tomdkat

Members
  • Content count

    98
  • Joined

  • Last visited

About tomdkat

  • Rank
    Regular Member
  1. Hi! Where can I find the terms of use of MBAE Home Edition vs MBAE for Business? Thanks! Peace...
  2. I ran into this problem yesterday. This is a new Windows 8.1 system and once I installed KIS 2016, none of the installed browsers would open. When I removed KIS 2016, they all worked fine. Both MBAM and MBAE are installed and they run fine. I looked at the KIS 2016 trusted application list and both MBAM and MBAE are listed as trusted applications. So, I'm not sure why the KIS 2016 and MBAE issue still exists. Peace...
  3. Hi! In the interest of helping make MBAM as effective as possible at protecting computers against new malware threats, I submit samples of threats MBAM doesn't detect as often and as soon as possible. In fact, most of my posts here are malware sample submissions. Given the rate at which new threats are released daily, I wonder how effective the efforts are of those who submit samples here. I know no protective software will block or detect everything, but are we basically fighting a "losing" battle? Or are our efforts actually making a difference in protecting against new threats? Your thoughts? Thanks! Peace...
  4. Thanks for the feedback! Peace...
  5. The other day, I upgraded MBAM 1.75 to 2.0.2 on a Windows 7 system and used it to remove several PUPs. During the quarantine process, some files couldn't be moved until a reboot had been performed. Here is the issue: after the quarantine process had completed, MBAM reported the system was clean and I was able to close MBAM without issue. About 2 minutes later, I received a popup window indicating the system had to be rebooted in order to complete the removal process. After doing this reboot, the PUPs went away and the system was running much better. I expected to NOT be able to close the MBAM window before receiving the notification that a reboot was required to complete the removal process. Is this a bug or is this by design? Thanks in advance! Peace...
  6. Ok, fair enough. Thanks! Peace...
  7. First, I want to say I think MBAM Premium is GREAT! There have been some relatively minor issues with it, but overall, I like the upgrade. Based on past comments about creating an automated task for updating the database when the system boots, I created such a task. Cool. I noticed today, on a system I recently configured to have MBAM check for database updates at system start, that MBAM checked for updates about 23 mins after the system had booted. Of course, I would have expected MBAM to check as soon as it started and detected the Internet connection was available. Attached is the protection log from the system. Any ideas on why MBAM waited 23 mins, after the system booted, to check for database updates? I do know the beta version of 2.0.2 is now out, so I'll give that a try but on my test system. This isn't a big enough issue for me to "wrestle" with the 2.0.2 beta on the system I generated the attached log on. Thanks in advance for your time and assistance! Peace... mbam-log.txt
  8. Great! I encountered this same issue on a Windows 8.1 system and the self-protection module didn't even occur to me as being involved. Thanks for the info! Peace...
  9. Awesomeness! Thanks for posting this! I'll give that a try and see if it helps! Thanks! Peace...
  10. Thanks! A reboot of the Windows 7 system I mentioned above seemed to have worked. The Windows 8.1 system I mentioned above does update itself as well. However, I just heard from yet another friend who runs MBAM Premium who is experiencing update issues. I have about 20+ people who run MBAM 1.75 Pro, and soon MBAM 2.0 Premium, who will come to me when there are MBAM issues. It's not practical for me to get diagnostic logs from each system. Given the fact several others are also reporting update issues, is this something that is being looked at? Is there a way to run MBAM Premium in a manner to generate more useful diagnostic information? I can focus on one system to get that kind of information but not 20+ systems. Lastly, it appears MBAM Premium doesn't attempt to check for updates when the system first boots. Is this something that can be changed? I mean if a system is off for 2-3 days, MBAM will complain about the database being outdated by at least one day (a setting I know can be changed) yet it won't attempt to update itself until the scheduled update time passes. So, after leaving the system off for 2-3 days, I boot it and MBAM Premium will wait an hour to attempt to update itself. Is this something that could possibly be changed in a future release? Thanks! Peace...
  11. Will do! I'll see if a reboot helps the Windows 7 system I mentioned above and will start a new thread if it has issues. I don't have convenient access to the system, so getting logs will take some time and effort. Thanks again! Peace...
  12. Wow, ok I'm not sure what happened to the rest of my post above. lol Anyway, I rebooted the system and the above message, about the website protection module, went away and MBAM is running fine. It's updating itself and all protection modules are running properly. With regard to AVG, it's not running on the system but I suspect the system owner installed a AVG toolbar or something, along those lines. I'll run an AVG removal tool to cleanup those remnants. Thanks! Peace...
  13. Yes, the above logs are from the system MrCharlie was assisting me with. MrCharlie actually directed me here to get assistance with MBAM not updating itself. Since starting this thread, MBAM was able to finally update itself. I'm not sure what happened or what changed but it was finally able to update from version 2014.4.7.14 to 2014.4.8.3 and then from 2014.4.8.3 to 2014.4.8.9 by itself. I also noticed the website protection module stopped and couldn't be restarted. In the application log, I saw entries showing:
  14. Two friends of mine have MBAM Premium 2.0.1.1004 installed on their systems. They are MBAM Pro 1.75 users and I recently upgraded their systems to MBAM Premium 2.0.1.1004. One system is a 64-bit Windows 7 Home Premium system and the other is a 64-bit Windows 8.1 system. On both systems, MBAM Premium is configured to download updates hourly. On one system, MBAM notifies the user the database is outdated by a day. On the other system, I haven't (yet) received notifications about the database being outdated but I notice MBAM doesn't update itself when the system first boots. So, I'm going to post Diagnostic logs from the Windows 8.1 system here, per the MBAM 2 FAQ. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)Ran by MarthaJane (administrator) on MARTHA on 08-04-2014 22:20:55Running from C:\Users\MarthaJane\DesktopWindows 8.1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\skydrive.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe() C:\Users\MarthaJane\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe() C:\Users\MarthaJane\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)HKLM\...\Run: [AuditSHD] - C:\windows\system32\oobe\auditshd.exe [29696 2013-08-22] (Microsoft Corporation)HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-04] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\.DEFAULT\...\Run: [EPLTarget\P0000000000000000] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2013-02-17] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2013-02-17] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [Power2GoExpress] - C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.)HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\MarthaJane\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2013-02-17] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [Amazon Cloud Player] - C:\Users\MarthaJane\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [skyDrive] - C:\Users\MarthaJane\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-04-05] (Microsoft Corporation)HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [Google Update] - C:\Users\MarthaJane\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-18] (Google Inc.)HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [GoogleChromeAutoLaunch_BE915AAFA683D9E238FB7FB14FBCEBA8] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-21] (Google Inc.)HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\MountPoints2: {8164cf14-ca85-11e2-be90-3085a91cfc9f} - "F:\iLinker.exe" AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => "C:\PROGRA~3\Wincert\WIN32C~1.DLL" File Not FoundStartup: C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.comBHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 75.75.75.75 Chrome: =======CHR Extension: (Google Wallet) - C:\Users\MarthaJane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] ()R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-25] ()R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [49952 2014-03-20] (AVG Technologies)R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-12-19] (http://libusb-win32.sourceforge.net)S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-08] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-08 22:20 - 2014-04-08 22:21 - 00016540 _____ () C:\Users\MarthaJane\Desktop\FRST.txt2014-04-08 22:20 - 2014-04-08 22:20 - 00000000 ____D () C:\FRST2014-04-08 22:18 - 2014-04-08 22:18 - 02157056 _____ (Farbar) C:\Users\MarthaJane\Desktop\FRST64.exe2014-04-08 22:18 - 2014-04-08 22:18 - 01673896 _____ (Malwarebytes Corporation) C:\Users\MarthaJane\Desktop\mbam-check-2.1.0.0002.exe2014-04-08 18:23 - 2014-04-08 18:23 - 00001140 _____ () C:\DelFix.txt2014-04-07 20:54 - 2014-04-08 06:44 - 00077901 _____ () C:\WINDOWS\WindowsUpdate.log2014-04-06 22:44 - 2014-04-06 22:44 - 00000017 _____ () C:\Users\MarthaJane\AppData\Local\resmon.resmoncfg2014-04-06 13:32 - 2014-04-06 13:32 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk2014-04-06 13:32 - 2014-04-06 13:32 - 00000000 ____D () C:\ProgramData\Package Cache2014-04-06 13:31 - 2014-04-06 13:31 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Users\MarthaJane\Downloads\avira_en_av___ws.exe2014-04-06 07:30 - 2014-04-06 07:31 - 45369232 _____ ( ) C:\Users\MarthaJane\Downloads\ASUS.123625(7.0.0)_A_P2G130104-01_Normal.exe2014-04-05 14:45 - 2014-04-05 14:45 - 04787368 _____ (Piriform Ltd) C:\Users\MarthaJane\Downloads\ccsetup412.exe2014-04-05 10:50 - 2014-04-05 10:51 - 00003368 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3373378444-1096150452-2535012064-10012014-04-05 10:50 - 2014-04-05 10:51 - 00003316 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3373378444-1096150452-2535012064-10012014-04-05 10:49 - 2014-04-05 10:49 - 00201800 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll2014-04-05 09:12 - 2014-04-08 21:56 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-04-05 09:11 - 2014-04-05 09:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-05 09:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-04-05 09:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-04-05 09:10 - 2014-04-05 09:11 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\MarthaJane\Downloads\mbam-setup-2.0.1.1004.exe2014-03-31 17:50 - 2014-02-22 05:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe2014-03-31 17:50 - 2014-02-22 04:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe2014-03-31 09:15 - 2014-03-31 09:15 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\fastcleanpro2014-03-31 09:12 - 2014-03-31 09:12 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\IsolatedStorage2014-03-25 07:37 - 2014-03-25 07:37 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\Program Files\iTunes2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\Program Files\iPod2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-03-25 07:31 - 2014-03-25 07:31 - 00001859 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-03-25 07:31 - 2014-03-25 07:31 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-03-19 11:05 - 2014-04-05 10:46 - 00003346 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3373378444-1096150452-2535012064-10012014-03-17 21:25 - 2014-03-17 21:25 - 00000000 ____D () C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast2014-03-14 14:23 - 2013-10-30 17:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys2014-03-14 14:23 - 2013-10-30 17:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys2014-03-14 14:22 - 2013-10-30 17:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys2014-03-12 22:14 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-03-12 22:14 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-03-12 22:14 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-03-12 22:14 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-03-12 22:14 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-03-12 22:14 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-03-12 22:14 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-03-12 22:14 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-03-12 22:14 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-03-12 22:14 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-03-12 22:14 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-03-12 22:14 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-03-12 22:14 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-03-12 22:14 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-03-12 22:14 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-03-12 22:14 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-03-12 22:14 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-03-12 22:14 - 2014-02-10 20:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-03-12 22:14 - 2014-02-10 19:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2014-03-12 22:14 - 2014-02-10 19:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2014-03-12 22:14 - 2014-01-31 09:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys2014-03-12 22:14 - 2014-01-31 09:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2014-03-12 22:14 - 2014-01-31 09:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2014-03-12 22:14 - 2014-01-31 06:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2014-03-12 22:14 - 2014-01-31 02:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll2014-03-12 22:14 - 2014-01-29 02:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll2014-03-12 22:14 - 2014-01-29 01:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2014-03-12 22:14 - 2014-01-29 01:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2014-03-12 22:14 - 2014-01-29 01:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll2014-03-12 22:14 - 2014-01-29 01:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-03-12 22:14 - 2014-01-29 00:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll2014-03-12 22:14 - 2014-01-29 00:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2014-03-12 22:14 - 2014-01-29 00:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2014-03-12 22:14 - 2014-01-28 23:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll2014-03-12 22:14 - 2014-01-28 17:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll2014-03-12 22:14 - 2014-01-27 12:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll2014-03-12 22:14 - 2014-01-27 12:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll2014-03-12 22:14 - 2014-01-27 12:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE2014-03-12 22:14 - 2014-01-27 11:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll2014-03-12 22:14 - 2014-01-27 11:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll2014-03-12 22:14 - 2014-01-27 11:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll2014-03-12 22:14 - 2014-01-27 11:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE2014-03-12 22:14 - 2014-01-27 11:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll2014-03-12 22:14 - 2014-01-27 10:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll2014-03-12 22:14 - 2014-01-27 10:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll2014-03-12 22:14 - 2014-01-27 10:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll2014-03-12 22:14 - 2014-01-27 08:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll2014-03-12 22:14 - 2014-01-27 08:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll2014-03-12 22:14 - 2014-01-27 04:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-03-12 22:14 - 2014-01-17 16:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll2014-03-12 22:14 - 2014-01-17 14:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll2014-03-12 22:14 - 2013-12-21 07:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe2014-03-12 22:14 - 2013-12-21 01:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll2014-03-12 22:14 - 2013-12-20 03:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-03-12 22:14 - 2013-12-20 03:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-03-11 02:01 - 2014-03-28 16:38 - 01172776 _____ (AnyProtect.com) C:\Users\MarthaJane\AppData\Local\AnyProtectScannerSetup.exe ==================== One Month Modified Files and Folders ======= 2014-04-08 22:21 - 2014-04-08 22:20 - 00016540 _____ () C:\Users\MarthaJane\Desktop\FRST.txt2014-04-08 22:20 - 2014-04-08 22:20 - 00000000 ____D () C:\FRST2014-04-08 22:18 - 2014-04-08 22:18 - 02157056 _____ (Farbar) C:\Users\MarthaJane\Desktop\FRST64.exe2014-04-08 22:18 - 2014-04-08 22:18 - 01673896 _____ (Malwarebytes Corporation) C:\Users\MarthaJane\Desktop\mbam-check-2.1.0.0002.exe2014-04-08 22:14 - 2013-02-25 22:19 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FA167CE6-ECCF-463F-86D2-9A5134D40BC4}2014-04-08 22:14 - 2013-02-20 21:31 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-04-08 22:11 - 2014-02-11 12:14 - 00004986 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARTHA-MarthaJane Martha2014-04-08 22:06 - 2013-02-16 23:01 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3373378444-1096150452-2535012064-10012014-04-08 21:58 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp2014-04-08 21:58 - 2013-04-10 19:03 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-04-08 21:57 - 2013-02-20 22:00 - 00000000 __RDO () C:\Users\MarthaJane\SkyDrive2014-04-08 21:57 - 2013-02-16 22:56 - 00000380 _____ () C:\Users\MarthaJane\AppData\Roaming\sp_data.sys2014-04-08 21:56 - 2014-04-05 09:12 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-04-08 21:56 - 2014-02-24 23:44 - 00165659 _____ () C:\MyXML.xml2014-04-08 21:56 - 2013-04-10 19:02 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-04-08 21:55 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-04-08 18:33 - 2013-08-22 06:25 - 01310720 ___SH () C:\WINDOWS\system32\config\BBI2014-04-08 18:30 - 2013-12-18 17:10 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3373378444-1096150452-2535012064-1001UA.job2014-04-08 18:28 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-04-08 18:23 - 2014-04-08 18:23 - 00001140 _____ () C:\DelFix.txt2014-04-08 06:44 - 2014-04-07 20:54 - 00077901 _____ () C:\WINDOWS\WindowsUpdate.log2014-04-08 06:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-04-08 05:55 - 2013-04-10 19:02 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-04-07 18:59 - 2013-04-27 14:26 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\CRE2014-04-06 23:01 - 2013-09-29 21:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-04-06 22:44 - 2014-04-06 22:44 - 00000017 _____ () C:\Users\MarthaJane\AppData\Local\resmon.resmoncfg2014-04-06 13:32 - 2014-04-06 13:32 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk2014-04-06 13:32 - 2014-04-06 13:32 - 00000000 ____D () C:\ProgramData\Package Cache2014-04-06 13:32 - 2013-04-07 16:46 - 00000000 ____D () C:\ProgramData\Avira2014-04-06 13:32 - 2013-04-07 16:46 - 00000000 ____D () C:\Program Files (x86)\Avira2014-04-06 13:31 - 2014-04-06 13:31 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Users\MarthaJane\Downloads\avira_en_av___ws.exe2014-04-06 13:20 - 2013-08-22 08:36 - 00000000 __RSD () C:\WINDOWS\Media2014-04-06 07:36 - 2013-02-12 22:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-04-06 07:31 - 2014-04-06 07:30 - 45369232 _____ ( ) C:\Users\MarthaJane\Downloads\ASUS.123625(7.0.0)_A_P2G130104-01_Normal.exe2014-04-05 14:45 - 2014-04-05 14:45 - 04787368 _____ (Piriform Ltd) C:\Users\MarthaJane\Downloads\ccsetup412.exe2014-04-05 14:45 - 2014-02-24 23:52 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-04-05 14:45 - 2014-02-24 23:52 - 00000000 ____D () C:\Program Files\CCleaner2014-04-05 13:55 - 2013-07-29 20:30 - 00000000 ____D () C:\Program Files (x86)\Real2014-04-05 13:55 - 2013-07-29 20:22 - 00000000 ____D () C:\ProgramData\Real2014-04-05 13:54 - 2013-07-29 20:30 - 00000000 ____D () C:\Users\MarthaJane\AppData\Roaming\Real2014-04-05 10:51 - 2014-04-05 10:50 - 00003368 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3373378444-1096150452-2535012064-10012014-04-05 10:51 - 2014-04-05 10:50 - 00003316 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3373378444-1096150452-2535012064-10012014-04-05 10:49 - 2014-04-05 10:49 - 00201800 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll2014-04-05 10:46 - 2014-03-19 11:05 - 00003346 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3373378444-1096150452-2535012064-10012014-04-05 10:46 - 2013-07-29 20:32 - 00003294 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3373378444-1096150452-2535012064-10012014-04-05 09:41 - 2013-04-10 19:02 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2014-04-05 09:41 - 2013-04-10 19:02 - 00003656 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2014-04-05 09:30 - 2013-12-18 17:10 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3373378444-1096150452-2535012064-1001Core.job2014-04-05 09:11 - 2014-04-05 09:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-05 09:11 - 2014-04-05 09:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\MarthaJane\Downloads\mbam-setup-2.0.1.1004.exe2014-04-05 09:11 - 2013-03-26 20:14 - 00000000 ____D () C:\Users\MarthaJane\AppData\Roaming\Malwarebytes2014-04-05 09:11 - 2013-03-26 20:13 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-04-05 09:11 - 2013-03-26 20:13 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-04-03 09:51 - 2014-04-05 09:11 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-04-03 09:51 - 2014-04-05 09:11 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-04-03 09:50 - 2013-03-26 20:13 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-04-02 20:37 - 2013-08-19 00:48 - 00000000 ____D () C:\Users\MarthaJane\AppData\Roaming\Intelli-studio2014-03-31 09:25 - 2013-12-18 17:10 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3373378444-1096150452-2535012064-1001UA2014-03-31 09:25 - 2013-12-18 17:10 - 00003518 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3373378444-1096150452-2535012064-1001Core2014-03-31 09:15 - 2014-03-31 09:15 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\fastcleanpro2014-03-31 09:12 - 2014-03-31 09:12 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\IsolatedStorage2014-03-28 20:04 - 2013-11-10 20:54 - 00000000 ____D () C:\Users\MarthaJane2014-03-28 17:47 - 2013-04-10 19:00 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\Google2014-03-28 16:38 - 2014-03-11 02:01 - 01172776 _____ (AnyProtect.com) C:\Users\MarthaJane\AppData\Local\AnyProtectScannerSetup.exe2014-03-25 07:37 - 2014-03-25 07:37 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\Program Files\iTunes2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\Program Files\iPod2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-03-25 07:31 - 2014-03-25 07:31 - 00001859 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-03-25 07:31 - 2014-03-25 07:31 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-03-21 07:31 - 2013-02-19 12:19 - 00000000 ____D () C:\Users\MarthaJane\AppData\Roaming\Apple Computer2014-03-20 12:13 - 2013-08-12 18:48 - 00049952 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys2014-03-19 19:32 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache2014-03-19 14:23 - 2013-02-19 12:18 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\Apple2014-03-19 11:00 - 2013-08-22 07:44 - 00538728 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-03-19 10:54 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-03-19 10:54 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-03-19 10:54 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-03-19 10:53 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-03-19 10:52 - 2013-08-13 22:50 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-03-19 10:49 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-03-19 10:49 - 2013-02-19 09:56 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-03-17 21:25 - 2014-03-17 21:25 - 00000000 ____D () C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast2014-03-17 21:25 - 2013-12-18 17:10 - 00001277 _____ () C:\Users\MarthaJane\Desktop\Chromecast.lnk Some content of TEMP:====================C:\Users\MarthaJane\AppData\Local\Temp\avgnt.exeC:\Users\MarthaJane\AppData\Local\Temp\ntdll_dump.dllC:\Users\MarthaJane\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys[2014-03-12 22:14] - [2014-01-31 09:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 LastRegBack: 2014-04-08 22:06 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014Ran by MarthaJane at 2014-04-08 22:21:33Running from C:\Users\MarthaJane\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) HiddenAdobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) HiddenAnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0002 - ASUS)ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) HiddenAsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)Avira (HKLM-x32\...\{8f29d204-f85e-4d8d-87b0-7ba66bffc1aa}) (Version: 1.0.5197.30752 - Avira Operations GmbH & Co. KG)Avira (x32 Version: 1.0.5197.30752 - Avira Operations GmbH & Co. KG) HiddenAvira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) HiddenCyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.4218 - CyberLink Corp.)CyberLink Media Suite (x32 Version: 8.0.4218 - CyberLink Corp.) HiddenCyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3625 - CyberLink Corp.)CyberLink Power2Go (x32 Version: 7.0.0.3625 - CyberLink Corp.) HiddenEPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version: - SEIKO EPSON Corporation)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddeniCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddeniTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)Mega Browse (HKLM\...\Mega Browse) (Version: 2014.03.10.233053 - Mega Browse)Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)NetZero For Cosmi (HKLM-x32\...\{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}) (Version: 1.0.0 - NetZero, Inc.)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) HiddenPrint Perfect Gold (HKLM-x32\...\{9E83F937-E372-4AAD-B3EB-55A3DDAFFFB6}) (Version: 9.0.10 - Cosmi Corporation)Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.13 - ASUS)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.4.0.0 - IObit)VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - )Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS) ==================== Restore Points ========================= 08-04-2014 12:58:49 Scheduled Checkpoint ==================== Hosts content: ========================== 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {020463E1-0B44-48D7-B904-8DEA85A4236B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3373378444-1096150452-2535012064-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exeTask: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {1D5B42A4-C5C7-47EB-96A9-0D4AEE7BCB64} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {232F6849-BC0A-4053-B3AE-4CF3BEE6D499} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {573C32C9-2C6C-4942-B479-30E90C818D7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {596A618F-F591-4403-9CA3-929C533AE23B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)Task: {5E628CDF-E37B-4908-98CB-229622B5AA94} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3373378444-1096150452-2535012064-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {5EE7F74E-823B-43EE-9E34-D5055294348F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3373378444-1096150452-2535012064-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {61B68029-C04D-4FBB-ADDF-66F10EC34700} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3373378444-1096150452-2535012064-1001Core => C:\Users\MarthaJane\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-18] (Google Inc.)Task: {6934F1BB-7343-41CB-AAFA-12BB5EFC985B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6BC1002B-E31B-4BD2-AD22-210519ED7E6D} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3373378444-1096150452-2535012064-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exeTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {79B09DF7-F51E-4530-B647-81CAD62B9743} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()Task: {7A7B31ED-73CB-4682-97DD-36D13BA09A0C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MARTHA-MarthaJane Martha => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-04-08] (Microsoft Corporation)Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8B884B2B-56B1-463C-81F5-5424FE714244} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)Task: {8BC379DA-A293-4597-B251-4A9B27BD6AAD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3373378444-1096150452-2535012064-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exeTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {AF4BBC84-24E8-4852-8282-E3EBCAA5CBE6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)Task: {B81EB117-27E8-42C5-90CE-3B0C42FBF39E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3373378444-1096150452-2535012064-1001UA => C:\Users\MarthaJane\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-18] (Google Inc.)Task: {C1536021-1CBC-43C8-A2DF-6F7C98E6195B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D3FDAA58-AA22-4973-810B-92C6443DAE91} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-08] (Microsoft Corporation)Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {E8374ACD-BE89-49B0-8355-3790F962834A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)Task: {F948684F-4D48-43FF-9911-376E6B4B966D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-19] (Microsoft Corporation)Task: {FA99CE7D-EF7E-4550-826F-6FAECA3783B9} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-12-09] (IObit)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3373378444-1096150452-2535012064-1001Core.job => C:\Users\MarthaJane\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3373378444-1096150452-2535012064-1001UA.job => C:\Users\MarthaJane\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-18 23:10 - 2012-12-18 23:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe2014-04-08 22:12 - 2014-04-08 22:12 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2012-08-04 11:34 - 2012-08-04 11:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll2014-03-07 20:25 - 2014-03-07 20:27 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\ErrorReporting.dll2013-04-05 14:55 - 2013-04-05 14:55 - 00397632 _____ () C:\Users\MarthaJane\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe2013-08-01 01:34 - 2013-12-12 12:56 - 03145536 _____ () C:\Users\MarthaJane\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe2014-04-06 07:52 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2013-02-20 21:31 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll2013-04-07 16:47 - 2013-04-07 16:45 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-08-03 12:24 - 2013-12-09 17:10 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl2013-08-03 12:24 - 2013-12-09 17:10 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl2013-08-03 12:24 - 2013-12-09 17:10 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl2014-03-25 17:07 - 2014-03-25 17:07 - 00137808 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll2014-03-25 17:07 - 2014-03-25 17:07 - 00063568 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll2014-02-24 23:44 - 2013-12-09 17:10 - 00089920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\NTFSScan.dll2013-09-16 19:53 - 2013-12-09 17:11 - 00041280 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll2012-06-07 15:12 - 2012-06-07 15:12 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll2012-07-04 18:14 - 2012-07-04 18:14 - 01842288 _____ () C:\Program Files (x86)\CyberLink\Power2Go\Language\ENU\P2GRC.dll2011-03-09 15:21 - 2011-03-09 15:21 - 00144680 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLVistaAudioMixer.dll2014-04-06 13:32 - 2014-03-25 17:07 - 00049744 _____ () C:\Users\MarthaJane\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll2012-05-24 21:19 - 2012-05-24 21:19 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll2011-03-09 15:21 - 2011-03-09 15:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll2013-02-12 22:03 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-04-08 22:11 - 2014-04-08 22:11 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll2014-03-15 09:44 - 2014-03-14 17:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll2014-03-15 09:44 - 2014-03-14 17:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll2014-03-15 09:44 - 2014-03-14 17:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll2014-03-15 09:44 - 2014-03-14 17:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll2014-03-15 09:44 - 2014-03-14 17:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll2014-03-15 09:44 - 2014-03-14 17:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\MarthaJane\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77900278.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77900278.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (04/08/2014 10:14:28 PM) (Source: Microsoft-Windows-RestartManager) (User: MARTHA)Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down. Error: (04/08/2014 00:43:29 AM) (Source: Application Hang) (User: )Description: The program wwahost.exe version 6.3.9600.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1614 Start Time: 01cf52fd816abb48 Termination Time: 4294967295 Application Path: C:\WINDOWS\syswow64\wwahost.exe Report Id: 77bbd16e-bef1-11e3-bed2-3085a91cfc9f Faulting package full name: Microsoft.SkypeApp_2.6.0.1000_x86__kzf8qxf38zg5c Faulting package-relative application ID: App Error: (04/08/2014 00:43:26 AM) (Source: Application Hang) (User: )Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4c4 Start Time: 01cf52fd816131d3 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 7738adb8-bef1-11e3-bed2-3085a91cfc9f Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (04/08/2014 00:30:56 AM) (Source: Application Hang) (User: )Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 5ac Start Time: 01cf52fb68ee2c94 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: b6d05577-beef-11e3-bed2-3085a91cfc9f Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (04/07/2014 10:27:16 PM) (Source: Application Hang) (User: )Description: The program wwahost.exe version 6.3.9600.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1594 Start Time: 01cf52e10abe0813 Termination Time: 4294967295 Application Path: C:\WINDOWS\syswow64\wwahost.exe Report Id: 6fea7884-bede-11e3-bed2-3085a91cfc9f Faulting package full name: Microsoft.SkypeApp_2.6.0.1000_x86__kzf8qxf38zg5c Faulting package-relative application ID: App Error: (04/07/2014 10:27:15 PM) (Source: Application Hang) (User: )Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 428 Start Time: 01cf52dbefb17975 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 6faa175a-bede-11e3-bed2-3085a91cfc9f Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (04/07/2014 08:38:26 PM) (Source: Application Error) (User: )Description: Faulting application name: SearchIndexer.exe, version: 7.0.9600.16384, time stamp: 0x5215d4c4Faulting module name: MSSRCH.DLL, version: 7.0.9600.16384, time stamp: 0x5215d425Exception code: 0xc0000005Fault offset: 0x0000000000006dbeFaulting process id: 0xc8cFaulting application start time: 0xSearchIndexer.exe0Faulting application path: SearchIndexer.exe1Faulting module path: SearchIndexer.exe2Report Id: SearchIndexer.exe3Faulting package full name: SearchIndexer.exe4Faulting package-relative application ID: SearchIndexer.exe5 Error: (04/07/2014 06:44:04 PM) (Source: Customer Experience Improvement Program) (User: )Description: 80070005 Error: (04/07/2014 07:03:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MARTHA)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/07/2014 07:03:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MARTHA)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors:=============Error: (04/08/2014 10:00:01 PM) (Source: Service Control Manager) (User: )Description: The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (04/08/2014 10:00:01 PM) (Source: Service Control Manager) (User: )Description: The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (04/08/2014 10:00:01 PM) (Source: Service Control Manager) (User: )Description: The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (04/08/2014 09:56:44 PM) (Source: DCOM) (User: MARTHA)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MarthaMarthaJaneS-1-5-21-3373378444-1096150452-2535012064-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (04/08/2014 09:56:43 PM) (Source: DCOM) (User: MARTHA)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MarthaMarthaJaneS-1-5-21-3373378444-1096150452-2535012064-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (04/08/2014 09:56:43 PM) (Source: DCOM) (User: MARTHA)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MarthaMarthaJaneS-1-5-21-3373378444-1096150452-2535012064-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (04/08/2014 09:56:43 PM) (Source: DCOM) (User: MARTHA)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MarthaMarthaJaneS-1-5-21-3373378444-1096150452-2535012064-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (04/08/2014 09:56:43 PM) (Source: DCOM) (User: MARTHA)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MarthaMarthaJaneS-1-5-21-3373378444-1096150452-2535012064-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (04/08/2014 09:56:43 PM) (Source: DCOM) (User: MARTHA)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MarthaMarthaJaneS-1-5-21-3373378444-1096150452-2535012064-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (04/08/2014 09:56:04 PM) (Source: Service Control Manager) (User: )Description: The vToolbarUpdater18.0.5 service failed to start due to the following error: %%2 Microsoft Office Sessions:=========================Error: (04/08/2014 10:14:28 PM) (Source: Microsoft-Windows-RestartManager)(User: MARTHA)Description: 1C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXEMicrosoft Office Document Cache Sync Client Interface021175348243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000 Error: (04/08/2014 00:43:29 AM) (Source: Application Hang)(User: )Description: wwahost.exe6.3.9600.16431161401cf52fd816abb484294967295C:\WINDOWS\syswow64\wwahost.exe77bbd16e-bef1-11e3-bed2-3085a91cfc9fMicrosoft.SkypeApp_2.6.0.1000_x86__kzf8qxf38zg5cApp Error: (04/08/2014 00:43:26 AM) (Source: Application Hang)(User: )Description: LiveComm.exe17.5.9600.204134c401cf52fd816131d34294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe7738adb8-bef1-11e3-bed2-3085a91cfc9fmicrosoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (04/08/2014 00:30:56 AM) (Source: Application Hang)(User: )Description: LiveComm.exe17.5.9600.204135ac01cf52fb68ee2c944294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exeb6d05577-beef-11e3-bed2-3085a91cfc9fmicrosoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (04/07/2014 10:27:16 PM) (Source: Application Hang)(User: )Description: wwahost.exe6.3.9600.16431159401cf52e10abe08134294967295C:\WINDOWS\syswow64\wwahost.exe6fea7884-bede-11e3-bed2-3085a91cfc9fMicrosoft.SkypeApp_2.6.0.1000_x86__kzf8qxf38zg5cApp Error: (04/07/2014 10:27:15 PM) (Source: Application Hang)(User: )Description: LiveComm.exe17.5.9600.2041342801cf52dbefb179754294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe6faa175a-bede-11e3-bed2-3085a91cfc9fmicrosoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (04/07/2014 08:38:26 PM) (Source: Application Error)(User: )Description: SearchIndexer.exe7.0.9600.163845215d4c4MSSRCH.DLL7.0.9600.163845215d425c00000050000000000006dbec8c01cf52dbf3fe2435C:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\MSSRCH.DLL3d7f6736-becf-11e3-bed2-3085a91cfc9f Error: (04/07/2014 06:44:04 PM) (Source: Customer Experience Improvement Program)(User: )Description: 80070005 Error: (04/07/2014 07:03:02 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MARTHA)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (04/07/2014 07:03:02 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MARTHA)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 CodeIntegrity Errors:=================================== Date: 2014-02-24 21:17:38.858 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements. Date: 2014-02-24 21:17:38.796 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 40%Total physical RAM: 3981.54 MBAvailable physical RAM: 2385.03 MBTotal Pagefile: 8333.54 MBAvailable Pagefile: 3010.22 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:203.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Data) (Fixed) (Total:398.17 GB) (Free:397.91 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 699 GB) (Disk ID: 1429930A) Partition: GPT Partition Type. ==================== End Of Log ============================ And the mbam-check log is attached. On a side note, on Windows 8.1, the "mbam-check" executable seems to "hang" after the report is displayed in Notepad. Unfortunately, the new Windows 8 Notepad "app" is used to display the report, not the traditional or "classic" Notepad. As a result, I suspect "mbam-check" is waiting for the Notepad window to close which won't be the case for the Windows 8 Notepad "app". Thanks! Peace... CheckResults.txt
  15. Ok, everything's all cleaned up and no more popups! Thanks again! Peace...