dwolf

Hi Jerry, Thanks for the quick reply. Both MBAM and Windows Defender are now showing in the context menu. FRST log shows the following (no menti0on of MBAM): AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} When I set Action Center to "Never Register" I saw a notification saying Windows Defender and MBAM are both turned off. That's obviously false with respect to WD, however, I'm not sure that MBAM is still fully active (providing real-time protection). Here's a shot of my MBAM Dashboard: Please confirm that MBAM real-time protection is indeed still fully active. Thank you, DW

Running M3 v3.7.1 on 64x Win10 Pro. I installed Windows Update v1903 tonight and, now Windows Defender AV is disabled and Windows Defender AS is enabled. Also, Windows Defender is no longer listed in context menu of File Explorer. Before installing this WU 1903 update, Windows Defender was fully enabled along side of MBAM real-time protection and custom scanning with Windows Defender was an option in the File Explorer context menu. Yes, I have rebooted several times after Windows Update. The following is from a FRST log: AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Please tell me how to re-enable Windows Defender and add it to the context menu. Thank you DW

I agree those words were not stated, however the big red BUY AND SAVE 25% is surely misleading. Why would anyone go to the second page when the first page shows blatantly misleading or false info? Also, the link that Porthos provided at https://store.malwarebytes.com/342/purl-mb3-aff-2yr-w2? leads to a two-year price of $59.99 not $74.88. Yes, the Marketing and Product teams need to ensure consistency in what they present to the public. My question is still unanswered.

OK. $59.99 is about a 25% discount. When will MBAM correct the misleading claim or correct the price at https://www.malwarebytes.com/lp/sem/en/ ? DW

I was about to buy MBAM 3 Premium to protect one device for two years here when I saw the claim that $69.98 is a savings of 25% from the full price of $79.99. Now that is just misleading advertising or really bad arithmetic. I'll stick with a different manufacturer's product. Thank you, DW

Hello MBAM, When I use a browser to open MBAM logs which are coded with XML markup, the browser reports no style found, and the report shows all the markup. Where can I get a style sheet that will work with MBAM XML logs? Is there an option that will automatically save logs in pure text with no markup? Thank you, DW

Hi 1PW, Thank you for the reply. Restating my question: I do see the XML log file in "D:\Program Files (x86)\Malwarebytes Anti-Malware\", but the only info it gives about the detected threat is: Scan, 6/4/2016 3:00 AM, SYSTEM, AO40, Manual, Start:6/4/2016 2:49 AM, Duration:9 min 1 sec, Threat Scan, Completed, 0 Malware Detections, 1 Non-Malware Detection, When I look for the specific threat, I see that it is a PUP as shown in the image below: I don't see any way to export or save the Vendor, Date, Type, and Location info into a .TXT file to enable me to send it as a report to a third party. It would be quite awkward if my only recourse is to send info about detected items as JPG screenshots. Earlier versions of MBAM (free) identified the threats in the scan logs. Is there any way to get specific detection info into text files? Thank you. dwolf

Hi, I don't see the usual Save or Export buttons on the History tab or on the Scan tab. They have always been visible in earlier versions, but I updated to v2.2.1.1043 tonight, and I can no longer find any way to retrieve any log if it is not captured immediately after running the scan. IOW, if MBAM is closed and then reopened, I don't see any way to retrieve any logs. Thank you. Dwolf

Hi Mr. Lewis, I didn't see your Post #5 until after I sent my Post #6. I'll visit the MBAM site from time to time to see whether the rootkit issue is resolved. Since you have fully addressed my initial concern, I consider this topic to have been fully resolved. Unless you have further comments for me, you would be justified in closing this topic. Many thanks for your quick help. DW.

Hi Mr. Lewis, Here (below) is the log showing the custom scan of the entire E drive. It ran to completion without any APPCRASH even though I didn't alter the four files that had been encrypted using Truecrypt. They are still on the E drive exactly as in the original scan that failed. In two separate runs, I have successfully scanned all three drives on my entire PC (C and D together, and E separately). Next, I will try to do a custom scan again as I did originally on all three drives at once. It's unclear to me why the original run threw the APPCRASH. Both subsequent runs detected some PUPs which were quarantined and manually deleted, however, I'd be surprised if the detection of PUPs could cause the APPCRASH error. Thank you for your help. DW Custom scan on drive E only: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 07/10/2014 Scan Time: 7:04:42 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.10.02 Rootkit Database: v2014.07.09.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: RAS Scan Type: Custom Scan Result: Completed Objects Scanned: 553948 Time Elapsed: 1 hr, 32 min, 17 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 4 PUP.Optional.ToolBarInstaller.A, E:\i7 Backup\Desk i7\cpu-z_1.62-setup-en.exe, Quarantined, [4a90e9b43645cf67556a0266ca3ac63a], PUP.Optional.Spigot.A, E:\i7 Backup\Desk i7\SFInstaller_SFFZ_filezilla_8992693_.exe, Quarantined, [5288f4a9bbc06ccabadf74b75fa2c937], PUP.Optional.ToolBarInstaller.A, E:\i7 Backup 2014-04-26\Desk i7\cpu-z_1.62-setup-en.exe, Quarantined, [5e7c17868bf0b284f0cf056354b06c94], PUP.Optional.Spigot.A, E:\i7 Backup 2014-04-26\Desk i7\SFInstaller_SFFZ_filezilla_8992693_.exe, Quarantined, [7664138a3c3f979f594072b920e18c74], Physical Sectors: 0 (No malicious items detected) (end)

Hello Mr. Lewis. I'm not exactly sure what you mean by "OS" or "non OS" drive. I have only four files that I encrypted using Truecrypt. They are archives of backup files that have been scanned many times with MBAM and other products before they were encrypted. None of the files was mounted while MBAM threw the APPCRASH errors. I have no fully encrypted drives of any kind. All four of the .TC (encrypted) files are on the E drive. I just now updated the virus definitions, and did another custom scan using MBAM v2.0.2.1012 on just the C and D drives (which don't contain any Truecrypt encrypted files). The full scan on the C and D drives ran to completion in a little over 6 hours. See the log below. I am now running a custom scan on just the E drive. I'll post that log later. If the .TC files cause APPCRASH, I'll just delete those four files. I've heard that Truecrypt has been taken down because of possible security problems. The backups are pretty old, and I can use WinRAR to create new password-protected archives for the backups. Thank you for your help. DW Custom scan on C and D drives only: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 07/09/2014 Scan Time: 11:28:13 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.09.13 Rootkit Database: v2014.07.09.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: RAS Scan Type: Custom Scan Result: Completed Objects Scanned: 937093 Time Elapsed: 6 hr, 8 min, 44 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 PUP.Optional.ToolBarInstaller.A, D:\Desk i7\cpu-z_1.62-setup-en.exe, Quarantined, [8bf6b8e5abd00234411eee7afa0a9f61], PUP.Optional.Spigot.A, D:\Desk i7\SFInstaller_SFFZ_filezilla_8992693_.exe, Quarantined, [f78af3aadaa1122470193af1000143bd], Physical Sectors: 0 (No malicious items detected) (end)

Hello MBAM, The following three logs were too long for my initial post. Again, thank you for your help. DW Here is APPCRASH report: Problem signature: Problem Event Name: APPCRASH Application Name: mbam.exe Application Version: 1.0.0.532 Application Timestamp: 53518532 Fault Module Name: mbamcore.dll Fault Module Version: 1.0.11.0 Fault Module Timestamp: 536d8027 Exception Code: c0000005 Exception Offset: 0001748f OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 1033 Additional Information 1: 0a9e Additional Information 2: 0a9e372d3b4ad19135b953a78882e789 Additional Information 3: 0a9e Additional Information 4: 0a9e372d3b4ad19135b953a78882e789 Read our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409 If the online privacy statement is not available, please read our privacy statement offline: C:\Windows\system32\en-US\erofflps.txt Here is Threat Scan with Rootkit detection: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 07/06/2014 Scan Time: 10:32:47 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.06.08 Rootkit Database: v2014.07.03.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: RAS Scan Type: Custom Scan Result: Completed Objects Scanned: 373042 Time Elapsed: 2 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Disabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Here is mbam-check result log version: 2.1.0.0002 ======================================== User Account type: Administrator OS: Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System Current Build Number: 7601 Current Version Number: 6.1 Current CSDVersion: Service Pack 1 Malwarebytes Anti-Malware: 2.0.2.1012 Installed On: 2014/07/06 Malware Database: 2014.07.06.08 Rootkit Database: 2014.07.03.01 Remediation Database: 2013.10.16.01 IP Database: 0000.00.00.00 Domain Database: 0000.00.00.00 License: Free Malware Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector Malicious Website Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl Chameleon: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon Log Created: 2014/07/06 21:31:20 Compatibility Flag Settings: ================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers D:\Desk i7\OfficePro2003Corporate\SETUP.EXEREG_SZ WINXPSP2 C:\Users\RAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NotePro.exeREG_SZ WINXPSP3 RUNASADMIN D:\Program Files (x86)\NoteTab Pro 6\NotePro.exeREG_SZ WINXPSP3 RUNASADMIN D:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Recorder.exeREG_SZ WINXPSP2 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers D:\Program Files (x86)\Zoom Search Engine 6.0\ZoomIndexer.exeREG_SZ DisableNXShowUI Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked: MBAM Startup Entries: ===================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Malwarebytes Anti-Malware Service and Driver Status: ======================================================= --------------Driver File Info:-------------- C:\Windows\system32\drivers\mbam.sys File Size: 25816 BYTES FileVersion: 0.1.13.0 MD5: [f92b0e478c0faa6d6661e6e977247e60] C:\Windows\system32\drivers\mwac.sys File Size: 63704 BYTES FileVersion: 1.0.1.0 MD5: [15e8abc06843672955ce26a009533bad] C:\Windows\system32\drivers\mbamswissarmy.sys File Size: 122584 BYTES FileVersion: 0.1.7.0 MD5: [8a50d5304e6ae48664cf5838ec32f647] C:\Windows\system32\drivers\mbamchameleon.sys File Size: 91352 BYTES FileVersion: 1.0.4.0 MD5: [9d9ed48f841ea37aa5310d54b9e5d3c7] --------------MBAMProtector:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMService:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMScheduler:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMChameleon:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMWebAccessControl:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A Required Dependencies: ====================== --------------BFE:-------------- Type: 32 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 1 Start REG_DWORD 2 Type REG_DWORD 32 DependOnService REG_MULTI_SZ RpcSs ServiceSidType REG_DWORD 3 RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege FailureActions REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll ServiceDllUnloadOnStop REG_DWORD 1 ServiceMain REG_SZ BfeServiceMain HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter {29d6b1e0-0635-46da-a9d8-124f050a8ddc}REG_BINARY Binary Data {ea365363-f223-4bc5-a643-a7f81503df2a}REG_BINARY Binary Data {8ff39522-cf15-43e9-a607-4552a65e21a0}REG_BINARY Binary Data {a101a7a4-618a-4917-ab30-9183de11b7ee}REG_BINARY Binary Data {75828924-977c-4c0f-95dd-c685da64210e}REG_BINARY Binary Data {70c59677-aa88-46c3-b3b6-29b577e8e921}REG_BINARY Binary Data {a824d49d-e37c-4ca0-a6dd-dcd545f3d57f}REG_BINARY Binary Data {fe7081a7-5a53-44ba-bf39-fd8355a25789}REG_BINARY Binary Data {aa033e51-767d-48c8-bfa7-7190a75d3e6d}REG_BINARY Binary Data {dd27f269-7fca-438e-bf10-638f3e7db5e3}REG_BINARY Binary Data {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout {ff132ac1-0ba3-4619-9f44-1520ce2027bd}REG_BINARY Binary Data {a5105a61-29c0-48f6-a800-f7c6d5d5a9e1}REG_BINARY Binary Data {ba620d6d-c705-4574-b088-be84f0aaafc4}REG_BINARY Binary Data {256f2e60-cfb2-4782-aaca-61a6551b40ab}REG_BINARY Binary Data {6188bb80-e1f6-4a74-b96c-8285b632f821}REG_BINARY Binary Data {7c4a4f81-2f8c-4a2e-a251-839bf8f9697e}REG_BINARY Binary Data {019b4951-14d0-4ea9-92c8-1e22dbbbdb55}REG_BINARY Binary Data {9200fe7c-1524-47ec-802b-6790340d088a}REG_BINARY Binary Data {7bbe03fc-ecc3-4763-909f-a33bec47509d}REG_BINARY Binary Data {2e5d3da1-e40a-460a-8dd4-bd6e95ca9bac}REG_BINARY Binary Data {22001ee0-8e87-4f75-ba58-248f5918a63a}REG_BINARY Binary Data {79f2a265-b693-4cc9-b480-cbcd87bd4747}REG_BINARY Binary Data {c4b50f21-503e-4d7a-abd4-ed0a823a2453}REG_BINARY Binary Data {91e902db-2cef-4040-b8e2-02fe4fd49c25}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter {29d6b1e0-0635-46da-a9d8-124f050a8ddc}REG_BINARY Binary Data {9092352c-cbfb-4093-a75e-bf9e2a3e6d5f}REG_BINARY Binary Data {ea365363-f223-4bc5-a643-a7f81503df2a}REG_BINARY Binary Data {9dc45b5c-8cd9-4026-8cb5-9c659d75f0f2}REG_BINARY Binary Data {8ff39522-cf15-43e9-a607-4552a65e21a0}REG_BINARY Binary Data {66a3efed-476b-45ff-afd9-479ceaa85f1c}REG_BINARY Binary Data {a101a7a4-618a-4917-ab30-9183de11b7ee}REG_BINARY Binary Data {cf1864e9-3fbd-4207-8c18-36debc495472}REG_BINARY Binary Data {75828924-977c-4c0f-95dd-c685da64210e}REG_BINARY Binary Data {b2902208-57c9-42af-92eb-3bdfc085cfda}REG_BINARY Binary Data {70c59677-aa88-46c3-b3b6-29b577e8e921}REG_BINARY Binary Data {290924f3-af18-45f0-8d2d-af8cc62dc0a3}REG_BINARY Binary Data {a824d49d-e37c-4ca0-a6dd-dcd545f3d57f}REG_BINARY Binary Data {0df582e1-aecf-4924-b0ea-5409c664105b}REG_BINARY Binary Data {fe7081a7-5a53-44ba-bf39-fd8355a25789}REG_BINARY Binary Data {e1cc2302-a07d-4249-8c2d-589212811379}REG_BINARY Binary Data {aa033e51-767d-48c8-bfa7-7190a75d3e6d}REG_BINARY Binary Data {dd5a41e9-52ef-439d-865a-92dc8f6e47e5}REG_BINARY Binary Data {dd27f269-7fca-438e-bf10-638f3e7db5e3}REG_BINARY Binary Data {06b1422d-329c-4b8d-9b41-76adafdf7437}REG_BINARY Binary Data {b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data {d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data {8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data {4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data {3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data {17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data {567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data {4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data {3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data {f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data {4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data {be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data {716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data {1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data {07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data {5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data {b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data {0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data {91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data {64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data {13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data {cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data {375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data {b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data {3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data {56b4fdc4-bb4e-4c42-a9d8-f627ee15ac21}REG_BINARY Binary Data {1ba41ed8-151d-4577-9272-317856bc637c}REG_BINARY Binary Data {9248d57e-f843-4159-807d-3813173e2096}REG_BINARY Binary Data {4658cd86-525d-44ed-98a5-791a7b8655f1}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data {42ff0794-3627-44c1-9886-765010075254}REG_BINARY Binary Data {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data {36d5bcc1-49cc-4748-8e5b-3c178d6a2555}REG_BINARY Binary Data {839cd73f-1907-49ea-9aa5-0e6be9048087}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data {4224eab7-7d61-4fe0-9264-6d6568d2ddff}REG_BINARY Binary Data {35ebd351-9d71-41ea-a058-722e5f19cba4}REG_BINARY Binary Data {8c36b346-4e0c-4049-8b55-5295ac35567c}REG_BINARY Binary Data --------------fltmgr:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr AttachWhenLoaded REG_DWORD 1 DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000 ErrorControl REG_DWORD 3 Start REG_DWORD 0 Tag REG_DWORD 1 Type REG_DWORD 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\Windows\system32\drivers\fltmgr.sys File Size: 289664 BYTES FileVersion: 6.1.7601.17514 MD5: [da6b67270fd9db3697b20fce94950741] C:\Windows\SysWOW64\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34 MD5: [e52859fcb7a827cacfce7963184c7d24] C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96] MBAM Registry Settings and License Info: ======================================== --------------Settings:-------------- Advanced: AutomaticQuarantine: true AutostartProtection: true LimitedMode: false StartSilentMode: false StartupDelay: 0 ApplicationState: First-Run-After-Installation: false General: DaysUntilNotifyExpiration: 5 Language: en RightClickAccess: true SilentErrors: false Logging: ExportLog: true Notification: ProtectionTray: DisplayMilliseconds: 10000 ScanHistory: Duration_Complete: 91000 Duration_Driver: 39000 Duration_Filesystem: 0 Duration_Heuristics: 371000 Duration_Loading: 0 Duration_MasterBootRecord: 0 Duration_Memory: 40000 Duration_PreScan: 21000 Duration_Registry: 10000 Duration_Sector: 0 Duration_SectorMemory: 0 Duration_Startup: 8000 ItemCount_Complete: 312837 ItemCount_Driver: 305 ItemCount_Filesystem: 58006 ItemCount_Heuristics: 12189 ItemCount_Loading: 0 ItemCount_MasterBootRecord: 2 ItemCount_Memory: 2797 ItemCount_PreScan: 0 ItemCount_Registry: 591 ItemCount_Sector: 0 ItemCount_SectorMemory: 222 ItemCount_Startup: 917 LastScanDateEpoch: 1404690869099 LastScanType: 3 (Hyper Scan) Update: LastUpdate: 2014-07-06T23:53:49 NotifyInstallReady: true NotifyOutdatedDatabase: 1 ProxyPassword: ProxyPort: 0 ProxyServer: ProxyUsername: UseProxy: false UseProxyAuthentication: false --------------Account:-------------- Account Status: Free Expiration Time: Activation Time: Trial Used: false --------------Access Policies:-------------- Scheduler Queue: ================ Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. MBAMProtector Registry Values: ============================== MBAMService Registry Values: ============================ MBAMScheduler Registry Values: ============================== Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== --------------TERMService:-------------- Type: 32 State: 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE: 1077 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 TermService Start is set to: 3 (Manual Startup) Proxy Status: No proxy is Set Proxy Override: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyOverride REG_SZ *.local LAN Settings: ============= only 'Automatically detect settings' is selected SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's Startup Folder Exists. Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ D:\Program Files (x86)\Malwarebytes Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ D:\Program Files (x86)\Malwarebytes Anti-Malware List of MBAM Related Directories: ================================= D:\Program Files (x86)\Malwarebytes Anti-Malware\ 7z.dll File Size: 920888 BYTES FileVersion: 9.20.0.0 MD5: [9f522b2708cab181c0f137abbcd1de2e] changes.txt File Size: 2261 BYTES FileVersion: N/A MD5: [af70267bdf9a37a96f1a79a5c3720ae6] license.rtf File Size: 39478 BYTES FileVersion: N/A MD5: [8627b31943a534aad30d154c2b2c1aaf] master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea] mbam.dll File Size: 579896 BYTES FileVersion: 1.0.7.0 MD5: [d32c2a98859cb22d57a665f15f351e7d] mbam.exe File Size: 6970168 BYTES FileVersion: 1.0.0.532 MD5: [4fbc630768570e6ac35c3de8f6ec79f5] mbamcore.dll File Size: 1680696 BYTES FileVersion: 1.0.11.0 MD5: [f722fa26739eafcbd8d5f3829b632cd7] mbamdor.exe File Size: 54072 BYTES FileVersion: 1.0.1.0 MD5: [4da2f2da54a92850f56c0db712058188] mbamext.dll File Size: 184632 BYTES FileVersion: 3.0.4.0 MD5: [945bb364b09f3a8e998dbff02a0a5a58] mbampt.exe File Size: 39736 BYTES FileVersion: 1.0.0.0 MD5: [9acd7583584c93ee542c273df8e91dc1] mbamscheduler.exe File Size: 1809720 BYTES FileVersion: 3.0.2.0 MD5: [d84aea3f3329d622dfc1297dddf6163b] mbamservice.exe File Size: 860472 BYTES FileVersion: 3.0.2.0 MD5: [4f45ed469906494f9bf754e476390dbd] mbamsrv.dll File Size: 4437816 BYTES FileVersion: 1.1.0.0 MD5: [9b48e38c35f08fa831b387a0b27c40aa] msvcp100.dll File Size: 421688 BYTES FileVersion: 10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d] msvcr100.dll File Size: 774456 BYTES FileVersion: 10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed] QtCore4.dll File Size: 2732856 BYTES FileVersion: 4.8.4.0 MD5: [30490eed6a1e20e8259c0b9c58f488fe] QtGui4.dll File Size: 8575288 BYTES FileVersion: 4.8.4.0 MD5: [15e21aa7d0c0c994cd565eeb96d13c20] QtNetwork4.dll File Size: 909112 BYTES FileVersion: 4.8.4.0 MD5: [d7588d42e29080c32a003bee465160d8] unins000.dat File Size: 23164 BYTES FileVersion: N/A MD5: [63800c5479235f0235a01cab105d1dc1] unins000.exe File Size: 718037 BYTES FileVersion: 51.52.0.0 MD5: [d2796ecf50731e696f0c065d24c0827a] D:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon D:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows chameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b] firefox.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] firefox.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] firefox.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] firefox.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] iexplore.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] mbam-chameleon.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] mbam-chameleon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] mbam-chameleon.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] mbam-chameleon.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] mbam-killer.exe File Size: 1181496 BYTES FileVersion: N/A MD5: [c6927fd8f7e9105b64db5d5a08b53731] rundll32.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] svchost.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] windows.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] winlogon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] D:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats qgif4.dll File Size: 32568 BYTES FileVersion: 4.8.4.0 MD5: [e59f533c26c8375cd120b4791482217e] D:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages lang_bg.qm File Size: 144048 BYTES FileVersion: N/A MD5: [9ccb79999432d56b9843a3e2b2c90325] lang_bs.qm File Size: 145523 BYTES FileVersion: N/A MD5: [6ab7a6274d4f9f7553c944f5c66201ba] lang_ca.qm File Size: 132254 BYTES FileVersion: N/A MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce] lang_cs.qm File Size: 141243 BYTES FileVersion: N/A MD5: [6b8acee7f461fa69b83d2c45c3725427] lang_da.qm File Size: 130101 BYTES FileVersion: N/A MD5: [8539796784746218b229419e99ab308d] lang_de.qm File Size: 149462 BYTES FileVersion: N/A MD5: [fcd3bc376ad219396e8c7d3c87cd8864] lang_el.qm File Size: 149912 BYTES FileVersion: N/A MD5: [74f13f95f63fe96c08e571598df052d6] lang_en.qm File Size: 115961 BYTES FileVersion: N/A MD5: [8c9da1c0ce06b89f8d323bf948bfba4e] lang_es.qm File Size: 130487 BYTES FileVersion: N/A MD5: [33e1c6d40b841cc2e783ec8d8102e66f] lang_et.qm File Size: 138126 BYTES FileVersion: N/A MD5: [aa215b5f37a72a69854c9163ac543b51] lang_fi.qm File Size: 144256 BYTES FileVersion: N/A MD5: [18912c339939c3a6629004ec900f4fe4] lang_fr.qm File Size: 149253 BYTES FileVersion: N/A MD5: [ec2bf2f431c4273f151b8c8a7b84c387] lang_he.qm File Size: 116101 BYTES FileVersion: N/A MD5: [9e692744e77051c6ce14df32f9b71920] lang_hr.qm File Size: 139841 BYTES FileVersion: N/A MD5: [3e3737fe86eb595c5f6817eebf731aa7] lang_hu.qm File Size: 145621 BYTES FileVersion: N/A MD5: [52d3d7fcf8c8db071ef0573a1357c2fd] lang_id.qm File Size: 143102 BYTES FileVersion: N/A MD5: [80473d2c73d2f54f2b23c9316f2d0ceb] lang_it.qm File Size: 146851 BYTES FileVersion: N/A MD5: [7e7aea7d0b433d7e912ed9f0887684a7] lang_ja.qm File Size: 121282 BYTES FileVersion: N/A MD5: [19ac79b7a5e05d665e417c2dd75afc94] lang_ko.qm File Size: 118033 BYTES FileVersion: N/A MD5: [de213178c14490bf452ea45278d3442d] lang_nl.qm File Size: 146325 BYTES FileVersion: N/A MD5: [5aec6f6bdc5e6c28744e6ef374709eeb] lang_no.qm File Size: 142918 BYTES FileVersion: N/A MD5: [4388c08217618af2e24173af6f5d3f97] lang_pl.qm File Size: 145434 BYTES FileVersion: N/A MD5: [699700c889447d1f9b607c04f07fff67] lang_pt_BR.qm File Size: 131739 BYTES FileVersion: N/A MD5: [a3430222223d59da8ec6ea1edae5ee2f] lang_pt_PT.qm File Size: 149128 BYTES FileVersion: N/A MD5: [afdf1907af4c95f9af510d5fc1bb9067] lang_ro.qm File Size: 121166 BYTES FileVersion: N/A MD5: [1672a2b3a9807a1497fe43824c0026c0] lang_ru.qm File Size: 122186 BYTES FileVersion: N/A MD5: [d4dd1eea2b0f52aba2fca4d159c387f7] lang_sk.qm File Size: 119827 BYTES FileVersion: N/A MD5: [8b200d162e8028843e41aa1a927cfd84] lang_sl.qm File Size: 143191 BYTES FileVersion: N/A MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c] lang_sr.qm File Size: 143261 BYTES FileVersion: N/A MD5: [377d15c0da0249f4a7a58978b6307d81] lang_sv.qm File Size: 142525 BYTES FileVersion: N/A MD5: [2587ead21967296fefdd0ee0684fe8b4] lang_tr.qm File Size: 142194 BYTES FileVersion: N/A MD5: [880fcbe97ec6f13ec094f7371b5b295f] lang_vi.qm File Size: 126874 BYTES FileVersion: N/A MD5: [c61281786b5bfec68afc742a19f6abd9] lang_zh_tr.qm File Size: 110870 BYTES FileVersion: N/A MD5: [f223d83580b1ee35edea13293cb2c80d] D:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins fixdamage.exe File Size: 821560 BYTES FileVersion: 1.1.0.1010 MD5: [3a4dcd021d9f3a5305a22e5e309da305] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware actions.ref File Size: 314 BYTES FileVersion: N/A MD5: [b26a36c0696e299fdfebe180c09c2737] cleanup.dll File Size: 1675064 BYTES FileVersion: 0.6.7.0 MD5: [5c7e53d7eabd1618afc1bd156a6fd064] domains.ref File Size: 38 BYTES FileVersion: N/A MD5: [8c30b536b67543eb68e68b9640d4d498] exclusions.dat File Size: 1427 BYTES FileVersion: N/A MD5: [b2395d7683c74da6ee160418f42c244d] ips.ref File Size: 33 BYTES FileVersion: N/A MD5: [8a1c580788ea8de3f32862c2c1cf373c] mbam-setup.exe File Size: 17292760 BYTES FileVersion: 2.0.2.1012 MD5: [e90bf9e1562f40140161573b79cd5720] rules.ref File Size: 8729970 BYTES FileVersion: N/A MD5: [65b2b560a1fe221345a953abb7838445] S-1-5-18-0-ntuser.dat S-1-5-18-0-ntuser.dat.LOG1 S-1-5-18-0-ntuser.dat.LOG2 S-1-5-18-0-ntuser.dat{78f3eeb8-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-18-0-ntuser.dat{78f3eeb8-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-18-0-ntuser.dat{78f3eeb8-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-19-0-ntuser.dat S-1-5-19-0-ntuser.dat.LOG1 S-1-5-19-0-ntuser.dat.LOG2 S-1-5-19-0-ntuser.dat{78f3eebe-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-19-0-ntuser.dat{78f3eebe-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-19-0-ntuser.dat{78f3eebe-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-20-0-ntuser.dat S-1-5-20-0-ntuser.dat.LOG1 S-1-5-20-0-ntuser.dat.LOG2 S-1-5-20-0-ntuser.dat{78f3eec4-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-20-0-ntuser.dat{78f3eec4-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-20-0-ntuser.dat{78f3eec4-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.datS-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat.LOG1S-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat.LOG2S-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat{78f3eeca-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat{78f3eeca-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat{78f3eeca-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.datS-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat.LOG1S-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat.LOG2S-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat{78f3eed0-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat{78f3eed0-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat{78f3eed0-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.datS-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat.LOG1S-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat.LOG2S-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blfS-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-msS-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-msswissarmy.ref File Size: 21891 BYTES FileVersion: N/A MD5: [6213d4017bb6dc68b54e98dddd8ab5d5] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration build.conf File Size: 4491 BYTES FileVersion: N/A MD5: [4b1f75d72332c074964e923d01882222] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 23 BYTES FileVersion: N/A MD5: [0ec01df616b565180556881d8042255b] manifest.conf File Size: 2126 BYTES FileVersion: N/A MD5: [c0b22c1280da6ac3125c1a11224d0406] marketing.conf File Size: 1434 BYTES FileVersion: N/A MD5: [19533c40d9c9778b2ab423dbcf063d80] net.conf File Size: 6101 BYTES FileVersion: N/A MD5: [a96d1151fca43863d0017b0811398287] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] settings.conf File Size: 2052 BYTES FileVersion: N/A MD5: [a927c25886c6b0ec226fdd40c70bbeda] statistics.conf File Size: 173 BYTES FileVersion: N/A MD5: [e3bd8244795f13c8552c7490f79f252a] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs mbam-log-2014-04-08 (16-52-22).xml File Size: 2468 BYTES FileVersion: N/A MD5: [53ce99e2c791e8bd9f93e81f9a22e38c] mbam-log-2014-04-19 (04-09-40).xml File Size: 2468 BYTES FileVersion: N/A MD5: [b15062ec1cc30eda6cb1ef92f685e5af] mbam-log-2014-05-02 (04-36-48).xml File Size: 2820 BYTES FileVersion: N/A MD5: [4193022ee1ff95cb6be57a582373f416] mbam-log-2014-05-02 (04-40-44).xml File Size: 2462 BYTES FileVersion: N/A MD5: [30fd7aa8972731ccba974c45a1335b30] mbam-log-2014-07-06 (07-37-49).xml File Size: 2492 BYTES FileVersion: N/A MD5: [c716fd0bf0c86f917aed82130584d8e0] mbam-log-2014-07-06 (19-08-28).xml File Size: 2480 BYTES FileVersion: N/A MD5: [efb69602943cc9affe46140f9717dea8] mbam-log-2014-07-06 (19-09-18).xml File Size: 2492 BYTES FileVersion: N/A MD5: [6e8a3a8cacf561934a86728c3939db28] protection-log-2014-04-08.xml File Size: 654 BYTES FileVersion: N/A MD5: [8cd8740eb92d98f68ba2114ed3451632] protection-log-2014-04-19.xml File Size: 356 BYTES FileVersion: N/A MD5: [632d68e1585002e3d997e2dc7e4f53c3] protection-log-2014-07-06.xml File Size: 2429 BYTES FileVersion: N/A MD5: [f241145bd17c525822f157bcf2d8efd3] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine 0368574352.data File Size: 705 BYTES FileVersion: N/A MD5: [a7c6c70cc0f30f420a4a1d0554489a09] 0368574352.quar File Size: 903256 BYTES FileVersion: N/A MD5: [4c071d75ecee5036aa667dbf06521c41] Malware Exclusions: =================== Web Exclusions: ================ Quarantined Items: =================== =============================================================== END OF FILE

Hello MBAM, MBAM v2.1.0.0002 runs Threat Scan, and finds no errors. Re-running MBAM Custom scan on C, D, & E drives with Rootkit detect caused APPCRASH. I completely uninstalled MBAM then re-installed MBAM v2.1.0.0002 and updated signatures, then re-ran Threat Scan with no errors, but custom scan on C, D, & E drive with Rootkit detection gave same APPCRASH. Fault Module Name: mbamcore.dll I ran MBAM custom scan again with Rootkit detection but with no drives checkmarked. MBAM ran successfully with no rootkit found and no APPCRASH. The computer has been running all applications normally at normal speed with no obvious issues. My only problem is that MBAM will not do a custom scan on all my hard disks. When I try Custom Scan on C, D, & E drives, all phases except final phase complete normally with no threats detected, but I get APPCRASH after about 6,000 files are scanned. Both MS Security Essentials and Super Anti-Spyware detect no threats. See FRST log in this post. See three more logs in Post #2 (otherwise too long for forum). Thank you for your help. DW Here is FRST log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by RAS (administrator) on I7 on 06-07-2014 22:51:32 Running from D:\Desk i7 Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe () D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Linksys, a division of Cisco Systems, Inc.) C:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Monitor.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Linksys, a division of Cisco Systems, Inc.) C:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Recorder.exe (BillP Studios) D:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (ASUS) D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHook32.exe (Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe () D:\Program Files (x86)\Explorer++\Explorer++.exe (ASUS) D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHook64.exe (Fookes Holding Ltd) D:\Program Files (x86)\NoteTab Pro 6\NotePro.exe () D:\Program Files (x86)\Everything\Everything.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () D:\Program Files (x86)\Explorer++\Explorer++.exe (Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe () D:\Program Files (x86)\Explorer++\Explorer++.exe () D:\Program Files (x86)\Explorer++\Explorer++.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [Monitor.exe] => C:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Monitor.exe [1118208 2008-08-14] (Linksys, a division of Cisco Systems, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKLM-x32\...\Run: [Recorder.exe] => C:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Recorder.exe [348160 2008-08-21] (Linksys, a division of Cisco Systems, Inc.) HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google) HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION HKLM Group Policy restriction on software: *?* <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\lastpassbroker.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\wlandecrypt.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\lastpassbroker.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\easy imager\zoomifyer.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\gotoassistdownloadhelper.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\wlandecrypt.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\easy imager\zoomifyer.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION HKLM Group Policy restriction on software: D:\Desk i7\ProcessMonitor\Procmon.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\lastpassbroker.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\wlandecrypt.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\easy imager\zoomifyer.exe <====== ATTENTION Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoStrCmpLogical] 0 HKU\S-1-5-21-868819068-3257824110-3933167620-1000\...\Run: [Google Update] => C:\Users\RAS\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-20] (Google Inc.) HKU\S-1-5-21-868819068-3257824110-3933167620-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-12] (Google Inc.) HKU\S-1-5-21-868819068-3257824110-3933167620-1000\...\Run: [WinPatrol] => D:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [527936 2014-03-22] (BillP Studios) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6F619AE3EBD7CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - D:\Program Files (x86)\LPToolbar_x64.dll (LastPass) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - D:\Program Files (x86)\LPToolbar.dll (LastPass) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LPToolbar_x64.dll (LastPass) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LPToolbar.dll (LastPass) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default FF DefaultSearchEngine: Google FF Homepage: news.google.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass - D:\Program Files (x86)\nplastpass64.dll (LastPass) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass - D:\Program Files (x86)\nplastpass.dll (LastPass) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Cs4\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\RAS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\RAS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\RAS\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\RAS\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\RAS\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\RAS\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: LastPass - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\support@lastpass.com [2014-03-04] FF Extension: Html Validator - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2013-10-24] FF Extension: Malware Search - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2013-01-04] FF Extension: FireFTP - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-04-05] FF Extension: Adblock Plus - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-13] FF Extension: UnMHT - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2011-10-03] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-07] FF HKLM-x32\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix FF Extension: Mozilla hotfix - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2013-04-10] FF HKCU\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix FF Extension: Mozilla hotfix - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2013-04-10] FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe Chrome: ======= CHR HomePage: hxxp://news.google.com/ CHR StartupUrls: "hxxp://news.google.com/" CHR Extension: (Google Docs) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24] CHR Extension: (Google Drive) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24] CHR Extension: (James White) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2013-12-11] CHR Extension: (YouTube) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24] CHR Extension: (Adblock Plus) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-29] CHR Extension: (Google Search) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24] CHR Extension: (High Contrast) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2014-04-12] CHR Extension: (FVD Downloader) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-04-13] CHR Extension: (WeatherBug) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2013-11-25] CHR Extension: (Google Wallet) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-25] CHR Extension: (Gmail) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24] ==================== Services (Whitelisted) ================= S3 !SASCORE; D:\Program Files (x86)\SuperAntiSpyware\SASCORE64.EXE [140672 2012-09-09] (SUPERAntiSpyware.com) [File not signed] S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2011-01-11] (Adobe Systems Incorporated) S3 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed] S3 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.) [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) S4 NMSAccess; D:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] () S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) S3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) S3 SBSDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X] ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-06] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed] S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed] R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [222160 2010-06-04] (TrueCrypt Foundation) U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.) R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.) R2 WinFLdrv; C:\Windows\SysWow64\WinFLdrv.sys [21888 2010-06-04] () S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X] S1 SABKUTIL; \??\D:\Program Files (x86)\SuperAntiSpyware\SABKUTIL.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-06 21:31 - 2014-07-06 21:31 - 00044008 _____ () C:\Users\RAS\Desktop\CheckResults.txt 2014-07-06 19:53 - 2014-07-06 22:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-06 19:52 - 2014-07-06 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-06 19:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-06 19:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-06 19:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-06 19:32 - 2014-07-06 19:35 - 00003354 _____ () C:\Users\RAS\Desktop\Rkill.txt 2014-07-03 19:35 - 2014-07-03 19:35 - 00000000 _____ () C:\Users\RAS\AppData\Local\{C8F06ACA-8349-4451-8373-B934F3C67F42} 2014-06-25 19:01 - 2014-07-05 21:31 - 00000000 ____D () C:\Users\RAS\AppData\Local\Adobe 2014-06-23 18:49 - 2014-06-23 18:49 - 00258744 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-23 18:49 - 2014-06-23 18:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA 2014-06-23 18:49 - 2014-06-23 18:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-23 18:48 - 2014-06-23 18:48 - 00001424 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-23 18:48 - 2014-06-23 18:48 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-06-23 18:48 - 2014-06-23 18:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-06-23 18:48 - 2014-06-23 18:48 - 00000000 ____D () C:\Users\Administrator 2014-06-23 18:48 - 2010-06-05 09:43 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia 2014-06-23 18:48 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-23 18:48 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-06-21 13:30 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-21 13:30 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-21 13:30 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-21 13:30 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-21 13:30 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-21 13:30 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-21 13:30 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-21 13:30 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-21 13:30 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-21 13:30 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-21 13:30 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-21 13:30 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-21 13:30 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-21 13:30 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-21 13:30 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-21 13:30 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-21 13:30 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-21 13:30 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-21 13:30 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-21 13:30 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-21 13:30 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-21 13:30 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-21 13:30 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-21 13:30 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-21 13:30 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-21 13:30 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-21 13:30 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-21 13:30 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-21 13:30 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-21 13:30 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-21 13:30 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-21 13:30 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-21 13:30 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-21 13:30 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-21 13:30 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-21 13:30 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-21 13:30 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-21 13:30 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-21 13:30 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-21 13:30 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-21 13:30 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-21 13:30 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-21 13:30 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-21 13:30 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-21 13:30 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-21 13:30 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-21 13:30 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-21 13:30 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-21 13:30 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-21 13:30 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-21 13:30 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-21 13:30 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-21 13:30 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-06-21 13:30 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-06-21 13:30 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-21 13:30 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-21 13:30 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-06-21 13:30 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-06-21 13:30 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-06-21 13:30 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-06-21 13:30 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-06-21 13:30 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-06-21 13:30 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-06-21 13:30 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-06-21 13:30 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-06-21 13:30 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-21 13:30 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-21 13:30 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-21 13:30 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-21 13:30 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-21 13:30 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-21 13:30 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-21 13:30 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-21 13:30 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-21 13:30 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-21 13:30 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-06-21 13:30 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-06-21 13:30 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-06-21 13:30 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-06-21 13:30 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-06-21 13:30 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-06-21 13:30 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-06-21 13:30 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-06-21 13:30 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-06-21 13:30 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-06-21 13:30 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-06-21 13:30 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-06-21 13:30 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-06-21 13:30 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-06-21 13:30 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-06-21 13:30 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-06-21 13:30 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-06-21 13:30 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-06-21 13:30 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-06-21 13:30 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-06-21 13:30 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-06-21 13:30 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-06-21 13:30 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-06-21 13:30 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-06-21 13:30 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-06-21 13:30 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-06-21 13:30 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-06-21 13:30 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-06-21 13:30 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-06-21 13:30 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-06-21 13:30 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-06-21 13:30 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-06-21 13:30 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-06-21 13:30 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-06-20 03:14 - 2014-06-20 03:14 - 00000000 ____D () C:\ProgramData\GRETECH 2014-06-17 15:55 - 2014-07-06 22:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-17 15:55 - 2014-07-06 19:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-17 15:55 - 2014-06-17 15:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-17 15:55 - 2014-06-17 15:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-17 01:31 - 2014-07-06 22:36 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000UA.job 2014-06-17 01:31 - 2014-07-06 07:35 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000Core.job 2014-06-17 01:31 - 2014-06-17 01:31 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000UA 2014-06-17 01:31 - 2014-06-17 01:31 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000Core ==================== One Month Modified Files and Folders ======= 2014-07-06 22:51 - 2014-04-05 22:37 - 00000000 ____D () C:\FRST 2014-07-06 22:36 - 2014-06-17 01:31 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000UA.job 2014-07-06 22:31 - 2014-07-06 19:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-06 22:26 - 2012-06-17 00:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-06 22:00 - 2014-06-17 15:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-06 21:31 - 2014-07-06 21:31 - 00044008 _____ () C:\Users\RAS\Desktop\CheckResults.txt 2014-07-06 21:24 - 2010-04-09 07:54 - 01613865 _____ () C:\Windows\WindowsUpdate.log 2014-07-06 20:34 - 2014-04-07 01:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-07-06 19:52 - 2014-07-06 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-06 19:52 - 2009-07-14 00:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-06 19:52 - 2009-07-14 00:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-06 19:45 - 2014-06-17 15:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-06 19:44 - 2014-04-11 03:44 - 00001344 _____ () C:\Windows\setupact.log 2014-07-06 19:44 - 2014-04-11 03:43 - 00033268 _____ () C:\Windows\PFRO.log 2014-07-06 19:44 - 2010-04-08 22:11 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-06 19:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-06 19:35 - 2014-07-06 19:32 - 00003354 _____ () C:\Users\RAS\Desktop\Rkill.txt 2014-07-06 07:35 - 2014-06-17 01:31 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000Core.job 2014-07-05 21:31 - 2014-06-25 19:01 - 00000000 ____D () C:\Users\RAS\AppData\Local\Adobe 2014-07-03 19:35 - 2014-07-03 19:35 - 00000000 _____ () C:\Users\RAS\AppData\Local\{C8F06ACA-8349-4451-8373-B934F3C67F42} 2014-06-30 19:17 - 2012-05-04 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-23 18:54 - 2012-06-17 00:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-23 18:54 - 2012-04-02 19:33 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-23 18:54 - 2011-06-08 08:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-23 18:49 - 2014-06-23 18:49 - 00258744 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-23 18:49 - 2014-06-23 18:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA 2014-06-23 18:49 - 2014-06-23 18:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-23 18:48 - 2014-06-23 18:48 - 00001424 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-23 18:48 - 2014-06-23 18:48 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-06-23 18:48 - 2014-06-23 18:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-06-23 18:48 - 2014-06-23 18:48 - 00000000 ____D () C:\Users\Administrator 2014-06-23 18:48 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-06-21 18:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-06-21 13:37 - 2013-07-17 08:53 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-20 03:14 - 2014-06-20 03:14 - 00000000 ____D () C:\ProgramData\GRETECH 2014-06-18 16:11 - 2013-03-13 03:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-06-17 15:55 - 2014-06-17 15:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-17 15:55 - 2014-06-17 15:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-17 01:31 - 2014-06-17 01:31 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000UA 2014-06-17 01:31 - 2014-06-17 01:31 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000Core 2014-06-10 21:05 - 2010-04-12 02:43 - 00000000 ____D () C:\Users\RAS\AppData\Roaming\Mozilla 2014-06-09 13:54 - 2014-04-07 01:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2012-03-01 03:26 ==================== End Of Log ============================