Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regular crashing of Win 7 PC?


  • Please log in to reply
41 replies to this topic

#1 Red Kelt

Red Kelt

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:01:47 AM

Posted 05 June 2014 - 07:14 AM

Hi all, my first post here.

 

My PC has always worked really well with Win 7 but over the last 3 or 4 months it's crashed/freezed 2 or 3 times daily.

 

More or less the same software has always been on there.

 

On reboot today the start up sequence asked me to configure the new cpu I had installed  (I haven't installed one).

 

The PC is about 4 years old I've reloaded the system twice via acronis since then.

 

Any advice will be appreciated.

 

Thx for reading.

 

 



BC AdBot (Login to Remove)

 


#2 Red Kelt

Red Kelt
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:01:47 AM

Posted 05 June 2014 - 07:17 AM

Can anyone recommend diagnostic software that might be useful?



#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:47 PM

Posted 05 June 2014 - 01:22 PM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis



#4 Red Kelt

Red Kelt
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:01:47 AM

Posted 08 June 2014 - 05:41 AM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by David (administrator) on 08-06-2014 at 11:40:27
Running from "C:\Users\David\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/08/2014 11:34:57 AM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 7.15.635.0, time stamp: 0x4d39aa4e
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x5e8
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (06/08/2014 08:29:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 7.15.635.0, time stamp: 0x4d39aa4e
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x624
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (06/07/2014 07:14:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 7.15.635.0, time stamp: 0x4d39aa4e
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x5e4
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (06/07/2014 08:19:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 7.15.635.0, time stamp: 0x4d39aa4e
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x5d4
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (06/06/2014 09:41:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 7.15.635.0, time stamp: 0x4d39aa4e
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x5b4
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (06/06/2014 08:15:06 AM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 7.15.635.0, time stamp: 0x4d39aa4e
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x60c
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (06/05/2014 03:48:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 7.15.635.0, time stamp: 0x4d39aa4e
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x5cc
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (06/05/2014 03:15:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 7.15.635.0, time stamp: 0x4d39aa4e
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x804
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (06/05/2014 01:02:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 7.15.635.0, time stamp: 0x4d39aa4e
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x530
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (06/05/2014 10:47:10 AM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 7.15.635.0, time stamp: 0x4d39aa4e
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x558
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3


System errors:
=============
Error: (06/08/2014 11:35:01 AM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/08/2014 11:34:56 AM) (Source: Service Control Manager) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/08/2014 11:34:45 AM) (Source: Service Control Manager) (User: )
Description: The Update Jotzey service failed to start due to the following error:
%%2

Error: (06/08/2014 11:34:45 AM) (Source: Service Control Manager) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2

Error: (06/08/2014 11:34:30 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:32:35 on ?08/?06/?2014 was unexpected.

Error: (06/08/2014 08:29:37 AM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/08/2014 08:29:32 AM) (Source: Service Control Manager) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/08/2014 08:29:24 AM) (Source: Service Control Manager) (User: )
Description: The Update Jotzey service failed to start due to the following error:
%%2

Error: (06/08/2014 08:29:24 AM) (Source: Service Control Manager) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2

Error: (06/08/2014 08:29:10 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 21:34:19 on ?07/?06/?2014 was unexpected.


Microsoft Office Sessions:
=========================
Error: (06/08/2014 11:34:57 AM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe7.15.635.04d39aa4ehppccompio.DLL1.3.0.244c9685d0c0000417000073bf5e801cf8305424fb475C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL8904b0b8-eef8-11e3-a749-002618ef9dca

Error: (06/08/2014 08:29:32 AM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe7.15.635.04d39aa4ehppccompio.DLL1.3.0.244c9685d0c0000417000073bf62401cf82eb5e055baaC:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLLa1c7fa67-eede-11e3-95fd-002618ef9dca

Error: (06/07/2014 07:14:45 PM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe7.15.635.04d39aa4ehppccompio.DLL1.3.0.244c9685d0c0000417000073bf5e401cf827c566c9f16C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL9a03633b-ee6f-11e3-8a19-002618ef9dca

Error: (06/07/2014 08:19:22 AM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe7.15.635.04d39aa4ehppccompio.DLL1.3.0.244c9685d0c0000417000073bf5d401cf8220c7d1b984C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL0bee5759-ee14-11e3-947c-002618ef9dca

Error: (06/06/2014 09:41:40 PM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe7.15.635.04d39aa4ehppccompio.DLL1.3.0.244c9685d0c0000417000073bf5b401cf81c7b1afe9b1C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLLf5e946e8-edba-11e3-bc13-002618ef9dca

Error: (06/06/2014 08:15:06 AM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe7.15.635.04d39aa4ehppccompio.DLL1.3.0.244c9685d0c0000417000073bf60c01cf8157055b2ba0C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL488293ee-ed4a-11e3-b93b-002618ef9dca

Error: (06/05/2014 03:48:12 PM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe7.15.635.04d39aa4ehppccompio.DLL1.3.0.244c9685d0c0000417000073bf5cc01cf80cd2231c82eC:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL6aad6375-ecc0-11e3-9e07-002618ef9dca

Error: (06/05/2014 03:15:31 PM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe7.15.635.04d39aa4ehppccompio.DLL1.3.0.244c9685d0c0000417000073bf80401cf80c89540617dC:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLLd9ba59d2-ecbb-11e3-bf38-002618ef9dca

Error: (06/05/2014 01:02:25 PM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe7.15.635.04d39aa4ehppccompio.DLL1.3.0.244c9685d0c0000417000073bf53001cf80b5fcdf94a4C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL41c27860-eca9-11e3-b902-002618ef9dca

Error: (06/05/2014 10:47:10 AM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe7.15.635.04d39aa4ehppccompio.DLL1.3.0.244c9685d0c0000417000073bf55801cf80a317e63300C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL5ce8e35f-ec96-11e3-9dd5-002618ef9dca


=========================== Installed Programs ============================

Acronis True Image Home (Version: 13.0.6053)
Adobe Flash Player 13 ActiveX (Version: 13.0.0.214)
Adobe Flash Player 13 Plugin (Version: 13.0.0.214)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Apple Application Support (Version: 3.0.3)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Civilization III Complete Edition (Version: 1.00.0000)
HP LaserJet Professional CP1020 Series
HPLJUT (Version: 1.00.0012)
hppcp1025LaserJetService (Version: 1.00.0000)
hppLaserJetService (Version: 007.015.00635)
iCloud (Version: 3.1.0.40)
iTunes (Version: 11.2.2.3)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
LinksysEasyLinkAdvisor (Version: 3.0.8122.29)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Mozilla Firefox 29.0.1 (x86 en-US) (Version: 29.0.1)
Mozilla Maintenance Service (Version: 29.0.1)
Norton 360 (Version: 21.3.0.12)
Pure Networks Platform (Version: 10.1.8116.1)
QuickTime 7 (Version: 7.75.80.95)
RAR Password Unlocker
Sky Go Desktop
WebEx Support Manager for Internet Explorer (Version: 6.5.47)
WinRAR 5.00 (64-bit) (Version: 5.00.0)

========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 8191.18 MB
Available physical RAM: 6512.99 MB
Total Pagefile: 16380.53 MB
Available Pagefile: 14639.52 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.23 MB

========================= Partitions: =====================================

3 Drive c: (Windows7) (Fixed) (Total:911.98 GB) (Free:734.67 GB) NTFS
4 Drive d: (2nd Hard Drive) (Fixed) (Total:931.51 GB) (Free:653.54 GB) NTFS
5 Drive e: (Win_RE) (Fixed) (Total:19.53 GB) (Free:8.83 GB) NTFS

========================= Users: ========================================

User accounts for \\DAVID-PC

Administrator            David                    Guest                    
Tina                     


**** End of log ****
 

 

http://speccy.piriform.com/results/3aWbY2Jtppqsn8h86ikyoyl

 

Many thanks :)


Edited by Red Kelt, 08 June 2014 - 05:47 AM.


#5 Willy22

Willy22

  • Members
  • 945 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:02:47 AM

Posted 08 June 2014 - 07:26 AM

A LOT OF errors are caused by the HP laser printer software. Perhaps removing and re-installing the printer software will solve the problem. (I hope you have a copy of the HP printer software).

 

- Are both the Norton Firewall & MS Firewall running ? Then disable one of them. It speeds up your system.



#6 Red Kelt

Red Kelt
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:01:47 AM

Posted 08 June 2014 - 08:00 AM

A LOT OF errors are caused by the HP laser printer software. Perhaps removing and re-installing the printer software will solve the problem. (I hope you have a copy of the HP printer software).

 

- Are both the Norton Firewall & MS Firewall running ? Then disable one of them. It speeds up your system.

 

Thank you Willy.



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:47 PM

Posted 08 June 2014 - 10:27 AM

Error: (06/08/2014 11:34:45 AM) (Source: Service Control Manager) (User: )
Description: The Update Jotzey service failed to start due to the following error:
%%2

 

Jotzey is a browser hijacker.

 

You can read about this at the Malwarebytes website.

 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
 
 

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.

Edited by dc3, 08 June 2014 - 10:30 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Red Kelt

Red Kelt
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:01:47 AM

Posted 08 June 2014 - 10:50 AM

Quarantined Items:
===================
Vendor: PUP.Optional.Conduit.A, Date: 2014/06/08 15:35:38, Type: File, Location: C:\Users\David\AppData\Local\Temp\nsf9CB1.exe
Vendor: PUP.Optional.Jotzey.A, Date: 2014/06/08 15:35:38, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Jotzey
Vendor: PUP.Optional.Qone8, Date: 2014/06/08 15:35:38, Type: Registry Value, Location: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope
Vendor: PUP.Optional.Conduit.A, Date: 2014/06/08 15:35:38, Type: File, Location: C:\Users\David\AppData\Local\Temp\nsvE460.exe
Vendor: PUP.Optional.Conduit.A, Date: 2014/06/08 15:35:38, Type: File, Location: C:\Users\David\AppData\Local\Temp\nsa9F03.exe
Vendor: PUP.Optional.Conduit.A, Date: 2014/06/08 15:35:38, Type: File, Location: C:\Users\David\AppData\Local\Temp\nsaE20E.exe
Vendor: PUP.Optional.Conduit.A, Date: 2014/06/08 15:35:38, Type: File, Location: C:\Users\David\AppData\Local\Temp\nsk7A13\SpSetup.exe

 

 

 

# AdwCleaner v3.212 - Report created 08/06/2014 at 16:51:58
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fd6i6tmh.default\prefs.js ]


Edited by Red Kelt, 08 June 2014 - 10:57 AM.


#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:47 PM

Posted 08 June 2014 - 11:26 AM

Please post the whole Malwarbytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbma-check.exe on your desktop, copy and paste this in your next post.


Please run the ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download Junkware Removal Tool.
 
Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.  
 
Click on Run to initiate the installation.
 
To avoid potential conflicts, temporarily disable your antivirus and firewall.  You will want to be offline when you do this.
 
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
 
The tool will open and start scanning your system.
 
Please be patient as this can take a while to complete depending on your system's specifications.
 
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.  Copy and this and then post this in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 Red Kelt

Red Kelt
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:01:47 AM

Posted 08 June 2014 - 12:46 PM

mbam-check result log version:     2.1.0.0002
========================================

User Account type:                 Administrator
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Build Number:              7601
Current Version Number:            6.1
Current CSDVersion:                Service Pack 1
Malwarebytes Anti-Malware:         2.0.2.1012
Installed On:                      2014/06/08
Malware Database:                  2014.06.08.06
Rootkit Database:                  2014.06.02.01
Remediation Database:              2013.10.16.01
IP Database:                       0000.00.00.00
Domain Database:                   0000.00.00.00
License:                           Trial
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      4 (The service is running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2014/06/08 18:46:03
Compatibility Flag Settings:
=================================





Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size:     25816 BYTES    FileVersion: 0.1.13.0    MD5: [f92b0e478c0faa6d6661e6e977247e60]
C:\Windows\system32\drivers\mwac.sys
File Size:     63704 BYTES    FileVersion: 1.0.1.0    MD5: [15e8abc06843672955ce26a009533bad]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size:    122584 BYTES    FileVersion: 0.1.7.0    MD5: [8a50d5304e6ae48664cf5838ec32f647]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size:     91352 BYTES    FileVersion: 1.0.4.0    MD5: [9d9ed48f841ea37aa5310d54b9e5d3c7]

--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMWebAccessControl:--------------
Type:                   1
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1001
    Group                         REG_SZ        NetworkProvider
    ImagePath                     REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Description                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1002
    ObjectName                    REG_SZ        NT AUTHORITY\LocalService
    ErrorControl                  REG_DWORD        1
    Start                         REG_DWORD        2
    Type                          REG_DWORD        32
    DependOnService               REG_MULTI_SZ    RpcSs

    ServiceSidType                REG_DWORD        3
    RequiredPrivileges            REG_MULTI_SZ    SeAuditPrivilege

    FailureActions                REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
    ServiceDll                    REG_EXPAND_SZ    %SystemRoot%\System32\bfe.dll
    ServiceDllUnloadOnStop        REG_DWORD        1
    ServiceMain                   REG_SZ        BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
    {8c300c03-7d30-1b44-8a83-dcc8c09cfa85}REG_BINARY    Binary Data

    {e88282c2-f90f-ef54-1a60-13cbe22eceaa}REG_BINARY    Binary Data

    {e1739739-ee27-4492-b61b-b1fd907d9e88}REG_BINARY    Binary Data

    {0f14dd31-cf58-4fab-9127-e085c7547d7a}REG_BINARY    Binary Data

    {034c737b-f629-a1b4-6afb-1a2f44a1a1d7}REG_BINARY    Binary Data

    {cfb4c757-0bff-94e4-7801-a2b2f62f35ce}REG_BINARY    Binary Data

    {47a3a498-021c-7304-b85a-6bb5e43ade96}REG_BINARY    Binary Data

    {5bb9675e-0064-2cb4-d89d-bcd4e20e11c8}REG_BINARY    Binary Data

    {ca70ae30-59e8-46ef-b483-c22ee366ab29}REG_BINARY    Binary Data

    {b18f04c9-f2e9-4d39-9510-b9265a6b071d}REG_BINARY    Binary Data

    {430f2767-3528-2784-289e-b0860d99a608}REG_BINARY    Binary Data

    {a06ae492-b0c1-1f94-caa4-bb9b226ca22d}REG_BINARY    Binary Data

    {c540d974-3c6c-be64-5bff-3db65b322a1d}REG_BINARY    Binary Data

    {3e3f092e-1288-a8c4-28bf-2b4ef96df312}REG_BINARY    Binary Data

    {e20f0605-5735-38d4-6aea-19d1b15c7868}REG_BINARY    Binary Data

    {2dc4271a-246e-a1a4-3a70-4c8f14fd7ba0}REG_BINARY    Binary Data

    {638ffdf7-a3ff-66c4-7b65-4f406b0da651}REG_BINARY    Binary Data

    {f9bc3444-96d0-0ca4-8920-5425ed611a9e}REG_BINARY    Binary Data

    {0ff1f959-c0d4-3ca4-a8a5-cb469d318b39}REG_BINARY    Binary Data

    {1dd94704-a218-0d34-18d3-1ba50d201728}REG_BINARY    Binary Data

    {39f29298-8fa5-0144-fab3-bcd9ad227c3b}REG_BINARY    Binary Data

    {f154d790-c121-3a84-7824-f7ff97bea29e}REG_BINARY    Binary Data

    {a708428d-50f4-9d44-aa15-fd48988b7d66}REG_BINARY    Binary Data

    {98b0b712-aa06-f734-0bec-c14f445161c4}REG_BINARY    Binary Data

    {70e10304-e806-1af4-4a65-791688215398}REG_BINARY    Binary Data

    {fb588d62-f991-4044-bba6-5e96cf3939df}REG_BINARY    Binary Data

    {64f39050-d77f-7a74-8a07-2a7c2dd7802d}REG_BINARY    Binary Data

    {e69be8e1-869d-0e34-99f6-f82ea91df33d}REG_BINARY    Binary Data

    {dcae098a-dff1-ffe4-9b22-0bb2738885db}REG_BINARY    Binary Data

    {113ba551-0a01-aa84-1944-25df351f74ab}REG_BINARY    Binary Data

    {ef11fc1e-9d20-ff14-3b74-55b7e55eeb97}REG_BINARY    Binary Data

    {b457115e-0fc4-89f4-2b7d-85e7d94efcaa}REG_BINARY    Binary Data

    {2265f512-4d6b-8484-fbf8-7d6ec7579b67}REG_BINARY    Binary Data

    {1b0fa1a4-5e46-8cc4-18c0-f5ff3dd69546}REG_BINARY    Binary Data

    {d663476c-94a3-c5e4-db44-7aa6c8fabd83}REG_BINARY    Binary Data

    {d4de1868-54d9-b4e4-ab30-b9c378cb4b18}REG_BINARY    Binary Data

    {c8e26ddd-a426-73e4-b848-a5c31a087eca}REG_BINARY    Binary Data

    {f67c8b29-2d24-0a74-fbd7-a5cbbe16f710}REG_BINARY    Binary Data

    {fbe3d017-fb99-8c14-aad9-631321b22614}REG_BINARY    Binary Data

    {b47f0b6a-3185-6434-c8b0-e1e69c18eb94}REG_BINARY    Binary Data

    {68487fdc-3301-cef4-ea7a-583c54b3069c}REG_BINARY    Binary Data

    {21e3a753-0ccf-f284-abd6-7221adbd9311}REG_BINARY    Binary Data

    {ffb717c4-ecc7-8b14-3978-dca6602db705}REG_BINARY    Binary Data

    {c40bc20f-87a8-8e24-e824-38f14fb83d7e}REG_BINARY    Binary Data

    {9cd26f24-b76d-2e14-ca19-d17d552bb424}REG_BINARY    Binary Data

    {3bbaa68c-b062-66a4-8a85-648680f757ca}REG_BINARY    Binary Data

    {cd1b16b0-cc00-0be4-79f2-7b4ae69a2037}REG_BINARY    Binary Data

    {511094b4-6ffd-e2e4-0bcf-9794e77d95ae}REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
    {288d1fdb-0317-7e44-cb75-83debf2aebf5}REG_BINARY    Binary Data

    {43ebc567-3739-d724-e89c-cd57f7f662be}REG_BINARY    Binary Data

    {e07dc617-78d7-4317-8d98-1de4a06a7447}REG_BINARY    Binary Data

    {fa50a7a7-58aa-48cc-b795-039f0519e05d}REG_BINARY    Binary Data

    {83b672f1-37df-f3d4-c8be-2d0ed09451ed}REG_BINARY    Binary Data

    {1938590a-37c1-4754-e9ee-c9198f101b57}REG_BINARY    Binary Data

    {63ceb950-c8c2-62c4-197a-70815d052de9}REG_BINARY    Binary Data

    {7f44d536-a1d5-04b4-5821-f9d3f05e7b77}REG_BINARY    Binary Data

    {0c1ac9f9-08e1-4a93-b969-f2cc78ab71da}REG_BINARY    Binary Data

    {ba7a59eb-6441-4b0a-8867-5e8b896c2786}REG_BINARY    Binary Data

    {822c8b33-e507-cad4-ab50-e06d74102386}REG_BINARY    Binary Data

    {ce939e38-be51-53f4-d98e-c7905ea7af84}REG_BINARY    Binary Data

    {b787f560-894f-8db4-1bd5-ea38d2f4006a}REG_BINARY    Binary Data

    {5040b65d-0ecd-5fc4-99ee-7bccd3941b13}REG_BINARY    Binary Data

    {e53d1460-4afc-e1e4-8a2e-e210cc564688}REG_BINARY    Binary Data

    {2e971130-3bf4-ea64-9ab5-cb9c3a0cad57}REG_BINARY    Binary Data

    {bff0c14d-5646-7644-3a01-f0344e4cb231}REG_BINARY    Binary Data

    {3ce1de5f-d7ef-e064-1991-abe3beefda33}REG_BINARY    Binary Data

    {d384de9c-320b-7564-788b-7e17bd4f3e06}REG_BINARY    Binary Data

    {b6fe0628-75e9-41d4-c85b-106b79a9605c}REG_BINARY    Binary Data

    {6db2047b-4844-4a34-c9f7-612acd816b15}REG_BINARY    Binary Data

    {7dbcb70a-fa99-76c4-2bb7-44e9545c290b}REG_BINARY    Binary Data

    {f0888ff5-e13d-e844-1b13-64f885451c9e}REG_BINARY    Binary Data

    {1e6f2082-dc1c-e774-9889-d77bc276de17}REG_BINARY    Binary Data

    {34392ca1-05dd-d324-d886-a1db63fd0a1c}REG_BINARY    Binary Data

    {2c8aea04-7f81-44e4-380a-4f1f1fd3ec8b}REG_BINARY    Binary Data

    {4d6ff4f5-33fc-04a4-5a43-580d83238c1f}REG_BINARY    Binary Data

    {056d0c54-b875-6b54-3b6b-85fb20ef945b}REG_BINARY    Binary Data

    {d9bf7a23-80e2-16f4-4916-10b6881da7f4}REG_BINARY    Binary Data

    {3b15de27-387f-0b04-b8fd-9cfec1fc2b53}REG_BINARY    Binary Data

    {ff60487c-9b38-8b74-eaad-a723fe2920f3}REG_BINARY    Binary Data

    {e113abe3-c2c2-e7d4-981a-1d81cef728cd}REG_BINARY    Binary Data

    {f9c69fee-fab9-4d14-7bf0-4150924172c3}REG_BINARY    Binary Data

    {013bfb29-c999-4f74-e91a-163592356489}REG_BINARY    Binary Data

    {a1f52b10-d3a0-5584-db3f-4fbff5ee691e}REG_BINARY    Binary Data

    {a66e372d-6ad2-32b4-fa7a-9e5406a06efb}REG_BINARY    Binary Data

    {25452abe-22c4-46e4-4b43-4e63c44ff052}REG_BINARY    Binary Data

    {d2186677-8f09-80c4-9a3c-fb95a7cafe47}REG_BINARY    Binary Data

    {13d22885-8869-6194-8a68-eabf78dc7b1d}REG_BINARY    Binary Data

    {85d443eb-d02f-35b4-09b6-17a55933e9a9}REG_BINARY    Binary Data

    {468aa82e-7c0b-3484-f976-c96cac54f548}REG_BINARY    Binary Data

    {d7167dab-073c-70f4-eaa7-27a7f9058100}REG_BINARY    Binary Data

    {aa75c41d-0567-9754-fbb4-98314d2e1025}REG_BINARY    Binary Data

    {72d8a0b2-f9e8-3a14-5947-53b26053e2cc}REG_BINARY    Binary Data

    {1e83b45d-73c2-3c74-69ca-ca49a21a9471}REG_BINARY    Binary Data

    {124cd831-d190-26d4-1912-9d66a2f87850}REG_BINARY    Binary Data

    {f4965f1d-9b1d-c1b4-a9bf-7f14d9558673}REG_BINARY    Binary Data

    {d9fbf698-6e04-4044-e834-05a80e2c7216}REG_BINARY    Binary Data

    {3c565f9a-e9d1-52d4-280a-204519ae9b74}REG_BINARY    Binary Data

    {cae4853d-d48a-5094-9998-a654d8a1f201}REG_BINARY    Binary Data

    {c195d6cb-28ba-0244-f9ea-d52c30774a2f}REG_BINARY    Binary Data

    {945df99a-f3cd-63b4-1925-816ce9429e3b}REG_BINARY    Binary Data

    {323a84ef-da67-4c44-3940-200827d6c044}REG_BINARY    Binary Data

    {379a9aa8-6286-9274-6a9a-1b9f9fef5ea2}REG_BINARY    Binary Data

    {3162ae5d-fd53-7894-badc-9910318def3f}REG_BINARY    Binary Data

    {83ad9a09-ff8f-4a54-d99a-cec7b98984ff}REG_BINARY    Binary Data

    {2de5159c-7a8e-f814-58c2-236f884dbb18}REG_BINARY    Binary Data

    {539b7c6d-8ad7-ea54-cbba-f028c6a88719}REG_BINARY    Binary Data

    {6329feaf-fae0-51e4-aba7-9107bc00d060}REG_BINARY    Binary Data

    {b99aa75f-8721-98a4-e952-f03e1e644994}REG_BINARY    Binary Data

    {a49c4ab8-c054-9914-2b9c-7d0ae48d8505}REG_BINARY    Binary Data

    {7df4b338-f782-f0f4-9bed-e9b45deb580e}REG_BINARY    Binary Data

    {f319fd16-192f-13a4-ea06-180e16c755f9}REG_BINARY    Binary Data

    {3cc23cb2-30bd-6674-3bf9-81d622fde73d}REG_BINARY    Binary Data

    {4053bd41-f27e-8bc4-39d8-4420fc25b014}REG_BINARY    Binary Data

    {92517201-7702-8bf4-dbea-9fdfe8a32410}REG_BINARY    Binary Data

    {1d0f6316-1e62-7cb4-b908-aebc52d7af48}REG_BINARY    Binary Data

    {c28099d7-7ef3-3f64-785c-9e82ff2678a9}REG_BINARY    Binary Data

    {9a81b08a-d239-9f14-ea63-fa043703c04b}REG_BINARY    Binary Data

    {a739d627-00a3-9634-ebf2-0b0c7977fea1}REG_BINARY    Binary Data

    {bd54f486-7316-ae84-bad6-efec4ca12d63}REG_BINARY    Binary Data

    {9d16cb2a-7eb4-db64-5980-d989275b5c6a}REG_BINARY    Binary Data

    {b95281e9-0df5-3664-289a-2cda6a45f97d}REG_BINARY    Binary Data

    {ca4cad28-4dd9-6034-69c5-d5362f3cc1cb}REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
    {8c300c03-7d30-1b44-8a83-dcc8c09cfa85}REG_BINARY    Binary Data

    {e311ae9f-e0fb-7f04-7b55-8a257506650f}REG_BINARY    Binary Data

    {e88282c2-f90f-ef54-1a60-13cbe22eceaa}REG_BINARY    Binary Data

    {4ef2b2de-4b97-0234-3bbf-eaa6719814d6}REG_BINARY    Binary Data

    {e1739739-ee27-4492-b61b-b1fd907d9e88}REG_BINARY    Binary Data

    {e7609227-f261-4b39-a7f5-64e338ade472}REG_BINARY    Binary Data

    {0f14dd31-cf58-4fab-9127-e085c7547d7a}REG_BINARY    Binary Data

    {f3009b7d-992b-4cce-b65a-2792465c6ea4}REG_BINARY    Binary Data

    {034c737b-f629-a1b4-6afb-1a2f44a1a1d7}REG_BINARY    Binary Data

    {dcbbcd6b-37fe-0914-2b3e-a5a15ed83c24}REG_BINARY    Binary Data

    {cfb4c757-0bff-94e4-7801-a2b2f62f35ce}REG_BINARY    Binary Data

    {a5f90f38-2ba6-0c84-3a97-906cc41a4860}REG_BINARY    Binary Data

    {47a3a498-021c-7304-b85a-6bb5e43ade96}REG_BINARY    Binary Data

    {3bb6a48a-db01-da24-6b94-b0890b8da96f}REG_BINARY    Binary Data

    {5bb9675e-0064-2cb4-d89d-bcd4e20e11c8}REG_BINARY    Binary Data

    {642969df-6023-55a4-384d-a00571e7a98a}REG_BINARY    Binary Data

    {ca70ae30-59e8-46ef-b483-c22ee366ab29}REG_BINARY    Binary Data

    {c91d1d66-421c-4b87-ac5b-a18193abbd64}REG_BINARY    Binary Data

    {b18f04c9-f2e9-4d39-9510-b9265a6b071d}REG_BINARY    Binary Data

    {bb623a72-5252-4284-a365-1cd0f83e55ce}REG_BINARY    Binary Data

    {430f2767-3528-2784-289e-b0860d99a608}REG_BINARY    Binary Data

    {3ba7deb2-a886-ae74-f87a-72194738a423}REG_BINARY    Binary Data

    {a06ae492-b0c1-1f94-caa4-bb9b226ca22d}REG_BINARY    Binary Data

    {11cc978e-2782-1724-79bf-9a7edca87fae}REG_BINARY    Binary Data

    {c540d974-3c6c-be64-5bff-3db65b322a1d}REG_BINARY    Binary Data

    {9de53702-392d-8044-2953-fc2bc7af47ad}REG_BINARY    Binary Data

    {3e3f092e-1288-a8c4-28bf-2b4ef96df312}REG_BINARY    Binary Data

    {d96b0bca-4c17-2b34-48b1-60566dd3e999}REG_BINARY    Binary Data

    {e20f0605-5735-38d4-6aea-19d1b15c7868}REG_BINARY    Binary Data

    {e448f4a4-8392-a954-699a-41c712f4a5d3}REG_BINARY    Binary Data

    {2dc4271a-246e-a1a4-3a70-4c8f14fd7ba0}REG_BINARY    Binary Data

    {e1de2d9d-2a11-f554-0acf-db826b0f4bd6}REG_BINARY    Binary Data

    {638ffdf7-a3ff-66c4-7b65-4f406b0da651}REG_BINARY    Binary Data

    {5342d19f-180e-3124-b95c-cc8d73fef5b1}REG_BINARY    Binary Data

    {f9bc3444-96d0-0ca4-8920-5425ed611a9e}REG_BINARY    Binary Data

    {1c5aab44-1a9b-9c04-9a1d-f9f85ec51e98}REG_BINARY    Binary Data

    {0ff1f959-c0d4-3ca4-a8a5-cb469d318b39}REG_BINARY    Binary Data

    {b5db1d35-04c6-07f4-3912-a48d9266dc36}REG_BINARY    Binary Data

    {1dd94704-a218-0d34-18d3-1ba50d201728}REG_BINARY    Binary Data

    {a95b3da7-c453-a294-cacb-b5065e5a9dd0}REG_BINARY    Binary Data

    {39f29298-8fa5-0144-fab3-bcd9ad227c3b}REG_BINARY    Binary Data

    {4dbfdcf1-8cd6-79a4-1b57-d3ce0245e8ed}REG_BINARY    Binary Data

    {f154d790-c121-3a84-7824-f7ff97bea29e}REG_BINARY    Binary Data

    {b00673e4-f4be-01d4-cab1-cab8f7f217a8}REG_BINARY    Binary Data

    {a708428d-50f4-9d44-aa15-fd48988b7d66}REG_BINARY    Binary Data

    {ad3611e0-f9e2-ebf4-49e1-59361a5ffbea}REG_BINARY    Binary Data

    {98b0b712-aa06-f734-0bec-c14f445161c4}REG_BINARY    Binary Data

    {605a11a1-39e0-8eb4-2850-e2b24f317d76}REG_BINARY    Binary Data

    {70e10304-e806-1af4-4a65-791688215398}REG_BINARY    Binary Data

    {883a9337-5ef5-f4c4-5b87-239da3ee190f}REG_BINARY    Binary Data

    {fb588d62-f991-4044-bba6-5e96cf3939df}REG_BINARY    Binary Data

    {b14c171c-cba7-ebd4-fbb8-ce1071abca6d}REG_BINARY    Binary Data

    {64f39050-d77f-7a74-8a07-2a7c2dd7802d}REG_BINARY    Binary Data

    {24c60015-9c25-3f34-cacf-92da9840e906}REG_BINARY    Binary Data

    {e69be8e1-869d-0e34-99f6-f82ea91df33d}REG_BINARY    Binary Data

    {6d7c050d-a47a-9914-9b9c-3ec20b9d7698}REG_BINARY    Binary Data

    {dcae098a-dff1-ffe4-9b22-0bb2738885db}REG_BINARY    Binary Data

    {2efb3fad-ff4c-e684-5b3c-af1df1bf1ca9}REG_BINARY    Binary Data

    {113ba551-0a01-aa84-1944-25df351f74ab}REG_BINARY    Binary Data

    {125c4673-2cbe-b8d4-8aee-faf905c18997}REG_BINARY    Binary Data

    {ef11fc1e-9d20-ff14-3b74-55b7e55eeb97}REG_BINARY    Binary Data

    {49339bce-1676-b564-79f0-9dedba6ac5a0}REG_BINARY    Binary Data

    {b457115e-0fc4-89f4-2b7d-85e7d94efcaa}REG_BINARY    Binary Data

    {d167b2f1-e18b-4644-2b1f-c8c84095db6b}REG_BINARY    Binary Data

    {2265f512-4d6b-8484-fbf8-7d6ec7579b67}REG_BINARY    Binary Data

    {65bd1b95-7c25-1cb4-e8cf-5f77cf66fc7e}REG_BINARY    Binary Data

    {1b0fa1a4-5e46-8cc4-18c0-f5ff3dd69546}REG_BINARY    Binary Data

    {aea589d8-0f00-bc04-0a41-f96b266d758d}REG_BINARY    Binary Data

    {d663476c-94a3-c5e4-db44-7aa6c8fabd83}REG_BINARY    Binary Data

    {db7b7458-6817-ce44-0abe-440eae0c2b57}REG_BINARY    Binary Data

    {d4de1868-54d9-b4e4-ab30-b9c378cb4b18}REG_BINARY    Binary Data

    {60268e51-b7fd-c1e4-6b82-638aa19227bd}REG_BINARY    Binary Data

    {c8e26ddd-a426-73e4-b848-a5c31a087eca}REG_BINARY    Binary Data

    {1ad00215-eb30-eda4-69bd-346d8371787a}REG_BINARY    Binary Data

    {f67c8b29-2d24-0a74-fbd7-a5cbbe16f710}REG_BINARY    Binary Data

    {60286bb2-acca-67d4-58d8-3610a6618e15}REG_BINARY    Binary Data

    {fbe3d017-fb99-8c14-aad9-631321b22614}REG_BINARY    Binary Data

    {169d6be1-b993-6af4-c9f7-74f6946781e4}REG_BINARY    Binary Data

    {b47f0b6a-3185-6434-c8b0-e1e69c18eb94}REG_BINARY    Binary Data

    {30146aff-3c2c-0aa4-3905-894aa433e953}REG_BINARY    Binary Data

    {7587f941-cafe-99d4-fb05-f470e11db9d0}REG_BINARY    Binary Data

    {a3d09149-cc40-6854-f9b2-5a83e63b5aa9}REG_BINARY    Binary Data

    {08851390-28f1-d024-0a30-96424e7f2a8c}REG_BINARY    Binary Data

    {e00fb75c-bfb8-a0b4-ea1a-aad548b5cb38}REG_BINARY    Binary Data

    {d1d8fe07-0f6f-3bb4-8b2d-ac54185b9ea4}REG_BINARY    Binary Data

    {07a51945-f0a0-a984-19dd-a2fa6df50ca1}REG_BINARY    Binary Data

    {aa959992-13eb-eab4-c8c3-344b164dedc0}REG_BINARY    Binary Data

    {e124c736-1dd5-f034-181e-202a6f0d45e3}REG_BINARY    Binary Data

    {45b3b6b8-08a0-0eb4-2b3f-7cba6fcff68a}REG_BINARY    Binary Data

    {63f3d0c3-b230-3384-a9a0-05fe70c051a9}REG_BINARY    Binary Data

    {7d972967-373f-53c4-c822-6d9b98040aac}REG_BINARY    Binary Data

    {8b0216d4-8c51-5674-d977-0d4c5873c41f}REG_BINARY    Binary Data

    {68487fdc-3301-cef4-ea7a-583c54b3069c}REG_BINARY    Binary Data

    {63421a09-1e6b-1724-88be-ac3012cda100}REG_BINARY    Binary Data

    {21e3a753-0ccf-f284-abd6-7221adbd9311}REG_BINARY    Binary Data

    {d0bbb240-772e-3144-4bcd-ef6b426e90ba}REG_BINARY    Binary Data

    {0259c1da-7cce-f914-7a21-487e1e084a28}REG_BINARY    Binary Data

    {1dd6069a-5a11-49c4-ba9a-67c6a44f5b4c}REG_BINARY    Binary Data

    {104e67d6-ec8f-28b4-bb61-00fde33ab1eb}REG_BINARY    Binary Data

    {b4251f4a-2d5a-b014-0a4a-ed36b5e10ea0}REG_BINARY    Binary Data

    {ffb717c4-ecc7-8b14-3978-dca6602db705}REG_BINARY    Binary Data

    {4f8e204e-5624-9234-8a78-8f16aae3ef20}REG_BINARY    Binary Data

    {c40bc20f-87a8-8e24-e824-38f14fb83d7e}REG_BINARY    Binary Data

    {c55f646a-7d0e-5ff4-9b56-abc231ba1bef}REG_BINARY    Binary Data

    {4776b92a-fed9-d8e4-9a0e-f85cf5865d35}REG_BINARY    Binary Data

    {9f3078ed-3bb3-2e24-ab4a-71722a21fd64}REG_BINARY    Binary Data

    {92ac1647-5cd5-a1d4-0bc1-5fd3213c8c4b}REG_BINARY    Binary Data

    {02cca994-9a30-25a4-3b7c-bd328cba6209}REG_BINARY    Binary Data

    {a64e2fd7-fb02-4674-8819-10780570e8b7}REG_BINARY    Binary Data

    {8daa920a-dfd9-7844-5bf9-ab95051685aa}REG_BINARY    Binary Data

    {9cd26f24-b76d-2e14-ca19-d17d552bb424}REG_BINARY    Binary Data

    {9c8380e5-0d81-eef4-a88b-21dd395c25fa}REG_BINARY    Binary Data

    {3bbaa68c-b062-66a4-8a85-648680f757ca}REG_BINARY    Binary Data

    {22482d59-35d6-1f44-3b51-19ad61d3114c}REG_BINARY    Binary Data

    {cd1b16b0-cc00-0be4-79f2-7b4ae69a2037}REG_BINARY    Binary Data

    {87dc86f5-72ee-2fc4-8a83-0363327f1b96}REG_BINARY    Binary Data

    {511094b4-6ffd-e2e4-0bcf-9794e77d95ae}REG_BINARY    Binary Data

    {d7429422-150f-0c74-3bba-dc048e9baf3d}REG_BINARY    Binary Data

    {bf1b654b-5339-2a44-1923-64119b05b796}REG_BINARY    Binary Data

    {36ed884e-2b1f-e2d4-5b52-d7b9371a4b93}REG_BINARY    Binary Data

    {f0b80ade-0944-73b4-09cc-ba867baba6d6}REG_BINARY    Binary Data

    {3627ecb2-b18b-74a4-7b8a-4dc864cfe05e}REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
    {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY    Binary Data

    {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY    Binary Data

    {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY    Binary Data

    {06e9d64c-15e9-4615-a862-1f0dc2674c6a}REG_BINARY    Binary Data

    {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY    Binary Data

    {d4bd4a0f-7591-4da2-ae67-3aa97c3c34c2}REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
    {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY    Binary Data

    {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY    Binary Data

    {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY    Binary Data

    {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY    Binary Data

    {138d8cf9-63ce-0264-2a6a-82012a3041e9}REG_BINARY    Binary Data

    {e104491e-e3ff-5884-297d-4a606059202a}REG_BINARY    Binary Data

    {944c7c85-2d3e-3ca4-b96c-45f1fbacf534}REG_BINARY    Binary Data

    {7ad177f7-b8b6-f044-982b-02fba7bb5a4b}REG_BINARY    Binary Data

    {982a8b99-8fda-5af4-394e-b3a86eeae3a2}REG_BINARY    Binary Data

    {716551c6-d81c-c314-8b60-8e802d17af65}REG_BINARY    Binary Data

    {fa440e9d-3210-9e34-0941-9e24589c14a7}REG_BINARY    Binary Data

    {3659e00e-8c62-9174-8be9-e4e562795f04}REG_BINARY    Binary Data

    {a98edafe-8f64-8144-fa1b-ba21cc1c77dd}REG_BINARY    Binary Data

    {7e0920ad-bcec-bb94-f850-b022eac09779}REG_BINARY    Binary Data

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    AttachWhenLoaded              REG_DWORD        1
    DisplayName                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
    Group                         REG_SZ        FSFilter Infrastructure
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    Description                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
    ErrorControl                  REG_DWORD        3
    Start                         REG_DWORD        0
    Tag                           REG_DWORD        1
    Type                          REG_DWORD        2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
    0                             REG_SZ        Root\LEGACY_FLTMGR\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1


C:\Windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES    FileVersion: 6.1.7601.17514    MD5: [da6b67270fd9db3697b20fce94950741]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1070152   BYTES    FileVersion: 6.1.98.34    MD5: [e52859fcb7a827cacfce7963184c7d24]
C:\Windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES    FileVersion: 6.1.7601.17514    MD5: [703ffd301ab900b047337c5d40fd6f96]


MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
    AutomaticQuarantine:                                       true
    AutostartProtection:                                       true
    LimitedMode:                                               false
    StartSilentMode:                                           false
    StartupDelay:                                              0
ApplicationState:
    First-Run-After-Installation:                              false
General:
    DaysUntilNotifyExpiration:                                 5
    Language:                                                  en
    RightClickAccess:                                          false
    SilentErrors:                                              false
Logging:
    ExportLog:                                                 true
Notification:
ProtectionTray:
    DisplayMilliseconds:                                       7000
ScanHistory:
    Duration_Complete:                                         61000
    Duration_Driver:                                           0
    Duration_Filesystem:                                       0
    Duration_Heuristics:                                       260000
    Duration_Loading:                                          0
    Duration_MasterBootRecord:                                 0
    Duration_Memory:                                           40000
    Duration_PreScan:                                          10000
    Duration_Registry:                                         15000
    Duration_Sector:                                           0
    Duration_Startup:                                          18000
    ItemCount_Complete:                                        251638
    ItemCount_Driver:                                          0
    ItemCount_Filesystem:                                      40079
    ItemCount_Heuristics:                                      9275
    ItemCount_Loading:                                         0
    ItemCount_MasterBootRecord:                                0
    ItemCount_Memory:                                          2797
    ItemCount_PreScan:                                         0
    ItemCount_Registry:                                        559
    ItemCount_Sector:                                          0
    ItemCount_Startup:                                         1133
    LastScanDateEpoch:                                         1402241739467
    LastScanType:                                              1 (Threat Scan)
Update:
    LastUpdate:                                                2014-06-08T17:41:11
    NotifyInstallReady:                                        true
    NotifyOutdatedDatabase:                                    1
    ProxyPassword:                                              
    ProxyPort:                                                 0
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false
    UseProxyAuthentication:                                    false
--------------Account:--------------
  Account Status:                                              Trial
  Expiration Time:                                             2014/06/22 15:34:37
  Activation Time:                                             2014/06/08 15:34:37
  Trial Used:                                                  true
--------------Access Policies:--------------

Scheduler Queue:
================

tasks:
    234b7367-069a-413f-8375-db8c07c1ad40:                       
      parameters:                                               
        CheckForUpdatesBeforeScanStart:                        true
        ScanConfig:                                             
          ExitWhenNoMalwareDetected:                           false
          ExportLog:                                           true
          FileSystemOption:                                    true
          RebootSystemWhenMalwareDetected:                     false
          RemoveMalwareAutomaticallyWhenScanEnds:              false
          ScanArchives:                                        true
          ScanExtra:                                           true
          ScanHeuristic:                                       true
          ScanMemoryObjects:                                   true
          ScanPUM:                                             2
          ScanPUP:                                             2
          ScanRegistry:                                        true
          ScanRootkits:                                        false
          ScanStartup:                                         true
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true
          TerminateExplorerWhenMalwareIsRemoved:               false
        StartTaskFromSystemAccount:                            false
        TaskType:                                              0
      triggers:                                                 
        0e970bca-98bd-4d8c-beb0-a18f0bc33aef:                   
          dateinterval:                                        1:0:0
          lastscheduled:                                        
          lasttriggered:                                        
          nextscheduled:                                       Mon, 09 Jun 2014 02:59:27 +0100
          recovery:                                            23:00:00
          start:                                               Mon, 09 Jun 2014 03:00:50 +0100
          timeinterval:                                        00:00:00
          type:                                                4
          uuid:                                                0e970bca-98bd-4d8c-beb0-a18f0bc33aef
      type:                                                    scan
      uuid:                                                    234b7367-069a-413f-8375-db8c07c1ad40
    91de502f-7b1e-4db3-941e-d76db955c87b:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             true
        TaskType:                                              3
      triggers:                                                 
        61c28a52-bb2b-43eb-a51f-e7d933cd8547:                   
          dateinterval:                                        0:0:0
          lastscheduled:                                       Sun, 08 Jun 2014 18:41:05.915811 +0100
          lasttriggered:                                       Sun, 08 Jun 2014 18:41:05.915811 +0100
          nextscheduled:                                       Sun, 08 Jun 2014 19:39:29.915811 +0100
          recovery:                                            00:00:00
          start:                                               Sun, 08 Jun 2014 16:34:56.842623 +0100
          timeinterval:                                        01:00:00
          type:                                                3
          uuid:                                                61c28a52-bb2b-43eb-a51f-e7d933cd8547
      type:                                                    update
      uuid:                                                    91de502f-7b1e-4db3-941e-d76db955c87b

Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
    Type                          REG_DWORD        2
    Start                         REG_DWORD        3
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\mbam.sys
    Group                         REG_SZ        FSFilter Anti-Virus
    DependOnService               REG_MULTI_SZ    FltMgr

    WOW64                         REG_DWORD        1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
    DefaultInstance               REG_SZ        MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
    Altitude                      REG_SZ        328800
    Flags                         REG_DWORD        0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
    PassThruFile                  REG_SZ        mbampt.exe
    ProductPath                   REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
    0                             REG_SZ        Root\LEGACY_MBAMPROTECTOR\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1

MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
    DependOnService               REG_MULTI_SZ    MBAMProtector

    WOW64                         REG_DWORD        1
    ObjectName                    REG_SZ        LocalSystem
    Description                   REG_SZ        Malwarebytes Anti-Malware service
    DelayedAutostart              REG_DWORD        0

MBAMScheduler Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
    WOW64                         REG_DWORD        1
    ObjectName                    REG_SZ        LocalSystem
    Description                   REG_SZ        Malwarebytes Anti-Malware scheduler

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

Proxy Override:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    ProxyOverride    REG_SZ        *.local

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume3

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM
        PM
        :

Currently:
REG_SZ        HH:mm:ss
REG_SZ        AM
REG_SZ        PM
REG_SZ        :

Language and Regional Settings:
===============================

ACP:     Language is English (United States)
MACCP:     Language is English (United States)
OEMCP: 850 Please refer to this link for details: Here

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Context Menu Entries:
=====================
















List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                      File Size: 920888    BYTES    FileVersion:  9.20.0.0       MD5: [9f522b2708cab181c0f137abbcd1de2e]
changes.txt                                 File Size: 2261      BYTES    FileVersion:  N/A            MD5: [af70267bdf9a37a96f1a79a5c3720ae6]
license.rtf                                 File Size: 39478     BYTES    FileVersion:  N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]
master.conf                                 File Size: 1258      BYTES    FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                    File Size: 579896    BYTES    FileVersion:  1.0.7.0        MD5: [d32c2a98859cb22d57a665f15f351e7d]
mbam.exe                                    File Size: 6970168   BYTES    FileVersion:  1.0.0.532      MD5: [4fbc630768570e6ac35c3de8f6ec79f5]
mbamcore.dll                                File Size: 1680696   BYTES    FileVersion:  1.0.11.0       MD5: [f722fa26739eafcbd8d5f3829b632cd7]
mbamdor.exe                                 File Size: 54072     BYTES    FileVersion:  1.0.1.0        MD5: [4da2f2da54a92850f56c0db712058188]
mbamext.dll                                 File Size: 184632    BYTES    FileVersion:  3.0.4.0        MD5: [945bb364b09f3a8e998dbff02a0a5a58]
mbampt.exe                                  File Size: 39736     BYTES    FileVersion:  1.0.0.0        MD5: [9acd7583584c93ee542c273df8e91dc1]
mbamscheduler.exe                           File Size: 1809720   BYTES    FileVersion:  3.0.2.0        MD5: [d84aea3f3329d622dfc1297dddf6163b]
mbamservice.exe                             File Size: 860472    BYTES    FileVersion:  3.0.2.0        MD5: [4f45ed469906494f9bf754e476390dbd]
mbamsrv.dll                                 File Size: 4437816   BYTES    FileVersion:  1.1.0.0        MD5: [9b48e38c35f08fa831b387a0b27c40aa]
msvcp100.dll                                File Size: 421688    BYTES    FileVersion:  10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d]
msvcr100.dll                                File Size: 774456    BYTES    FileVersion:  10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed]
QtCore4.dll                                 File Size: 2732856   BYTES    FileVersion:  4.8.4.0        MD5: [30490eed6a1e20e8259c0b9c58f488fe]
QtGui4.dll                                  File Size: 8575288   BYTES    FileVersion:  4.8.4.0        MD5: [15e21aa7d0c0c994cd565eeb96d13c20]
QtNetwork4.dll                              File Size: 909112    BYTES    FileVersion:  4.8.4.0        MD5: [d7588d42e29080c32a003bee465160d8]
unins000.dat                                File Size: 23381     BYTES    FileVersion:  N/A            MD5: [6193f440d2c116b5c5db66f8aa13dbb8]
unins000.exe                                File Size: 718037    BYTES    FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                               File Size: 235882    BYTES    FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.exe                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.pif                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.scr                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
iexplore.exe                                File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.com                          File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.exe                          File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.pif                          File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.scr                          File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-killer.exe                             File Size: 1181496   BYTES    FileVersion:  N/A            MD5: [c6927fd8f7e9105b64db5d5a08b53731]
rundll32.exe                                File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
svchost.exe                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
windows.exe                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
winlogon.exe                                File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                                   File Size: 32568     BYTES    FileVersion:  4.8.4.0        MD5: [e59f533c26c8375cd120b4791482217e]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_bg.qm                                  File Size: 144048    BYTES    FileVersion:  N/A            MD5: [9ccb79999432d56b9843a3e2b2c90325]
lang_bs.qm                                  File Size: 145523    BYTES    FileVersion:  N/A            MD5: [6ab7a6274d4f9f7553c944f5c66201ba]
lang_ca.qm                                  File Size: 132254    BYTES    FileVersion:  N/A            MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]
lang_cs.qm                                  File Size: 141243    BYTES    FileVersion:  N/A            MD5: [6b8acee7f461fa69b83d2c45c3725427]
lang_da.qm                                  File Size: 130101    BYTES    FileVersion:  N/A            MD5: [8539796784746218b229419e99ab308d]
lang_de.qm                                  File Size: 149462    BYTES    FileVersion:  N/A            MD5: [fcd3bc376ad219396e8c7d3c87cd8864]
lang_el.qm                                  File Size: 149912    BYTES    FileVersion:  N/A            MD5: [74f13f95f63fe96c08e571598df052d6]
lang_en.qm                                  File Size: 115961    BYTES    FileVersion:  N/A            MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]
lang_es.qm                                  File Size: 130487    BYTES    FileVersion:  N/A            MD5: [33e1c6d40b841cc2e783ec8d8102e66f]
lang_et.qm                                  File Size: 138126    BYTES    FileVersion:  N/A            MD5: [aa215b5f37a72a69854c9163ac543b51]
lang_fi.qm                                  File Size: 144256    BYTES    FileVersion:  N/A            MD5: [18912c339939c3a6629004ec900f4fe4]
lang_fr.qm                                  File Size: 149253    BYTES    FileVersion:  N/A            MD5: [ec2bf2f431c4273f151b8c8a7b84c387]
lang_he.qm                                  File Size: 116101    BYTES    FileVersion:  N/A            MD5: [9e692744e77051c6ce14df32f9b71920]
lang_hr.qm                                  File Size: 139841    BYTES    FileVersion:  N/A            MD5: [3e3737fe86eb595c5f6817eebf731aa7]
lang_hu.qm                                  File Size: 145621    BYTES    FileVersion:  N/A            MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]
lang_id.qm                                  File Size: 143102    BYTES    FileVersion:  N/A            MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]
lang_it.qm                                  File Size: 146851    BYTES    FileVersion:  N/A            MD5: [7e7aea7d0b433d7e912ed9f0887684a7]
lang_ja.qm                                  File Size: 121282    BYTES    FileVersion:  N/A            MD5: [19ac79b7a5e05d665e417c2dd75afc94]
lang_ko.qm                                  File Size: 118033    BYTES    FileVersion:  N/A            MD5: [de213178c14490bf452ea45278d3442d]
lang_nl.qm                                  File Size: 146325    BYTES    FileVersion:  N/A            MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]
lang_no.qm                                  File Size: 142918    BYTES    FileVersion:  N/A            MD5: [4388c08217618af2e24173af6f5d3f97]
lang_pl.qm                                  File Size: 145434    BYTES    FileVersion:  N/A            MD5: [699700c889447d1f9b607c04f07fff67]
lang_pt_BR.qm                               File Size: 131739    BYTES    FileVersion:  N/A            MD5: [a3430222223d59da8ec6ea1edae5ee2f]
lang_pt_PT.qm                               File Size: 149128    BYTES    FileVersion:  N/A            MD5: [afdf1907af4c95f9af510d5fc1bb9067]
lang_ro.qm                                  File Size: 121166    BYTES    FileVersion:  N/A            MD5: [1672a2b3a9807a1497fe43824c0026c0]
lang_ru.qm                                  File Size: 122186    BYTES    FileVersion:  N/A            MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]
lang_sk.qm                                  File Size: 119827    BYTES    FileVersion:  N/A            MD5: [8b200d162e8028843e41aa1a927cfd84]
lang_sl.qm                                  File Size: 143191    BYTES    FileVersion:  N/A            MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]
lang_sr.qm                                  File Size: 143261    BYTES    FileVersion:  N/A            MD5: [377d15c0da0249f4a7a58978b6307d81]
lang_sv.qm                                  File Size: 142525    BYTES    FileVersion:  N/A            MD5: [2587ead21967296fefdd0ee0684fe8b4]
lang_tr.qm                                  File Size: 142194    BYTES    FileVersion:  N/A            MD5: [880fcbe97ec6f13ec094f7371b5b295f]
lang_vi.qm                                  File Size: 126874    BYTES    FileVersion:  N/A            MD5: [c61281786b5bfec68afc742a19f6abd9]
lang_zh_tr.qm                               File Size: 110870    BYTES    FileVersion:  N/A            MD5: [f223d83580b1ee35edea13293cb2c80d]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                               File Size: 821560    BYTES    FileVersion:  1.1.0.1010     MD5: [3a4dcd021d9f3a5305a22e5e309da305]

C:\Users\David\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                                 File Size: 314       BYTES    FileVersion:  N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]
domains.ref                                 File Size: 38        BYTES    FileVersion:  N/A            MD5: [8c30b536b67543eb68e68b9640d4d498]
exclusions.dat                              File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                     File Size: 33        BYTES    FileVersion:  N/A            MD5: [8a1c580788ea8de3f32862c2c1cf373c]
rules.ref                                   File Size: 8417995   BYTES    FileVersion:  N/A            MD5: [e85a39dbcd18b1ea84dc462ad2595413]
swissarmy.ref                               File Size: 21316     BYTES    FileVersion:  N/A            MD5: [a6d0ca7a44b74627656ca4d3e892e853]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                                  File Size: 4493      BYTES    FileVersion:  N/A            MD5: [a5a01ad6070fa7d7453eb581f35fef8b]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 462       BYTES    FileVersion:  N/A            MD5: [394f03ee09a34ddd1207ac9b48163766]
manifest.conf                               File Size: 2133      BYTES    FileVersion:  N/A            MD5: [e8531bdf925e0c3aebca47c41e686847]
marketing.conf                              File Size: 1434      BYTES    FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                    File Size: 6103      BYTES    FileVersion:  N/A            MD5: [b7197f38c3443f41197c6a29476745bc]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 2121      BYTES    FileVersion:  N/A            MD5: [9622264634b34c13d5d1ea7da9a42e8e]
settings.conf                               File Size: 1990      BYTES    FileVersion:  N/A            MD5: [c3721116a46fe19cd16e34e9f88725d0]
statistics.conf                             File Size: 597       BYTES    FileVersion:  N/A            MD5: [28c09a18bbdafa967cdb60277e3985fe]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-06-08 (16-35-37).xml          File Size: 5490      BYTES    FileVersion:  N/A            MD5: [aba6357969d4aa200bab560268e01e69]
protection-log-2014-06-08.xml               File Size: 9956      BYTES    FileVersion:  N/A            MD5: [50b5d4a3c8b7e9b96ae8317a157d5a31]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0853154914.data                             File Size: 708       BYTES    FileVersion:  N/A            MD5: [b503752c9e8d0d23e2bc528373e12961]
0853154914.quar                             File Size: 156061    BYTES    FileVersion:  N/A            MD5: [d07ba5d77d42e970d12eb4d5464de928]
1870374818.data                             File Size: 714       BYTES    FileVersion:  N/A            MD5: [0f98e26107e210b18f23c42b4b88b9f1]
1870374818.quar                             File Size: 1534      BYTES    FileVersion:  N/A            MD5: [2a20a0577d1c1ebe316b2fc9c61b746e]
4299040689.data                             File Size: 918       BYTES    FileVersion:  N/A            MD5: [17aee0a4fce11764ccefec4c51a677b1]
4530292292.data                             File Size: 708       BYTES    FileVersion:  N/A            MD5: [a10cbd11ead06806362eae27476e0022]
4530292292.quar                             File Size: 156061    BYTES    FileVersion:  N/A            MD5: [d07ba5d77d42e970d12eb4d5464de928]
5920683271.data                             File Size: 708       BYTES    FileVersion:  N/A            MD5: [01c21144931159381eda3a1f5a778537]
5920683271.quar                             File Size: 156061    BYTES    FileVersion:  N/A            MD5: [d07ba5d77d42e970d12eb4d5464de928]
6780021089.data                             File Size: 708       BYTES    FileVersion:  N/A            MD5: [5b5cabd8e1c129410b3ecde12b833286]
6780021089.quar                             File Size: 156061    BYTES    FileVersion:  N/A            MD5: [d07ba5d77d42e970d12eb4d5464de928]
8379436910.data                             File Size: 716       BYTES    FileVersion:  N/A            MD5: [ce1b1518d0ac3f86d76ae459ddcba117]
8379436910.quar                             File Size: 6335544   BYTES    FileVersion:  N/A            MD5: [f95174eb84a41a09794fe284498f27f6]

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.Conduit.A, Date: 2014/06/08 15:35:38, Type: File, Location: C:\Users\David\AppData\Local\Temp\nsf9CB1.exe
Vendor: PUP.Optional.Jotzey.A, Date: 2014/06/08 15:35:38, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Jotzey
Vendor: PUP.Optional.Qone8, Date: 2014/06/08 15:35:38, Type: Registry Value, Location: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope
Vendor: PUP.Optional.Conduit.A, Date: 2014/06/08 15:35:38, Type: File, Location: C:\Users\David\AppData\Local\Temp\nsvE460.exe
Vendor: PUP.Optional.Conduit.A, Date: 2014/06/08 15:35:38, Type: File, Location: C:\Users\David\AppData\Local\Temp\nsa9F03.exe
Vendor: PUP.Optional.Conduit.A, Date: 2014/06/08 15:35:38, Type: File, Location: C:\Users\David\AppData\Local\Temp\nsaE20E.exe
Vendor: PUP.Optional.Conduit.A, Date: 2014/06/08 15:35:38, Type: File, Location: C:\Users\David\AppData\Local\Temp\nsk7A13\SpSetup.exe
===============================================================
END OF FILE
 



#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:47 PM

Posted 08 June 2014 - 12:58 PM

Please restart your computer so that the items found will be deleted.

 

Please run the Eset online scanner and the Junkware Removal Tool and post the logs.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 Red Kelt

Red Kelt
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:01:47 AM

Posted 08 June 2014 - 01:34 PM

I ran ESET.

 

It stalled on one file for 20 minutes so I shut down the pc.

 

It had found 9 issues by then.  So no doubt they're still there.

 

I wondering if formattng and reinstalling win7 might be the answer.  Would those threats be deleted fully then?

 

Also is there software I can run like my norton 360 that will prevent malware.

 

TBH Norton is expensive and I was considering one of the free ones.



#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:47 PM

Posted 08 June 2014 - 01:50 PM

RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run the security application before the computer is rebooted.  
 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
Attention:  At this time you need to run your security applications, in this case run the Eset online scanner.
 
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run successfully you should reboot the computer to restore the processes and Windows Registry entries. 
 
Malwarebytes Premium has active malware scanning, that would help a great deal with keeping malware off your computer.
 
Avast free is a good antivirus, I found it to be more effective that the purchased version of AVG.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 Red Kelt

Red Kelt
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:01:47 AM

Posted 08 June 2014 - 03:47 PM

I'm running ESET again, found 16 threats and not a third of the way (65 minutes) through according to the progress bar.

 

I could be here a while :)



#15 Red Kelt

Red Kelt
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:01:47 AM

Posted 08 June 2014 - 04:43 PM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\David\AppData\Roaming\OpenCandy\4814DAD1D9AF447A93C93D92A284C321\OptimizerPro.exe.vir    a variant of Win32/AdWare.SpeedingUpMyPC.L application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\David\AppData\Roaming\OpenCandy\48D8D7270D8C4548941206A774974D3A\sp-downloader.exe.vir    Win32/Conduit.SearchProtect.N potentially unwanted application    deleted - quarantined
C:\Microgaming\Poker\LadbrokesMPP\install.exe    probably a variant of Win32/PrimeCasino potentially unwanted application    deleted - quarantined
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GFE3JU7V\OptimizerPro[1].exe    a variant of Win32/AdWare.SpeedingUpMyPC.L application    cleaned by deleting - quarantined
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GFE3JU7V\spstub[1].exe    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    deleted - quarantined
C:\Users\David\Desktop\Fox Dloads\AdvancedWinUtilitiesFree.exe    a variant of MSIL/Rebrand.LittleRegClean.A potentially unwanted application    deleted - quarantined
C:\Users\David\Desktop\Fox Dloads\cbsidlm-cbsi183-RAR_Password_Unlocker-ORG-10965719.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
C:\Windows.old\$Recycle.Bin\S-1-5-21-1979598060-3020394528-2512526178-1000\$R5KCP3B.exe    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\Windows.old\$Recycle.Bin\S-1-5-21-1979598060-3020394528-2512526178-1000\$R6AYSOF.exe    a variant of Win32/YourFileDownloader.A potentially unwanted application    deleted - quarantined
C:\Windows.old\$Recycle.Bin\S-1-5-21-1979598060-3020394528-2512526178-1000\$R7OWX32.exe    Win32/InstallCore.BL potentially unwanted application    deleted - quarantined
C:\Windows.old\$Recycle.Bin\S-1-5-21-1979598060-3020394528-2512526178-1000\$R9IPPUI.exe    a variant of Win32/YourFileDownloader.B potentially unwanted application    deleted - quarantined
C:\Windows.old\$Recycle.Bin\S-1-5-21-1979598060-3020394528-2512526178-1000\$RGA83KD.exe    probably a variant of Win32/PrimeCasino potentially unwanted application    deleted - quarantined
C:\Windows.old\$Recycle.Bin\S-1-5-21-1979598060-3020394528-2512526178-1000\$RHDPIYS.exe    Win32/InstallCore.BL potentially unwanted application    deleted - quarantined
C:\Windows.old\$Recycle.Bin\S-1-5-21-1979598060-3020394528-2512526178-1000\$RKHPO5M.exe    probably a variant of Win32/PrimeCasino potentially unwanted application    deleted - quarantined
C:\Windows.old\$Recycle.Bin\S-1-5-21-1979598060-3020394528-2512526178-1000\$RXW2X5O.exe    Win32/InstalleRex.J potentially unwanted application    deleted - quarantined
C:\Windows.old\Program Files (x86)\Conduit\Community Alerts\Alert.dll    Win32/Toolbar.Conduit.Y potentially unwanted application    deleted - quarantined
C:\Windows.old\Program Files (x86)\TV_Center\tbTV_C.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\Windows.old\Program Files (x86)\YourFileDownloader\uninstall.exe    a variant of Win32/YourFileDownloader.A potentially unwanted application    deleted - quarantined
C:\Windows.old\Program Files (x86)\YourFileDownloader\YourFile.exe    a variant of Win32/ExpressDownloader.I potentially unwanted application    deleted - quarantined
C:\Windows.old\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe    a variant of Win32/YourFileDownloader.B potentially unwanted application    deleted - quarantined
D:\Essential Progs\VLC\ImTOO 6.5.2\ImTOO Video Converter Platinum 6.5.2\video-converter-platinum6.exe    Win32/TrojanDownloader.Agent.QMH trojan    deleted - quarantined
D:\Essential Progs\VLC\NERO 10\Nero Multimedia Suite 10.0.13200 Full Incl. Serial\Nero-10.0.13200_trial.exe    probably a variant of Win32/Injector.CEO trojan    cleaned by deleting - quarantined
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users