27 17:41 - 00000000 ____D C:\windows\ERUNT
2013-12-27 17:40 - 2013-12-27 17:40 - 01034531 _____ (Thisisu) C:\Users\Geric\Desktop\JRT.exe
2013-12-27 17:36 - 2013-12-30 14:03 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-12-27 17:36 - 2013-12-30 14:03 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-27 17:36 - 2013-12-27 17:36 - 00003546 _____ C:\windows\System32\Tasks\FileAssociationManagerUpdater
2013-12-27 17:36 - 2013-12-27 17:36 - 00000147 _____ C:\out.txt
2013-12-27 17:36 - 2013-12-27 17:36 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Yahoo!
2013-12-27 17:36 - 2013-12-27 17:36 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
2013-12-27 17:36 - 2013-12-27 17:36 - 00000000 ____D C:\Users\Geric\AppData\Roaming\FileAssociationManager
2013-12-27 17:36 - 2013-12-27 17:36 - 00000000 ____D C:\ProgramData\Yahoo!
2013-12-27 17:36 - 2013-12-27 17:36 - 00000000 ____D C:\Program Files (x86)\FileAssociationManager
2013-12-27 16:50 - 2013-12-27 16:50 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-12-27 16:49 - 2013-12-27 16:49 - 04009167 _____ C:\Users\Geric\Desktop\ServicesRepair.exe
2013-12-27 16:48 - 2014-01-05 18:12 - 00000000 ____D C:\Users\Geric\Desktop\FRST-OlderVersion
2013-12-26 23:04 - 2013-12-27 16:58 - 00002038 _____ C:\Users\Geric\Desktop\FSS.txt
2013-12-26 23:03 - 2013-12-26 23:03 - 00708597 _____ (Farbar) C:\Users\Geric\Desktop\FSS.exe
2013-12-26 22:59 - 2013-12-26 22:59 - 00029927 _____ C:\Users\Geric\Desktop\Addition.txt
2013-12-26 22:58 - 2014-01-05 18:13 - 00010169 _____ C:\Users\Geric\Desktop\FRST.txt
2013-12-26 22:58 - 2014-01-05 18:12 - 00000000 ____D C:\FRST
2013-12-26 22:57 - 2014-01-05 18:12 - 01931762 _____ (Farbar) C:\Users\Geric\Desktop\FRST64.exe
2013-12-26 17:25 - 2013-12-26 17:30 - 00069838 _____ C:\Users\Geric\Desktop\OTL.Txt
2013-12-26 17:04 - 2013-12-26 17:04 - 00602112 _____ (OldTimer Tools) C:\Users\Geric\Desktop\OTL.exe
2013-12-26 16:48 - 2013-12-27 16:47 - 00079672 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2013-12-18 10:21 - 2013-12-18 10:21 - 00000218 _____ C:\Users\Geric\AppData\Local\recently-used.xbel
2013-12-15 19:07 - 2013-12-29 00:26 - 00000000 ____D C:\ProgramData\Updater
2013-12-15 19:07 - 2013-12-27 17:36 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Mozilla
2013-12-15 19:07 - 2013-12-15 19:07 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-11 22:43 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-11 22:43 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-11 22:43 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-11 22:43 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-11 22:41 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 22:41 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-11 22:41 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-11 22:41 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 22:41 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-11 22:41 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-11 22:41 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 22:41 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-11 22:41 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-11 22:41 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-11 22:41 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-11 22:41 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-11 22:41 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-11 22:41 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-11 22:41 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 22:41 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 22:41 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-11 22:41 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 22:41 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-11 22:41 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-11 22:41 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 22:41 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-11 22:41 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 22:41 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-11 22:41 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 22:41 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 22:41 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 22:41 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-11 22:41 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-11 22:41 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 22:41 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 12:37 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 12:37 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 12:37 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 12:37 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 12:37 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 12:37 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 12:37 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 12:37 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 12:37 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 12:37 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 12:37 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 12:37 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 12:37 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 12:37 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 12:37 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 12:37 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 12:37 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 12:37 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 12:37 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-05 18:13 - 2013-12-26 22:58 - 00010169 _____ C:\Users\Geric\Desktop\FRST.txt
2014-01-05 18:12 - 2013-12-27 16:48 - 00000000 ____D C:\Users\Geric\Desktop\FRST-OlderVersion
2014-01-05 18:12 - 2013-12-26 22:58 - 00000000 ____D C:\FRST
2014-01-05 18:12 - 2013-12-26 22:57 - 01931762 _____ (Farbar) C:\Users\Geric\Desktop\FRST64.exe
2014-01-05 18:10 - 2010-09-19 11:32 - 01751627 _____ C:\windows\WindowsUpdate.log
2014-01-05 18:06 - 2013-09-16 19:35 - 00012656 _____ C:\windows\setupact.log
2014-01-05 18:06 - 2010-09-19 11:57 - 00000050 _____ C:\windows\system32\SupplicantTest.log
2014-01-05 18:06 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-05 14:21 - 2010-11-02 19:06 - 00000000 ____D C:\Users\Geric\AppData\Roaming\mIRC
2014-01-05 13:08 - 2014-01-05 13:08 - 00353352 _____ (Malwarebytes Corporation) C:\Users\Geric\Desktop\mbam-check-2.0.0.1000.exe
2014-01-05 13:08 - 2014-01-05 13:08 - 00030830 _____ C:\Users\Geric\Desktop\CheckResults.txt
2014-01-05 13:03 - 2009-07-13 23:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 13:03 - 2009-07-13 23:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 14:41 - 2013-12-27 20:13 - 00002122 _____ C:\Users\Geric\Desktop\Rkill.txt
2014-01-04 14:37 - 2014-01-04 14:37 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Geric\Desktop\rkill.exe
2014-01-03 19:53 - 2014-01-02 09:24 - 00003048 _____ C:\Users\Geric\Desktop\SystemLook.txt
2014-01-03 19:27 - 2014-01-02 14:23 - 00000000 ____D C:\Users\Geric\Desktop\Regfix
2014-01-03 13:18 - 2014-01-03 13:18 - 00001893 _____ C:\Users\Geric\Desktop\aswMBR.txt
2014-01-03 13:18 - 2014-01-03 13:18 - 00000512 _____ C:\Users\Geric\Desktop\MBR.dat
2014-01-03 13:01 - 2014-01-03 13:01 - 04745728 _____ (AVAST Software) C:\Users\Geric\Desktop\aswmbr.exe
2014-01-02 14:22 - 2014-01-02 14:22 - 00000939 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-01-02 14:22 - 2014-01-02 14:22 - 00000939 _____ C:\Users\Jessica\Desktop\NTREGOPT.lnk
2014-01-02 14:22 - 2014-01-02 14:22 - 00000939 _____ C:\Users\Geric\Desktop\NTREGOPT.lnk
2014-01-02 14:22 - 2014-01-02 14:22 - 00000920 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-01-02 14:22 - 2014-01-02 14:22 - 00000920 _____ C:\Users\Jessica\Desktop\ERUNT.lnk
2014-01-02 14:22 - 2014-01-02 14:22 - 00000920 _____ C:\Users\Geric\Desktop\ERUNT.lnk
2014-01-02 14:22 - 2014-01-02 14:22 - 00000000 ____D C:\Program Files (x86)\ERUNT
2014-01-02 14:22 - 2011-08-23 07:45 - 00000000 ____D C:\windows\ERDNT
2014-01-02 14:20 - 2014-01-02 14:20 - 00791393 _____ (Lars Hederer ) C:\Users\Geric\Desktop\erunt-setup.exe
2014-01-02 09:42 - 2014-01-02 09:42 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Malwarebytes
2014-01-02 09:41 - 2014-01-02 09:41 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-02 09:41 - 2014-01-02 09:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-02 09:41 - 2014-01-02 09:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 09:37 - 2013-09-16 19:35 - 00134896 _____ C:\windows\PFRO.log
2014-01-02 09:36 - 2014-01-02 09:36 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Geric\Desktop\mbam-clean-1.60.2.0003.exe
2014-01-02 09:22 - 2014-01-02 09:22 - 00165376 _____ C:\Users\Geric\Desktop\SystemLook_x64.exe
2014-01-02 09:20 - 2011-10-20 10:52 - 00000000 ____D C:\Users\Geric\AppData\Roaming\vlc
2013-12-31 18:01 - 2010-11-02 16:05 - 00000000 ____D C:\Program Files\mIRC
2013-12-31 17:46 - 2009-07-14 00:13 - 00726444 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-30 14:03 - 2013-12-27 17:36 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-12-30 14:03 - 2013-12-27 17:36 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-30 13:57 - 2013-12-30 13:57 - 00001279 _____ C:\Users\Geric\Desktop\Revo Uninstaller.lnk
2013-12-30 13:57 - 2013-12-30 13:57 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-12-29 00:26 - 2013-12-15 19:07 - 00000000 ____D C:\ProgramData\Updater
2013-12-28 19:59 - 2013-12-28 19:59 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-28 15:02 - 2013-12-28 15:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Geric\Desktop\tdsskiller.exe
2013-12-28 10:26 - 2012-08-08 09:48 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-12-27 23:25 - 2013-12-27 23:23 - 00000441 _____ C:\Users\Geric\Desktop\BIOS Launcher.lnk
2013-12-27 23:24 - 2012-06-06 11:19 - 00000000 ____D C:\Program Files (x86)\UEFI WinFlash
2013-12-27 23:23 - 2013-12-27 23:20 - 00000000 ____D C:\saw6v240
2013-12-27 23:17 - 2013-12-27 23:17 - 06829872 _____ C:\Users\Geric\Desktop\saw6v240.exe
2013-12-27 22:44 - 2013-12-27 22:44 - 00024878 _____ C:\ComboFix.txt
2013-12-27 22:44 - 2012-07-25 09:54 - 00000000 ____D C:\Qoobox
2013-12-27 22:40 - 2009-07-13 21:34 - 00000215 _____ C:\windows\system.ini
2013-12-27 21:49 - 2013-12-27 21:49 - 05158590 ____R (Swearware) C:\Users\Geric\Desktop\ComboFix.exe
2013-12-27 20:01 - 2013-12-27 19:11 - 00000000 ____D C:\ProgramData\Fighters
2013-12-27 19:10 - 2013-12-27 19:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Geric\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-27 19:04 - 2013-12-27 19:02 - 00000000 ____D C:\AdwCleaner
2013-12-27 19:00 - 2013-12-27 18:59 - 01233962 _____ C:\Users\Geric\Desktop\adwcleaner.exe
2013-12-27 18:58 - 2013-12-27 18:58 - 00002037 _____ C:\Users\Geric\Desktop\JRT.txt
2013-12-27 17:44 - 2010-09-19 12:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-27 17:44 - 2010-09-19 12:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-27 17:41 - 2013-12-27 17:41 - 00000000 ____D C:\windows\ERUNT
2013-12-27 17:40 - 2013-12-27 17:40 - 01034531 _____ (Thisisu) C:\Users\Geric\Desktop\JRT.exe
2013-12-27 17:36 - 2013-12-27 17:36 - 00003546 _____ C:\windows\System32\Tasks\FileAssociationManagerUpdater
2013-12-27 17:36 - 2013-12-27 17:36 - 00000147 _____ C:\out.txt
2013-12-27 17:36 - 2013-12-27 17:36 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Yahoo!
2013-12-27 17:36 - 2013-12-27 17:36 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
2013-12-27 17:36 - 2013-12-27 17:36 - 00000000 ____D C:\Users\Geric\AppData\Roaming\FileAssociationManager
2013-12-27 17:36 - 2013-12-27 17:36 - 00000000 ____D C:\ProgramData\Yahoo!
2013-12-27 17:36 - 2013-12-27 17:36 - 00000000 ____D C:\Program Files (x86)\FileAssociationManager
2013-12-27 17:36 - 2013-12-15 19:07 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Mozilla
2013-12-27 16:58 - 2013-12-26 23:04 - 00002038 _____ C:\Users\Geric\Desktop\FSS.txt
2013-12-27 16:50 - 2013-12-27 16:50 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-12-27 16:49 - 2013-12-27 16:49 - 04009167 _____ C:\Users\Geric\Desktop\ServicesRepair.exe
2013-12-27 16:47 - 2013-12-26 16:48 - 00079672 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2013-12-26 23:03 - 2013-12-26 23:03 - 00708597 _____ (Farbar) C:\Users\Geric\Desktop\FSS.exe
2013-12-26 22:59 - 2013-12-26 22:59 - 00029927 _____ C:\Users\Geric\Desktop\Addition.txt
2013-12-26 17:30 - 2013-12-26 17:25 - 00069838 _____ C:\Users\Geric\Desktop\OTL.Txt
2013-12-26 17:04 - 2013-12-26 17:04 - 00602112 _____ (OldTimer Tools) C:\Users\Geric\Desktop\OTL.exe
2013-12-26 16:48 - 2013-04-02 16:59 - 00207904 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-12-26 16:48 - 2011-08-23 11:59 - 00422216 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-12-26 16:48 - 2011-08-23 11:59 - 00001977 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-26 16:48 - 2011-08-23 11:58 - 01034464 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-12-26 16:48 - 2011-08-23 11:58 - 00334136 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-12-26 16:48 - 2011-08-23 11:58 - 00078648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-12-26 16:48 - 2011-08-23 11:58 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-12-18 10:21 - 2013-12-18 10:21 - 00000218 _____ C:\Users\Geric\AppData\Local\recently-used.xbel
2013-12-17 21:55 - 2010-11-01 19:40 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Toshiba
2013-12-17 21:54 - 2010-08-29 23:43 - 00000000 ____D C:\ProgramData\Toshiba
2013-12-17 21:54 - 2010-08-29 23:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-17 21:54 - 2010-08-29 23:37 - 00000000 ____D C:\Program Files\TOSHIBA
2013-12-17 21:52 - 2010-08-29 23:37 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2013-12-15 23:29 - 2013-08-14 21:37 - 00000000 ____D C:\windows\system32\MRT
2013-12-15 22:27 - 2010-11-02 10:26 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-15 19:07 - 2013-12-15 19:07 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-15 17:59 - 2012-12-30 11:39 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Skype
2013-12-15 17:59 - 2012-12-30 11:39 - 00000000 ____D C:\ProgramData\Skype
2013-12-15 08:02 - 2009-07-14 00:08 - 00032588 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-12-15 07:42 - 2010-11-24 15:00 - 00001428 _____ C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-14 13:44 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2013-12-12 18:28 - 2009-07-14 00:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-12 08:11 - 2009-07-13 23:45 - 05040640 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-11 22:43 - 2010-11-03 11:50 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 12:08

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
Ran by Geric at 2014-01-05 18:13:32
Running from C:\Users\Geric\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (x32 Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (x32 Version: 3.0 - Adobe Systems, Inc.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Auslogics Disk Defrag (x32 Version: 3.5 - Auslogics Software Pty Ltd)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J835DW (x32 Version: 1.0.8.0 - Brother Industries, Ltd.)
BS.Player FREE (x32 Version: 2.58.1058 - Webteh, d.o.o.)
CCleaner (Version: 3.28 - Piriform)
Cisco Connect (x32 Version: 1.4.11299.0 - Cisco Consumer Products LLC)
CleanUp! (x32 Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
EPUB to MOBI (x32 Version: - epubtomobi.com)
ERUNT 1.1j (x32 Version: - Lars Hederer)
File Association Manager (x32 Version: 0.5 - Amnis Technology Ltd)
Intel PROSet Wireless (Version: - ) Hidden
Intel WiMAX Tutorial (Version: 1.5.4.0 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.1000 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 9.5.7.1002 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.0005 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 25 (x32 Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (x32 Version: 6.0.310 - Oracle)
JMicron Flash Media Controller Driver (x32 Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (x32 Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 301.42 (Version: 301.42 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
PaperPort Image Printer 64-bit (Version: 1.00.0001 - Nuance Communications, Inc.)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Polar Daemon (x32 Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (x32 Version: 2.8.10006 - Polar Electro Oy)
QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Switch Sound File Converter (x32 Version: - NCH Software)
Synaptics Pointing Device Driver (Version: 15.0.8.1 - Synaptics Incorporated)
Tar98 (x32 Version: - )
TOSHIBA Application Installer (x32 Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (x32 Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (x32 Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (x32 Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.26C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (x32 Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.5.11 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (Version: 1.7.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (x32 Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (x32 Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (Version: 1.3.14.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.14.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.3.14.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (x32 Version: 1.1.1.16 - TOSHIBA Corporation)
ToshibaRegistration (x32 Version: 1.0.4 - Toshiba)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Updater (x32 Version: 2.6.49 - Creative Island Media, LLC)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VLC media player 2.0.3 (x32 Version: 2.0.3 - VideoLAN)
VSO ConvertXToDVD (x32 Version: 5.0.0.42 - VSO-Software SARL)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (x32 Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Xvid Video Codec (x32 Version: 1.3.2 - Xvid Team)

==================== Restore Points =========================

05-01-2014 22:16:41 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 21:34 - 2012-07-25 10:03 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {64B33BD0-15F5-4FE1-B4C2-DA1ED6C75287} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {65C6A9F3-170E-4F7B-9A57-070646CB645A} - System32\Tasks\FileAssociationManagerUpdater => C:\Program Files (x86)\FileAssociationManager\Updater.exe [2013-10-03] ()
Task: {8267D190-2E7F-45EC-8BAB-6BF265441FFE} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13] (Microsoft Corporation)
Task: {CE9EDE82-44A7-4918-A92B-2AC09CF27CFA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-26] (AVAST Software)
Task: {FD0EDC1F-1191-4BFF-879A-324CB3CC2ED3} - System32\Tasks\{E9D50A58-C7E8-44F8-80F7-F481D89DEEE6} => C:\Program Files (x86)\Adobe\Illustrator 10\Support Files\Contents\Windows\Illustrator.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-03-05 11:21 - 2010-03-05 11:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-01-05 12:56 - 2014-01-05 04:48 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\14010500\algo.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-12 15:20 - 2012-12-12 15:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
2013-10-23 08:53 - 2013-10-23 08:53 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Geric\Cookies:NPvv03KOXbzv0SRn73sfpQH7

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29165371.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29165371.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2014 05:11:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/05/2014 02:47:43 PM) (Source: Application Hang) (User: )
Description: The program wmplayer.exe version 12.0.7601.18150 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18d8

Start Time: 01cf0a4ec4fa565d

Termination Time: 131

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: 37684216-7642-11e3-931c-88ae1d5ad951

Error: (01/04/2014 03:12:21 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 273c

Start Time: 01cf09850a150faa

Termination Time: 15

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 4a3a2876-757c-11e3-a219-88ae1d5ad951

Error: (01/04/2014 11:04:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/03/2014 05:35:03 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d58

Start Time: 01cf08aba71a7e56

Termination Time: 484

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/03/2014 02:18:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/02/2014 00:43:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/02/2014 11:50:11 AM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14f4

Start Time: 01cf07c986309552

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: c0b042e9-73cd-11e3-b988-88ae1d5ad951

Error: (01/01/2014 08:18:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/30/2013 05:57:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: MSHTML.dll, version: 11.0.9600.16476, time stamp: 0x52947390
Exception code: 0x4000001f
Fault offset: 0x001f5551
Faulting process id: 0xdbc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3


System errors:
=============
Error: (01/05/2014 01:09:27 PM) (Source: DCOM) (User: Geric-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Geric-PCGericS-1-5-21-3855451286-3944966642-1798097057-1002LocalHost (Using LRPC)

Error: (01/05/2014 01:09:27 PM) (Source: DCOM) (User: Geric-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Geric-PCGericS-1-5-21-3855451286-3944966642-1798097057-1002LocalHost (Using LRPC)

Error: (01/05/2014 01:09:27 PM) (Source: DCOM) (User: Geric-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Geric-PCGericS-1-5-21-3855451286-3944966642-1798097057-1002LocalHost (Using LRPC)

Error: (01/04/2014 11:05:50 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (01/03/2014 01:19:31 PM) (Source: DCOM) (User: Geric-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Geric-PCGericS-1-5-21-3855451286-3944966642-1798097057-1002LocalHost (Using LRPC)

Error: (01/03/2014 01:18:53 PM) (Source: DCOM) (User: Geric-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Geric-PCGericS-1-5-21-3855451286-3944966642-1798097057-1002LocalHost (Using LRPC)

Error: (01/03/2014 01:18:53 PM) (Source: DCOM) (User: Geric-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Geric-PCGericS-1-5-21-3855451286-3944966642-1798097057-1002LocalHost (Using LRPC)

Error: (01/03/2014 01:18:53 PM) (Source: DCOM) (User: Geric-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Geric-PCGericS-1-5-21-3855451286-3944966642-1798097057-1002LocalHost (Using LRPC)

Error: (01/02/2014 02:51:19 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (01/02/2014 02:51:19 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.


Microsoft Office Sessions:
=========================
Error: (01/05/2014 05:11:46 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (01/05/2014 02:47:43 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.1815018d801cf0a4ec4fa565d131C:\Program Files (x86)\Windows Media Player\wmplayer.exe37684216-7642-11e3-931c-88ae1d5ad951

Error: (01/04/2014 03:12:21 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1273c01cf09850a150faa15C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe4a3a2876-757c-11e3-a219-88ae1d5ad951

Error: (01/04/2014 11:04:02 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (01/03/2014 05:35:03 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.16428d5801cf08aba71a7e56484C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (01/03/2014 02:18:56 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (01/02/2014 00:43:37 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (01/02/2014 11:50:11 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.114f401cf07c9863095520C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exec0b042e9-73cd-11e3-b988-88ae1d5ad951

Error: (01/01/2014 08:18:43 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (12/30/2013 05:57:30 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cMSHTML.dll11.0.9600.16476529473904000001f001f5551dbc01cf05a68968d50fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\system32\MSHTML.dllc22e609b-71a5-11e3-b517-88ae1d5ad951


CodeIntegrity Errors:
===================================
Date: 2012-07-25 10:59:56.107
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-25 10:59:56.029
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-08-23 08:52:28.729
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-08-23 08:52:28.698
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 4026.67 MB
Available physical RAM: 2224.26 MB
Total Pagefile: 8051.52 MB
Available Pagefile: 6090.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI105957W0F) (Fixed) (Total:583.11 GB) (Free:360.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: D0CECDEE)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=583 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

==================== End Of Log ============================

Edited by geric16, 05 January 2014 - 05:34 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP