Jump to content

jtmal

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by jtmal

  1. I tap 5 on restart but only get to safety mode not safe mode with networking, namely the internet not working (win 8). So I downloaded the software before hand, and got several runtime error. So, even in safe mode, it won't run.
  2. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014 Ran by sths at 2014-06-03 13:52:11 Running from C:\Users\sths\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.26 - ASUS) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS) ASUS S200 Product Demo (HKLM-x32\...\{5E396FE4-6110-41C9-9B1F-2F30A4A13715}) (Version: 1.0.0 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS) ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS) BodyMedia SYNC (HKLM-x32\...\InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}) (Version: 2.3.1.102 - BodyMedia, Inc.) BodyMedia SYNC (x32 Version: 2.3.1.102 - BodyMedia, Inc.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation) Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LINE (HKLM-x32\...\LINE) (Version: 3.6.0.32 - LINE Corporation) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.) McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.5.0.3026 - McAfee, Inc.) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RealDownloader (x32 Version: 17.0.8 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.8 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6798 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Trojan Killer (HKLM-x32\...\GridinSoft Trojan Killer) (Version: 2.2.3.0 - GridinSoft LLC) UpdaterEX (HKCU\...\UpdaterEX) (Version: - UpdaterEX) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun) Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS) Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS) WinSCP 5.5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl) Wondershare Dr.Fone for iOS(Build 3.5.0.25) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 3.5.0.25 - Wondershare Software Co.,Ltd.) 影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden 照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 14-05-2014 02:54:28 Windows Update 24-05-2014 03:42:43 Scheduled Checkpoint 02-06-2014 08:26:55 Scheduled Checkpoint ==================== Hosts content: ========================== 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {02E8A147-F804-4ED6-9FC2-CBAD424209EA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation) Task: {043A50E1-7573-43A3-BA63-E6B9E410A606} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3899131719-2119895427-2976753554-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-03-15] (RealNetworks, Inc.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {25364BF5-6A25-42E6-B759-6564DCA5C69D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2FDDB8C7-B31B-4AAE-A485-DBAF498C3568} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {30423EC3-CE9B-4D77-B556-69F3B3375C72} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4BAD6C1A-5832-48AD-907C-F4877A11BAAA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-15] (Microsoft Corporation) Task: {54F9CB99-006F-4116-B5FA-3A8FC99B48C9} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe [2014-05-16] (GridinSoft LLC.) Task: {624B9C7C-3482-439D-89EA-BC9D153348B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.) Task: {6623E598-77DE-4D18-A35F-34F08C363AAF} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS) Task: {6A8B815E-59D6-41D7-A166-231E838389D7} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {6FCBAB4A-C43B-43FA-9425-BF46D87737A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.) Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {7470FC56-DB13-4D82-96B8-97AB0CC57B36} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.) Task: {75867CC9-E3EA-443C-AACF-69191E8349BB} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] () Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7D686261-8CB2-4179-8D7C-857639846A1C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {93F2691B-BDE5-4221-9826-764201727616} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {9FF7F3C3-472E-46C6-9907-D036D2812D0F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {B48CD2B9-10DB-4E33-A100-11B78B912C23} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {BFFFA0E0-2A94-4753-8713-E5E2B730E749} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: {C285B7CD-1259-43BD-A1B1-D517C846A27B} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {C6FDABC3-CD39-493D-9A2A-4F5FD8235AC6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {C7F3E264-9E3F-46F5-B7B0-BE026AF018BB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-13] (Microsoft Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D3677708-D4AE-4269-BE48-71D423263ADB} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PERSONALPC-sths personalpc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-05-13] (Microsoft Corporation) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DDC7E7D4-CC74-4C68-9F24-2701F66A2113} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3899131719-2119895427-2976753554-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-03-15] (RealNetworks, Inc.) Task: {DE85209D-729F-4262-ABCD-81106F7D07D5} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {EFDFBC25-260A-410A-8831-FC3C8AC2BC4F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.) Task: {FBFED818-AD33-4CA6-8B05-D884AA20CB9B} - System32\Tasks\UpdaterEX => C:\Users\sths\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {FD47C1E2-3C0D-428E-9DBE-900F78917535} - System32\Tasks\ASUS VivoBook => C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe [2012-12-25] (ASUSTeK Computer Inc.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\sths\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-03-28 13:56 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-02-21 09:22 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2014-05-29 06:16 - 2014-05-29 06:16 - 00241344 _____ () C:\Program Files\pcmax\pcmax.exe 2014-03-15 03:18 - 2014-03-15 03:18 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-05-13 21:17 - 2014-05-13 21:17 - 08889512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-03-20 21:13 - 2014-03-20 21:13 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-08-22 02:19 - 2013-08-22 01:54 - 00049664 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Graphics.winmd 2014-04-28 06:13 - 2014-04-28 06:13 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll 2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2012-11-29 19:15 - 2012-11-29 19:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-04-07 17:31 - 2014-04-07 17:31 - 00869976 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll 2014-05-21 08:05 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll 2014-05-21 08:05 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll 2014-05-21 08:05 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll 2014-05-21 08:05 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll 2014-05-21 08:05 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll 2013-05-14 21:37 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2014-05-21 08:05 - 2014-05-13 18:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll 2014-04-13 08:46 - 2014-04-13 08:46 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2014-04-02 08:51 - 2014-04-02 08:51 - 00113664 _____ () C:\Program Files (x86)\Naver\LINE\PlayerHelper.dll 2014-04-29 11:42 - 2014-04-29 11:42 - 02453352 _____ () C:\Program Files (x86)\Naver\LINE\amp-dll.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\sths\SkyDrive:ms-properties AlternateDataStreams: C:\Users\sths\SkyDrive (2).old:ms-properties AlternateDataStreams: C:\Users\sths\SkyDrive (3).old:ms-properties AlternateDataStreams: C:\Users\sths\SkyDrive (4).old:ms-properties AlternateDataStreams: C:\Users\sths\SkyDrive (5).old:ms-properties AlternateDataStreams: C:\Users\sths\SkyDrive (6).old:ms-properties AlternateDataStreams: C:\Users\sths\SkyDrive (7).old:ms-properties ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe" MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe" MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/03/2014 01:45:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x760 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:44:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x5c4 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:44:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1bac Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:31:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0xdf0 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:29:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1880 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:29:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x7b4 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:27:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1014 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:26:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x182c Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:25:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x5c4 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:25:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1430 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 System errors: ============= Error: (06/03/2014 00:58:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Defender Service service failed to start due to the following error: %%577 Error: (06/03/2014 00:55:47 PM) (Source: DCOM) (EventID: 10010) (User: PERSONALPC) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (06/03/2014 11:34:14 AM) (Source: DCOM) (EventID: 10000) (User: PERSONALPC) Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} Error: (06/03/2014 11:13:29 AM) (Source: DCOM) (EventID: 10010) (User: PERSONALPC) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (06/03/2014 10:53:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (06/03/2014 10:53:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMScheduler service failed to start due to the following error: %%1053 Error: (06/03/2014 10:53:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect. Error: (06/03/2014 10:52:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UAC File Virtualization service failed to start due to the following error: %%1275 Error: (06/03/2014 10:44:23 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The pcmaxservice Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (06/03/2014 08:34:14 AM) (Source: DCOM) (EventID: 10000) (User: PERSONALPC) Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} Microsoft Office Sessions: ========================= Error: (06/03/2014 01:45:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd76001cf7f5bf389c826C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll31862eac-eb4f-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:44:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5c401cf7f5be8543f1eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll2667eae4-eb4f-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:44:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1bac01cf7f5be4c4c098C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll233cbfa8-eb4f-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:31:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fddf001cf7f59face24ecC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll39058b73-eb4d-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:29:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd188001cf7f59d25444a9C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll1094d489-eb4d-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:29:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7b401cf7f59cd48a96cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll0bb07714-eb4d-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:27:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd101401cf7f59695ec62bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlla7edd194-eb4c-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:26:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd182c01cf7f59544f7e11C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll9285d2f6-eb4c-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:25:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5c401cf7f5930070429C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll6e44fb7d-eb4c-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:25:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd143001cf7f592cf82c6bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll6b5dd6cf-eb4c-11e3-befa-60a44c72ff53 CodeIntegrity Errors: =================================== Date: 2014-06-03 12:58:02.135 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-21 19:17:01.407 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:17:01.203 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:17:00.990 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:17:00.405 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:17:00.115 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:16:59.874 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:16:59.724 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:16:59.621 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:16:59.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 56% Total physical RAM: 3981.81 MB Available physical RAM: 1720.59 MB Total Pagefile: 5773.81 MB Available Pagefile: 3087.18 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:144.08 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:257.59 GB) NTFS Drive f: () (Removable) (Total:14.9 GB) (Free:13.4 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 3E1AB738) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  3. after i did everything on the list, anti-Malware still won't start. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014Ran by sths (administrator) on PERSONALPC on 03-06-2014 13:49:23Running from C:\Users\sths\DownloadsPlatform: Windows 8.1 (Update 1) (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe() C:\Program Files\pcmax\pcmax.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(BodyMedia, Inc.) C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe(LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-04-07] (RealNetworks, Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-3899131719-2119895427-2976753554-1001\...\Run: [Epson Stylus NX430] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-3899131719-2119895427-2976753554-1001\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()HKU\S-1-5-21-3899131719-2119895427-2976753554-1001\...\Policies\Explorer: [HideSCAHealth] 1Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BodyMedia Sync.lnkShortcutTarget: BodyMedia Sync.lnk -> C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe (BodyMedia, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnkShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3320048&octid=EB_ORIGINAL_CTID&ISID=MD65A02BD-02FD-4902-86D6-986F4D7E4485&SearchSource=55&CUI=&UM=5&UP=SP4C87D1B0-032E-4621-85A1-B5F4C7EF3E59&SSPV=TBannersA_sp_ieHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAB12AC8D1B6FCF01HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankSearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JSSearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JSSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JSSearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP54A9E12F-0E05-4073-A618-7703914C21A0&q={searchTerms}&SSPV=SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No FileToolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No FileToolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)Tcpip\Parameters: [DhcpNameServer] 4.2.2.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pptv.com/plugin - C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.4.1.0039\npplugin2.dll No FileFF Plugin-x32: @real.com/nppl3260;version=17.0.8.22 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=17.0.8.22 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{0FAA5C82-A094-4541-8811-D3361F972A81}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKFF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-11-27] Chrome: =======CHR HomePage: hxxp://search.conduit.com/?ctid=CT3318665&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP4C87D1B0-032E-4621-85A1-B5F4C7EF3E59&SSPV=TBannersA_sp_chCHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP4C87D1B0-032E-4621-85A1-B5F4C7EF3E59&SSPV=TBannersA_sp_ch"CHR Extension: (Google Drive) - C:\Users\sths\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-13]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sths\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]CHR Extension: (YouTube) - C:\Users\sths\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-13]CHR Extension: (Google Search) - C:\Users\sths\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-13]CHR Extension: (Stylish) - C:\Users\sths\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-03-14]CHR Extension: (Google Wallet) - C:\Users\sths\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]CHR Extension: (Gmail) - C:\Users\sths\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-13]CHR HKLM\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\sths\AppData\Local\nwhb-v9.4.15.crx [2014-03-20]CHR HKCU\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\sths\AppData\Local\nwhb-v9.4.15.crx [2014-03-20]CHR HKLM-x32\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\sths\AppData\Local\nwhb-v9.4.15.crx [2014-03-20]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-03-15] ==================== Services (Whitelisted) ================= R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)R3 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R3 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-03-15] ()R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-07] (RealNetworks, Inc.)R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-03-20] ()R3 WakeupService; C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [45488 2012-12-20] (ASUSTek Computer Inc.)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-08] (Microsoft Corporation)R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-08] (Microsoft Corporation)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2014-05-16] (Windows ® Win 7 DDK provider)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-03 13:49 - 2014-06-03 13:50 - 00023449 _____ () C:\Users\sths\Downloads\FRST.txt2014-06-03 13:48 - 2014-06-03 13:49 - 00000000 ____D () C:\FRST2014-06-03 13:48 - 2014-06-03 13:48 - 02068992 _____ (Farbar) C:\Users\sths\Downloads\FRST64.exe2014-06-03 13:44 - 2014-06-03 13:44 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-03 13:44 - 2014-06-03 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-03 13:44 - 2014-06-03 13:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-03 13:44 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-06-03 13:44 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-06-03 13:44 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-06-03 13:36 - 2014-06-03 13:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\sths\Downloads\mbam-setup-2.0.2.1012 (2).exe2014-06-03 12:45 - 2014-06-03 12:46 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\sths\Downloads\rkill.exe2014-06-03 12:43 - 2014-06-03 12:43 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\sths\Downloads\unhide.exe2014-06-03 11:51 - 2014-06-03 11:56 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\sths\Downloads\mbam-setup-2-0-1-1004 (1).exe2014-06-03 11:38 - 2014-06-03 11:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\sths\Downloads\mbam-setup-2-0-1-1004.exe2014-06-03 11:26 - 2014-06-03 11:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\sths\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-06-03 11:12 - 2014-06-03 11:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\sths\Downloads\mbam-setup-2.0.2.1012.exe2014-06-03 10:49 - 2014-06-03 10:49 - 00000000 ____D () C:\Users\sths\Documents\PC Speed Maximizer2014-06-03 10:45 - 2014-06-03 10:45 - 00000000 _____ () C:\end2014-06-03 10:44 - 2014-06-03 10:58 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer2014-06-03 10:44 - 2014-06-03 10:44 - 00003692 _____ () C:\WINDOWS\System32\Tasks\pcreg2014-06-03 10:44 - 2014-06-03 10:44 - 00000000 ____D () C:\Program Files\pcmax2014-06-03 10:39 - 2014-06-03 10:39 - 00349120 _____ () C:\Users\sths\Downloads\MediaPlayerClassic.exe2014-05-29 10:02 - 2014-05-29 10:02 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-05-29 10:02 - 2014-05-29 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-05-29 10:01 - 2014-05-29 10:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-29 10:01 - 2014-05-29 10:02 - 00000000 ____D () C:\Program Files\iTunes2014-05-29 10:01 - 2014-05-29 10:02 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-05-29 10:01 - 2014-05-29 10:01 - 00000000 ____D () C:\Program Files\iPod2014-05-28 03:29 - 2014-05-28 03:32 - 09002158 _____ () C:\Users\sths\Downloads\第一学年·几何与拓扑.5.Glen.Bredon.-.Topology.and.geometry.djvu2014-05-16 04:12 - 2014-05-16 04:12 - 00016640 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\gtkdrv.sys2014-05-13 22:15 - 2014-03-23 21:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys2014-05-13 22:15 - 2014-03-23 21:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys2014-05-13 22:14 - 2014-03-23 21:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys2014-05-13 22:13 - 2014-03-13 02:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe2014-05-13 22:13 - 2014-03-13 01:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe2014-05-13 22:08 - 2014-04-08 17:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll2014-05-13 22:08 - 2014-04-08 17:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll2014-05-13 22:08 - 2014-04-08 13:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll2014-05-13 22:08 - 2014-04-08 13:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll2014-05-13 22:00 - 2014-04-11 05:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll2014-05-13 22:00 - 2014-04-11 05:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-05-13 22:00 - 2014-04-11 03:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll2014-05-13 22:00 - 2014-04-11 01:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2014-05-13 22:00 - 2014-04-10 22:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll2014-05-13 22:00 - 2014-04-10 22:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-05-13 22:00 - 2014-04-10 22:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-05-13 22:00 - 2014-04-10 22:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-05-13 22:00 - 2014-04-10 22:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-05-13 22:00 - 2014-04-10 21:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-05-13 22:00 - 2014-04-10 21:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll2014-05-13 22:00 - 2014-04-10 21:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2014-05-13 22:00 - 2014-04-10 21:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-05-13 22:00 - 2014-04-10 21:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-05-13 22:00 - 2014-04-10 21:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-05-13 22:00 - 2014-04-10 21:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2014-05-13 22:00 - 2014-04-10 21:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll2014-05-13 22:00 - 2014-04-10 21:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-05-13 22:00 - 2014-04-10 21:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll2014-05-13 22:00 - 2014-04-10 21:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-05-13 21:59 - 2014-04-11 00:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-05-13 21:59 - 2014-04-11 00:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll2014-05-13 21:59 - 2014-04-10 22:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2014-05-13 21:59 - 2014-04-10 22:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2014-05-13 21:59 - 2014-04-10 22:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2014-05-13 21:59 - 2014-04-10 22:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2014-05-13 21:59 - 2014-04-10 22:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-05-13 21:57 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-05-13 21:56 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-05-13 21:56 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-05-13 21:56 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-05-13 21:52 - 2014-03-27 04:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-05-13 21:52 - 2014-03-27 02:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-05-13 19:42 - 2014-06-03 10:53 - 00003364 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3899131719-2119895427-2976753554-10012014-05-13 19:42 - 2014-06-03 10:53 - 00003312 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3899131719-2119895427-2976753554-10012014-05-11 17:49 - 2014-05-11 18:43 - 208597178 _____ () C:\Users\sths\Downloads\年月日議会占拠日間の記録・中台急接近にゆれる台湾.mp42014-05-10 09:07 - 2014-05-10 09:07 - 00000000 ____D () C:\ProgramData\HP2014-05-06 06:54 - 2014-06-03 12:56 - 00005462 _____ () C:\WINDOWS\PFRO.log ==================== One Month Modified Files and Folders ======= 2014-06-03 13:51 - 2014-01-08 20:09 - 00000000 ____D () C:\Users\sths\AppData\Local\Temp2014-06-03 13:50 - 2014-06-03 13:49 - 00023449 _____ () C:\Users\sths\Downloads\FRST.txt2014-06-03 13:49 - 2014-06-03 13:48 - 00000000 ____D () C:\FRST2014-06-03 13:49 - 2013-09-13 15:28 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3899131719-2119895427-2976753554-10012014-06-03 13:48 - 2014-06-03 13:48 - 02068992 _____ (Farbar) C:\Users\sths\Downloads\FRST64.exe2014-06-03 13:44 - 2014-06-03 13:44 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-03 13:44 - 2014-06-03 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-03 13:44 - 2014-06-03 13:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-03 13:42 - 2014-06-03 13:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\sths\Downloads\mbam-setup-2.0.2.1012 (2).exe2014-06-03 13:21 - 2014-02-21 13:46 - 00004976 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for PERSONALPC-sths personalpc2014-06-03 13:14 - 2014-04-29 02:40 - 01218366 _____ () C:\WINDOWS\WindowsUpdate.log2014-06-03 13:11 - 2014-01-26 17:11 - 00000310 _____ () C:\WINDOWS\Tasks\UpdaterEX.job2014-06-03 13:05 - 2013-09-13 20:20 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-06-03 13:04 - 2014-03-05 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-06-03 13:03 - 2014-03-25 05:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-06-03 13:01 - 2013-09-13 20:33 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-06-03 13:01 - 2013-09-13 15:21 - 00000062 _____ () C:\Users\sths\AppData\Roaming\sp_data.sys2014-06-03 13:00 - 2014-04-13 07:08 - 00000000 __RDO () C:\Users\sths\SkyDrive2014-06-03 13:00 - 2013-09-13 20:20 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-06-03 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-06-03 12:59 - 2013-05-14 21:53 - 00003260 _____ () C:\WINDOWS\System32\Tasks\ASUS Patch for Touch Panel2014-06-03 12:59 - 2013-05-14 21:45 - 00003542 _____ () C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64)2014-06-03 12:59 - 2013-05-14 21:45 - 00003004 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU2014-06-03 12:59 - 2013-05-14 21:45 - 00002988 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON2014-06-03 12:59 - 2013-05-14 21:44 - 00003056 _____ () C:\WINDOWS\System32\Tasks\ASUS P4G2014-06-03 12:59 - 2013-05-14 21:43 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus2014-06-03 12:59 - 2013-05-14 21:42 - 00003114 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2014-06-03 12:57 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-06-03 12:56 - 2014-05-06 06:54 - 00005462 _____ () C:\WINDOWS\PFRO.log2014-06-03 12:56 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI2014-06-03 12:46 - 2014-06-03 12:45 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\sths\Downloads\rkill.exe2014-06-03 12:46 - 2013-12-26 19:58 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F7A20B18-9756-4AA1-B895-6C8CC2448BC7}2014-06-03 12:43 - 2014-06-03 12:43 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\sths\Downloads\unhide.exe2014-06-03 11:56 - 2014-06-03 11:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\sths\Downloads\mbam-setup-2-0-1-1004 (1).exe2014-06-03 11:46 - 2014-06-03 11:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\sths\Downloads\mbam-setup-2-0-1-1004.exe2014-06-03 11:33 - 2014-06-03 11:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\sths\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-06-03 11:17 - 2014-06-03 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\sths\Downloads\mbam-setup-2.0.2.1012.exe2014-06-03 11:00 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-06-03 10:58 - 2014-06-03 10:44 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer2014-06-03 10:58 - 2013-09-13 15:18 - 00000000 ___RD () C:\Users\sths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-06-03 10:53 - 2014-05-13 19:42 - 00003364 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3899131719-2119895427-2976753554-10012014-06-03 10:53 - 2014-05-13 19:42 - 00003312 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3899131719-2119895427-2976753554-10012014-06-03 10:49 - 2014-06-03 10:49 - 00000000 ____D () C:\Users\sths\Documents\PC Speed Maximizer2014-06-03 10:45 - 2014-06-03 10:45 - 00000000 _____ () C:\end2014-06-03 10:44 - 2014-06-03 10:44 - 00003692 _____ () C:\WINDOWS\System32\Tasks\pcreg2014-06-03 10:44 - 2014-06-03 10:44 - 00000000 ____D () C:\Program Files\pcmax2014-06-03 10:39 - 2014-06-03 10:39 - 00349120 _____ () C:\Users\sths\Downloads\MediaPlayerClassic.exe2014-06-02 07:53 - 2013-11-28 17:44 - 00830976 ___SH () C:\Users\sths\Desktop\Thumbs.db2014-06-02 00:36 - 2014-01-29 23:23 - 00000000 ____D () C:\Users\sths\eclipse2014-05-31 11:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-05-30 19:54 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-05-29 10:02 - 2014-05-29 10:02 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-05-29 10:02 - 2014-05-29 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-05-29 10:02 - 2014-05-29 10:01 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-29 10:02 - 2014-05-29 10:01 - 00000000 ____D () C:\Program Files\iTunes2014-05-29 10:02 - 2014-05-29 10:01 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-05-29 10:01 - 2014-05-29 10:01 - 00000000 ____D () C:\Program Files\iPod2014-05-28 03:32 - 2014-05-28 03:29 - 09002158 _____ () C:\Users\sths\Downloads\第一学年·几何与拓扑.5.Glen.Bredon.-.Topology.and.geometry.djvu2014-05-25 12:52 - 2012-11-27 13:28 - 00000000 ____D () C:\Program Files (x86)\McAfee2014-05-24 15:59 - 2014-02-21 09:22 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-05-24 15:27 - 2014-01-08 20:09 - 00000000 ____D () C:\Users\sths2014-05-21 09:53 - 2012-11-27 13:28 - 00000000 ____D () C:\Program Files\Common Files\mcafee2014-05-21 09:53 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\ELAMBKUP2014-05-21 09:45 - 2013-10-02 19:42 - 00000958 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk2014-05-16 04:12 - 2014-05-16 04:12 - 00016640 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\gtkdrv.sys2014-05-16 01:15 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache2014-05-15 05:35 - 2013-09-13 15:18 - 00000000 ___RD () C:\Users\sths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-15 05:30 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-05-15 05:26 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-15 05:26 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-15 05:26 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-05-15 05:26 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-05-15 05:26 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-05-15 00:59 - 2013-09-14 23:10 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-05-15 00:39 - 2013-09-14 23:10 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-05-14 10:51 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-05-13 22:07 - 2013-09-19 20:20 - 00002041 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk2014-05-13 22:07 - 2012-11-27 13:26 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2014-05-13 21:59 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates2014-05-13 19:25 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-05-13 15:31 - 2014-03-25 05:30 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater2014-05-12 11:25 - 2013-10-28 21:07 - 00001085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk2014-05-12 11:25 - 2013-10-28 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE2014-05-12 07:26 - 2014-06-03 13:44 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-05-12 07:26 - 2014-06-03 13:44 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-05-12 07:25 - 2014-06-03 13:44 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-05-11 18:43 - 2014-05-11 17:49 - 208597178 _____ () C:\Users\sths\Downloads\年月日議会占拠日間の記録・中台急接近にゆれる台湾.mp42014-05-10 09:07 - 2014-05-10 09:07 - 00000000 ____D () C:\ProgramData\HP2014-05-10 09:06 - 2013-09-13 15:17 - 00000000 ____D () C:\Users\sths\AppData\Local\Packages2014-05-08 01:00 - 2013-09-13 20:20 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-08 01:00 - 2013-09-13 20:20 - 00003652 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-05 23:40 - 2014-05-13 21:56 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-05-05 22:25 - 2014-05-13 21:56 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-05-05 22:00 - 2014-05-13 21:57 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-05-05 21:10 - 2014-05-13 21:56 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll Files to move or delete:====================C:\ProgramData\SetStretch.VBS Some content of TEMP:====================C:\Users\sths\AppData\Local\Temp\nsg476C.exeC:\Users\sths\AppData\Local\Temp\nsg8483.exeC:\Users\sths\AppData\Local\Temp\nsj73A9.exeC:\Users\sths\AppData\Local\Temp\nsoE7.exeC:\Users\sths\AppData\Local\Temp\nszF50F.exeC:\Users\sths\AppData\Local\Temp\speedmax_32742.exeC:\Users\sths\AppData\Local\Temp\updater_131134.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-03 05:55 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014Ran by sths at 2014-06-03 13:52:11Running from C:\Users\sths\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.26 - ASUS)7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) HiddenApple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)ASUS S200 Product Demo (HKLM-x32\...\{5E396FE4-6110-41C9-9B1F-2F30A4A13715}) (Version: 1.0.0 - ASUS)ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)BodyMedia SYNC (HKLM-x32\...\InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}) (Version: 2.3.1.102 - BodyMedia, Inc.)BodyMedia SYNC (x32 Version: 2.3.1.102 - BodyMedia, Inc.) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenEPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation)Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenGalerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddeniCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddeniTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenLINE (HKLM-x32\...\LINE) (Version: 3.6.0.32 - LINE Corporation)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.5.0.3026 - McAfee, Inc.)Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenOffice 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) HiddenPhoto Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPhoto Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenQualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)RealDownloader (x32 Version: 17.0.8 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.8 - RealNetworks)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6798 - Realtek Semiconductor Corp.)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenShared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Trojan Killer (HKLM-x32\...\GridinSoft Trojan Killer) (Version: 2.2.3.0 - GridinSoft LLC)UpdaterEX (HKCU\...\UpdaterEX) (Version: - UpdaterEX)UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) HiddenWinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)WinSCP 5.5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl)Wondershare Dr.Fone for iOS(Build 3.5.0.25) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 3.5.0.25 - Wondershare Software Co.,Ltd.)影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 14-05-2014 02:54:28 Windows Update24-05-2014 03:42:43 Scheduled Checkpoint02-06-2014 08:26:55 Scheduled Checkpoint ==================== Hosts content: ========================== 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {02E8A147-F804-4ED6-9FC2-CBAD424209EA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)Task: {043A50E1-7573-43A3-BA63-E6B9E410A606} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3899131719-2119895427-2976753554-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-03-15] (RealNetworks, Inc.)Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {25364BF5-6A25-42E6-B759-6564DCA5C69D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {2FDDB8C7-B31B-4AAE-A485-DBAF498C3568} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)Task: {30423EC3-CE9B-4D77-B556-69F3B3375C72} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {4BAD6C1A-5832-48AD-907C-F4877A11BAAA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-15] (Microsoft Corporation)Task: {54F9CB99-006F-4116-B5FA-3A8FC99B48C9} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe [2014-05-16] (GridinSoft LLC.)Task: {624B9C7C-3482-439D-89EA-BC9D153348B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.)Task: {6623E598-77DE-4D18-A35F-34F08C363AAF} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)Task: {6A8B815E-59D6-41D7-A166-231E838389D7} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTIONTask: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {6FCBAB4A-C43B-43FA-9425-BF46D87737A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.)Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {7470FC56-DB13-4D82-96B8-97AB0CC57B36} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)Task: {75867CC9-E3EA-443C-AACF-69191E8349BB} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {7D686261-8CB2-4179-8D7C-857639846A1C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {93F2691B-BDE5-4221-9826-764201727616} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {9FF7F3C3-472E-46C6-9907-D036D2812D0F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauservTask: {B48CD2B9-10DB-4E33-A100-11B78B912C23} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {BFFFA0E0-2A94-4753-8713-E5E2B730E749} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)Task: {C285B7CD-1259-43BD-A1B1-D517C846A27B} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {C6FDABC3-CD39-493D-9A2A-4F5FD8235AC6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)Task: {C7F3E264-9E3F-46F5-B7B0-BE026AF018BB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-13] (Microsoft Corporation)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D3677708-D4AE-4269-BE48-71D423263ADB} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PERSONALPC-sths personalpc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-05-13] (Microsoft Corporation)Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {DDC7E7D4-CC74-4C68-9F24-2701F66A2113} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3899131719-2119895427-2976753554-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-03-15] (RealNetworks, Inc.)Task: {DE85209D-729F-4262-ABCD-81106F7D07D5} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {EFDFBC25-260A-410A-8831-FC3C8AC2BC4F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)Task: {FBFED818-AD33-4CA6-8B05-D884AA20CB9B} - System32\Tasks\UpdaterEX => C:\Users\sths\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTIONTask: {FD47C1E2-3C0D-428E-9DBE-900F78917535} - System32\Tasks\ASUS VivoBook => C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe [2012-12-25] (ASUSTeK Computer Inc.)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\sths\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-03-28 13:56 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2014-02-21 09:22 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll2014-05-29 06:16 - 2014-05-29 06:16 - 00241344 _____ () C:\Program Files\pcmax\pcmax.exe2014-03-15 03:18 - 2014-03-15 03:18 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe2014-05-13 21:17 - 2014-05-13 21:17 - 08889512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-03-20 21:13 - 2014-03-20 21:13 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-08-22 02:19 - 2013-08-22 01:54 - 00049664 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Graphics.winmd2014-04-28 06:13 - 2014-04-28 06:13 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll2012-11-29 19:15 - 2012-11-29 19:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-04-07 17:31 - 2014-04-07 17:31 - 00869976 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll2014-05-21 08:05 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-05-21 08:05 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-05-21 08:05 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-21 08:05 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-21 08:05 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll2013-05-14 21:37 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-05-21 08:05 - 2014-05-13 18:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll2014-04-13 08:46 - 2014-04-13 08:46 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll2014-04-02 08:51 - 2014-04-02 08:51 - 00113664 _____ () C:\Program Files (x86)\Naver\LINE\PlayerHelper.dll2014-04-29 11:42 - 2014-04-29 11:42 - 02453352 _____ () C:\Program Files (x86)\Naver\LINE\amp-dll.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\sths\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\sths\SkyDrive (2).old:ms-propertiesAlternateDataStreams: C:\Users\sths\SkyDrive (3).old:ms-propertiesAlternateDataStreams: C:\Users\sths\SkyDrive (4).old:ms-propertiesAlternateDataStreams: C:\Users\sths\SkyDrive (5).old:ms-propertiesAlternateDataStreams: C:\Users\sths\SkyDrive (6).old:ms-propertiesAlternateDataStreams: C:\Users\sths\SkyDrive (7).old:ms-properties ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /SMSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmdMSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyMSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (06/03/2014 01:45:12 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x760Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x5c4Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:44:48 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1bacFaulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:31:06 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0xdf0Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:29:58 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1880Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x7b4Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1014Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:26:26 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x182cFaulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:25:26 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x5c4Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:25:21 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1430Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 System errors:=============Error: (06/03/2014 00:58:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Defender Service service failed to start due to the following error: %%577 Error: (06/03/2014 00:55:47 PM) (Source: DCOM) (EventID: 10010) (User: PERSONALPC)Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (06/03/2014 11:34:14 AM) (Source: DCOM) (EventID: 10000) (User: PERSONALPC)Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} Error: (06/03/2014 11:13:29 AM) (Source: DCOM) (EventID: 10010) (User: PERSONALPC)Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (06/03/2014 10:53:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (06/03/2014 10:53:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The MBAMScheduler service failed to start due to the following error: %%1053 Error: (06/03/2014 10:53:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect. Error: (06/03/2014 10:52:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The UAC File Virtualization service failed to start due to the following error: %%1275 Error: (06/03/2014 10:44:23 AM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The pcmaxservice Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (06/03/2014 08:34:14 AM) (Source: DCOM) (EventID: 10000) (User: PERSONALPC)Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} Microsoft Office Sessions:=========================Error: (06/03/2014 01:45:12 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd76001cf7f5bf389c826C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll31862eac-eb4f-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5c401cf7f5be8543f1eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll2667eae4-eb4f-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:44:48 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1bac01cf7f5be4c4c098C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll233cbfa8-eb4f-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:31:06 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fddf001cf7f59face24ecC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll39058b73-eb4d-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:29:58 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd188001cf7f59d25444a9C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll1094d489-eb4d-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7b401cf7f59cd48a96cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll0bb07714-eb4d-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd101401cf7f59695ec62bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlla7edd194-eb4c-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:26:26 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd182c01cf7f59544f7e11C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll9285d2f6-eb4c-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:25:26 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5c401cf7f5930070429C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll6e44fb7d-eb4c-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:25:21 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd143001cf7f592cf82c6bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll6b5dd6cf-eb4c-11e3-befa-60a44c72ff53 CodeIntegrity Errors:=================================== Date: 2014-06-03 12:58:02.135 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-21 19:17:01.407 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:17:01.203 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:17:00.990 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:17:00.405 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:17:00.115 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:16:59.874 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:16:59.724 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:16:59.621 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:16:59.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 56%Total physical RAM: 3981.81 MBAvailable physical RAM: 1720.59 MBTotal Pagefile: 5773.81 MBAvailable Pagefile: 3087.18 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:144.08 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:257.59 GB) NTFSDrive f: () (Removable) (Total:14.9 GB) (Free:13.4 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 3E1AB738) Partition: GPT Partition Type. ========================================================Disk: 1 (Size: 15 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  4. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014 Ran by sths at 2014-06-03 13:52:11 Running from C:\Users\sths\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.26 - ASUS) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS) ASUS S200 Product Demo (HKLM-x32\...\{5E396FE4-6110-41C9-9B1F-2F30A4A13715}) (Version: 1.0.0 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS) ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS) BodyMedia SYNC (HKLM-x32\...\InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}) (Version: 2.3.1.102 - BodyMedia, Inc.) BodyMedia SYNC (x32 Version: 2.3.1.102 - BodyMedia, Inc.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation) Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LINE (HKLM-x32\...\LINE) (Version: 3.6.0.32 - LINE Corporation) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.) McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.5.0.3026 - McAfee, Inc.) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RealDownloader (x32 Version: 17.0.8 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.8 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6798 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Trojan Killer (HKLM-x32\...\GridinSoft Trojan Killer) (Version: 2.2.3.0 - GridinSoft LLC) UpdaterEX (HKCU\...\UpdaterEX) (Version: - UpdaterEX) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun) Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS) Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS) WinSCP 5.5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl) Wondershare Dr.Fone for iOS(Build 3.5.0.25) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 3.5.0.25 - Wondershare Software Co.,Ltd.) 影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden 照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 14-05-2014 02:54:28 Windows Update 24-05-2014 03:42:43 Scheduled Checkpoint 02-06-2014 08:26:55 Scheduled Checkpoint ==================== Hosts content: ========================== 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {02E8A147-F804-4ED6-9FC2-CBAD424209EA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation) Task: {043A50E1-7573-43A3-BA63-E6B9E410A606} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3899131719-2119895427-2976753554-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-03-15] (RealNetworks, Inc.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {25364BF5-6A25-42E6-B759-6564DCA5C69D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2FDDB8C7-B31B-4AAE-A485-DBAF498C3568} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {30423EC3-CE9B-4D77-B556-69F3B3375C72} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4BAD6C1A-5832-48AD-907C-F4877A11BAAA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-15] (Microsoft Corporation) Task: {54F9CB99-006F-4116-B5FA-3A8FC99B48C9} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe [2014-05-16] (GridinSoft LLC.) Task: {624B9C7C-3482-439D-89EA-BC9D153348B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.) Task: {6623E598-77DE-4D18-A35F-34F08C363AAF} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS) Task: {6A8B815E-59D6-41D7-A166-231E838389D7} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {6FCBAB4A-C43B-43FA-9425-BF46D87737A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.) Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {7470FC56-DB13-4D82-96B8-97AB0CC57B36} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.) Task: {75867CC9-E3EA-443C-AACF-69191E8349BB} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] () Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7D686261-8CB2-4179-8D7C-857639846A1C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {93F2691B-BDE5-4221-9826-764201727616} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {9FF7F3C3-472E-46C6-9907-D036D2812D0F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {B48CD2B9-10DB-4E33-A100-11B78B912C23} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {BFFFA0E0-2A94-4753-8713-E5E2B730E749} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: {C285B7CD-1259-43BD-A1B1-D517C846A27B} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {C6FDABC3-CD39-493D-9A2A-4F5FD8235AC6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {C7F3E264-9E3F-46F5-B7B0-BE026AF018BB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-13] (Microsoft Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D3677708-D4AE-4269-BE48-71D423263ADB} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PERSONALPC-sths personalpc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-05-13] (Microsoft Corporation) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DDC7E7D4-CC74-4C68-9F24-2701F66A2113} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3899131719-2119895427-2976753554-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-03-15] (RealNetworks, Inc.) Task: {DE85209D-729F-4262-ABCD-81106F7D07D5} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {EFDFBC25-260A-410A-8831-FC3C8AC2BC4F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.) Task: {FBFED818-AD33-4CA6-8B05-D884AA20CB9B} - System32\Tasks\UpdaterEX => C:\Users\sths\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {FD47C1E2-3C0D-428E-9DBE-900F78917535} - System32\Tasks\ASUS VivoBook => C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe [2012-12-25] (ASUSTeK Computer Inc.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\sths\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-03-28 13:56 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-02-21 09:22 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2014-05-29 06:16 - 2014-05-29 06:16 - 00241344 _____ () C:\Program Files\pcmax\pcmax.exe 2014-03-15 03:18 - 2014-03-15 03:18 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-05-13 21:17 - 2014-05-13 21:17 - 08889512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-03-20 21:13 - 2014-03-20 21:13 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-08-22 02:19 - 2013-08-22 01:54 - 00049664 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Graphics.winmd 2014-04-28 06:13 - 2014-04-28 06:13 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll 2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2012-11-29 19:15 - 2012-11-29 19:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-04-07 17:31 - 2014-04-07 17:31 - 00869976 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll 2014-05-21 08:05 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll 2014-05-21 08:05 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll 2014-05-21 08:05 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll 2014-05-21 08:05 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll 2014-05-21 08:05 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll 2013-05-14 21:37 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2014-05-21 08:05 - 2014-05-13 18:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll 2014-04-13 08:46 - 2014-04-13 08:46 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2014-04-02 08:51 - 2014-04-02 08:51 - 00113664 _____ () C:\Program Files (x86)\Naver\LINE\PlayerHelper.dll 2014-04-29 11:42 - 2014-04-29 11:42 - 02453352 _____ () C:\Program Files (x86)\Naver\LINE\amp-dll.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\sths\SkyDrive:ms-properties AlternateDataStreams: C:\Users\sths\SkyDrive (2).old:ms-properties AlternateDataStreams: C:\Users\sths\SkyDrive (3).old:ms-properties AlternateDataStreams: C:\Users\sths\SkyDrive (4).old:ms-properties AlternateDataStreams: C:\Users\sths\SkyDrive (5).old:ms-properties AlternateDataStreams: C:\Users\sths\SkyDrive (6).old:ms-properties AlternateDataStreams: C:\Users\sths\SkyDrive (7).old:ms-properties ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe" MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe" MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/03/2014 01:45:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x760 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:44:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x5c4 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:44:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1bac Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:31:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0xdf0 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:29:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1880 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:29:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x7b4 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:27:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1014 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:26:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x182c Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:25:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x5c4 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (06/03/2014 01:25:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1430 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 System errors: ============= Error: (06/03/2014 00:58:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Defender Service service failed to start due to the following error: %%577 Error: (06/03/2014 00:55:47 PM) (Source: DCOM) (EventID: 10010) (User: PERSONALPC) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (06/03/2014 11:34:14 AM) (Source: DCOM) (EventID: 10000) (User: PERSONALPC) Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} Error: (06/03/2014 11:13:29 AM) (Source: DCOM) (EventID: 10010) (User: PERSONALPC) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (06/03/2014 10:53:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (06/03/2014 10:53:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMScheduler service failed to start due to the following error: %%1053 Error: (06/03/2014 10:53:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect. Error: (06/03/2014 10:52:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UAC File Virtualization service failed to start due to the following error: %%1275 Error: (06/03/2014 10:44:23 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The pcmaxservice Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (06/03/2014 08:34:14 AM) (Source: DCOM) (EventID: 10000) (User: PERSONALPC) Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} Microsoft Office Sessions: ========================= Error: (06/03/2014 01:45:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd76001cf7f5bf389c826C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll31862eac-eb4f-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:44:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5c401cf7f5be8543f1eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll2667eae4-eb4f-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:44:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1bac01cf7f5be4c4c098C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll233cbfa8-eb4f-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:31:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fddf001cf7f59face24ecC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll39058b73-eb4d-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:29:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd188001cf7f59d25444a9C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll1094d489-eb4d-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:29:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7b401cf7f59cd48a96cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll0bb07714-eb4d-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:27:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd101401cf7f59695ec62bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlla7edd194-eb4c-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:26:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd182c01cf7f59544f7e11C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll9285d2f6-eb4c-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:25:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5c401cf7f5930070429C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll6e44fb7d-eb4c-11e3-befa-60a44c72ff53 Error: (06/03/2014 01:25:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd143001cf7f592cf82c6bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll6b5dd6cf-eb4c-11e3-befa-60a44c72ff53 CodeIntegrity Errors: =================================== Date: 2014-06-03 12:58:02.135 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-21 19:17:01.407 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:17:01.203 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:17:00.990 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:17:00.405 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:17:00.115 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:16:59.874 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:16:59.724 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:16:59.621 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-21 19:16:59.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 56% Total physical RAM: 3981.81 MB Available physical RAM: 1720.59 MB Total Pagefile: 5773.81 MB Available Pagefile: 3087.18 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:144.08 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:257.59 GB) NTFS Drive f: () (Removable) (Total:14.9 GB) (Free:13.4 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 3E1AB738) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  5. I did everything you posted. But the only thing that works is that windows asked me if i want to allow the program to make changes to my computer. Whether or not I chose yes or no, nothing happened afterwards. Pls help! Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.