Slayder Posted March 26, 2014 ID:808498 Share Posted March 26, 2014 I am having an issue after upgrading to MBAM Pro 2.00.0.1000. When I connect to my VPN, setup through Windows, Google Drive, Dropbox, and Teamviewer all disconnect. After a few minutes TV and Dropbox will reconnect but Drive will not. Also launching a web browser takes forever to load, and images/videos will not load. At first I thought the issue was with my VPN and reset all devices from PC to VPN server, issue still remained. After talking it over with some friends, it was time to look into applications that could be causing the issue. Well the only thing that was changed would be upgrading of MBAM Pro to v2.00.0.100. So I started up the PC, MBAM loads at start, and access the internet without VPN. All applications are connecting and browser loads fine. So I connected to the VPN, and said applications all lost connection and browser was slow and not loading properly again. As stated above, TV and Dropbox reconnected after a few, but Drive and browser still not working. So I shut MBAM Pro down fully and what happens? Everything starts working the way that it should, Drive reconnects and the browser is loading as expected. Any suggestions into what settings need to be modified in this new version, as the previous Pro version (1.75 i think) I was running on worked without these issues. Link to post Share on other sites More sharing options...
John L. Galt Posted March 26, 2014 ID:808625 Share Posted March 26, 2014 Until a staff member can come in with more information, I can say this: More than one VPN client showed issues with MBAM 2.0 Betas. Have you tried simply disabling he malicious website protection to see if that helped? If that does not, how about detailing your settings to see if we can work through it? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 26, 2014 Root Admin ID:808627 Share Posted March 26, 2014 Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.Then run this scanner as well Please create an mbam-check log:Download mbam-check.exe from here and save it to your desktopDouble-click on mbam-check.exe to run it, it should then open a log filePlease do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post Thanks Link to post Share on other sites More sharing options...
Slayder Posted March 27, 2014 Author ID:808966 Share Posted March 27, 2014 Do the scanners need to be run while the issue is occurring? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 27, 2014 Root Admin ID:808993 Share Posted March 27, 2014 No, we just want to see what's going on overall. Link to post Share on other sites More sharing options...
Slayder Posted March 28, 2014 Author ID:809680 Share Posted March 28, 2014 FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Christopher (administrator) on WINDOWS8 on 28-03-2014 08:35:39Running from C:\Users\Christopher\DesktopWindows 8.1 Pro with Media Center (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WhsMcClient.exe(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe(Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Launchpad.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe() C:\Program Files (x86)\Launchy\Launchy.exe() C:\Program Files (x86)\HDAConnect\bin\hdaconnect.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.CLR4.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Dropbox, Inc.) C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-14] (IDT, Inc.)HKLM\...\Run: [Launchpad] - C:\Program Files\Windows Server\Bin\Launchpad.exe [1099360 2012-11-02] (Microsoft Corporation)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [ASUS Ai Charger] - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-27] (AVAST Software)HKLM-x32\...\Run: [hdaconnect] - C:\Program Files (x86)\HDAConnect\bin\hdaconnect.exe [139776 2009-08-23] ()HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Run: [uWT] - C:\Users\CHRIST~1\AppData\Local\Temp\7zOD4C4.tmp\Ultimate Windows Tweaker 3.exe <===== ATTENTIONHKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Policies\system: [NoDispAppearancePage] 0HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Policies\Explorer: [NoPreviewPane] 0HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Policies\Explorer: [NoTrayContextMenu] 0HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Policies\Explorer: [NoSetTaskbar] 0HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Policies\Explorer: [NoViewContextMenu] 0HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Policies\Explorer: [TaskbarNoNotification] 0HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Policies\Explorer: [NoWinkeys] 0HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Policies\Explorer: [HideClock] 0HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Policies\Explorer: [HideSCANetwork] 0HKU\S-1-5-21-70101020-1813650786-1015399242-1001\...\Policies\Explorer: [HideSCAVolume] 0Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA8FCFB7BB6BFCE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USBHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cabHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 4.2.2.2 209.144.50.118Tcpip\..\Interfaces\{A406C9AB-0BD1-40B2-AD1A-6234620CE2DA}: [NameServer]192.168.1.1 ==================== Services (Whitelisted) ================= R2 arXfrSvc_CLR4; C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.CLR4.exe [72800 2012-11-02] (Microsoft Corporation)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-27] (AVAST Software)S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)S3 DsRoleSvc; C:\Windows\system32\dsrolesrv.dll [279552 2013-10-17] (Microsoft Corporation)R2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)S3 OpenVPNService; C:\Program Files (x86)\HDAConnect\bin\openvpnserv.exe [15872 2009-08-22] ()R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41568 2012-11-02] (Microsoft Corporation)R2 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [28184 2013-11-20] (AVAST Software)R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [78648 2014-01-27] (AVAST Software)R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2013-11-20] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-20] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1038072 2014-01-27] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [421704 2014-01-27] (AVAST Software)R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [80184 2014-01-27] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-26] ()R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [43696 2013-08-03] (Microsoft Corporation)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-29] (Microsoft Corporation)S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52320 2012-11-29] (http://libusb-win32.sourceforge.net)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-28] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3029208 2013-07-12] (Realtek Semiconductor Corporation )S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [40696 2013-09-04] (Windows ® Win 7 DDK provider)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)S3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-08-28] (Splashtop Inc.)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-28 08:35 - 2014-03-28 08:35 - 00018479 _____ () C:\Users\Christopher\Desktop\FRST.txt2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 ____D () C:\FRST2014-03-28 08:34 - 2014-03-28 08:34 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Christopher\Desktop\mbam-check-2.1.0.0002.exe2014-03-28 08:33 - 2014-03-28 08:33 - 02157056 _____ (Farbar) C:\Users\Christopher\Desktop\FRST64.exe2014-03-24 15:53 - 2014-03-28 08:19 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-03-24 15:52 - 2014-03-24 15:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-03-24 15:52 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-03-24 15:52 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-03-24 15:49 - 2014-03-24 15:50 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Christopher\Downloads\mbam-setup-2.0.0.1000.exe2014-03-22 18:20 - 2014-03-22 18:20 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Launchy2014-03-22 18:20 - 2014-03-22 18:20 - 00000000 ____D () C:\Program Files (x86)\Launchy2014-03-22 18:19 - 2014-03-22 18:19 - 04672499 _____ (Code Jelly ) C:\Users\Christopher\Downloads\LaunchySetup2.6B2.exe2014-03-22 18:08 - 2014-03-22 18:08 - 00097433 _____ () C:\Users\Christopher\Downloads\UWT3.zip2014-03-18 16:16 - 2014-02-22 08:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe2014-03-18 16:16 - 2014-02-22 07:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe2014-03-14 08:54 - 2014-03-14 08:54 - 04994480 _____ (Adobe Systems Inc.) C:\Users\Christopher\Downloads\Shockwave_Installer_Slim.exe2014-03-14 08:54 - 2014-03-14 08:54 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe2014-03-11 13:51 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-03-11 13:51 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-03-11 13:51 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-03-11 13:51 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-03-11 13:51 - 2014-01-31 12:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys2014-03-11 13:51 - 2014-01-31 12:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2014-03-11 13:51 - 2014-01-31 12:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2014-03-11 13:51 - 2014-01-31 09:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2014-03-11 13:51 - 2014-01-31 05:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll2014-03-11 13:51 - 2014-01-29 05:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll2014-03-11 13:51 - 2014-01-29 04:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2014-03-11 13:51 - 2014-01-29 04:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2014-03-11 13:51 - 2014-01-29 04:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll2014-03-11 13:51 - 2014-01-29 04:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-03-11 13:51 - 2014-01-29 03:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll2014-03-11 13:51 - 2014-01-29 03:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2014-03-11 13:51 - 2014-01-29 03:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2014-03-11 13:51 - 2014-01-29 02:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll2014-03-11 13:51 - 2014-01-28 20:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll2014-03-11 13:51 - 2014-01-27 15:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll2014-03-11 13:51 - 2014-01-27 15:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll2014-03-11 13:51 - 2014-01-27 15:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE2014-03-11 13:51 - 2014-01-27 14:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll2014-03-11 13:51 - 2014-01-27 14:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll2014-03-11 13:51 - 2014-01-27 14:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll2014-03-11 13:51 - 2014-01-27 14:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE2014-03-11 13:51 - 2014-01-27 14:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll2014-03-11 13:51 - 2014-01-27 13:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll2014-03-11 13:51 - 2014-01-27 13:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll2014-03-11 13:51 - 2014-01-27 13:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll2014-03-11 13:51 - 2014-01-27 11:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll2014-03-11 13:51 - 2014-01-27 11:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll2014-03-11 13:51 - 2014-01-27 07:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-03-11 13:51 - 2014-01-17 19:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll2014-03-11 13:51 - 2014-01-17 17:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll2014-03-11 13:51 - 2014-01-17 13:00 - 03652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsai.dll2014-03-11 13:51 - 2013-12-21 10:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe2014-03-11 13:51 - 2013-12-21 04:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll2014-03-11 13:50 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-03-11 13:50 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-03-11 13:50 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-03-11 13:50 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-03-11 13:50 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-03-11 13:50 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-03-11 13:50 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-03-11 13:50 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-03-11 13:50 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-03-11 13:50 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-03-11 13:50 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-03-11 13:50 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-03-11 13:50 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-03-11 13:50 - 2014-02-10 23:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-03-11 13:50 - 2014-02-10 22:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2014-03-11 13:50 - 2014-02-10 22:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2014-03-11 13:50 - 2013-12-20 06:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-03-11 13:50 - 2013-12-20 06:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-03-11 13:50 - 2013-10-30 20:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys2014-03-11 13:50 - 2013-10-30 20:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys2014-03-11 13:50 - 2013-10-30 20:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys2014-03-07 14:32 - 2014-03-07 14:32 - 00000000 ____D () C:\Users\Christopher\Documents\Diablo III2014-03-06 09:37 - 2014-03-11 15:26 - 00000000 ____D () C:\Program Files (x86)\Diablo III2014-03-06 09:33 - 2014-03-06 09:33 - 00001158 _____ () C:\Users\Public\Desktop\Battle.net.lnk2014-03-05 12:55 - 2014-02-25 17:48 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll2014-03-05 12:50 - 2014-03-05 12:50 - 00000000 ____D () C:\Users\Public\Documents\CrashDump2014-03-05 10:19 - 2014-03-28 08:19 - 00000000 ___RD () C:\Users\Christopher\Google Drive2014-03-05 10:19 - 2014-03-05 10:19 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk2014-03-05 10:19 - 2014-03-05 10:19 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk2014-03-05 10:19 - 2014-03-05 10:19 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk2014-03-05 10:19 - 2014-03-05 10:19 - 00001735 _____ () C:\Users\Christopher\Desktop\Google Drive.lnk2014-03-05 10:17 - 2014-03-05 10:17 - 00847808 _____ (Google Inc.) C:\Users\Christopher\Downloads\googledrivesync.exe2014-03-03 09:11 - 2014-03-19 09:03 - 00001552 _____ () C:\WINDOWS\PFRO.log2014-02-27 20:09 - 2014-02-27 20:09 - 00000000 ____D () C:\Users\Christopher\Documents\Thief2014-02-27 20:06 - 2014-02-27 20:06 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-27 20:05 - 2014-02-27 20:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-02-27 20:05 - 2014-02-27 20:05 - 00000000 ____D () C:\Program Files\iTunes2014-02-27 20:05 - 2014-02-27 20:05 - 00000000 ____D () C:\Program Files\iPod2014-02-27 20:05 - 2014-02-27 20:05 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-02-27 12:49 - 2014-03-10 14:25 - 00000000 ____D () C:\Program Files (x86)\Steam2014-02-27 12:49 - 2014-02-27 12:49 - 01141680 _____ () C:\Users\Christopher\Downloads\SteamSetup.exe2014-02-27 12:49 - 2014-02-27 12:49 - 00000975 _____ () C:\Users\Public\Desktop\Steam.lnk ==================== One Month Modified Files and Folders ======= 2014-03-28 08:35 - 2014-03-28 08:35 - 00018479 _____ () C:\Users\Christopher\Desktop\FRST.txt2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 ____D () C:\FRST2014-03-28 08:34 - 2014-03-28 08:34 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Christopher\Desktop\mbam-check-2.1.0.0002.exe2014-03-28 08:33 - 2014-03-28 08:33 - 02157056 _____ (Farbar) C:\Users\Christopher\Desktop\FRST64.exe2014-03-28 08:33 - 2012-12-23 23:44 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-03-28 08:33 - 2012-12-23 23:44 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-03-28 08:30 - 2012-12-23 22:36 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-70101020-1813650786-1015399242-10012014-03-28 08:28 - 2012-12-23 23:44 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-28 08:28 - 2012-12-23 23:44 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-28 08:25 - 2013-01-04 21:16 - 00000000 ___RD () C:\Users\Christopher\Dropbox2014-03-28 08:25 - 2013-01-04 21:14 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Dropbox2014-03-28 08:24 - 2013-05-25 09:53 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2014-03-28 08:24 - 2013-01-04 21:15 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-03-28 08:24 - 2012-12-23 22:31 - 00000000 ___RD () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-28 08:22 - 2013-09-30 00:15 - 00905082 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-03-28 08:21 - 2013-10-17 15:00 - 01353650 _____ () C:\WINDOWS\WindowsUpdate.log2014-03-28 08:19 - 2014-03-24 15:53 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-03-28 08:19 - 2014-03-05 10:19 - 00000000 ___RD () C:\Users\Christopher\Google Drive2014-03-28 08:17 - 2014-01-23 13:00 - 00000362 _____ () C:\WINDOWS\Tasks\GlaryInitialize 4.job2014-03-28 08:17 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-03-28 08:15 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-03-26 16:37 - 2013-10-09 14:41 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Battle.net2014-03-26 15:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-03-26 08:38 - 2014-02-08 20:50 - 00001106 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk2014-03-25 15:59 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-03-24 15:52 - 2014-03-24 15:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-03-24 15:52 - 2013-01-01 20:12 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Malwarebytes2014-03-24 15:52 - 2013-01-01 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-24 15:50 - 2014-03-24 15:49 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Christopher\Downloads\mbam-setup-2.0.0.1000.exe2014-03-24 13:52 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2014-03-22 18:20 - 2014-03-22 18:20 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Launchy2014-03-22 18:20 - 2014-03-22 18:20 - 00000000 ____D () C:\Program Files (x86)\Launchy2014-03-22 18:19 - 2014-03-22 18:19 - 04672499 _____ (Code Jelly ) C:\Users\Christopher\Downloads\LaunchySetup2.6B2.exe2014-03-22 18:08 - 2014-03-22 18:08 - 00097433 _____ () C:\Users\Christopher\Downloads\UWT3.zip2014-03-22 15:14 - 2013-10-09 14:41 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-03-19 09:03 - 2014-03-03 09:11 - 00001552 _____ () C:\WINDOWS\PFRO.log2014-03-18 14:10 - 2013-07-04 16:36 - 00002238 ____H () C:\Users\Christopher\Documents\Default.rdp2014-03-18 08:50 - 2013-06-10 21:37 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-03-14 08:54 - 2014-03-14 08:54 - 04994480 _____ (Adobe Systems Inc.) C:\Users\Christopher\Downloads\Shockwave_Installer_Slim.exe2014-03-14 08:54 - 2014-03-14 08:54 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe2014-03-11 16:31 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache2014-03-11 15:26 - 2014-03-06 09:37 - 00000000 ____D () C:\Program Files (x86)\Diablo III2014-03-11 15:14 - 2013-08-22 10:44 - 00485528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-03-11 15:13 - 2013-03-17 20:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-11 15:13 - 2013-03-17 20:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-03-11 15:12 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-03-11 15:12 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-03-11 15:12 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-03-11 15:12 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-03-11 13:54 - 2013-08-20 18:12 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-03-11 13:53 - 2012-12-23 22:52 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-03-10 14:25 - 2014-02-27 12:49 - 00000000 ____D () C:\Program Files (x86)\Steam2014-03-10 12:33 - 2013-10-02 16:10 - 00000000 ____D () C:\ProgramData\Package Cache2014-03-07 14:32 - 2014-03-07 14:32 - 00000000 ____D () C:\Users\Christopher\Documents\Diablo III2014-03-06 16:53 - 2013-10-17 14:42 - 00000000 ____D () C:\Users\Christopher2014-03-06 10:12 - 2014-02-25 09:13 - 00004166 _____ () C:\WINDOWS\setupact.log2014-03-06 09:33 - 2014-03-06 09:33 - 00001158 _____ () C:\Users\Public\Desktop\Battle.net.lnk2014-03-05 15:09 - 2014-01-24 11:38 - 00000000 ____D () C:\Users\Christopher\Documents\samsung2014-03-05 12:55 - 2014-01-24 11:38 - 00001985 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk2014-03-05 12:54 - 2014-01-24 11:37 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Downloaded Installations2014-03-05 12:50 - 2014-03-05 12:50 - 00000000 ____D () C:\Users\Public\Documents\CrashDump2014-03-05 10:19 - 2014-03-05 10:19 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk2014-03-05 10:19 - 2014-03-05 10:19 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk2014-03-05 10:19 - 2014-03-05 10:19 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk2014-03-05 10:19 - 2014-03-05 10:19 - 00001735 _____ () C:\Users\Christopher\Desktop\Google Drive.lnk2014-03-05 10:19 - 2012-12-23 23:44 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Google2014-03-05 10:19 - 2012-12-23 23:44 - 00000000 ____D () C:\Program Files (x86)\Google2014-03-05 10:17 - 2014-03-05 10:17 - 00847808 _____ (Google Inc.) C:\Users\Christopher\Downloads\googledrivesync.exe2014-03-05 09:26 - 2014-03-24 15:52 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-03-05 09:26 - 2014-03-24 15:52 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-03-05 09:26 - 2013-01-01 20:12 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-03-04 18:53 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-03-04 18:53 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-03-01 02:05 - 2014-03-11 13:51 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-03-01 00:58 - 2014-03-11 13:50 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-03-01 00:30 - 2014-03-11 13:51 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-03-01 00:17 - 2014-03-11 13:50 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-02-28 23:54 - 2014-03-11 13:50 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-02-28 23:47 - 2014-03-11 13:50 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-02-28 23:42 - 2014-03-11 13:50 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-02-28 23:18 - 2014-03-11 13:51 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-02-28 23:14 - 2014-03-11 13:50 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-02-28 23:10 - 2014-03-11 13:50 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-02-28 23:03 - 2014-03-11 13:50 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-02-28 22:57 - 2014-03-11 13:51 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-02-28 22:38 - 2014-03-11 13:50 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-02-28 22:32 - 2014-03-11 13:50 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-02-28 22:27 - 2014-03-11 13:50 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-02-28 22:25 - 2014-03-11 13:50 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-02-28 22:25 - 2014-03-11 13:50 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-02-27 22:22 - 2013-03-16 09:57 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\vlc2014-02-27 21:01 - 2013-10-24 13:41 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0F0A39F9-ABBF-44DA-BC6B-18C0EA92FBC1}2014-02-27 20:09 - 2014-02-27 20:09 - 00000000 ____D () C:\Users\Christopher\Documents\Thief2014-02-27 20:06 - 2014-02-27 20:06 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-27 20:05 - 2014-02-27 20:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-02-27 20:05 - 2014-02-27 20:05 - 00000000 ____D () C:\Program Files\iTunes2014-02-27 20:05 - 2014-02-27 20:05 - 00000000 ____D () C:\Program Files\iPod2014-02-27 20:05 - 2014-02-27 20:05 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-02-27 12:49 - 2014-02-27 12:49 - 01141680 _____ () C:\Users\Christopher\Downloads\SteamSetup.exe2014-02-27 12:49 - 2014-02-27 12:49 - 00000975 _____ () C:\Users\Public\Desktop\Steam.lnk Some content of TEMP:====================C:\Users\Christopher\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpozc0zg.dllC:\Users\Christopher\AppData\Local\Temp\DseShExt-x64.dllC:\Users\Christopher\AppData\Local\Temp\DseShExt-x86.dllC:\Users\Christopher\AppData\Local\Temp\Execute2App.exeC:\Users\Christopher\AppData\Local\Temp\msvcp90.dllC:\Users\Christopher\AppData\Local\Temp\msvcr90.dllC:\Users\Christopher\AppData\Local\Temp\SDShelEx-win32.dllC:\Users\Christopher\AppData\Local\Temp\SDShelEx-x64.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys[2014-03-11 13:51] - [2014-01-31 12:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 LastRegBack: 2014-03-28 08:31 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014Ran by Christopher at 2014-03-28 08:36:25Running from C:\Users\Christopher\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) HiddenAdobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)avast! Pro Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)Dropbox (HKCU\...\Dropbox) (Version: 2.6.25 - Dropbox, Inc.)Glary Utilities 4.5 (HKLM-x32\...\Glary Utilities 4) (Version: 4.5.0.89 - Glarysoft Ltd)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenGuild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)HDAConnect 3.2 (HKLM-x32\...\HDAConnect) (Version: 3.2 - )IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6423.0 - IDT)ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddenISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)Java SE Development Kit 7 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)Java SE Development Kit 7 Update 51 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)Jawbone Updater (HKLM-x32\...\Jawbone Updater) (Version: 0.1 - Jawbone)LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)Launchy 2.6 Beta 2 (HKLM-x32\...\Launchy_21344213_is1) (Version: - Code Jelly)Little Big Adventure (HKLM-x32\...\GOGPACKLBA_is1) (Version: 2.0.0.20 - GOG.com)Little Big Adventure 2 (HKLM-x32\...\GOGPACKLBA2_is1) (Version: 2.0.0.6 - GOG.com)Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4569.1508 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) HiddenPDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14024.11 - Samsung Electronics Co., Ltd.)Samsung Kies3 (x32 Version: 3.2.14024.11 - Samsung Electronics Co., Ltd.) HiddenSAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.3020.7 - TuneUp Software) HiddenUnity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Update for Microsoft en-us Dictionary (Version: 16.1.620.1 - Microsoft Corporation) HiddenVisual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.2700 - Broadcom Corporation)Windows Home Server 2011 Connector (HKLM\...\{C1E4D639-4A33-4314-809E-89BD0EF48522}) (Version: 6.1.8800.16400 - Microsoft Corporation) ==================== Restore Points ========================= 10-03-2014 16:32:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.6061018-03-2014 15:48:34 Scheduled Checkpoint26-03-2014 13:00:57 Scheduled Checkpoint ==================== Hosts content: ========================== 2013-08-22 09:25 - 2014-01-22 15:19 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0A72234D-A6B1-4D89-86B8-70D673A786A9} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-01-21] (Glarysoft Ltd)Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {0FB08D69-B81D-4397-85C4-684217826189} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {4B8BD06B-B696-4F13-8129-4DE828894D3A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)Task: {52D49BBA-1816-4108-9074-6ED467DB73CD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-11] (Microsoft Corporation)Task: {61A7DC72-1114-40E3-8D2A-34D930A56ACB} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)Task: {68F40D95-5B06-4006-BCC2-DB52D0EAEF79} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeTask: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {73F2A3CC-86DF-447A-9F23-73C6DD3954EC} - System32\Tasks\Microsoft\Windows\Windows Server\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)Task: {774CDB00-A6BC-4F73-A8CE-AEB0862CC379} - System32\Tasks\Microsoft\Windows\Windows Server\UploadCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {7BE762FF-630E-47D8-84DC-2E7E6FA0DA5D} - System32\Tasks\Microsoft\Windows\Windows Server\InstallAddIns => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)Task: {8682FD11-3D16-4BF6-8C4D-3C76B5752A71} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8AD84BC3-F95E-41C9-A4D8-5828090833A5} - System32\Tasks\Microsoft\Windows\Windows Server\RenewClientCertificate => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {95932559-7DAD-40E5-8909-D70FACD5688B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-23] (Google Inc.)Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {A37C1C43-C936-49C3-887F-7CC1D9B9AEA0} - System32\Tasks\Microsoft\Windows\Windows Server\SaveCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)Task: {AEB13E84-4254-4720-9866-87521E7EA302} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-18] (Microsoft Corporation)Task: {B55B6670-F561-4DE1-90B7-6710299EFB78} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()Task: {C736FBB0-774D-45C3-92C3-16088E6E3E88} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-29] (Synaptics Incorporated)Task: {C7CC4C62-4EB5-413D-948D-0820E93AD430} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-27] (AVAST Software)Task: {C8689C39-B6F3-4D9C-AE5F-F57CD3B2CD1E} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-01-21] (Glarysoft Ltd)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D1FEC42B-C28C-4BA5-A8BC-2445E77C51F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-23] (Google Inc.)Task: {D7AB3303-3EBD-4945-9855-89C40CD68E19} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-18] (Microsoft Corporation)Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {DC75BB73-2CED-418B-9F28-BCBB52F3C61A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-18] (Microsoft Corporation)Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {F2D8360C-E823-47ED-88BE-9A5A5573DD4E} - System32\Tasks\Microsoft\Windows\Windows Server\Health Definition Updates => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)Task: {F8A48B1A-553B-44EA-81C3-BEBEDA9704E3} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exeTask: C:\WINDOWS\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe ==================== Loaded Modules (whitelisted) ============= 2012-09-28 00:52 - 2012-09-28 00:52 - 00047480 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BtwLeAPI.dll2014-03-18 08:39 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2013-06-10 21:37 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll2014-01-03 10:53 - 2014-03-18 08:44 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2013-06-27 07:56 - 2013-06-27 07:56 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-03-22 18:20 - 2010-11-10 19:28 - 00405504 _____ () C:\Program Files (x86)\Launchy\Launchy.exe2009-08-23 09:44 - 2009-08-23 09:44 - 00139776 _____ () C:\Program Files (x86)\HDAConnect\bin\hdaconnect.exe2014-03-26 15:04 - 2014-03-26 13:36 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032602\algo.dll2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-01-03 10:53 - 2014-03-18 08:44 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll2013-11-20 10:18 - 2013-11-20 10:18 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-03-22 18:20 - 2009-12-16 22:13 - 08314880 _____ () C:\Program Files (x86)\Launchy\QtGui4.dll2014-03-22 18:20 - 2009-12-16 21:56 - 00712704 _____ () C:\Program Files (x86)\Launchy\QtNetwork4.dll2014-03-22 18:20 - 2009-12-16 21:54 - 02236416 _____ () C:\Program Files (x86)\Launchy\QtCore4.dll2014-03-22 18:20 - 2009-12-17 00:18 - 00233472 _____ () C:\Program Files (x86)\Launchy\imageformats\qmng4.dll2014-03-22 18:20 - 2010-11-05 15:08 - 00118784 _____ () C:\Program Files (x86)\Launchy\plugins\calcy.dll2014-03-22 18:20 - 2010-08-24 18:40 - 00110592 _____ () C:\Program Files (x86)\Launchy\plugins\controly.dll2014-03-22 18:20 - 2010-08-24 18:40 - 00030208 _____ () C:\Program Files (x86)\Launchy\plugins\gcalc.dll2014-03-22 18:20 - 2010-08-24 18:40 - 00106496 _____ () C:\Program Files (x86)\Launchy\plugins\runner.dll2014-03-22 18:20 - 2010-08-24 18:40 - 00043520 _____ () C:\Program Files (x86)\Launchy\plugins\verby.dll2014-03-22 18:20 - 2010-11-05 15:03 - 00122880 _____ () C:\Program Files (x86)\Launchy\plugins\weby.dll2009-08-22 00:36 - 2009-08-22 00:36 - 01181696 _____ () C:\Program Files (x86)\HDAConnect\bin\libeay32.dll2014-03-28 08:18 - 2014-03-28 08:18 - 00098816 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\win32api.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00110080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\PyWinTypes27.dll2014-03-28 08:18 - 2014-03-28 08:18 - 00364544 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\pythoncom27.dll2014-03-28 08:18 - 2014-03-28 08:18 - 00044032 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\_socket.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 01157120 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\_ssl.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00320512 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\win32com.shell.shell.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00712192 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\_hashlib.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 01175040 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\wx._core_.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00805888 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\wx._gdi_.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00811008 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\wx._windows_.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 01062400 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\wx._controls_.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00735232 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\wx._misc_.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00128512 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\_elementtree.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00127488 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\pyexpat.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00557056 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\pysqlite2._sqlite.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00087040 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\_ctypes.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00119808 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\win32file.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00108544 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\win32security.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00018432 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\win32event.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00038912 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\win32inet.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00122368 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\wx._wizard.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00070656 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\wx._html2.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00026624 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\_multiprocessing.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00010240 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\select.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00024064 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\win32pipe.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00686080 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\unicodedata.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00025600 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\win32pdh.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00525640 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\windows._lib_cacheinvalidation.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00011264 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\win32crypt.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00035840 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\win32process.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00017408 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\win32profile.pyd2014-03-28 08:18 - 2014-03-28 08:18 - 00022528 _____ () C:\Users\Christopher\AppData\Local\Temp\_MEI38482\win32ts.pyd2013-03-11 21:38 - 2012-06-26 01:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-03-18 09:29 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll2014-03-18 09:29 - 2014-03-14 20:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll2014-03-18 09:29 - 2014-03-14 20:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll2014-03-18 09:29 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll2014-03-18 09:29 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll2014-03-18 09:29 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll2014-03-18 09:29 - 2014-03-14 20:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll2014-03-28 08:24 - 2014-03-28 08:24 - 00041984 _____ () C:\Users\Christopher\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpozc0zg.dll2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Christopher\AppData\Roaming\Dropbox\bin\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Christopher\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Microsoft Wi-Fi Direct Virtual AdapterDescription: Microsoft Wi-Fi Direct Virtual AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vwifimpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (03/26/2014 09:40:06 AM) (Source: Application Error) (User: )Description: Faulting application name: mbamscheduler.exe, version: 2.0.23.0, time stamp: 0x52f2947eFaulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1d0cFaulting application start time: 0xmbamscheduler.exe0Faulting application path: mbamscheduler.exe1Faulting module path: mbamscheduler.exe2Report Id: mbamscheduler.exe3Faulting package full name: mbamscheduler.exe4Faulting package-relative application ID: mbamscheduler.exe5 Error: (03/26/2014 09:34:31 AM) (Source: Application Error) (User: )Description: Faulting application name: mbamscheduler.exe, version: 2.0.23.0, time stamp: 0x52f2947eFaulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x196cFaulting application start time: 0xmbamscheduler.exe0Faulting application path: mbamscheduler.exe1Faulting module path: mbamscheduler.exe2Report Id: mbamscheduler.exe3Faulting package full name: mbamscheduler.exe4Faulting package-relative application ID: mbamscheduler.exe5 Error: (03/26/2014 09:20:24 AM) (Source: Application Error) (User: )Description: Faulting application name: mbamscheduler.exe, version: 2.0.23.0, time stamp: 0x52f2947eFaulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1d38Faulting application start time: 0xmbamscheduler.exe0Faulting application path: mbamscheduler.exe1Faulting module path: mbamscheduler.exe2Report Id: mbamscheduler.exe3Faulting package full name: mbamscheduler.exe4Faulting package-relative application ID: mbamscheduler.exe5 Error: (03/25/2014 10:57:42 AM) (Source: Office 2013 Licensing Service) (User: )Description: Subscription licensing service failed: -2143485936 Error: (03/25/2014 10:57:42 AM) (Source: Microsoft Office 15) (User: )Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0F52930F-6244-4818-90E0-D79E4601F32F} Error: (03/25/2014 10:57:30 AM) (Source: Microsoft Office 15) (User: )Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0F52930F-6244-4818-90E0-D79E4601F32F} Error: (03/25/2014 08:07:03 AM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 54884516 Error: (03/25/2014 08:07:03 AM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 54884516 Error: (03/25/2014 08:07:03 AM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/25/2014 08:07:02 AM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 54883281 System errors:=============Error: (03/28/2014 08:31:56 AM) (Source: DCOM) (User: Windows8)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/28/2014 08:31:26 AM) (Source: DCOM) (User: Windows8)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/28/2014 08:20:30 AM) (Source: DCOM) (User: NT AUTHORITY)Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (03/28/2014 08:15:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dllError Code: 126 Error: (03/26/2014 10:41:38 AM) (Source: DCOM) (User: Windows8)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/26/2014 10:00:01 AM) (Source: DCOM) (User: NT AUTHORITY)Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (03/26/2014 07:57:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dllError Code: 126 Error: (03/25/2014 10:00:05 AM) (Source: DCOM) (User: NT AUTHORITY)Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (03/25/2014 09:55:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dllError Code: 126 Error: (03/25/2014 09:17:24 AM) (Source: DCOM) (User: Windows8)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Microsoft Office Sessions:=========================Error: (03/26/2014 09:40:06 AM) (Source: Application Error)(User: )Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1d0c01cf48f8dc442d8aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll23621ca4-b4ec-11e3-bf02-000272339b52 Error: (03/26/2014 09:34:31 AM) (Source: Application Error)(User: )Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd196c01cf48f780e690c4C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll5bbe139d-b4eb-11e3-bf02-000272339b52 Error: (03/26/2014 09:20:24 AM) (Source: Application Error)(User: )Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1d3801cf48f4e30b1211C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll6355e423-b4e9-11e3-bf02-000272339b52 Error: (03/25/2014 10:57:42 AM) (Source: Office 2013 Licensing Service)(User: )Description: Subscription licensing service failed: -2143485936 Error: (03/25/2014 10:57:42 AM) (Source: Microsoft Office 15)(User: )Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0F52930F-6244-4818-90E0-D79E4601F32F} Error: (03/25/2014 10:57:30 AM) (Source: Microsoft Office 15)(User: )Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0F52930F-6244-4818-90E0-D79E4601F32F} Error: (03/25/2014 08:07:03 AM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 54884516 Error: (03/25/2014 08:07:03 AM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 54884516 Error: (03/25/2014 08:07:03 AM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/25/2014 08:07:02 AM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 54883281 CodeIntegrity Errors:=================================== Date: 2013-11-21 22:04:57.098 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2013-11-15 17:40:04.350 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-11-15 17:40:04.178 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-11-15 17:38:13.467 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-11-15 17:38:13.436 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-11-15 17:38:13.405 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-11-15 17:38:13.373 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-11-15 17:38:13.311 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-11-15 17:38:13.108 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-11-15 17:37:20.948 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 30%Total physical RAM: 8139.86 MBAvailable physical RAM: 5668.79 MBTotal Pagefile: 9419.86 MBAvailable Pagefile: 6729.81 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:156.61 GB) (Free:55.7 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 233 GB) (Disk ID: B3E3496B) Partition: GPT Partition Type. ==================== End Of Log ============================ MBAM Log.txt Link to post Share on other sites More sharing options...
Slayder Posted April 1, 2014 Author ID:811641 Share Posted April 1, 2014 As suggested above, I have turned off the Malicious Website Protection and it all works again. Does that not play nice when a VPN connection is established? Link to post Share on other sites More sharing options...
John L. Galt Posted April 1, 2014 ID:811703 Share Posted April 1, 2014 It can play nicely. Instead of turning off the protection, try adding your VPN client to the Malicious Website Protection exclusion list by going into Settings --> Web Exclusions --> Add process button And see if it then works with the malicious Web protection enabled. Link to post Share on other sites More sharing options...
Slayder Posted April 1, 2014 Author ID:811764 Share Posted April 1, 2014 What would be the process to add for Windows native VPN setup? I am unable to locate the correct process to add. Link to post Share on other sites More sharing options...
John L. Galt Posted April 1, 2014 ID:811770 Share Posted April 1, 2014 Hmmm, let me look into that. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 1, 2014 Root Admin ID:811796 Share Posted April 1, 2014 Actually the computer logs are showing at least some minor inconsistency and possibly either an infection or items left over from a previous infection. I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue. Once it's been confirmed that the computer is not infected or is cleaned up we can look into this issue further if needed. Thanks Link to post Share on other sites More sharing options...
John L. Galt Posted April 1, 2014 ID:811798 Share Posted April 1, 2014 Thanks for catching that, Ron. Link to post Share on other sites More sharing options...
Slayder Posted April 1, 2014 Author ID:811815 Share Posted April 1, 2014 I just rebuilt this PC with a new Drive and it is doing the same thing. It was built with the base Windows 8 Pro DVD, and updated to Windows 8.1 Pro. I did not recover anything from the other drive, installed everything from the official sites. I can re-run the logs again and see if that issue is still detected. Link to post Share on other sites More sharing options...
John L. Galt Posted April 1, 2014 ID:811816 Share Posted April 1, 2014 Please do. That will, at the very least, eliminate the possibility of remnants of malicious software. Also, please use the attach function to attach the files instead of posting the entire text in the forum post - it makes things a bit easier, IMO. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 1, 2014 Root Admin ID:811821 Share Posted April 1, 2014 So is it just Google Drive that drops off and won't reconnect on it's own? If you leave MBAM uninstalled does Google Drive still have an issue at all over the course of a day or so? Link to post Share on other sites More sharing options...
Slayder Posted April 1, 2014 Author ID:811824 Share Posted April 1, 2014 Google Drive, Webpage images/videos will not load(gives the broken image/video icon), Google Chat will not connect. As soon as i either exit MBAM or turn off the Malicious Website Protection, functionality is restored 100% Link to post Share on other sites More sharing options...
John L. Galt Posted April 1, 2014 ID:811840 Share Posted April 1, 2014 Odd, because I have both Google Drive app and access Drive online, and chat, and all other Google services as well without any problems. Link to post Share on other sites More sharing options...
Slayder Posted April 1, 2014 Author ID:811860 Share Posted April 1, 2014 Dropbox looses connection after 2 minutes also with the Website protection as well. I also am unable to access MBAM Forums(ironic?)(Screen to prove, VPN active when error occurs, turn off website protection and I can get back here) Attached are the new logs without VPN being connected.Addition.txtCheckResults.txtFRST.txt Link to post Share on other sites More sharing options...
Slayder Posted April 8, 2014 Author ID:815117 Share Posted April 8, 2014 Anything stand out in the logs that are post re-image? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 8, 2014 Root Admin ID:815132 Share Posted April 8, 2014 The logs appear to indicate that the computer may be infected. It is running files out of the temp folder and is also crashing on a Microsoft runtime file which in the few cases I've seen that each computer was infected. I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue. In your case the DDS files will not run so just post your FRST logs in the new reply.Thanks Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now