Jump to content

APPCRASH Custom Scan C, D, & E Drives Fault: mbamcore.dll

dwolf
 Share

Recommended Posts

dwolf

dwolf

Posted
Posted

Hello MBAM,

 

MBAM v2.1.0.0002 runs Threat Scan, and finds no errors. Re-running MBAM Custom scan on C, D, & E drives with Rootkit detect caused APPCRASH.

 

I completely uninstalled MBAM then re-installed MBAM v2.1.0.0002 and updated signatures, then re-ran Threat Scan with no errors, but custom scan on C, D, & E drive with Rootkit detection gave same APPCRASH. Fault Module Name: mbamcore.dll

 

I ran MBAM custom scan again with Rootkit detection but with no drives checkmarked. MBAM ran successfully with no rootkit found and no APPCRASH.

 

The computer has been running all applications normally at normal speed with no obvious issues. My only problem is that MBAM will not do a custom scan on all my hard disks.

 

When I try Custom Scan on C, D, & E drives, all phases except final phase complete normally with no threats detected, but I get APPCRASH after about 6,000 files are scanned.

 

Both MS Security Essentials and Super Anti-Spyware detect no threats.

 

See FRST log in this post. See three more logs in Post #2 (otherwise too long for forum).

 

Thank you for your help.

 

DW

 

Here is FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by RAS (administrator) on I7 on 06-07-2014 22:51:32
Running from D:\Desk i7
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Linksys, a division of Cisco Systems, Inc.) C:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Linksys, a division of Cisco Systems, Inc.) C:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Recorder.exe
(BillP Studios) D:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(ASUS) D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHook32.exe
(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
() D:\Program Files (x86)\Explorer++\Explorer++.exe
(ASUS) D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHook64.exe
(Fookes Holding Ltd) D:\Program Files (x86)\NoteTab Pro 6\NotePro.exe
() D:\Program Files (x86)\Everything\Everything.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() D:\Program Files (x86)\Explorer++\Explorer++.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
() D:\Program Files (x86)\Explorer++\Explorer++.exe
() D:\Program Files (x86)\Explorer++\Explorer++.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Monitor.exe] => C:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Monitor.exe [1118208 2008-08-14] (Linksys, a division of Cisco Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [Recorder.exe] => C:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Recorder.exe [348160 2008-08-21] (Linksys, a division of Cisco Systems, Inc.)
HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *?* <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\lastpassbroker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\lastpassbroker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\easy imager\zoomifyer.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\gotoassistdownloadhelper.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\easy imager\zoomifyer.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: D:\Desk i7\ProcessMonitor\Procmon.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\lastpassbroker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\easy imager\zoomifyer.exe <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 0
HKU\S-1-5-21-868819068-3257824110-3933167620-1000\...\Run: [Google Update] => C:\Users\RAS\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-20] (Google Inc.)
HKU\S-1-5-21-868819068-3257824110-3933167620-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-12] (Google Inc.)
HKU\S-1-5-21-868819068-3257824110-3933167620-1000\...\Run: [WinPatrol] => D:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [527936 2014-03-22] (BillP Studios)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
BootExecute: autocheck autochk *  sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6F619AE3EBD7CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - D:\Program Files (x86)\LPToolbar_x64.dll (LastPass)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - D:\Program Files (x86)\LPToolbar.dll (LastPass)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default
FF DefaultSearchEngine: Google
FF Homepage: news.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass - D:\Program Files (x86)\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - D:\Program Files (x86)\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Cs4\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\RAS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\RAS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\RAS\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\RAS\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\RAS\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\RAS\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: LastPass - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\support@lastpass.com [2014-03-04]
FF Extension: Html Validator - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2013-10-24]
FF Extension: Malware Search - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2013-01-04]
FF Extension: FireFTP - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-04-05]
FF Extension: Adblock Plus - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-13]
FF Extension: UnMHT - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Profiles\d3skf7th.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2011-10-03]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-07]
FF HKLM-x32\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
FF Extension: Mozilla hotfix - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2013-04-10]
FF HKCU\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
FF Extension: Mozilla hotfix - C:\Users\RAS\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2013-04-10]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://news.google.com/
CHR StartupUrls: "hxxp://news.google.com/"
CHR Extension: (Google Docs) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Google Drive) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
CHR Extension: (James White) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2013-12-11]
CHR Extension: (YouTube) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]
CHR Extension: (Adblock Plus) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-29]
CHR Extension: (Google Search) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]
CHR Extension: (High Contrast) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2014-04-12]
CHR Extension: (FVD Downloader) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-04-13]
CHR Extension: (WeatherBug) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2013-11-25]
CHR Extension: (Google Wallet) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-25]
CHR Extension: (Gmail) - C:\Users\RAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]

==================== Services (Whitelisted) =================

S3 !SASCORE; D:\Program Files (x86)\SuperAntiSpyware\SASCORE64.EXE [140672 2012-09-09] (SUPERAntiSpyware.com) [File not signed]
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2011-01-11] (Adobe Systems Incorporated)
S3 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
S3 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 NMSAccess; D:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
S3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 SBSDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-06] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed]
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [222160 2010-06-04] (TrueCrypt Foundation)
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
R2 WinFLdrv; C:\Windows\SysWow64\WinFLdrv.sys [21888 2010-06-04] ()
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
S1 SABKUTIL; \??\D:\Program Files (x86)\SuperAntiSpyware\SABKUTIL.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-06 21:31 - 2014-07-06 21:31 - 00044008 _____ () C:\Users\RAS\Desktop\CheckResults.txt
2014-07-06 19:53 - 2014-07-06 22:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 19:52 - 2014-07-06 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 19:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-06 19:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-06 19:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-06 19:32 - 2014-07-06 19:35 - 00003354 _____ () C:\Users\RAS\Desktop\Rkill.txt
2014-07-03 19:35 - 2014-07-03 19:35 - 00000000 _____ () C:\Users\RAS\AppData\Local\{C8F06ACA-8349-4451-8373-B934F3C67F42}
2014-06-25 19:01 - 2014-07-05 21:31 - 00000000 ____D () C:\Users\RAS\AppData\Local\Adobe
2014-06-23 18:49 - 2014-06-23 18:49 - 00258744 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-23 18:49 - 2014-06-23 18:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-06-23 18:49 - 2014-06-23 18:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-23 18:48 - 2014-06-23 18:48 - 00001424 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-23 18:48 - 2014-06-23 18:48 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-23 18:48 - 2014-06-23 18:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-23 18:48 - 2014-06-23 18:48 - 00000000 ____D () C:\Users\Administrator
2014-06-23 18:48 - 2010-06-05 09:43 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-23 18:48 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-23 18:48 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-21 13:30 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-21 13:30 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-21 13:30 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-21 13:30 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-21 13:30 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-21 13:30 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-21 13:30 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-21 13:30 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-21 13:30 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-21 13:30 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-21 13:30 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-21 13:30 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-21 13:30 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-21 13:30 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-21 13:30 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-21 13:30 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-21 13:30 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-21 13:30 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-21 13:30 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-21 13:30 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-21 13:30 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-21 13:30 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-21 13:30 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-21 13:30 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-21 13:30 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-21 13:30 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-21 13:30 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-21 13:30 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-21 13:30 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-21 13:30 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-21 13:30 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-21 13:30 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-21 13:30 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-21 13:30 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-21 13:30 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-21 13:30 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-21 13:30 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-21 13:30 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-21 13:30 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-21 13:30 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-21 13:30 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-21 13:30 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-21 13:30 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-21 13:30 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-21 13:30 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-21 13:30 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-21 13:30 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-21 13:30 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-21 13:30 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-21 13:30 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-21 13:30 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-21 13:30 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-21 13:30 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-21 13:30 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-21 13:30 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-21 13:30 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-21 13:30 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-21 13:30 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-21 13:30 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-21 13:30 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-21 13:30 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-21 13:30 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-21 13:30 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-21 13:30 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-06-21 13:30 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-21 13:30 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-21 13:30 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-21 13:30 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-21 13:30 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-21 13:30 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-21 13:30 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-21 13:30 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-21 13:30 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-21 13:30 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-21 13:30 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-21 13:30 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-21 13:30 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-21 13:30 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-21 13:30 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-21 13:30 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-21 13:30 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-21 13:30 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-21 13:30 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-21 13:30 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-21 13:30 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-21 13:30 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-21 13:30 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-21 13:30 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-21 13:30 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-21 13:30 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-21 13:30 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-21 13:30 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-21 13:30 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-06-21 13:30 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-06-21 13:30 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-06-21 13:30 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-21 13:30 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-21 13:30 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-21 13:30 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-21 13:30 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-06-21 13:30 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-06-21 13:30 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-06-21 13:30 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-06-21 13:30 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-06-21 13:30 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-06-21 13:30 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-21 13:30 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-06-21 13:30 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-06-21 13:30 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-06-20 03:14 - 2014-06-20 03:14 - 00000000 ____D () C:\ProgramData\GRETECH
2014-06-17 15:55 - 2014-07-06 22:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-17 15:55 - 2014-07-06 19:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 15:55 - 2014-06-17 15:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 15:55 - 2014-06-17 15:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 01:31 - 2014-07-06 22:36 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000UA.job
2014-06-17 01:31 - 2014-07-06 07:35 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000Core.job
2014-06-17 01:31 - 2014-06-17 01:31 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000UA
2014-06-17 01:31 - 2014-06-17 01:31 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000Core

==================== One Month Modified Files and Folders =======

2014-07-06 22:51 - 2014-04-05 22:37 - 00000000 ____D () C:\FRST
2014-07-06 22:36 - 2014-06-17 01:31 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000UA.job
2014-07-06 22:31 - 2014-07-06 19:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 22:26 - 2012-06-17 00:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-06 22:00 - 2014-06-17 15:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-06 21:31 - 2014-07-06 21:31 - 00044008 _____ () C:\Users\RAS\Desktop\CheckResults.txt
2014-07-06 21:24 - 2010-04-09 07:54 - 01613865 _____ () C:\Windows\WindowsUpdate.log
2014-07-06 20:34 - 2014-04-07 01:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-06 19:52 - 2014-07-06 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 19:52 - 2009-07-14 00:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-06 19:52 - 2009-07-14 00:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 19:45 - 2014-06-17 15:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-06 19:44 - 2014-04-11 03:44 - 00001344 _____ () C:\Windows\setupact.log
2014-07-06 19:44 - 2014-04-11 03:43 - 00033268 _____ () C:\Windows\PFRO.log
2014-07-06 19:44 - 2010-04-08 22:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-06 19:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-06 19:35 - 2014-07-06 19:32 - 00003354 _____ () C:\Users\RAS\Desktop\Rkill.txt
2014-07-06 07:35 - 2014-06-17 01:31 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000Core.job
2014-07-05 21:31 - 2014-06-25 19:01 - 00000000 ____D () C:\Users\RAS\AppData\Local\Adobe
2014-07-03 19:35 - 2014-07-03 19:35 - 00000000 _____ () C:\Users\RAS\AppData\Local\{C8F06ACA-8349-4451-8373-B934F3C67F42}
2014-06-30 19:17 - 2012-05-04 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-23 18:54 - 2012-06-17 00:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-23 18:54 - 2012-04-02 19:33 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-23 18:54 - 2011-06-08 08:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-23 18:49 - 2014-06-23 18:49 - 00258744 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-23 18:49 - 2014-06-23 18:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-06-23 18:49 - 2014-06-23 18:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-23 18:48 - 2014-06-23 18:48 - 00001424 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-23 18:48 - 2014-06-23 18:48 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-23 18:48 - 2014-06-23 18:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-23 18:48 - 2014-06-23 18:48 - 00000000 ____D () C:\Users\Administrator
2014-06-23 18:48 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-21 18:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-21 13:37 - 2013-07-17 08:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-20 03:14 - 2014-06-20 03:14 - 00000000 ____D () C:\ProgramData\GRETECH
2014-06-18 16:11 - 2013-03-13 03:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-17 15:55 - 2014-06-17 15:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 15:55 - 2014-06-17 15:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 01:31 - 2014-06-17 01:31 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000UA
2014-06-17 01:31 - 2014-06-17 01:31 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868819068-3257824110-3933167620-1000Core
2014-06-10 21:05 - 2010-04-12 02:43 - 00000000 ____D () C:\Users\RAS\AppData\Roaming\Mozilla
2014-06-09 13:54 - 2014-04-07 01:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-03-01 03:26

==================== End Of Log ============================

Link to post
Share on other sites
dwolf

dwolf

Posted
  • Author
Posted

Hello MBAM,

The following three logs were too long for my initial post.

 

Again, thank you for your help.

 

DW


Here is APPCRASH report:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    mbam.exe
  Application Version:    1.0.0.532
  Application Timestamp:    53518532
  Fault Module Name:    mbamcore.dll
  Fault Module Version:    1.0.11.0
  Fault Module Timestamp:    536d8027
  Exception Code:    c0000005
  Exception Offset:    0001748f
  OS Version:    6.1.7601.2.1.0.256.48
  Locale ID:    1033
  Additional Information 1:    0a9e
  Additional Information 2:    0a9e372d3b4ad19135b953a78882e789
  Additional Information 3:    0a9e
  Additional Information 4:    0a9e372d3b4ad19135b953a78882e789

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

 

Here is Threat Scan with Rootkit detection:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 07/06/2014
Scan Time: 10:32:47 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.06.08
Rootkit Database: v2014.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RAS

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 373042
Time Elapsed: 2 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Here is mbam-check result log version:     2.1.0.0002
========================================

User Account type:                 Administrator
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Build Number:              7601
Current Version Number:            6.1
Current CSDVersion:                Service Pack 1
Malwarebytes Anti-Malware:         2.0.2.1012
Installed On:                      2014/07/06
Malware Database:                  2014.07.06.08
Rootkit Database:                  2014.07.03.01
Remediation Database:              2013.10.16.01
IP Database:                       0000.00.00.00
Domain Database:                   0000.00.00.00
License:                           Free
Malware Protection:                0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
Malicious Website Protection:      0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2014/07/06 21:31:20
Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    D:\Desk i7\OfficePro2003Corporate\SETUP.EXEREG_SZ        WINXPSP2
    C:\Users\RAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NotePro.exeREG_SZ        WINXPSP3 RUNASADMIN
    D:\Program Files (x86)\NoteTab Pro 6\NotePro.exeREG_SZ        WINXPSP3 RUNASADMIN
    D:\Program Files (x86)\Linksys\Linksys Surveillance Utility\Recorder.exeREG_SZ        WINXPSP2

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    D:\Program Files (x86)\Zoom Search Engine 6.0\ZoomIndexer.exeREG_SZ        DisableNXShowUI

Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 25816     BYTES    FileVersion: 0.1.13.0    MD5: [f92b0e478c0faa6d6661e6e977247e60]
C:\Windows\system32\drivers\mwac.sys
File Size: 63704     BYTES    FileVersion: 1.0.1.0    MD5: [15e8abc06843672955ce26a009533bad]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size: 122584    BYTES    FileVersion: 0.1.7.0    MD5: [8a50d5304e6ae48664cf5838ec32f647]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size: 91352     BYTES    FileVersion: 1.0.4.0    MD5: [9d9ed48f841ea37aa5310d54b9e5d3c7]

--------------MBAMProtector:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMService:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMWebAccessControl:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1001
    Group                         REG_SZ        NetworkProvider
    ImagePath                     REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Description                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1002
    ObjectName                    REG_SZ        NT AUTHORITY\LocalService
    ErrorControl                  REG_DWORD        1
    Start                         REG_DWORD        2
    Type                          REG_DWORD        32
    DependOnService               REG_MULTI_SZ    RpcSs

    ServiceSidType                REG_DWORD        3
    RequiredPrivileges            REG_MULTI_SZ    SeAuditPrivilege

    FailureActions                REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
    ServiceDll                    REG_EXPAND_SZ    %SystemRoot%\System32\bfe.dll
    ServiceDllUnloadOnStop        REG_DWORD        1
    ServiceMain                   REG_SZ        BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
    {29d6b1e0-0635-46da-a9d8-124f050a8ddc}REG_BINARY    Binary Data

    {ea365363-f223-4bc5-a643-a7f81503df2a}REG_BINARY    Binary Data

    {8ff39522-cf15-43e9-a607-4552a65e21a0}REG_BINARY    Binary Data

    {a101a7a4-618a-4917-ab30-9183de11b7ee}REG_BINARY    Binary Data

    {75828924-977c-4c0f-95dd-c685da64210e}REG_BINARY    Binary Data

    {70c59677-aa88-46c3-b3b6-29b577e8e921}REG_BINARY    Binary Data

    {a824d49d-e37c-4ca0-a6dd-dcd545f3d57f}REG_BINARY    Binary Data

    {fe7081a7-5a53-44ba-bf39-fd8355a25789}REG_BINARY    Binary Data

    {aa033e51-767d-48c8-bfa7-7190a75d3e6d}REG_BINARY    Binary Data

    {dd27f269-7fca-438e-bf10-638f3e7db5e3}REG_BINARY    Binary Data

    {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY    Binary Data

    {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY    Binary Data

    {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY    Binary Data

    {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY    Binary Data

    {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY    Binary Data

    {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY    Binary Data

    {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY    Binary Data

    {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY    Binary Data

    {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY    Binary Data

    {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY    Binary Data

    {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY    Binary Data

    {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY    Binary Data

    {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY    Binary Data

    {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
    {ff132ac1-0ba3-4619-9f44-1520ce2027bd}REG_BINARY    Binary Data

    {a5105a61-29c0-48f6-a800-f7c6d5d5a9e1}REG_BINARY    Binary Data

    {ba620d6d-c705-4574-b088-be84f0aaafc4}REG_BINARY    Binary Data

    {256f2e60-cfb2-4782-aaca-61a6551b40ab}REG_BINARY    Binary Data

    {6188bb80-e1f6-4a74-b96c-8285b632f821}REG_BINARY    Binary Data

    {7c4a4f81-2f8c-4a2e-a251-839bf8f9697e}REG_BINARY    Binary Data

    {019b4951-14d0-4ea9-92c8-1e22dbbbdb55}REG_BINARY    Binary Data

    {9200fe7c-1524-47ec-802b-6790340d088a}REG_BINARY    Binary Data

    {7bbe03fc-ecc3-4763-909f-a33bec47509d}REG_BINARY    Binary Data

    {2e5d3da1-e40a-460a-8dd4-bd6e95ca9bac}REG_BINARY    Binary Data

    {22001ee0-8e87-4f75-ba58-248f5918a63a}REG_BINARY    Binary Data

    {79f2a265-b693-4cc9-b480-cbcd87bd4747}REG_BINARY    Binary Data

    {c4b50f21-503e-4d7a-abd4-ed0a823a2453}REG_BINARY    Binary Data

    {91e902db-2cef-4040-b8e2-02fe4fd49c25}REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
    {29d6b1e0-0635-46da-a9d8-124f050a8ddc}REG_BINARY    Binary Data

    {9092352c-cbfb-4093-a75e-bf9e2a3e6d5f}REG_BINARY    Binary Data

    {ea365363-f223-4bc5-a643-a7f81503df2a}REG_BINARY    Binary Data

    {9dc45b5c-8cd9-4026-8cb5-9c659d75f0f2}REG_BINARY    Binary Data

    {8ff39522-cf15-43e9-a607-4552a65e21a0}REG_BINARY    Binary Data

    {66a3efed-476b-45ff-afd9-479ceaa85f1c}REG_BINARY    Binary Data

    {a101a7a4-618a-4917-ab30-9183de11b7ee}REG_BINARY    Binary Data

    {cf1864e9-3fbd-4207-8c18-36debc495472}REG_BINARY    Binary Data

    {75828924-977c-4c0f-95dd-c685da64210e}REG_BINARY    Binary Data

    {b2902208-57c9-42af-92eb-3bdfc085cfda}REG_BINARY    Binary Data

    {70c59677-aa88-46c3-b3b6-29b577e8e921}REG_BINARY    Binary Data

    {290924f3-af18-45f0-8d2d-af8cc62dc0a3}REG_BINARY    Binary Data

    {a824d49d-e37c-4ca0-a6dd-dcd545f3d57f}REG_BINARY    Binary Data

    {0df582e1-aecf-4924-b0ea-5409c664105b}REG_BINARY    Binary Data

    {fe7081a7-5a53-44ba-bf39-fd8355a25789}REG_BINARY    Binary Data

    {e1cc2302-a07d-4249-8c2d-589212811379}REG_BINARY    Binary Data

    {aa033e51-767d-48c8-bfa7-7190a75d3e6d}REG_BINARY    Binary Data

    {dd5a41e9-52ef-439d-865a-92dc8f6e47e5}REG_BINARY    Binary Data

    {dd27f269-7fca-438e-bf10-638f3e7db5e3}REG_BINARY    Binary Data

    {06b1422d-329c-4b8d-9b41-76adafdf7437}REG_BINARY    Binary Data

    {b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY    Binary Data

    {d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY    Binary Data

    {8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY    Binary Data

    {4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY    Binary Data

    {3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY    Binary Data

    {17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY    Binary Data

    {567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY    Binary Data

    {4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY    Binary Data

    {3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY    Binary Data

    {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY    Binary Data

    {f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY    Binary Data

    {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY    Binary Data

    {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY    Binary Data

    {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY    Binary Data

    {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY    Binary Data

    {4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY    Binary Data

    {be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY    Binary Data

    {716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY    Binary Data

    {1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY    Binary Data

    {07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY    Binary Data

    {5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY    Binary Data

    {b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY    Binary Data

    {0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY    Binary Data

    {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY    Binary Data

    {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY    Binary Data

    {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY    Binary Data

    {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY    Binary Data

    {91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY    Binary Data

    {64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY    Binary Data

    {13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY    Binary Data

    {cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY    Binary Data

    {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY    Binary Data

    {375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY    Binary Data

    {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY    Binary Data

    {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY    Binary Data

    {b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY    Binary Data

    {3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY    Binary Data

    {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY    Binary Data

    {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY    Binary Data

    {56b4fdc4-bb4e-4c42-a9d8-f627ee15ac21}REG_BINARY    Binary Data

    {1ba41ed8-151d-4577-9272-317856bc637c}REG_BINARY    Binary Data

    {9248d57e-f843-4159-807d-3813173e2096}REG_BINARY    Binary Data

    {4658cd86-525d-44ed-98a5-791a7b8655f1}REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
    {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY    Binary Data

    {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY    Binary Data

    {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY    Binary Data

    {42ff0794-3627-44c1-9886-765010075254}REG_BINARY    Binary Data

    {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY    Binary Data

    {36d5bcc1-49cc-4748-8e5b-3c178d6a2555}REG_BINARY    Binary Data

    {839cd73f-1907-49ea-9aa5-0e6be9048087}REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
    {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY    Binary Data

    {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY    Binary Data

    {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY    Binary Data

    {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY    Binary Data

    {4224eab7-7d61-4fe0-9264-6d6568d2ddff}REG_BINARY    Binary Data

    {35ebd351-9d71-41ea-a058-722e5f19cba4}REG_BINARY    Binary Data

    {8c36b346-4e0c-4049-8b55-5295ac35567c}REG_BINARY    Binary Data

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    AttachWhenLoaded              REG_DWORD        1
    DisplayName                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
    Group                         REG_SZ        FSFilter Infrastructure
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    Description                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
    ErrorControl                  REG_DWORD        3
    Start                         REG_DWORD        0
    Tag                           REG_DWORD        1
    Type                          REG_DWORD        2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
    0                             REG_SZ        Root\LEGACY_FLTMGR\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1


C:\Windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES    FileVersion: 6.1.7601.17514    MD5: [da6b67270fd9db3697b20fce94950741]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1070152   BYTES    FileVersion: 6.1.98.34    MD5: [e52859fcb7a827cacfce7963184c7d24]
C:\Windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES    FileVersion: 6.1.7601.17514    MD5: [703ffd301ab900b047337c5d40fd6f96]


MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
    AutomaticQuarantine:                                       true
    AutostartProtection:                                       true
    LimitedMode:                                               false
    StartSilentMode:                                           false
    StartupDelay:                                              0
ApplicationState:
    First-Run-After-Installation:                              false
General:
    DaysUntilNotifyExpiration:                                 5
    Language:                                                  en
    RightClickAccess:                                          true
    SilentErrors:                                              false
Logging:
    ExportLog:                                                 true
Notification:
ProtectionTray:
    DisplayMilliseconds:                                       10000
ScanHistory:
    Duration_Complete:                                         91000
    Duration_Driver:                                           39000
    Duration_Filesystem:                                       0
    Duration_Heuristics:                                       371000
    Duration_Loading:                                          0
    Duration_MasterBootRecord:                                 0
    Duration_Memory:                                           40000
    Duration_PreScan:                                          21000
    Duration_Registry:                                         10000
    Duration_Sector:                                           0
    Duration_SectorMemory:                                     0
    Duration_Startup:                                          8000
    ItemCount_Complete:                                        312837
    ItemCount_Driver:                                          305
    ItemCount_Filesystem:                                      58006
    ItemCount_Heuristics:                                      12189
    ItemCount_Loading:                                         0
    ItemCount_MasterBootRecord:                                2
    ItemCount_Memory:                                          2797
    ItemCount_PreScan:                                         0
    ItemCount_Registry:                                        591
    ItemCount_Sector:                                          0
    ItemCount_SectorMemory:                                    222
    ItemCount_Startup:                                         917
    LastScanDateEpoch:                                         1404690869099
    LastScanType:                                              3 (Hyper Scan)
Update:
    LastUpdate:                                                2014-07-06T23:53:49
    NotifyInstallReady:                                        true
    NotifyOutdatedDatabase:                                    1
    ProxyPassword:                                              
    ProxyPort:                                                 0
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false
    UseProxyAuthentication:                                    false
--------------Account:--------------
  Account Status:                                              Free
  Expiration Time:                                              
  Activation Time:                                              
  Trial Used:                                                  false
--------------Access Policies:--------------

Scheduler Queue:
================


Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

MBAMProtector Registry Values:
==============================



MBAMService Registry Values:
============================



MBAMScheduler Registry Values:
==============================



Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

Proxy Override:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    ProxyOverride    REG_SZ        *.local

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM
        PM
        :

Currently:
REG_SZ        h:mm:ss tt
REG_SZ        AM
REG_SZ        PM
REG_SZ        :

Language and Regional Settings:
===============================

ACP:     Language is English (United States)
MACCP:     Language is English (United States)
OEMCP:     Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
    (Default):                    REG_SZ        IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
    (Default):                    REG_SZ        D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
    ThreadingModel                REG_SZ        Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
    (Default):                    REG_SZ        D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        D:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
    (Default):                    REG_SZ        D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        D:\Program Files (x86)\Malwarebytes Anti-Malware


List of MBAM Related Directories:
=================================

D:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                      File Size: 920888    BYTES    FileVersion:  9.20.0.0       MD5: [9f522b2708cab181c0f137abbcd1de2e]
changes.txt                                 File Size: 2261      BYTES    FileVersion:  N/A            MD5: [af70267bdf9a37a96f1a79a5c3720ae6]
license.rtf                                 File Size: 39478     BYTES    FileVersion:  N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]
master.conf                                 File Size: 1258      BYTES    FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                    File Size: 579896    BYTES    FileVersion:  1.0.7.0        MD5: [d32c2a98859cb22d57a665f15f351e7d]
mbam.exe                                    File Size: 6970168   BYTES    FileVersion:  1.0.0.532      MD5: [4fbc630768570e6ac35c3de8f6ec79f5]
mbamcore.dll                                File Size: 1680696   BYTES    FileVersion:  1.0.11.0       MD5: [f722fa26739eafcbd8d5f3829b632cd7]
mbamdor.exe                                 File Size: 54072     BYTES    FileVersion:  1.0.1.0        MD5: [4da2f2da54a92850f56c0db712058188]
mbamext.dll                                 File Size: 184632    BYTES    FileVersion:  3.0.4.0        MD5: [945bb364b09f3a8e998dbff02a0a5a58]
mbampt.exe                                  File Size: 39736     BYTES    FileVersion:  1.0.0.0        MD5: [9acd7583584c93ee542c273df8e91dc1]
mbamscheduler.exe                           File Size: 1809720   BYTES    FileVersion:  3.0.2.0        MD5: [d84aea3f3329d622dfc1297dddf6163b]
mbamservice.exe                             File Size: 860472    BYTES    FileVersion:  3.0.2.0        MD5: [4f45ed469906494f9bf754e476390dbd]
mbamsrv.dll                                 File Size: 4437816   BYTES    FileVersion:  1.1.0.0        MD5: [9b48e38c35f08fa831b387a0b27c40aa]
msvcp100.dll                                File Size: 421688    BYTES    FileVersion:  10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d]
msvcr100.dll                                File Size: 774456    BYTES    FileVersion:  10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed]
QtCore4.dll                                 File Size: 2732856   BYTES    FileVersion:  4.8.4.0        MD5: [30490eed6a1e20e8259c0b9c58f488fe]
QtGui4.dll                                  File Size: 8575288   BYTES    FileVersion:  4.8.4.0        MD5: [15e21aa7d0c0c994cd565eeb96d13c20]
QtNetwork4.dll                              File Size: 909112    BYTES    FileVersion:  4.8.4.0        MD5: [d7588d42e29080c32a003bee465160d8]
unins000.dat                                File Size: 23164     BYTES    FileVersion:  N/A            MD5: [63800c5479235f0235a01cab105d1dc1]
unins000.exe                                File Size: 718037    BYTES    FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]

D:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

D:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                               File Size: 235882    BYTES    FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.exe                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.pif                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.scr                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
iexplore.exe                                File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.com                          File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.exe                          File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.pif                          File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.scr                          File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-killer.exe                             File Size: 1181496   BYTES    FileVersion:  N/A            MD5: [c6927fd8f7e9105b64db5d5a08b53731]
rundll32.exe                                File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
svchost.exe                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
windows.exe                                 File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
winlogon.exe                                File Size: 750392    BYTES    FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]

D:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                                   File Size: 32568     BYTES    FileVersion:  4.8.4.0        MD5: [e59f533c26c8375cd120b4791482217e]

D:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_bg.qm                                  File Size: 144048    BYTES    FileVersion:  N/A            MD5: [9ccb79999432d56b9843a3e2b2c90325]
lang_bs.qm                                  File Size: 145523    BYTES    FileVersion:  N/A            MD5: [6ab7a6274d4f9f7553c944f5c66201ba]
lang_ca.qm                                  File Size: 132254    BYTES    FileVersion:  N/A            MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]
lang_cs.qm                                  File Size: 141243    BYTES    FileVersion:  N/A            MD5: [6b8acee7f461fa69b83d2c45c3725427]
lang_da.qm                                  File Size: 130101    BYTES    FileVersion:  N/A            MD5: [8539796784746218b229419e99ab308d]
lang_de.qm                                  File Size: 149462    BYTES    FileVersion:  N/A            MD5: [fcd3bc376ad219396e8c7d3c87cd8864]
lang_el.qm                                  File Size: 149912    BYTES    FileVersion:  N/A            MD5: [74f13f95f63fe96c08e571598df052d6]
lang_en.qm                                  File Size: 115961    BYTES    FileVersion:  N/A            MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]
lang_es.qm                                  File Size: 130487    BYTES    FileVersion:  N/A            MD5: [33e1c6d40b841cc2e783ec8d8102e66f]
lang_et.qm                                  File Size: 138126    BYTES    FileVersion:  N/A            MD5: [aa215b5f37a72a69854c9163ac543b51]
lang_fi.qm                                  File Size: 144256    BYTES    FileVersion:  N/A            MD5: [18912c339939c3a6629004ec900f4fe4]
lang_fr.qm                                  File Size: 149253    BYTES    FileVersion:  N/A            MD5: [ec2bf2f431c4273f151b8c8a7b84c387]
lang_he.qm                                  File Size: 116101    BYTES    FileVersion:  N/A            MD5: [9e692744e77051c6ce14df32f9b71920]
lang_hr.qm                                  File Size: 139841    BYTES    FileVersion:  N/A            MD5: [3e3737fe86eb595c5f6817eebf731aa7]
lang_hu.qm                                  File Size: 145621    BYTES    FileVersion:  N/A            MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]
lang_id.qm                                  File Size: 143102    BYTES    FileVersion:  N/A            MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]
lang_it.qm                                  File Size: 146851    BYTES    FileVersion:  N/A            MD5: [7e7aea7d0b433d7e912ed9f0887684a7]
lang_ja.qm                                  File Size: 121282    BYTES    FileVersion:  N/A            MD5: [19ac79b7a5e05d665e417c2dd75afc94]
lang_ko.qm                                  File Size: 118033    BYTES    FileVersion:  N/A            MD5: [de213178c14490bf452ea45278d3442d]
lang_nl.qm                                  File Size: 146325    BYTES    FileVersion:  N/A            MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]
lang_no.qm                                  File Size: 142918    BYTES    FileVersion:  N/A            MD5: [4388c08217618af2e24173af6f5d3f97]
lang_pl.qm                                  File Size: 145434    BYTES    FileVersion:  N/A            MD5: [699700c889447d1f9b607c04f07fff67]
lang_pt_BR.qm                               File Size: 131739    BYTES    FileVersion:  N/A            MD5: [a3430222223d59da8ec6ea1edae5ee2f]
lang_pt_PT.qm                               File Size: 149128    BYTES    FileVersion:  N/A            MD5: [afdf1907af4c95f9af510d5fc1bb9067]
lang_ro.qm                                  File Size: 121166    BYTES    FileVersion:  N/A            MD5: [1672a2b3a9807a1497fe43824c0026c0]
lang_ru.qm                                  File Size: 122186    BYTES    FileVersion:  N/A            MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]
lang_sk.qm                                  File Size: 119827    BYTES    FileVersion:  N/A            MD5: [8b200d162e8028843e41aa1a927cfd84]
lang_sl.qm                                  File Size: 143191    BYTES    FileVersion:  N/A            MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]
lang_sr.qm                                  File Size: 143261    BYTES    FileVersion:  N/A            MD5: [377d15c0da0249f4a7a58978b6307d81]
lang_sv.qm                                  File Size: 142525    BYTES    FileVersion:  N/A            MD5: [2587ead21967296fefdd0ee0684fe8b4]
lang_tr.qm                                  File Size: 142194    BYTES    FileVersion:  N/A            MD5: [880fcbe97ec6f13ec094f7371b5b295f]
lang_vi.qm                                  File Size: 126874    BYTES    FileVersion:  N/A            MD5: [c61281786b5bfec68afc742a19f6abd9]
lang_zh_tr.qm                               File Size: 110870    BYTES    FileVersion:  N/A            MD5: [f223d83580b1ee35edea13293cb2c80d]

D:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                               File Size: 821560    BYTES    FileVersion:  1.1.0.1010     MD5: [3a4dcd021d9f3a5305a22e5e309da305]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                                 File Size: 314       BYTES    FileVersion:  N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]
cleanup.dll                                 File Size: 1675064   BYTES    FileVersion:  0.6.7.0        MD5: [5c7e53d7eabd1618afc1bd156a6fd064]
domains.ref                                 File Size: 38        BYTES    FileVersion:  N/A            MD5: [8c30b536b67543eb68e68b9640d4d498]
exclusions.dat                              File Size: 1427      BYTES    FileVersion:  N/A            MD5: [b2395d7683c74da6ee160418f42c244d]
ips.ref                                     File Size: 33        BYTES    FileVersion:  N/A            MD5: [8a1c580788ea8de3f32862c2c1cf373c]
mbam-setup.exe                              File Size: 17292760  BYTES    FileVersion:  2.0.2.1012     MD5: [e90bf9e1562f40140161573b79cd5720]
rules.ref                                   File Size: 8729970   BYTES    FileVersion:  N/A            MD5: [65b2b560a1fe221345a953abb7838445]
S-1-5-18-0-ntuser.dat                   S-1-5-18-0-ntuser.dat.LOG1              S-1-5-18-0-ntuser.dat.LOG2              S-1-5-18-0-ntuser.dat{78f3eeb8-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-18-0-ntuser.dat{78f3eeb8-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-18-0-ntuser.dat{78f3eeb8-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-19-0-ntuser.dat                   S-1-5-19-0-ntuser.dat.LOG1              S-1-5-19-0-ntuser.dat.LOG2              S-1-5-19-0-ntuser.dat{78f3eebe-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-19-0-ntuser.dat{78f3eebe-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-19-0-ntuser.dat{78f3eebe-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-20-0-ntuser.dat                   S-1-5-20-0-ntuser.dat.LOG1              S-1-5-20-0-ntuser.dat.LOG2              S-1-5-20-0-ntuser.dat{78f3eec4-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-20-0-ntuser.dat{78f3eec4-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-20-0-ntuser.dat{78f3eec4-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.datS-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat.LOG1S-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat.LOG2S-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat{78f3eeca-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat{78f3eeca-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-21-868819068-3257824110-3933167620-1000-0-ntuser.dat{78f3eeca-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.datS-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat.LOG1S-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat.LOG2S-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat{78f3eed0-0567-11e4-85f0-485b39029e95}.TM.blfS-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat{78f3eed0-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000001.regtrans-msS-1-5-21-868819068-3257824110-3933167620-1003-0-ntuser.dat{78f3eed0-0567-11e4-85f0-485b39029e95}.TMContainer00000000000000000002.regtrans-msS-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.datS-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat.LOG1S-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat.LOG2S-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blfS-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-msS-1-5-21-868819068-3257824110-3933167620-500-0-ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-msswissarmy.ref                               File Size: 21891     BYTES    FileVersion:  N/A            MD5: [6213d4017bb6dc68b54e98dddd8ab5d5]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                                  File Size: 4491      BYTES    FileVersion:  N/A            MD5: [4b1f75d72332c074964e923d01882222]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 23        BYTES    FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                               File Size: 2126      BYTES    FileVersion:  N/A            MD5: [c0b22c1280da6ac3125c1a11224d0406]
marketing.conf                              File Size: 1434      BYTES    FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                    File Size: 6101      BYTES    FileVersion:  N/A            MD5: [a96d1151fca43863d0017b0811398287]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                               File Size: 2052      BYTES    FileVersion:  N/A            MD5: [a927c25886c6b0ec226fdd40c70bbeda]
statistics.conf                             File Size: 173       BYTES    FileVersion:  N/A            MD5: [e3bd8244795f13c8552c7490f79f252a]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-04-08 (16-52-22).xml          File Size: 2468      BYTES    FileVersion:  N/A            MD5: [53ce99e2c791e8bd9f93e81f9a22e38c]
mbam-log-2014-04-19 (04-09-40).xml          File Size: 2468      BYTES    FileVersion:  N/A            MD5: [b15062ec1cc30eda6cb1ef92f685e5af]
mbam-log-2014-05-02 (04-36-48).xml          File Size: 2820      BYTES    FileVersion:  N/A            MD5: [4193022ee1ff95cb6be57a582373f416]
mbam-log-2014-05-02 (04-40-44).xml          File Size: 2462      BYTES    FileVersion:  N/A            MD5: [30fd7aa8972731ccba974c45a1335b30]
mbam-log-2014-07-06 (07-37-49).xml          File Size: 2492      BYTES    FileVersion:  N/A            MD5: [c716fd0bf0c86f917aed82130584d8e0]
mbam-log-2014-07-06 (19-08-28).xml          File Size: 2480      BYTES    FileVersion:  N/A            MD5: [efb69602943cc9affe46140f9717dea8]
mbam-log-2014-07-06 (19-09-18).xml          File Size: 2492      BYTES    FileVersion:  N/A            MD5: [6e8a3a8cacf561934a86728c3939db28]
protection-log-2014-04-08.xml               File Size: 654       BYTES    FileVersion:  N/A            MD5: [8cd8740eb92d98f68ba2114ed3451632]
protection-log-2014-04-19.xml               File Size: 356       BYTES    FileVersion:  N/A            MD5: [632d68e1585002e3d997e2dc7e4f53c3]
protection-log-2014-07-06.xml               File Size: 2429      BYTES    FileVersion:  N/A            MD5: [f241145bd17c525822f157bcf2d8efd3]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0368574352.data                             File Size: 705       BYTES    FileVersion:  N/A            MD5: [a7c6c70cc0f30f420a4a1d0554489a09]
0368574352.quar                             File Size: 903256    BYTES    FileVersion:  N/A            MD5: [4c071d75ecee5036aa667dbf06521c41]

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
===============================================================
END OF FILE
 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

I notice in your logs that you're running TrueCrypt encryption.

 

Are you scanning a non OS drive that is encrypted or a mounted file volume that is encrypted ?

 

We are currently performing more testing for these scenarios as there may be an issue with them. When scanning the main OS drive if encrypted using TrueCrypt it should work without an issue but other non OS drives seem to be causing an issue at this time.

Link to post
Share on other sites
dwolf

dwolf

Posted
  • Author
Posted

Hello Mr. Lewis.

 

I'm not exactly sure what you mean by "OS" or "non OS" drive. I have only four files that I encrypted using Truecrypt. They are archives of backup files that have been scanned many times with MBAM and other products before they were encrypted. None of the files was mounted while MBAM threw the APPCRASH errors. I have no fully encrypted drives of any kind.

 

All four of the .TC (encrypted) files are on the E drive. I just now updated the virus definitions, and did another custom scan using MBAM v2.0.2.1012 on just the C and D drives (which don't contain any Truecrypt encrypted files). The full scan on the C and D drives ran to completion in a little over 6 hours. See the log below.

 

I am now running a custom scan on just the E drive. I'll post that log later. If the .TC files cause APPCRASH, I'll just delete those four files. I've heard that Truecrypt has been taken down because of possible security problems. The backups are pretty old, and I can use WinRAR to create new password-protected archives for the backups.

 

Thank you for your help.

 

DW

 

 

Custom scan on C and D drives only:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 07/09/2014
Scan Time: 11:28:13 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.09.13
Rootkit Database: v2014.07.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RAS

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 937093
Time Elapsed: 6 hr, 8 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.ToolBarInstaller.A, D:\Desk i7\cpu-z_1.62-setup-en.exe, Quarantined, [8bf6b8e5abd00234411eee7afa0a9f61],
PUP.Optional.Spigot.A, D:\Desk i7\SFInstaller_SFFZ_filezilla_8992693_.exe, Quarantined, [f78af3aadaa1122470193af1000143bd],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Yes, that is what I mean. The OS drive is the drive that Windows is installed on typically the C: drive.

 

As you show with the rootkit scanning disabled the program completes the scan.

 

Rootkits: Disabled

 

You can scan the C: drive with it as long as there are no encrypted files but for the other drives you'll need to keep the rootkit scanner disabled until we're able to resolve the issue.

 

Thanks

Link to post
Share on other sites
dwolf

dwolf

Posted
  • Author
Posted

Hi Mr. Lewis,

 

Here (below) is the log showing the custom scan of the entire E drive. It ran to completion without any APPCRASH even though I didn't alter the four files that had been encrypted using Truecrypt. They are still on the E drive exactly as in the original scan that failed.

 

In two separate runs, I have successfully scanned all three drives on my entire PC (C and D together, and E separately). Next, I will try to do a custom scan again as I did originally on all three drives at once.

 

It's unclear to me why the original run threw the APPCRASH. Both subsequent runs detected some PUPs which were quarantined and manually deleted, however, I'd be surprised if the detection of PUPs could cause the APPCRASH error.

 

Thank you for your help.

 

DW

 

Custom scan on drive E only:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 07/10/2014
Scan Time: 7:04:42 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.10.02
Rootkit Database: v2014.07.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RAS

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 553948
Time Elapsed: 1 hr, 32 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.ToolBarInstaller.A, E:\i7 Backup\Desk i7\cpu-z_1.62-setup-en.exe, Quarantined, [4a90e9b43645cf67556a0266ca3ac63a],
PUP.Optional.Spigot.A, E:\i7 Backup\Desk i7\SFInstaller_SFFZ_filezilla_8992693_.exe, Quarantined, [5288f4a9bbc06ccabadf74b75fa2c937],
PUP.Optional.ToolBarInstaller.A, E:\i7 Backup 2014-04-26\Desk i7\cpu-z_1.62-setup-en.exe, Quarantined, [5e7c17868bf0b284f0cf056354b06c94],
PUP.Optional.Spigot.A, E:\i7 Backup 2014-04-26\Desk i7\SFInstaller_SFFZ_filezilla_8992693_.exe, Quarantined, [7664138a3c3f979f594072b920e18c74],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
dwolf

dwolf

Posted
  • Author
Posted

Hi Mr. Lewis,

 

You can scan the C: drive with it as long as there are no encrypted files but for the other drives you'll need to keep the rootkit scanner disabled until we're able to resolve the issue.

 

I didn't see your Post #5 until after I sent my Post #6.

 

I'll visit the MBAM site from time to time to see whether the rootkit issue is resolved. Since you have fully addressed my initial concern, I consider this topic to have been fully resolved. Unless you have further comments for me, you would be justified in closing this topic.

 

Many thanks for your quick help.

 

DW.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept