Jump to content

dwolf

Members
  • Posts

    13
  • Joined

  • Last visited

Posts posted by dwolf

  1. Hi Jerry,

    Thanks for the quick reply.

    Both MBAM and Windows Defender are now showing in the context menu. FRST log shows the following (no menti0on of MBAM):

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    When I set Action Center to "Never Register" I saw a notification saying Windows Defender and MBAM are both turned off. That's obviously false with respect to WD, however, I'm not sure that MBAM is still fully active (providing real-time protection). Here's a shot of my MBAM Dashboard:

    MBAM-Dashboard.jpg

    Please confirm that MBAM real-time protection is indeed still fully active.

    Thank you,

    DW

  2. Running M3 v3.7.1 on 64x Win10 Pro.

     

    I installed Windows Update v1903 tonight and, now Windows Defender AV is disabled and Windows Defender AS is enabled. Also, Windows Defender is no longer listed in context menu of File Explorer. Before installing this WU 1903 update, Windows Defender was fully enabled along side of MBAM real-time protection and custom scanning with Windows Defender was an option in the File Explorer context menu. Yes, I have rebooted several times after Windows Update.

    The following is from a FRST log:

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

     

    Please tell me how to re-enable Windows Defender and add it to the context menu.


    Thank you

    DW

     

  3. On 3/8/2019 at 4:07 AM, David H. Lipman said:

    That is NOT what it says.  You are inferring 25% off the Full Price.  It does not state those words.

    I agree those words were not stated, however the big red BUY AND SAVE 25% is surely misleading.
     

     

    On 3/8/2019 at 4:07 AM, David H. Lipman said:

    Continue to the next page and it clearly states 25% off the second year.

    Why would anyone go to the second page when the first page shows blatantly misleading or false info? Also, the link that Porthos provided at https://store.malwarebytes.com/342/purl-mb3-aff-2yr-w2?  leads to a two-year price of $59.99 not $74.88. Yes, the Marketing and Product teams need to ensure consistency in what they present to the public.

     

    My question is still unanswered.

    On 3/8/2019 at 12:34 AM, dwolf said:

    When will MBAM correct the misleading claim or correct the price at https://www.malwarebytes.com/lp/sem/en/  ?

  4. Hi 1PW,

     

    Thank you for the reply.

    Restating my question: I do see the XML log file in "D:\Program Files (x86)\Malwarebytes Anti-Malware\", but the only info it gives about the detected threat is:

    Scan, 6/4/2016 3:00 AM, SYSTEM, AO40, Manual, Start:6/4/2016 2:49 AM, Duration:9 min 1 sec, Threat Scan, Completed, 0 Malware Detections, 1 Non-Malware Detection,

     

    When I look for the specific threat, I see that it is a PUP  as shown in the image below:

    MBAM Quarantine.JPG

    I don't see any way to export or save the Vendor, Date, Type, and Location info into a .TXT file to enable me to send it as a report to a third party. It would be quite awkward if my only recourse is to send info about detected items as JPG screenshots.

    Earlier versions of MBAM (free) identified the threats in the scan logs. Is there any way to get specific detection info into text files?

    Thank you.

    dwolf

  5. Hi,

     

    I don't see the usual Save or Export buttons on the History tab or on the Scan tab. They have always been visible in earlier versions, but I updated to v2.2.1.1043 tonight, and I  can no longer find any way to retrieve any log if it is not captured immediately after running the scan. IOW, if MBAM is closed and then reopened, I don't see any way to retrieve any logs.

     

    Thank you.

     

    Dwolf

  6. Hi Mr. Lewis,

     

    You can scan the C: drive with it as long as there are no encrypted files but for the other drives you'll need to keep the rootkit scanner disabled until we're able to resolve the issue.

     

    I didn't see your Post #5 until after I sent my Post #6.

     

    I'll visit the MBAM site from time to time to see whether the rootkit issue is resolved. Since you have fully addressed my initial concern, I consider this topic to have been fully resolved. Unless you have further comments for me, you would be justified in closing this topic.

     

    Many thanks for your quick help.

     

    DW.

  7. Hi Mr. Lewis,

     

    Here (below) is the log showing the custom scan of the entire E drive. It ran to completion without any APPCRASH even though I didn't alter the four files that had been encrypted using Truecrypt. They are still on the E drive exactly as in the original scan that failed.

     

    In two separate runs, I have successfully scanned all three drives on my entire PC (C and D together, and E separately). Next, I will try to do a custom scan again as I did originally on all three drives at once.

     

    It's unclear to me why the original run threw the APPCRASH. Both subsequent runs detected some PUPs which were quarantined and manually deleted, however, I'd be surprised if the detection of PUPs could cause the APPCRASH error.

     

    Thank you for your help.

     

    DW

     

    Custom scan on drive E only:

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 07/10/2014
    Scan Time: 7:04:42 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.10.02
    Rootkit Database: v2014.07.09.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: RAS

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 553948
    Time Elapsed: 1 hr, 32 min, 17 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 4
    PUP.Optional.ToolBarInstaller.A, E:\i7 Backup\Desk i7\cpu-z_1.62-setup-en.exe, Quarantined, [4a90e9b43645cf67556a0266ca3ac63a],
    PUP.Optional.Spigot.A, E:\i7 Backup\Desk i7\SFInstaller_SFFZ_filezilla_8992693_.exe, Quarantined, [5288f4a9bbc06ccabadf74b75fa2c937],
    PUP.Optional.ToolBarInstaller.A, E:\i7 Backup 2014-04-26\Desk i7\cpu-z_1.62-setup-en.exe, Quarantined, [5e7c17868bf0b284f0cf056354b06c94],
    PUP.Optional.Spigot.A, E:\i7 Backup 2014-04-26\Desk i7\SFInstaller_SFFZ_filezilla_8992693_.exe, Quarantined, [7664138a3c3f979f594072b920e18c74],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  8. Hello Mr. Lewis.

     

    I'm not exactly sure what you mean by "OS" or "non OS" drive. I have only four files that I encrypted using Truecrypt. They are archives of backup files that have been scanned many times with MBAM and other products before they were encrypted. None of the files was mounted while MBAM threw the APPCRASH errors. I have no fully encrypted drives of any kind.

     

    All four of the .TC (encrypted) files are on the E drive. I just now updated the virus definitions, and did another custom scan using MBAM v2.0.2.1012 on just the C and D drives (which don't contain any Truecrypt encrypted files). The full scan on the C and D drives ran to completion in a little over 6 hours. See the log below.

     

    I am now running a custom scan on just the E drive. I'll post that log later. If the .TC files cause APPCRASH, I'll just delete those four files. I've heard that Truecrypt has been taken down because of possible security problems. The backups are pretty old, and I can use WinRAR to create new password-protected archives for the backups.

     

    Thank you for your help.

     

    DW

     

     

    Custom scan on C and D drives only:

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 07/09/2014
    Scan Time: 11:28:13 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.09.13
    Rootkit Database: v2014.07.09.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: RAS

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 937093
    Time Elapsed: 6 hr, 8 min, 44 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    PUP.Optional.ToolBarInstaller.A, D:\Desk i7\cpu-z_1.62-setup-en.exe, Quarantined, [8bf6b8e5abd00234411eee7afa0a9f61],
    PUP.Optional.Spigot.A, D:\Desk i7\SFInstaller_SFFZ_filezilla_8992693_.exe, Quarantined, [f78af3aadaa1122470193af1000143bd],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  9. Hello MBAM,

    The following three logs were too long for my initial post.

     

    Again, thank you for your help.

     

    DW


    Here is APPCRASH report:

    Problem signature:
      Problem Event Name:    APPCRASH
      Application Name:    mbam.exe
      Application Version:    1.0.0.532
      Application Timestamp:    53518532
      Fault Module Name:    mbamcore.dll
      Fault Module Version:    1.0.11.0
      Fault Module Timestamp:    536d8027
      Exception Code:    c0000005
      Exception Offset:    0001748f
      OS Version:    6.1.7601.2.1.0.256.48
      Locale ID:    1033
      Additional Information 1:    0a9e
      Additional Information 2:    0a9e372d3b4ad19135b953a78882e789
      Additional Information 3:    0a9e
      Additional Information 4:    0a9e372d3b4ad19135b953a78882e789

    Read our privacy statement online:
      http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
      C:\Windows\system32\en-US\erofflps.txt

     

    Here is Threat Scan with Rootkit detection:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 07/06/2014
    Scan Time: 10:32:47 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.06.08
    Rootkit Database: v2014.07.03.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: RAS

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 373042
    Time Elapsed: 2 min, 9 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Disabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    Here is mbam-check result log version:     2.1.0.0002
    ========================================

    User Account type:                 Administrator
    OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
    Current Build Number:              7601
    Current Version Number:            6.1
    Current CSDVersion:                Service Pack 1
    Malwarebytes Anti-Malware:         2.0.2.1012
    Installed On:                      2014/07/06
    Malware Database:                  2014.07.06.08
    Rootkit Database:                  2014.07.03.01
    Remediation Database:              2013.10.16.01
    IP Database:                       0000.00.00.00
    Domain Database:                   0000.00.00.00
    License:                           Free
    Malware Protection:                0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
    Malicious Website Protection:      0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
    Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
    Log Created:                       2014/07/06 21:31:20
    Compatibility Flag Settings:
    =================================

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
        D:\Desk i7\OfficePro2003Corporate\SETUP.EXEREG_SZ        WINXPSP2
        C:\Users\RAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NotePro.exeREG_SZ        WINXPSP3 RUNASADMIN
        D:\Program Files (x86)\NoteTab Pro 6\NotePro.exeREG_SZ        WINXPSP3 RUNASADMIN
        D:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Recorder.exeREG_SZ        WINXPSP2

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
        D:\Program Files (x86)\Zoom Search Engine 6.0\ZoomIndexer.exeREG_SZ        DisableNXShowUI

    Malwarebytes Anti-Malware Shell Extension Block Check:
    ======================================================

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

    MBAM Startup Entries:
    =====================
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

    Malwarebytes Anti-Malware Service and Driver Status:
    =======================================================

    --------------Driver File Info:--------------
    C:\Windows\system32\drivers\mbam.sys
    File Size: 25816     BYTES    FileVersion: 0.1.13.0    MD5: [f92b0e478c0faa6d6661e6e977247e60]
    C:\Windows\system32\drivers\mwac.sys
    File Size: 63704     BYTES    FileVersion: 1.0.1.0    MD5: [15e8abc06843672955ce26a009533bad]
    C:\Windows\system32\drivers\mbamswissarmy.sys
    File Size: 122584    BYTES    FileVersion: 0.1.7.0    MD5: [8a50d5304e6ae48664cf5838ec32f647]
    C:\Windows\system32\drivers\mbamchameleon.sys
    File Size: 91352     BYTES    FileVersion: 1.0.4.0    MD5: [9d9ed48f841ea37aa5310d54b9e5d3c7]

    --------------MBAMProtector:--------------
    Type:                   N/A
    State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
    WIN32_EXIT_CODE:        N/A
    SERVICE_EXIT_CODE:      N/A
    CHECKPOINT:             N/A
    WAIT_HINT:              N/A


    --------------MBAMService:--------------
    Type:                   N/A
    State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
    WIN32_EXIT_CODE:        N/A
    SERVICE_EXIT_CODE:      N/A
    CHECKPOINT:             N/A
    WAIT_HINT:              N/A


    --------------MBAMScheduler:--------------
    Type:                   N/A
    State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
    WIN32_EXIT_CODE:        N/A
    SERVICE_EXIT_CODE:      N/A
    CHECKPOINT:             N/A
    WAIT_HINT:              N/A


    --------------MBAMChameleon:--------------
    Type:                   N/A
    State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
    WIN32_EXIT_CODE:        N/A
    SERVICE_EXIT_CODE:      N/A
    CHECKPOINT:             N/A
    WAIT_HINT:              N/A


    --------------MBAMWebAccessControl:--------------
    Type:                   N/A
    State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
    WIN32_EXIT_CODE:        N/A
    SERVICE_EXIT_CODE:      N/A
    CHECKPOINT:             N/A
    WAIT_HINT:              N/A


    Required Dependencies:
    ======================

    --------------BFE:--------------
    Type:                   32
    State:                  4 (The service is running.)
    WIN32_EXIT_CODE:        0
    SERVICE_EXIT_CODE:      0
    CHECKPOINT:             0
    WAIT_HINT:              0


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
        DisplayName                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1001
        Group                         REG_SZ        NetworkProvider
        ImagePath                     REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
        Description                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1002
        ObjectName                    REG_SZ        NT AUTHORITY\LocalService
        ErrorControl                  REG_DWORD        1
        Start                         REG_DWORD        2
        Type                          REG_DWORD        32
        DependOnService               REG_MULTI_SZ    RpcSs

        ServiceSidType                REG_DWORD        3
        RequiredPrivileges            REG_MULTI_SZ    SeAuditPrivilege

        FailureActions                REG_BINARY    Binary Data

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
        ServiceDll                    REG_EXPAND_SZ    %SystemRoot%\System32\bfe.dll
        ServiceDllUnloadOnStop        REG_DWORD        1
        ServiceMain                   REG_SZ        BfeServiceMain
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
        {29d6b1e0-0635-46da-a9d8-124f050a8ddc}REG_BINARY    Binary Data

        {ea365363-f223-4bc5-a643-a7f81503df2a}REG_BINARY    Binary Data

        {8ff39522-cf15-43e9-a607-4552a65e21a0}REG_BINARY    Binary Data

        {a101a7a4-618a-4917-ab30-9183de11b7ee}REG_BINARY    Binary Data

        {75828924-977c-4c0f-95dd-c685da64210e}REG_BINARY    Binary Data

        {70c59677-aa88-46c3-b3b6-29b577e8e921}REG_BINARY    Binary Data

        {a824d49d-e37c-4ca0-a6dd-dcd545f3d57f}REG_BINARY    Binary Data

        {fe7081a7-5a53-44ba-bf39-fd8355a25789}REG_BINARY    Binary Data

        {aa033e51-767d-48c8-bfa7-7190a75d3e6d}REG_BINARY    Binary Data

        {dd27f269-7fca-438e-bf10-638f3e7db5e3}REG_BINARY    Binary Data

        {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY    Binary Data

        {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY    Binary Data

        {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY    Binary Data

        {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY    Binary Data

        {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY    Binary Data

        {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY    Binary Data

        {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY    Binary Data

        {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY    Binary Data

        {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY    Binary Data

        {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY    Binary Data

        {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY    Binary Data

        {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY    Binary Data

        {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY    Binary Data

        {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY    Binary Data

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
        {ff132ac1-0ba3-4619-9f44-1520ce2027bd}REG_BINARY    Binary Data

        {a5105a61-29c0-48f6-a800-f7c6d5d5a9e1}REG_BINARY    Binary Data

        {ba620d6d-c705-4574-b088-be84f0aaafc4}REG_BINARY    Binary Data

        {256f2e60-cfb2-4782-aaca-61a6551b40ab}REG_BINARY    Binary Data

        {6188bb80-e1f6-4a74-b96c-8285b632f821}REG_BINARY    Binary Data

        {7c4a4f81-2f8c-4a2e-a251-839bf8f9697e}REG_BINARY    Binary Data

        {019b4951-14d0-4ea9-92c8-1e22dbbbdb55}REG_BINARY    Binary Data

        {9200fe7c-1524-47ec-802b-6790340d088a}REG_BINARY    Binary Data

        {7bbe03fc-ecc3-4763-909f-a33bec47509d}REG_BINARY    Binary Data

        {2e5d3da1-e40a-460a-8dd4-bd6e95ca9bac}REG_BINARY    Binary Data

        {22001ee0-8e87-4f75-ba58-248f5918a63a}REG_BINARY    Binary Data

        {79f2a265-b693-4cc9-b480-cbcd87bd4747}REG_BINARY    Binary Data

        {c4b50f21-503e-4d7a-abd4-ed0a823a2453}REG_BINARY    Binary Data

        {91e902db-2cef-4040-b8e2-02fe4fd49c25}REG_BINARY    Binary Data

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
        {29d6b1e0-0635-46da-a9d8-124f050a8ddc}REG_BINARY    Binary Data

        {9092352c-cbfb-4093-a75e-bf9e2a3e6d5f}REG_BINARY    Binary Data

        {ea365363-f223-4bc5-a643-a7f81503df2a}REG_BINARY    Binary Data

        {9dc45b5c-8cd9-4026-8cb5-9c659d75f0f2}REG_BINARY    Binary Data

        {8ff39522-cf15-43e9-a607-4552a65e21a0}REG_BINARY    Binary Data

        {66a3efed-476b-45ff-afd9-479ceaa85f1c}REG_BINARY    Binary Data

        {a101a7a4-618a-4917-ab30-9183de11b7ee}REG_BINARY    Binary Data

        {cf1864e9-3fbd-4207-8c18-36debc495472}REG_BINARY    Binary Data

        {75828924-977c-4c0f-95dd-c685da64210e}REG_BINARY    Binary Data

        {b2902208-57c9-42af-92eb-3bdfc085cfda}REG_BINARY    Binary Data

        {70c59677-aa88-46c3-b3b6-29b577e8e921}REG_BINARY    Binary Data

        {290924f3-af18-45f0-8d2d-af8cc62dc0a3}REG_BINARY    Binary Data

        {a824d49d-e37c-4ca0-a6dd-dcd545f3d57f}REG_BINARY    Binary Data

        {0df582e1-aecf-4924-b0ea-5409c664105b}REG_BINARY    Binary Data

        {fe7081a7-5a53-44ba-bf39-fd8355a25789}REG_BINARY    Binary Data

        {e1cc2302-a07d-4249-8c2d-589212811379}REG_BINARY    Binary Data

        {aa033e51-767d-48c8-bfa7-7190a75d3e6d}REG_BINARY    Binary Data

        {dd5a41e9-52ef-439d-865a-92dc8f6e47e5}REG_BINARY    Binary Data

        {dd27f269-7fca-438e-bf10-638f3e7db5e3}REG_BINARY    Binary Data

        {06b1422d-329c-4b8d-9b41-76adafdf7437}REG_BINARY    Binary Data

        {b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY    Binary Data

        {d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY    Binary Data

        {8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY    Binary Data

        {4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY    Binary Data

        {3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY    Binary Data

        {17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY    Binary Data

        {567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY    Binary Data

        {4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY    Binary Data

        {3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY    Binary Data

        {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY    Binary Data

        {f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY    Binary Data

        {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY    Binary Data

        {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY    Binary Data

        {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY    Binary Data

        {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY    Binary Data

        {4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY    Binary Data

        {be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY    Binary Data

        {716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY    Binary Data

        {1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY    Binary Data

        {07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY    Binary Data

        {5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY    Binary Data

        {b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY    Binary Data

        {0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY    Binary Data

        {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY    Binary Data

        {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY    Binary Data

        {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY    Binary Data

        {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY    Binary Data

        {91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY    Binary Data

        {64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY    Binary Data

        {13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY    Binary Data

        {cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY    Binary Data

        {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY    Binary Data

        {375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY    Binary Data

        {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY    Binary Data

        {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY    Binary Data

        {b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY    Binary Data

        {3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY    Binary Data

        {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY    Binary Data

        {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY    Binary Data

        {56b4fdc4-bb4e-4c42-a9d8-f627ee15ac21}REG_BINARY    Binary Data

        {1ba41ed8-151d-4577-9272-317856bc637c}REG_BINARY    Binary Data

        {9248d57e-f843-4159-807d-3813173e2096}REG_BINARY    Binary Data

        {4658cd86-525d-44ed-98a5-791a7b8655f1}REG_BINARY    Binary Data

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
        {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY    Binary Data

        {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY    Binary Data

        {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY    Binary Data

        {42ff0794-3627-44c1-9886-765010075254}REG_BINARY    Binary Data

        {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY    Binary Data

        {36d5bcc1-49cc-4748-8e5b-3c178d6a2555}REG_BINARY    Binary Data

        {839cd73f-1907-49ea-9aa5-0e6be9048087}REG_BINARY    Binary Data

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
        {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY    Binary Data

        {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY    Binary Data

        {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY    Binary Data

        {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY    Binary Data

        {4224eab7-7d61-4fe0-9264-6d6568d2ddff}REG_BINARY    Binary Data

        {35ebd351-9d71-41ea-a058-722e5f19cba4}REG_BINARY    Binary Data

        {8c36b346-4e0c-4049-8b55-5295ac35567c}REG_BINARY    Binary Data

    --------------fltmgr:--------------
    Type:                   2
    State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE:        0
    SERVICE_EXIT_CODE:      0
    CHECKPOINT:             0
    WAIT_HINT:              0


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
        AttachWhenLoaded              REG_DWORD        1
        DisplayName                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
        Group                         REG_SZ        FSFilter Infrastructure
        ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
        Description                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
        ErrorControl                  REG_DWORD        3
        Start                         REG_DWORD        0
        Tag                           REG_DWORD        1
        Type                          REG_DWORD        2
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
        0                             REG_SZ        Root\LEGACY_FLTMGR\0000
        Count                         REG_DWORD        1
        NextInstance                  REG_DWORD        1


    C:\Windows\system32\drivers\fltmgr.sys
    File Size: 289664    BYTES    FileVersion: 6.1.7601.17514    MD5: [da6b67270fd9db3697b20fce94950741]
    C:\Windows\SysWOW64\mscomctl.ocx
    File Size: 1070152   BYTES    FileVersion: 6.1.98.34    MD5: [e52859fcb7a827cacfce7963184c7d24]
    C:\Windows\SysWOW64\olepro32.dll
    File Size: 90112     BYTES    FileVersion: 6.1.7601.17514    MD5: [703ffd301ab900b047337c5d40fd6f96]


    MBAM Registry Settings and License Info:
    ========================================
    --------------Settings:--------------
    Advanced:
        AutomaticQuarantine:                                       true
        AutostartProtection:                                       true
        LimitedMode:                                               false
        StartSilentMode:                                           false
        StartupDelay:                                              0
    ApplicationState:
        First-Run-After-Installation:                              false
    General:
        DaysUntilNotifyExpiration:                                 5
        Language:                                                  en
        RightClickAccess:                                          true
        SilentErrors:                                              false
    Logging:
        ExportLog:                                                 true
    Notification:
    ProtectionTray:
        DisplayMilliseconds:                                       10000
    ScanHistory:
        Duration_Complete:                                         91000
        Duration_Driver:                                           39000
        Duration_Filesystem:                                       0
        Duration_Heuristics:                                       371000
        Duration_Loading:                                          0
        Duration_MasterBootRecord:                                 0
        Duration_Memory:                                           40000
        Duration_PreScan:                                          21000
        Duration_Registry:                                         10000
        Duration_Sector:                                           0
        Duration_SectorMemory:                                     0
        Duration_Startup:                                          8000
        ItemCount_Complete:                                        312837
        ItemCount_Driver:                                          305
        ItemCount_Filesystem:                                      58006
        ItemCount_Heuristics:                                      12189
        ItemCount_Loading:                                         0
        ItemCount_MasterBootRecord:                                2
        ItemCount_Memory:                                          2797
        ItemCount_PreScan:                                         0
        ItemCount_Registry:                                        591
        ItemCount_Sector:                                          0
        ItemCount_SectorMemory:                                    222
        ItemCount_Startup:                                         917
        LastScanDateEpoch:                                         1404690869099
        LastScanType:                                              3 (Hyper Scan)
    Update:
        LastUpdate:                                                2014-07-06T23:53:49
        NotifyInstallReady:                                        true
        NotifyOutdatedDatabase:                                    1
        ProxyPassword:                                              
        ProxyPort:                                                 0
        ProxyServer:                                                
        ProxyUsername:                                              
        UseProxy:                                                  false
        UseProxyAuthentication:                                    false
    --------------Account:--------------
      Account Status:                                              Free
      Expiration Time:                                              
      Activation Time:                                              
      Trial Used:                                                  false
    --------------Access Policies:--------------

    Scheduler Queue:
    ================


    Pending File Rename Operations:
    ================================
    If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

    MBAMProtector Registry Values:
    ==============================



    MBAMService Registry Values:
    ============================



    MBAMScheduler Registry Values:
    ==============================



    Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
    ===============================================================================

    --------------TERMService:--------------
    Type:                   32
    State:                  1 (The service is not running.) (State is stopped)
    WIN32_EXIT_CODE:        1077
    SERVICE_EXIT_CODE:      0
    CHECKPOINT:             0
    WAIT_HINT:              0


    TermService Start is set to: 3 (Manual Startup)

    Proxy Status: No proxy is Set

    Proxy Override:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
        ProxyOverride    REG_SZ        *.local

    LAN Settings:
    =============

    only 'Automatically detect settings' is selected

    SystemPartition:
    ================

    HKEY_LOCAL_MACHINE\SYSTEM\Setup\
        SystemPartition    REG_SZ        \Device\HarddiskVolume1

    Balloon Tips Status:
    ====================

    Enabled

    Time Format Settings:
    =====================

    Should be:
            h:mm:ss tt
            AM
            PM
            :

    Currently:
    REG_SZ        h:mm:ss tt
    REG_SZ        AM
    REG_SZ        PM
    REG_SZ        :

    Language and Regional Settings:
    ===============================

    ACP:     Language is English (United States)
    MACCP:     Language is English (United States)
    OEMCP:     Language is English (United States)

    Startup Folders for Error_Expanding_Variables Check:
    ====================================================

    All Users Startup Folder Exists.
    Current User's Startup Folder Exists.


    Context Menu Entries:
    =====================

    HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
        (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

    HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
        (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

    HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
        (Default):                    REG_SZ        MBAMShlExt Class
    HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
        (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
        (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
    HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
        (Default):                    REG_SZ        MBAMShlExt Class
    HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
        (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


    HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
        (Default):                    REG_SZ        IMBAMShlExt
    HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
        (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
        (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
        Version                       REG_SZ        1.0
    HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
        (Default):                    REG_SZ        MBAMShlExt Class
    HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
        (Default):                    REG_SZ        D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
        ThreadingModel                REG_SZ        Apartment
    HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
        (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
    HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
        (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
    HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
        (Default):                    REG_SZ        MBAMExt.MBAMShlExt

    HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
    HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
        (Default):                    REG_SZ        MBAMExt 1.0 Type Library
    HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
    HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
        (Default):                    REG_SZ        D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
    HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
        (Default):                    REG_SZ        0
    HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
        (Default):                    REG_SZ        D:\Program Files (x86)\Malwarebytes Anti-Malware
    HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
    HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
        (Default):                    REG_SZ        MBAMExt 1.0 Type Library
    HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
    HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
        (Default):                    REG_SZ        D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
    HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
        (Default):                    REG_SZ        0
    HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
        (Default):                    REG_SZ        D:\Program Files (x86)\Malwarebytes Anti-Malware


    List of MBAM Related Directories:
    =================================

    D:\Program Files (x86)\Malwarebytes Anti-Malware\
    7z.dll                                      File Size: 920888    BYTES    FileVersion:  9.20.0.0       MD5: [9f522b2708cab181c0f137abbcd1de2e]
    changes.txt                                 File Size: 2261      BYTES    FileVersion:  N/A            MD5: [af70267bdf9a37a96f1a79a5c3720ae6]
    license.rtf                                 File Size: 39478     BYTES    FileVersion:  N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]
    master.conf                                 File Size: 1258      BYTES    FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
    mbam.dll                                    File Size: 579896    BYTES    FileVersion:  1.0.7.0        MD5: [d32c2a98859cb22d57a665f15f351e7d]
    mbam.exe                                    File Size: 6970168   BYTES    FileVersion:  1.0.0.532      MD5: [4fbc630768570e6ac35c3de8f6ec79f5]
    mbamcore.dll                                File Size: 1680696   BYTES    FileVersion:  1.0.11.0       MD5: [f722fa26739eafcbd8d5f3829b632cd7]
    mbamdor.exe                                 File Size: 54072     BYTES    FileVersion:  1.0.1.0        MD5: [4da2f2da54a92850f56c0db712058188]
    mbamext.dll                                 File Size: 184632    BYTES    FileVersion:  3.0.4.0        MD5: [945bb364b09f3a8e998dbff02a0a5a58]
    mbampt.exe                                  File Size: 39736     BYTES    FileVersion:  1.0.0.0        MD5: [9acd7583584c93ee542c273df8e91dc1]
    mbamscheduler.exe                           File Size: 1809720   BYTES    FileVersion:  3.0.2.0        MD5: [d84aea3f3329d622dfc1297dddf6163b]
    mbamservice.exe                             File Size: 860472    BYTES    FileVersion:  3.0.2.0        MD5: [4f45ed469906494f9bf754e476390dbd]
    mbamsrv.dll                                 File Size: 4437816   BYTES    FileVersion:  1.1.0.0        MD5: [9b48e38c35f08fa831b387a0b27c40aa]
    msvcp100.dll                                File Size: 421688    BYTES    FileVersion:  10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d]
    msvcr100.dll                                File Size: 774456    BYTES    FileVersion:  10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed]
    QtCore4.dll                                 File Size: 2732856   BYTES    FileVersion:  4.8.4.0        MD5: [30490eed6a1e20e8259c0b9c58f488fe]
    QtGui4.dll                                  File Size: 8575288   BYTES    FileVersion:  4.8.4.0        MD5: [15e21aa7d0c0c994cd565eeb96d13c20]
    QtNetwork4.dll                              File Size: 909112    BYTES    FileVersion:  4.8.4.0        MD5: [d7588d42e29080c32a003bee465160d8]
    unins000.dat                                File Size: 23164     BYTES    FileVersion:  N/A            MD5: [63800c5479235f0235a01cab105d1dc1]
    unins000.exe                                File Size: 718037    BYTES    FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]

    D:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

    D:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
    chameleon.chm                               File Size: 235882    BYTES    FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
    firefox.com                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
    firefox.exe                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
    firefox.pif                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
    firefox.scr                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
    iexplore.exe                                File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
    mbam-chameleon.com                          File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
    mbam-chameleon.exe                          File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
    mbam-chameleon.pif                          File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
    mbam-chameleon.scr                          File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
    mbam-killer.exe                             File Size: 1181496   BYTES    FileVersion:  N/A            MD5: [c6927fd8f7e9105b64db5d5a08b53731]
    rundll32.exe                                File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
    svchost.exe                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
    windows.exe                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
    winlogon.exe                                File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]

    D:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
    qgif4.dll                                   File Size: 32568     BYTES    FileVersion:  4.8.4.0        MD5: [e59f533c26c8375cd120b4791482217e]

    D:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
    lang_bg.qm                                  File Size: 144048    BYTES    FileVersion:  N/A            MD5: [9ccb79999432d56b9843a3e2b2c90325]
    lang_bs.qm                                  File Size: 145523    BYTES    FileVersion:  N/A            MD5: [6ab7a6274d4f9f7553c944f5c66201ba]
    lang_ca.qm                                  File Size: 132254    BYTES    FileVersion:  N/A            MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]
    lang_cs.qm                                  File Size: 141243    BYTES    FileVersion:  N/A            MD5: [6b8acee7f461fa69b83d2c45c3725427]
    lang_da.qm                                  File Size: 130101    BYTES    FileVersion:  N/A            MD5: [8539796784746218b229419e99ab308d]
    lang_de.qm                                  File Size: 149462    BYTES    FileVersion:  N/A            MD5: [fcd3bc376ad219396e8c7d3c87cd8864]
    lang_el.qm                                  File Size: 149912    BYTES    FileVersion:  N/A            MD5: [74f13f95f63fe96c08e571598df052d6]
    lang_en.qm                                  File Size: 115961    BYTES    FileVersion:  N/A            MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]
    lang_es.qm                                  File Size: 130487    BYTES    FileVersion:  N/A            MD5: [33e1c6d40b841cc2e783ec8d8102e66f]
    lang_et.qm                                  File Size: 138126    BYTES    FileVersion:  N/A            MD5: [aa215b5f37a72a69854c9163ac543b51]
    lang_fi.qm                                  File Size: 144256    BYTES    FileVersion:  N/A            MD5: [18912c339939c3a6629004ec900f4fe4]
    lang_fr.qm                                  File Size: 149253    BYTES    FileVersion:  N/A            MD5: [ec2bf2f431c4273f151b8c8a7b84c387]
    lang_he.qm                                  File Size: 116101    BYTES    FileVersion:  N/A            MD5: [9e692744e77051c6ce14df32f9b71920]
    lang_hr.qm                                  File Size: 139841    BYTES    FileVersion:  N/A            MD5: [3e3737fe86eb595c5f6817eebf731aa7]
    lang_hu.qm                                  File Size: 145621    BYTES    FileVersion:  N/A            MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]
    lang_id.qm                                  File Size: 143102    BYTES    FileVersion:  N/A            MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]
    lang_it.qm                                  File Size: 146851    BYTES    FileVersion:  N/A            MD5: [7e7aea7d0b433d7e912ed9f0887684a7]
    lang_ja.qm                                  File Size: 121282    BYTES    FileVersion:  N/A            MD5: [19ac79b7a5e05d665e417c2dd75afc94]
    lang_ko.qm                                  File Size: 118033    BYTES    FileVersion:  N/A            MD5: [de213178c14490bf452ea45278d3442d]
    lang_nl.qm                                  File Size: 146325    BYTES    FileVersion:  N/A            MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]
    lang_no.qm                                  File Size: 142918    BYTES    FileVersion:  N/A            MD5: [4388c08217618af2e24173af6f5d3f97]
    lang_pl.qm                                  File Size: 145434    BYTES    FileVersion:  N/A            MD5: [699700c889447d1f9b607c04f07fff67]
    lang_pt_BR.qm                               File Size: 131739    BYTES    FileVersion:  N/A            MD5: [a3430222223d59da8ec6ea1edae5ee2f]
    lang_pt_PT.qm                               File Size: 149128    BYTES    FileVersion:  N/A            MD5: [afdf1907af4c95f9af510d5fc1bb9067]
    lang_ro.qm                                  File Size: 121166    BYTES    FileVersion:  N/A            MD5: [1672a2b3a9807a1497fe43824c0026c0]
    lang_ru.qm                                  File Size: 122186    BYTES    FileVersion:  N/A            MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]
    lang_sk.qm                                  File Size: 119827    BYTES    FileVersion:  N/A            MD5: [8b200d162e8028843e41aa1a927cfd84]
    lang_sl.qm                                  File Size: 143191    BYTES    FileVersion:  N/A            MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]
    lang_sr.qm                                  File Size: 143261    BYTES    FileVersion:  N/A            MD5: [377d15c0da0249f4a7a58978b6307d81]
    lang_sv.qm                                  File Size: 142525    BYTES    FileVersion:  N/A            MD5: [2587ead21967296fefdd0ee0684fe8b4]
    lang_tr.qm                                  File Size: 142194    BYTES    FileVersion:  N/A            MD5: [880fcbe97ec6f13ec094f7371b5b295f]
    lang_vi.qm                                  File Size: 126874    BYTES    FileVersion:  N/A            MD5: [c61281786b5bfec68afc742a19f6abd9]
    lang_zh_tr.qm                               File Size: 110870    BYTES    FileVersion:  N/A            MD5: [f223d83580b1ee35edea13293cb2c80d]

    D:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
    fixdamage.exe                               File Size: 821560    BYTES    FileVersion:  1.1.0.1010     MD5: [3a4dcd021d9f3a5305a22e5e309da305]

    C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
    actions.ref                                 File Size: 314       BYTES    FileVersion:  N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]
    cleanup.dll                                 File Size: 1675064   BYTES    FileVersion:  0.6.7.0        MD5: [5c7e53d7eabd1618afc1bd156a6fd064]
    domains.ref                                 File Size: 38        BYTES    FileVersion:  N/A            MD5: [8c30b536b67543eb68e68b9640d4d498]
    exclusions.dat                              File Size: 1427      BYTES    FileVersion:  N/A            MD5: [b2395d7683c74da6ee160418f42c244d]
    ips.ref                                     File Size: 33        BYTES    FileVersion:  N/A            MD5: [8a1c580788ea8de3f32862c2c1cf373c]
    mbam-setup.exe                              File Size: 17292760  BYTES    FileVersion:  2.0.2.1012     MD5: [e90bf9e1562f40140161573b79cd5720]
    rules.ref                                   File Size: 8729970   BYTES    FileVersion:  N/A            MD5: [65b2b560a1fe221345a953abb7838445]
    S-1-5-18-0-ntuser.dat                   S-1-5-18-0-ntuser.dat.LOG1              S-1-5-18-0-ntuser.dat.LOG2              S-1-5-18-0-ntuser.dat{78f3eeb8-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-18-0-ntuser.dat{78f3eeb8-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-18-0-ntuser.dat{78f3eeb8-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-19-0-ntuser.dat                   S-1-5-19-0-ntuser.dat.LOG1              S-1-5-19-0-ntuser.dat.LOG2              S-1-5-19-0-ntuser.dat{78f3eebe-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-19-0-ntuser.dat{78f3eebe-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-19-0-ntuser.dat{78f3eebe-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-20-0-ntuser.dat                   S-1-5-20-0-ntuser.dat.LOG1              S-1-5-20-0-ntuser.dat.LOG2              S-1-5-20-0-ntuser.dat{78f3eec4-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-20-0-ntuser.dat{78f3eec4-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-20-0-ntuser.dat{78f3eec4-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.datS-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat.LOG1S-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat.LOG2S-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat{78f3eeca-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat{78f3eeca-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat{78f3eeca-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.datS-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat.LOG1S-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat.LOG2S-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat{78f3eed0-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat{78f3eed0-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat{78f3eed0-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.datS-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat.LOG1S-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat.LOG2S-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blfS-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-msS-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-msswissarmy.ref                               File Size: 21891     BYTES    FileVersion:  N/A            MD5: [6213d4017bb6dc68b54e98dddd8ab5d5]

    C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
    build.conf                                  File Size: 4491      BYTES    FileVersion:  N/A            MD5: [4b1f75d72332c074964e923d01882222]
    database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
    gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
    license.conf                                File Size: 23        BYTES    FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
    manifest.conf                               File Size: 2126      BYTES    FileVersion:  N/A            MD5: [c0b22c1280da6ac3125c1a11224d0406]
    marketing.conf                              File Size: 1434      BYTES    FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
    net.conf                                    File Size: 6101      BYTES    FileVersion:  N/A            MD5: [a96d1151fca43863d0017b0811398287]
    notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
    scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
    settings.conf                               File Size: 2052      BYTES    FileVersion:  N/A            MD5: [a927c25886c6b0ec226fdd40c70bbeda]
    statistics.conf                             File Size: 173       BYTES    FileVersion:  N/A            MD5: [e3bd8244795f13c8552c7490f79f252a]

    C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
    mbam-log-2014-04-08 (16-52-22).xml          File Size: 2468      BYTES    FileVersion:  N/A            MD5: [53ce99e2c791e8bd9f93e81f9a22e38c]
    mbam-log-2014-04-19 (04-09-40).xml          File Size: 2468      BYTES    FileVersion:  N/A            MD5: [b15062ec1cc30eda6cb1ef92f685e5af]
    mbam-log-2014-05-02 (04-36-48).xml          File Size: 2820      BYTES    FileVersion:  N/A            MD5: [4193022ee1ff95cb6be57a582373f416]
    mbam-log-2014-05-02 (04-40-44).xml          File Size: 2462      BYTES    FileVersion:  N/A            MD5: [30fd7aa8972731ccba974c45a1335b30]
    mbam-log-2014-07-06 (07-37-49).xml          File Size: 2492      BYTES    FileVersion:  N/A            MD5: [c716fd0bf0c86f917aed82130584d8e0]
    mbam-log-2014-07-06 (19-08-28).xml          File Size: 2480      BYTES    FileVersion:  N/A            MD5: [efb69602943cc9affe46140f9717dea8]
    mbam-log-2014-07-06 (19-09-18).xml          File Size: 2492      BYTES    FileVersion:  N/A            MD5: [6e8a3a8cacf561934a86728c3939db28]
    protection-log-2014-04-08.xml               File Size: 654       BYTES    FileVersion:  N/A            MD5: [8cd8740eb92d98f68ba2114ed3451632]
    protection-log-2014-04-19.xml               File Size: 356       BYTES    FileVersion:  N/A            MD5: [632d68e1585002e3d997e2dc7e4f53c3]
    protection-log-2014-07-06.xml               File Size: 2429      BYTES    FileVersion:  N/A            MD5: [f241145bd17c525822f157bcf2d8efd3]

    C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
    0368574352.data                             File Size: 705       BYTES    FileVersion:  N/A            MD5: [a7c6c70cc0f30f420a4a1d0554489a09]
    0368574352.quar                             File Size: 903256    BYTES    FileVersion:  N/A            MD5: [4c071d75ecee5036aa667dbf06521c41]

    Malware Exclusions:
    ===================
    Web Exclusions:
    ================
    Quarantined Items:
    ===================
    ===============================================================
    END OF FILE
     

  10. Hello MBAM,

     

    MBAM v2.1.0.0002 runs Threat Scan, and finds no errors. Re-running MBAM Custom scan on C, D, & E drives with Rootkit detect caused APPCRASH.

     

    I completely uninstalled MBAM then re-installed MBAM v2.1.0.0002 and updated signatures, then re-ran Threat Scan with no errors, but custom scan on C, D, & E drive with Rootkit detection gave same APPCRASH. Fault Module Name: mbamcore.dll

     

    I ran MBAM custom scan again with Rootkit detection but with no drives checkmarked. MBAM ran successfully with no rootkit found and no APPCRASH.

     

    The computer has been running all applications normally at normal speed with no obvious issues. My only problem is that MBAM will not do a custom scan on all my hard disks.

     

    When I try Custom Scan on C, D, & E drives, all phases except final phase complete normally with no threats detected, but I get APPCRASH after about 6,000 files are scanned.

     

    Both MS Security Essentials and Super Anti-Spyware detect no threats.

     

    See FRST log in this post. See three more logs in Post #2 (otherwise too long for forum).

     

    Thank you for your help.

     

    DW

     

    Here is FRST log:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
    Ran by RAS (administrator) on I7 on 06-07-2014 22:51:32
    Running from D:\Desk i7
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    () D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Linksys, a division of Cisco Systems, Inc.) C:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Monitor.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Linksys, a division of Cisco Systems, Inc.) C:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Recorder.exe
    (BillP Studios) D:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    (ASUS) D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHook32.exe
    (Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
    () D:\Program Files (x86)\Explorer++\Explorer++.exe
    (ASUS) D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHook64.exe
    (Fookes Holding Ltd) D:\Program Files (x86)\NoteTab Pro 6\NotePro.exe
    () D:\Program Files (x86)\Everything\Everything.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    () D:\Program Files (x86)\Explorer++\Explorer++.exe
    (Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    () D:\Program Files (x86)\Explorer++\Explorer++.exe
    () D:\Program Files (x86)\Explorer++\Explorer++.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [Monitor.exe] => C:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Monitor.exe [1118208 2008-08-14] (Linksys, a division of Cisco Systems, Inc.)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
    HKLM-x32\...\Run: [Recorder.exe] => C:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Recorder.exe [348160 2008-08-21] (Linksys, a division of Cisco Systems, Inc.)
    HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
    HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *?* <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\lastpassbroker.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\lastpassbroker.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\easy imager\zoomifyer.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\gotoassistdownloadhelper.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\easy imager\zoomifyer.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: D:\Desk i7\ProcessMonitor\Procmon.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\lastpassbroker.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\easy imager\zoomifyer.exe <====== ATTENTION
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer: [NoStrCmpLogical] 0
    HKU\S-1-5-21-868819068-3257824110-3933167620-1000\...\Run: [Google Update] => C:\Users\RAS\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-20] (Google Inc.)
    HKU\S-1-5-21-868819068-3257824110-3933167620-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-12] (Google Inc.)
    HKU\S-1-5-21-868819068-3257824110-3933167620-1000\...\Run: [WinPatrol] => D:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [527936 2014-03-22] (BillP Studios)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    BootExecute: autocheck autochk *  sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6F619AE3EBD7CA01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - D:\Program Files (x86)\LPToolbar_x64.dll (LastPass)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - D:\Program Files (x86)\LPToolbar.dll (LastPass)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LPToolbar_x64.dll (LastPass)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LPToolbar.dll (LastPass)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default
    FF DefaultSearchEngine: Google
    FF Homepage: news.google.com
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @lastpass.com/NPLastPass - D:\Program Files (x86)\nplastpass64.dll (LastPass)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @lastpass.com/NPLastPass - D:\Program Files (x86)\nplastpass.dll (LastPass)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Cs4\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\RAS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\RAS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\RAS\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\RAS\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\RAS\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\RAS\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: LastPass - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\support@lastpass.com [2014-03-04]
    FF Extension: Html Validator - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2013-10-24]
    FF Extension: Malware Search - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2013-01-04]
    FF Extension: FireFTP - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-04-05]
    FF Extension: Adblock Plus - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-13]
    FF Extension: UnMHT - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2011-10-03]
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-07]
    FF HKLM-x32\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
    FF Extension: Mozilla hotfix - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2013-04-10]
    FF HKCU\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
    FF Extension: Mozilla hotfix - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2013-04-10]
    FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Chrome:
    =======
    CHR HomePage: hxxp://news.google.com/
    CHR StartupUrls: "hxxp://news.google.com/"
    CHR Extension: (Google Docs) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
    CHR Extension: (Google Drive) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
    CHR Extension: (James White) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2013-12-11]
    CHR Extension: (YouTube) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]
    CHR Extension: (Adblock Plus) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-29]
    CHR Extension: (Google Search) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]
    CHR Extension: (High Contrast) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2014-04-12]
    CHR Extension: (FVD Downloader) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-04-13]
    CHR Extension: (WeatherBug) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2013-11-25]
    CHR Extension: (Google Wallet) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-25]
    CHR Extension: (Gmail) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]

    ==================== Services (Whitelisted) =================

    S3 !SASCORE; D:\Program Files (x86)\SuperAntiSpyware\SASCORE64.EXE [140672 2012-09-09] (SUPERAntiSpyware.com) [File not signed]
    S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2011-01-11] (Adobe Systems Incorporated)
    S3 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
    S3 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.) [File not signed]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    S4 NMSAccess; D:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
    S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
    S3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
    S3 SBSDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]

    ==================== Drivers (Whitelisted) ====================

    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
    S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-06] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed]
    S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
    R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [222160 2010-06-04] (TrueCrypt Foundation)
    U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
    R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
    R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
    R2 WinFLdrv; C:\Windows\SysWow64\WinFLdrv.sys [21888 2010-06-04] ()
    S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
    S1 SABKUTIL; \??\D:\Program Files (x86)\SuperAntiSpyware\SABKUTIL.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-07-06 21:31 - 2014-07-06 21:31 - 00044008 _____ () C:\Users\RAS\Desktop\CheckResults.txt
    2014-07-06 19:53 - 2014-07-06 22:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-06 19:52 - 2014-07-06 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-06 19:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-07-06 19:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-07-06 19:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-07-06 19:32 - 2014-07-06 19:35 - 00003354 _____ () C:\Users\RAS\Desktop\Rkill.txt
    2014-07-03 19:35 - 2014-07-03 19:35 - 00000000 _____ () C:\Users\RAS\AppData\Local\{C8F06ACA-8349-4451-8373-B934F3C67F42}
    2014-06-25 19:01 - 2014-07-05 21:31 - 00000000 ____D () C:\Users\RAS\AppData\Local\Adobe
    2014-06-23 18:49 - 2014-06-23 18:49 - 00258744 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-06-23 18:49 - 2014-06-23 18:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
    2014-06-23 18:49 - 2014-06-23 18:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
    2014-06-23 18:48 - 2014-06-23 18:48 - 00001424 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-06-23 18:48 - 2014-06-23 18:48 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
    2014-06-23 18:48 - 2014-06-23 18:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
    2014-06-23 18:48 - 2014-06-23 18:48 - 00000000 ____D () C:\Users\Administrator
    2014-06-23 18:48 - 2010-06-05 09:43 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
    2014-06-23 18:48 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-06-23 18:48 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-06-21 13:30 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-06-21 13:30 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-06-21 13:30 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-06-21 13:30 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-06-21 13:30 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-06-21 13:30 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-06-21 13:30 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-06-21 13:30 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-06-21 13:30 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-06-21 13:30 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-06-21 13:30 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-06-21 13:30 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-06-21 13:30 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-06-21 13:30 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-06-21 13:30 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-06-21 13:30 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-06-21 13:30 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-06-21 13:30 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-06-21 13:30 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-06-21 13:30 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-06-21 13:30 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-06-21 13:30 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-06-21 13:30 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-06-21 13:30 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-06-21 13:30 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-06-21 13:30 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-06-21 13:30 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-06-21 13:30 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-06-21 13:30 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-06-21 13:30 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-06-21 13:30 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-06-21 13:30 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-06-21 13:30 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-06-21 13:30 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-06-21 13:30 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-06-21 13:30 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-06-21 13:30 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-06-21 13:30 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-06-21 13:30 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-06-21 13:30 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-06-21 13:30 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-06-21 13:30 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-06-21 13:30 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-06-21 13:30 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-06-21 13:30 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-06-21 13:30 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-06-21 13:30 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-06-21 13:30 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-06-21 13:30 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-06-21 13:30 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-06-21 13:30 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-06-21 13:30 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-06-21 13:30 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-06-21 13:30 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2014-06-21 13:30 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-06-21 13:30 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2014-06-21 13:30 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-06-21 13:30 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-06-21 13:30 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-06-21 13:30 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-06-21 13:30 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-06-21 13:30 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-06-21 13:30 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-06-21 13:30 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-06-21 13:30 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-06-21 13:30 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-06-21 13:30 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2014-06-21 13:30 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-06-21 13:30 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-06-21 13:30 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-06-21 13:30 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-06-21 13:30 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2014-06-21 13:30 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-06-21 13:30 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2014-06-21 13:30 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-06-21 13:30 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-06-21 13:30 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-06-21 13:30 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-06-21 13:30 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-06-21 13:30 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-06-21 13:30 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-06-21 13:30 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-06-21 13:30 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-06-21 13:30 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-06-21 13:30 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-06-21 13:30 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-06-21 13:30 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-06-21 13:30 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-06-21 13:30 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-06-21 13:30 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-06-21 13:30 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-06-21 13:30 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-06-21 13:30 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-06-21 13:30 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-06-21 13:30 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-06-21 13:30 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-06-21 13:30 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-06-21 13:30 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-06-21 13:30 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-06-21 13:30 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-06-21 13:30 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-06-21 13:30 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-06-21 13:30 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-06-21 13:30 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-06-21 13:30 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-06-21 13:30 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-06-21 13:30 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-06-21 13:30 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-06-21 13:30 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-06-20 03:14 - 2014-06-20 03:14 - 00000000 ____D () C:\ProgramData\GRETECH
    2014-06-17 15:55 - 2014-07-06 22:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-06-17 15:55 - 2014-07-06 19:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-06-17 15:55 - 2014-06-17 15:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-06-17 15:55 - 2014-06-17 15:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-06-17 01:31 - 2014-07-06 22:36 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000UA.job
    2014-06-17 01:31 - 2014-07-06 07:35 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000Core.job
    2014-06-17 01:31 - 2014-06-17 01:31 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000UA
    2014-06-17 01:31 - 2014-06-17 01:31 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000Core

    ==================== One Month Modified Files and Folders =======

    2014-07-06 22:51 - 2014-04-05 22:37 - 00000000 ____D () C:\FRST
    2014-07-06 22:36 - 2014-06-17 01:31 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000UA.job
    2014-07-06 22:31 - 2014-07-06 19:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-06 22:26 - 2012-06-17 00:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-07-06 22:00 - 2014-06-17 15:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-06 21:31 - 2014-07-06 21:31 - 00044008 _____ () C:\Users\RAS\Desktop\CheckResults.txt
    2014-07-06 21:24 - 2010-04-09 07:54 - 01613865 _____ () C:\Windows\WindowsUpdate.log
    2014-07-06 20:34 - 2014-04-07 01:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-07-06 19:52 - 2014-07-06 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-06 19:52 - 2009-07-14 00:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-06 19:52 - 2009-07-14 00:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-06 19:45 - 2014-06-17 15:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-06 19:44 - 2014-04-11 03:44 - 00001344 _____ () C:\Windows\setupact.log
    2014-07-06 19:44 - 2014-04-11 03:43 - 00033268 _____ () C:\Windows\PFRO.log
    2014-07-06 19:44 - 2010-04-08 22:11 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-07-06 19:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-06 19:35 - 2014-07-06 19:32 - 00003354 _____ () C:\Users\RAS\Desktop\Rkill.txt
    2014-07-06 07:35 - 2014-06-17 01:31 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000Core.job
    2014-07-05 21:31 - 2014-06-25 19:01 - 00000000 ____D () C:\Users\RAS\AppData\Local\Adobe
    2014-07-03 19:35 - 2014-07-03 19:35 - 00000000 _____ () C:\Users\RAS\AppData\Local\{C8F06ACA-8349-4451-8373-B934F3C67F42}
    2014-06-30 19:17 - 2012-05-04 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-06-23 18:54 - 2012-06-17 00:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-06-23 18:54 - 2012-04-02 19:33 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-06-23 18:54 - 2011-06-08 08:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-06-23 18:49 - 2014-06-23 18:49 - 00258744 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-06-23 18:49 - 2014-06-23 18:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
    2014-06-23 18:49 - 2014-06-23 18:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
    2014-06-23 18:48 - 2014-06-23 18:48 - 00001424 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-06-23 18:48 - 2014-06-23 18:48 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
    2014-06-23 18:48 - 2014-06-23 18:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
    2014-06-23 18:48 - 2014-06-23 18:48 - 00000000 ____D () C:\Users\Administrator
    2014-06-23 18:48 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2014-06-21 18:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-06-21 13:37 - 2013-07-17 08:53 - 00000000 ____D () C:\Windows\system32\MRT
    2014-06-20 03:14 - 2014-06-20 03:14 - 00000000 ____D () C:\ProgramData\GRETECH
    2014-06-18 16:11 - 2013-03-13 03:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-06-17 15:55 - 2014-06-17 15:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-06-17 15:55 - 2014-06-17 15:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-06-17 01:31 - 2014-06-17 01:31 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000UA
    2014-06-17 01:31 - 2014-06-17 01:31 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000Core
    2014-06-10 21:05 - 2010-04-12 02:43 - 00000000 ____D () C:\Users\RAS\AppData\Roaming\Mozilla
    2014-06-09 13:54 - 2014-04-07 01:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2012-03-01 03:26

    ==================== End Of Log ============================

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.