Jump to content

mbamchameleon caused BSOD


Recommended Posts

So anyways as the title says, I received a BSOD and then ever since then I cannot open Malwarebytes premium, as it says there's an error in the program.  Furthermore just prior to, Malwarebytes had had real-time protection turned off, not by me, so I don't know how that had happened.  Anyways, below are the FRST logs.  Thank you for your help!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Band-Aid (administrator) on JARRETT-PC on 13-07-2014 00:52:56
Running from C:\Users\Band-Aid\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe
() C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe
() C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
() C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Inc.) C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Team MediaPortal) C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TvService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Control Center] => C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe [544256 2009-05-21] ()
HKLM-x32\...\Run: [ASUSGamerOSD] => C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe [380928 2009-07-30] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSPanel.exe [740192 2012-01-17] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-x32\...\Run: [bingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [HDD Regenerator] => C:\Program Files (x86)\HDD Regenerator\Shell.exe [90336 2013-05-08] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-610881578-2129090853-3827563535-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Jarrett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Band-Aid\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Jarrett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Jawbone Updater.lnk
ShortcutTarget: Launch Jawbone Updater.lnk -> C:\Program Files (x86)\Jawbone\LaunchJU.exe ()
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.130.270\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.130.270\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.130.270\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk *  BootDefrag.exe
 
==================== Internet (Whitelisted) ====================
 
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {EEBF14AE-78C0-4ed0-BFF7-6C2EA5FA9B6A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: BHOImpl Class - {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Jarrett\Documents\iTools\Plugin\iToolsBHO64.dll (iTools.hk)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: BHOImpl Class - {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Jarrett\Documents\iTools\Plugin\iToolsBHO.dll (iTools.hk)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @itools.hk/npiTools, version=1.0.0 - C:\Users\Jarrett\Documents\iTools\Plugin\npiTools.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 - C:\Users\Jarrett\Documents\iTools\Plugin\npiTools.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Band-Aid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-13]
CHR Extension: (Google Drive) - C:\Users\Band-Aid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Band-Aid\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-13]
CHR Extension: (YouTube) - C:\Users\Band-Aid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-13]
CHR Extension: (Google Search) - C:\Users\Band-Aid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-13]
CHR Extension: (Google Wallet) - C:\Users\Band-Aid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13]
CHR Extension: (Gmail) - C:\Users\Band-Aid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-13]
CHR HKLM-x32\...\Chrome\Extension: [njkabemaclegobhlmddfbeppebolhaol] - C:\Users\Jarrett\AppData\Local\CRE\njkabemaclegobhlmddfbeppebolhaol.crx [2013-08-20]
 
==================== Services (Whitelisted) =================
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-14] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] () [File not signed]
R2 ASWLCCSvc; C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe [172032 2009-05-21] () [File not signed]
S2 ATKFUSService; C:\Windows\system32\ATKFUSService.exe [63488 2009-12-01] (ASUSTeK COMPUTER INC.) [File not signed]
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe [51016 2014-06-26] (Google Inc.)
R2 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 hddrsrv; C:\Program Files (x86)\HDD Regenerator\hrsrv.exe [82144 2013-05-08] ()
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] () [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 TVService; C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe [212992 2012-04-10] (Team MediaPortal) [File not signed]
S2 NPVR Recording Service; "C:\Program Files (x86)\NPVR\NRecord.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 Angel; C:\Windows\System32\DRIVERS\Angel.sys [404352 2009-06-10] (Lumanate, Inc.)
S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver2.sys [57512 2012-09-24] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-06] ()
R3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
R3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [39424 2009-02-17] (ASUSTeK Computer Inc.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-04-13] (Glarysoft Ltd)
R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2012-10-04] (ASUSTeK Computer Inc.)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-07-13] ()
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-08-30] (http://libusb-win32.sourceforge.net)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PCASp50; C:\Windows\SysWOW64\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Moo0\SystemMonitor 1.65\WinRing0x64.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 342156AF1FED5ED3A5D3FBB3D87F48E8
C:\Windows\System32\DRIVERS\atikmpag.sys 9DCA2AFEABF1D109FB2C229491C9F293
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdsata.sys 53D8D46D51D390ABDB54ECA623165CB7
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys 75C51148154E34EB3D7BB84749A758D5
C:\Windows\System32\DRIVERS\Angel.sys 5D10231FD068986CD29705ADDBD6200A
C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys B934322C68C30DCECA96C0274A51F7B0
C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver2.sys A2A2ADE3F62F9CE2BE657CFFAD7C0C18
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87
C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys 1FDE3302A17928B999E6BBA6D346F7DB
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AppleCharger.sys 43F86AE638618EEC90460F2238B7B1DD
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\drivers\asusgsb.sys A4398A8914C32F18EC2AB562CBA3CAAF
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys C22D4905DDDF73EB0349D3B0604234A2
C:\Windows\System32\drivers\AtiHdmi.sys FB7602C5C508BE281368AAE0B61B51C6
C:\Windows\System32\DRIVERS\atikmdag.sys 342156AF1FED5ED3A5D3FBB3D87F48E8
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\System32\drivers\ATKDispLowFilter.sys FB4187C282CB467E5E606913A1FA79A3
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\drivers\BootDefragDriver.sys 369D7E0E01117A1A4A23C9C6A04EED06
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys C6E1C081C0849E08FECEC18DF73B10C4
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\EIO64.sys 343ADA10D948DB29251F2D9C809AF204
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\etdrv.sys 84486624268E078255BC7AA47F0960BC
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\gdrv.sys 7907E14F9BCF3A4689C9A74A1A873CB6
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\GVTDrv64.sys 8126331FBD4ED29EB3B356F9C905064D
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 7A93DBF7DD86A28C0B941F4D39B85A0E
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\IOMap64.sys A01C412699B6F21645B2885C2BAE4454
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\jraid.sys 1C368C1A2733DCC5B8E15420AA2B0F6D
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\libusb0.sys C7D21310EA0A644AA6394DE1E46E3D31
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamchameleon.sys 9D9ED48F841EA37AA5310D54B9E5D3C7
C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60
C:\Windows\system32\drivers\MBAMSwissArmy.sys 8A50D5304E6AE48664CF5838EC32F647
C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD
C:\Windows\System32\DRIVERS\mcdbus.sys 79D51E7F5926E8CE1B3EBECEBAE28CFF
C:\Windows\SysWOW64\DRIVERS\mcdbus.sys 79D51E7F5926E8CE1B3EBECEBAE28CFF
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 9EB89625A82AC961F25E7C865947BF9A
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
\??\C:\Windows\system32\drivers\ 
\??\C:\Windows\SysWOW64\drivers\ 
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys 8CE69B2C4934A1C0321F4C8E9C6C4A41
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys C3E0696C3B42F694C5822776AA6FFFDF
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys 10694A19236A6355741914C3737CF3A5
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 785298579B5F9B4032152DFBB992FDB6
C:\Windows\System32\DRIVERS\nusb3xhc.sys DF2750481B4964814467C974F2B0EEF1
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\Drivers\PCASp50.sys 6AE2D4CC74B93D4892F5A5BAFA34F834
C:\Windows\SysWOW64\Drivers\PCASp50.sys 6AE2D4CC74B93D4892F5A5BAFA34F834
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys 520D48ECB54A33821C95EE496A4235AF
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf.sys FB46E9A827A8799EBD7BFA9128C91F37
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RtHDMIVX.sys D6D381B76056C668679723938F06F16C
C:\Windows\System32\DRIVERS\Rt64win7.sys 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\VirtualAudio1.sys ADD2FE1A9F4EE41A6D724819550D4E1F
C:\Windows\System32\drivers\VirtualAudio2.sys ADD2FE1A9F4EE41A6D724819550D4E1F
C:\Windows\System32\drivers\VirtualAudio3.sys ADD2FE1A9F4EE41A6D724819550D4E1F
C:\Windows\System32\drivers\VirtualAudio4.sys ADD2FE1A9F4EE41A6D724819550D4E1F
C:\Windows\System32\drivers\VirtualAudio5.sys ADD2FE1A9F4EE41A6D724819550D4E1F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-13 00:45 - 2014-07-13 00:45 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Band-Aid\Downloads\rkill.exe
2014-07-13 00:45 - 2014-07-13 00:45 - 00002760 _____ () C:\Users\Band-Aid\Desktop\Rkill.txt
2014-07-13 00:44 - 2014-07-13 00:44 - 00000310 _____ () C:\Windows\PFRO.log
2014-07-13 00:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-13 00:40 - 2014-07-13 00:43 - 00000000 ____D () C:\AdwCleaner
2014-07-13 00:40 - 2014-07-13 00:40 - 01348263 _____ () C:\Users\Band-Aid\Downloads\AdwCleaner.exe
2014-07-13 00:32 - 2014-07-13 00:32 - 00054950 _____ () C:\Users\Band-Aid\Downloads\Addition.txt
2014-07-13 00:31 - 2014-07-13 00:53 - 00040701 _____ () C:\Users\Band-Aid\Downloads\FRST.txt
2014-07-13 00:31 - 2014-07-13 00:52 - 00000000 ____D () C:\FRST
2014-07-13 00:31 - 2014-07-13 00:31 - 02084864 _____ (Farbar) C:\Users\Band-Aid\Desktop\FRST64.exe
2014-07-13 00:27 - 2014-07-13 00:27 - 00000000 ____D () C:\Users\Band-Aid\AppData\Roaming\ASUS WebStorage
2014-07-13 00:26 - 2014-07-13 00:27 - 00002257 _____ () C:\Users\Band-Aid\Desktop\Google Chrome.lnk
2014-07-13 00:26 - 2014-07-13 00:26 - 00110496 _____ () C:\Users\Band-Aid\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-13 00:26 - 2014-07-13 00:26 - 00001413 _____ () C:\Users\Band-Aid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\Documents\ASUS
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Roaming\ATI
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Roaming\Adobe
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Local\Google
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Local\ATI
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Local\AMD
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Local\Adobe
2014-07-13 00:25 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Roaming\Apple Computer
2014-07-13 00:25 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid
2014-07-13 00:25 - 2014-07-13 00:25 - 00276368 _____ () C:\Windows\Minidump\071314-11466-01.dmp
2014-07-13 00:25 - 2014-07-13 00:25 - 00000020 ___SH () C:\Users\Band-Aid\ntuser.ini
2014-07-13 00:25 - 2014-07-13 00:25 - 00000000 ____D () C:\Users\Band-Aid\AppData\Local\VirtualStore
2014-07-13 00:25 - 2013-08-03 11:32 - 00000000 ____D () C:\Users\Band-Aid\AppData\Local\Apple Computer
2014-07-13 00:25 - 2012-12-20 03:03 - 00000000 ____D () C:\Users\Band-Aid\AppData\Roaming\Macromedia
2014-07-13 00:25 - 2012-08-29 20:56 - 00000000 ____D () C:\Users\Band-Aid\AppData\Local\Microsoft Help
2014-07-13 00:25 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Band-Aid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-13 00:25 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Band-Aid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-12 22:48 - 2014-07-13 00:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-10 14:57 - 2014-07-10 14:57 - 00000000 __SHD () C:\Users\Home\AppData\Local\EmieUserList
2014-07-10 14:57 - 2014-07-10 14:57 - 00000000 __SHD () C:\Users\Home\AppData\Local\EmieSiteList
2014-07-08 21:05 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 21:04 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 21:04 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 21:04 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 21:04 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 21:04 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 21:04 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 21:04 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 21:04 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 21:04 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 21:04 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 21:04 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 21:04 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 21:04 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 21:04 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 21:04 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 21:04 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 21:04 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 21:04 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 21:04 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 21:04 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 21:04 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 21:04 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 21:04 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 21:04 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 21:04 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 21:04 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 21:04 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 21:04 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 21:04 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 21:04 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 21:04 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 21:04 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 21:04 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 21:04 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 21:04 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 21:04 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 21:04 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 21:04 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 21:04 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 21:04 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 21:04 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 21:04 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 21:04 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 21:04 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 21:04 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 21:04 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 21:04 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 21:04 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 21:04 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 21:04 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 21:04 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 21:04 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 21:04 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 21:04 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 21:04 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 21:04 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 21:04 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 21:04 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 21:04 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 21:04 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 21:04 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 21:04 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 21:04 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 21:04 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 21:04 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 21:04 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 21:04 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 21:04 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 21:04 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 21:04 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 21:04 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 21:04 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 21:04 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 21:04 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 21:04 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 21:04 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 21:04 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 21:04 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-06 19:43 - 2014-07-06 19:43 - 00000000 ____D () C:\Users\Jarrett\AppData\Local\Entrust
2014-07-06 19:42 - 2014-07-06 19:42 - 00001308 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Entrust IdentityGuard Soft Token.lnk
2014-07-06 19:42 - 2014-07-06 19:42 - 00000000 ____D () C:\Program Files (x86)\Entrust
2014-06-23 18:02 - 2014-07-13 00:44 - 00001120 _____ () C:\Windows\setupact.log
2014-06-23 18:02 - 2014-06-23 18:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-21 22:32 - 2014-06-21 22:32 - 00000000 ____D () C:\ProgramData\ATI
2014-06-21 22:31 - 2014-07-13 00:19 - 00000000 ____D () C:\Users\Jarrett\AppData\Roaming\Raptr
2014-06-21 22:31 - 2014-07-02 20:46 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-21 22:31 - 2014-06-21 22:31 - 00000000 ____D () C:\Users\Jarrett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-06-21 22:31 - 2014-06-21 22:31 - 00000000 ____D () C:\Users\Jarrett\AppData\Roaming\library_dir
2014-06-21 22:30 - 2014-06-21 22:30 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201406212230494568.log
2014-06-21 22:30 - 2014-06-21 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-06-21 22:30 - 2014-06-21 22:30 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-21 22:29 - 2014-06-21 22:29 - 00000000 ____D () C:\Program Files\AMD
2014-06-21 22:28 - 2014-04-17 22:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-06-21 22:28 - 2014-04-17 22:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-06-21 22:28 - 2014-04-17 22:43 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-06-21 22:28 - 2014-04-17 22:43 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-06-21 22:28 - 2014-04-17 22:42 - 08866928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-06-21 22:28 - 2014-04-17 22:42 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-06-21 22:28 - 2014-04-17 22:39 - 00274656 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-06-21 22:28 - 2014-04-17 22:36 - 15376384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-06-21 22:28 - 2014-04-17 22:23 - 00231424 _____ () C:\Windows\system32\clinfo.exe
2014-06-21 22:28 - 2014-04-17 22:22 - 28685824 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-06-21 22:28 - 2014-04-17 22:22 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2014-06-21 22:28 - 2014-04-17 22:22 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2014-06-21 22:28 - 2014-04-17 22:22 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2014-06-21 22:28 - 2014-04-17 22:22 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2014-06-21 22:28 - 2014-04-17 22:22 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-06-21 22:28 - 2014-04-17 22:22 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-06-21 22:28 - 2014-04-17 22:22 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-06-21 22:28 - 2014-04-17 22:22 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-06-21 22:28 - 2014-04-17 22:19 - 24107520 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-06-21 22:28 - 2014-04-17 22:17 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-06-21 22:28 - 2014-04-17 22:17 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-06-21 22:28 - 2014-04-17 22:13 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-06-21 22:28 - 2014-04-17 22:13 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-06-21 22:28 - 2014-04-17 22:12 - 27907584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-06-21 22:28 - 2014-04-17 22:12 - 05442048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-06-21 22:28 - 2014-04-17 21:58 - 04358656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-06-21 22:28 - 2014-04-17 21:51 - 23409152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-06-21 22:28 - 2014-04-17 21:46 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-06-21 22:28 - 2014-04-17 21:46 - 00580816 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-06-21 22:28 - 2014-04-17 21:46 - 00580816 _____ () C:\Windows\system32\atiapfxx.blb
2014-06-21 22:28 - 2014-04-17 21:46 - 00368128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-06-21 22:28 - 2014-04-17 21:46 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-06-21 22:28 - 2014-04-17 21:46 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-06-21 22:28 - 2014-04-17 21:46 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-06-21 22:28 - 2014-04-17 21:46 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-06-21 22:28 - 2014-04-17 21:45 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-06-21 22:28 - 2014-04-17 21:45 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-06-21 22:28 - 2014-04-17 21:42 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-06-21 22:28 - 2014-04-17 21:33 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-06-21 22:28 - 2014-04-17 21:33 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-06-21 22:28 - 2014-04-17 21:30 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-06-21 22:28 - 2014-04-17 21:29 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-06-21 22:28 - 2014-04-17 21:29 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-06-21 22:28 - 2014-04-17 21:28 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-06-21 22:28 - 2014-04-17 21:28 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-06-21 22:28 - 2014-04-17 21:21 - 00806912 _____ (AMD) C:\Windows\system32\coinst_14.100.dll
2014-06-21 22:28 - 2014-04-17 21:17 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-06-21 22:28 - 2014-04-17 21:07 - 00638976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-06-21 22:28 - 2014-04-17 21:07 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-06-21 22:28 - 2014-04-17 21:07 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-06-21 22:28 - 2014-04-17 21:07 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-06-21 22:28 - 2014-04-17 21:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-06-21 22:28 - 2014-04-17 21:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-06-21 22:28 - 2014-04-17 21:04 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-06-21 22:28 - 2014-04-10 13:58 - 00082128 _____ () C:\Windows\system32\ativce02.dat
2014-06-21 22:28 - 2014-03-31 18:06 - 00234804 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-06-21 22:28 - 2014-03-31 18:04 - 00233008 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-06-21 22:28 - 2014-02-06 11:45 - 00134192 _____ () C:\Windows\system32\ativce03.dat
2014-06-21 22:28 - 2014-01-16 13:00 - 00273712 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2014-06-21 22:28 - 2014-01-16 12:59 - 00275124 _____ () C:\Windows\system32\ativvaxy_vi.dat
2014-06-21 22:28 - 2014-01-16 04:34 - 00723841 _____ () C:\Windows\system32\atiicdxx.dat
2014-06-21 22:28 - 2013-12-19 12:45 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-06-21 22:28 - 2013-12-19 12:44 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-06-21 22:16 - 2014-06-21 22:16 - 00000000 ____D () C:\Users\Jarrett\AppData\Local\Adobe
2014-06-21 02:04 - 2014-06-21 02:04 - 00000668 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-06-21 01:50 - 2014-06-21 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-06-21 01:48 - 2014-07-10 20:01 - 00000000 ____D () C:\Users\Jarrett\AppData\Local\Battle.net
2014-06-21 01:48 - 2014-06-21 01:50 - 00000000 ____D () C:\Users\Jarrett\AppData\Roaming\Battle.net
2014-06-21 01:48 - 2014-06-21 01:48 - 00000000 ____D () C:\Users\Jarrett\AppData\Local\Blizzard Entertainment
2014-06-21 01:47 - 2014-07-10 19:53 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-21 01:47 - 2014-06-21 01:47 - 00001156 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-06-21 01:47 - 2014-06-21 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-06-18 20:52 - 2014-07-13 00:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 20:51 - 2014-06-18 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-18 20:51 - 2014-06-18 20:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-18 20:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 20:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
 
==================== One Month Modified Files and Folders =======
 
2014-07-13 00:53 - 2014-07-13 00:31 - 00040701 _____ () C:\Users\Band-Aid\Downloads\FRST.txt
2014-07-13 00:52 - 2014-07-13 00:31 - 00000000 ____D () C:\FRST
2014-07-13 00:51 - 2009-07-14 00:45 - 00036432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-13 00:51 - 2009-07-14 00:45 - 00036432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-13 00:49 - 2009-07-14 01:13 - 00802510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-13 00:47 - 2013-11-17 22:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-13 00:47 - 2012-08-28 23:47 - 01286177 _____ () C:\Windows\WindowsUpdate.log
2014-07-13 00:45 - 2014-07-13 00:45 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Band-Aid\Downloads\rkill.exe
2014-07-13 00:45 - 2014-07-13 00:45 - 00002760 _____ () C:\Users\Band-Aid\Desktop\Rkill.txt
2014-07-13 00:44 - 2014-07-13 00:44 - 00000310 _____ () C:\Windows\PFRO.log
2014-07-13 00:44 - 2014-06-23 18:02 - 00001120 _____ () C:\Windows\setupact.log
2014-07-13 00:44 - 2014-05-12 08:05 - 00000336 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-07-13 00:44 - 2012-12-12 13:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 00:44 - 2012-08-28 23:04 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-13 00:44 - 2012-08-26 15:12 - 00000144 _____ () C:\service.log
2014-07-13 00:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 00:43 - 2014-07-13 00:40 - 00000000 ____D () C:\AdwCleaner
2014-07-13 00:40 - 2014-07-13 00:40 - 01348263 _____ () C:\Users\Band-Aid\Downloads\AdwCleaner.exe
2014-07-13 00:32 - 2014-07-13 00:32 - 00054950 _____ () C:\Users\Band-Aid\Downloads\Addition.txt
2014-07-13 00:31 - 2014-07-13 00:31 - 02084864 _____ (Farbar) C:\Users\Band-Aid\Desktop\FRST64.exe
2014-07-13 00:27 - 2014-07-13 00:27 - 00000000 ____D () C:\Users\Band-Aid\AppData\Roaming\ASUS WebStorage
2014-07-13 00:27 - 2014-07-13 00:26 - 00002257 _____ () C:\Users\Band-Aid\Desktop\Google Chrome.lnk
2014-07-13 00:26 - 2014-07-13 00:26 - 00110496 _____ () C:\Users\Band-Aid\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-13 00:26 - 2014-07-13 00:26 - 00001413 _____ () C:\Users\Band-Aid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\Documents\ASUS
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Roaming\ATI
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Roaming\Adobe
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Local\Google
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Local\ATI
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Local\AMD
2014-07-13 00:26 - 2014-07-13 00:26 - 00000000 ____D () C:\Users\Band-Aid\AppData\Local\Adobe
2014-07-13 00:26 - 2014-07-13 00:25 - 00000000 ____D () C:\Users\Band-Aid\AppData\Roaming\Apple Computer
2014-07-13 00:26 - 2014-07-13 00:25 - 00000000 ____D () C:\Users\Band-Aid
2014-07-13 00:26 - 2014-02-23 18:14 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-07-13 00:26 - 2012-10-04 18:38 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-07-13 00:25 - 2014-07-13 00:25 - 00276368 _____ () C:\Windows\Minidump\071314-11466-01.dmp
2014-07-13 00:25 - 2014-07-13 00:25 - 00000020 ___SH () C:\Users\Band-Aid\ntuser.ini
2014-07-13 00:25 - 2014-07-13 00:25 - 00000000 ____D () C:\Users\Band-Aid\AppData\Local\VirtualStore
2014-07-13 00:25 - 2012-10-04 19:38 - 00000000 ____D () C:\Windows\Minidump
2014-07-13 00:19 - 2014-06-21 22:31 - 00000000 ____D () C:\Users\Jarrett\AppData\Roaming\Raptr
2014-07-13 00:19 - 2014-06-18 20:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-13 00:19 - 2014-05-12 08:05 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-07-13 00:19 - 2014-04-30 07:44 - 00000000 ____D () C:\Users\Jarrett\AppData\Roaming\DropboxMaster
2014-07-13 00:19 - 2014-01-14 10:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-13 00:19 - 2012-08-28 23:21 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-07-13 00:19 - 2012-08-28 22:25 - 00000000 ___RD () C:\Users\Jarrett\Dropbox
2014-07-13 00:19 - 2012-08-28 22:23 - 00000000 ____D () C:\Users\Jarrett\AppData\Roaming\Dropbox
2014-07-13 00:17 - 2014-07-12 22:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-11 22:07 - 2012-08-30 19:53 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-610881578-2129090853-3827563535-1000UA.job
2014-07-11 21:18 - 2012-12-12 13:56 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 20:01 - 2014-06-21 01:48 - 00000000 ____D () C:\Users\Jarrett\AppData\Local\Battle.net
2014-07-10 19:53 - 2014-06-21 01:47 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-10 17:07 - 2012-08-30 19:53 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-610881578-2129090853-3827563535-1000Core.job
2014-07-10 15:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 15:18 - 2012-12-12 13:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 14:57 - 2014-07-10 14:57 - 00000000 __SHD () C:\Users\Home\AppData\Local\EmieUserList
2014-07-10 14:57 - 2014-07-10 14:57 - 00000000 __SHD () C:\Users\Home\AppData\Local\EmieSiteList
2014-07-10 14:56 - 2009-07-14 00:45 - 00414496 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 21:21 - 2009-07-14 03:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 21:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 21:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 17:05 - 2013-08-05 16:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 17:05 - 2012-08-28 22:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 17:03 - 2012-08-31 18:23 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 19:47 - 2013-11-17 22:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 19:47 - 2012-08-28 21:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 19:47 - 2012-08-28 21:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-06 19:43 - 2014-07-06 19:43 - 00000000 ____D () C:\Users\Jarrett\AppData\Local\Entrust
2014-07-06 19:42 - 2014-07-06 19:42 - 00001308 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Entrust IdentityGuard Soft Token.lnk
2014-07-06 19:42 - 2014-07-06 19:42 - 00000000 ____D () C:\Program Files (x86)\Entrust
2014-07-02 20:46 - 2014-06-21 22:31 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-23 18:02 - 2014-06-23 18:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-23 10:00 - 2014-05-12 08:06 - 00000416 _____ () C:\Windows\Tasks\GlaryOneClickOptimizer 4.job
2014-06-22 09:07 - 2012-09-14 13:57 - 00000000 ____D () C:\Users\Jarrett\Documents\Diablo III
2014-06-21 22:32 - 2014-06-21 22:32 - 00000000 ____D () C:\ProgramData\ATI
2014-06-21 22:31 - 2014-06-21 22:31 - 00000000 ____D () C:\Users\Jarrett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-06-21 22:31 - 2014-06-21 22:31 - 00000000 ____D () C:\Users\Jarrett\AppData\Roaming\library_dir
2014-06-21 22:30 - 2014-06-21 22:30 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201406212230494568.log
2014-06-21 22:30 - 2014-06-21 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-06-21 22:30 - 2014-06-21 22:30 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-21 22:30 - 2012-10-04 18:12 - 00000000 ____D () C:\ProgramData\AMD
2014-06-21 22:30 - 2012-08-28 21:00 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-21 22:29 - 2014-06-21 22:29 - 00000000 ____D () C:\Program Files\AMD
2014-06-21 22:29 - 2012-12-09 21:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-21 22:16 - 2014-06-21 22:16 - 00000000 ____D () C:\Users\Jarrett\AppData\Local\Adobe
2014-06-21 22:12 - 2012-08-28 22:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-21 02:04 - 2014-06-21 02:04 - 00000668 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-06-21 02:04 - 2014-06-21 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-06-21 01:50 - 2014-06-21 01:48 - 00000000 ____D () C:\Users\Jarrett\AppData\Roaming\Battle.net
2014-06-21 01:48 - 2014-06-21 01:48 - 00000000 ____D () C:\Users\Jarrett\AppData\Local\Blizzard Entertainment
2014-06-21 01:47 - 2014-06-21 01:47 - 00001156 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-06-21 01:47 - 2014-06-21 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-06-20 16:14 - 2014-07-08 21:04 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-08 21:04 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 17:02 - 2012-08-30 19:53 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-610881578-2129090853-3827563535-1000UA
2014-06-19 17:02 - 2012-08-30 19:53 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-610881578-2129090853-3827563535-1000Core
2014-06-18 21:39 - 2014-07-08 21:04 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-08 21:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-08 21:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 20:51 - 2014-06-18 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-18 20:51 - 2014-06-18 20:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-18 20:51 - 2012-08-28 21:18 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-18 20:51 - 2012-08-28 21:18 - 00000000 ____D () C:\Users\Jarrett\AppData\Roaming\Malwarebytes
2014-06-18 20:51 - 2012-08-28 21:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 20:48 - 2014-07-08 21:04 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-08 21:04 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-08 21:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-08 21:04 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-08 21:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-08 21:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-08 21:04 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-08 21:04 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-08 21:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-08 21:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-08 21:04 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-08 21:04 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-08 21:04 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:13 - 2012-12-12 13:56 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 20:13 - 2012-12-12 13:56 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 20:09 - 2014-07-08 21:04 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-08 21:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-08 21:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-08 21:04 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-08 21:04 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-08 21:04 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-08 21:04 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-08 21:04 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-08 21:04 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-08 21:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-08 21:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-08 21:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-08 21:04 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-08 21:04 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-08 21:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-08 21:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-08 21:04 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-08 21:04 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-08 21:04 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-08 21:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-08 21:04 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-08 21:04 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-08 21:04 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-08 21:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-08 21:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-08 21:04 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-08 21:04 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-08 21:04 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-08 21:04 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-08 21:04 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-08 21:04 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-08 21:04 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-08 21:04 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-08 21:04 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-08 21:04 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-08 21:04 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-08 21:04 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-08 21:04 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 22:18 - 2014-07-08 21:04 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-08 21:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-08 21:05 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
Some content of TEMP:
====================
C:\Users\Band-Aid\AppData\Local\Temp\Quarantine.exe
C:\Users\Jarrett\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqi1zlo.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {f7c744fd-f193-11e1-9ded-edbb69860844}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {f7c744ff-f193-11e1-9ded-edbb69860844}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {f7c744fd-f193-11e1-9ded-edbb69860844}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {f7c744ff-f193-11e1-9ded-edbb69860844}
device                  ramdisk=[C:]\Recovery\f7c744ff-f193-11e1-9ded-edbb69860844\Winre.wim,{f7c74500-f193-11e1-9ded-edbb69860844}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\f7c744ff-f193-11e1-9ded-edbb69860844\Winre.wim,{f7c74500-f193-11e1-9ded-edbb69860844}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {f7c744fd-f193-11e1-9ded-edbb69860844}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {f7c74500-f193-11e1-9ded-edbb69860844}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\f7c744ff-f193-11e1-9ded-edbb69860844\boot.sdi
 
 
 
LastRegBack: 2014-07-08 20:19
 
==================== End Of Log ============================
 
 

 

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014

Ran by Band-Aid at 2014-07-13 00:53:26

Running from C:\Users\Band-Aid\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE)

Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.1.0 - Adobe Systems) Hidden

Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.1.0 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden

Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden

Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden

Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden

Adobe InDesign CS2 (HKLM-x32\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)

Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden

Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)

Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden

Aiseesoft Blu-ray Ripper 6.3.62 (HKLM-x32\...\{D1B455C8-C170-44fe-8A90-31263B5153C2}_is1) (Version: 6.3.62 - Aiseesoft Studio)

Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)

AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Fuel (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden

AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.)

AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)

AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden

AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Ashampoo Burning Studio 2010 Advanced 9.25 (HKLM-x32\...\Ashampoo Burning Studio 2010 Advanced_is1) (Version: 3.1.1 - ashampoo GmbH & Co. KG)

Ashampoo Photo Commander 7.60 (HKLM-x32\...\Ashampoo Photo Commander 7_is1) (Version: 7.6.0 - ashampoo GmbH & Co. KG)

Ashampoo WinOptimizer 6.60 (HKLM-x32\...\Ashampoo WinOptimizer 6_is1) (Version: 6.6.0 - Ashampoo GmbH & Co. KG)

ASUS Android USB Drivers (HKLM\...\{F6AEADC0-6B97-430E-B78A-C1D633A6528D}) (Version: 4.0.6753 - ASUSTeK Computer Inc.)

ASUS Gamer OSD (HKLM-x32\...\{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}) (Version: 3.07.0419 - ASUSTeK COMPUTER INC.)

ASUS Smart Doctor (HKLM-x32\...\InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}) (Version: 5.80 - ASUSTek COMPUTER INC.)

ASUS Smart Doctor (x32 Version: 5.80 - ASUSTek COMPUTER INC.) Hidden

ASUS Sync (HKLM-x32\...\{488E9FD9-7C30-4120-8790-410F46F13CD6}) (Version: 1.0.97 - FutureDial Inc.)

ASUS VGA Driver (x32 Version: 4.00.0000 - ASUSTek) Hidden

ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.130.270 - ASUS Cloud Corporation)

ASUS WLAN Card Utilities/Driver (HKLM-x32\...\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}) (Version: 4.3.0.8 - ASUS)

ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden

Aurora Blu-ray Media Player (HKLM-x32\...\Aurora Blu-ray Media Player) (Version: 2.13.8.1480 - Aurora Software Inc.)

AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)

AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)

Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)

Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bootstrapper (x32 Version: 1.1.2.0 - Minitab, Inc.) Hidden

BRAVO Pesets Manager (HKLM-x32\...\{C7C45B73-3087-4F37-967E-4598D1BC3F36}) (Version: 1.00.0000 - Turtle Beach)

Browser Configuration Utility (HKLM-x32\...\{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

Chrome Remote Desktop Host (HKLM-x32\...\{2E9C0CF2-6FD1-417E-A5A1-5AE93C0032DF}) (Version: 36.0.1985.102 - Google Inc.)

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version:  - Microsoft)

Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)

Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)

DIRECTV2PC Playback Advisor (HKLM-x32\...\InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}) (Version: 1.0 - CyberLink Corp.)

DIRECTV2PC Playback Advisor (x32 Version: 1.0 - CyberLink Corp.) Hidden

DIRECTV2PC (HKLM-x32\...\InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}) (Version: 2.0.7507 - CyberLink Corp.)

DIRECTV2PC (x32 Version: 2.0.7507 - CyberLink Corp.) Hidden

Easy Tune 6 B13.0125.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)

Easy Tune 6 B13.0125.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

EasySaver B9.1214.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)

Entrust IdentityGuard Soft Token 1.0 Patch 175434 (HKLM-x32\...\{6C851BC7-427E-485B-B709-86B88D04CEBE}) (Version: 1.0.0 - Entrust, Inc.)

Free YouTube to MP3 Converter version 3.12.38.530 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.)

Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)

Glary Utilities PRO 4.10 (HKLM-x32\...\Glary Utilities 4) (Version: 4.10.0.100 - Glarysoft Ltd)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

HDD Regenerator (HKLM-x32\...\{CC5DA723-D428-40D1-B82B-21EB64B1273C}) (Version: 20.11.0011 - Abstradrome)

HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HTC Home Apis (HKLM-x32\...\HTC Home Apis) (Version: 3.0.620.0 - Stealth)

HydraVision (x32 Version: 4.2.206.0 - ATI Technologies Inc.) Hidden

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

iDrinkingGame 3.02 (HKLM-x32\...\iDrinkingGame_is1) (Version:  - )

iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)

Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)

Jawbone Updater (HKLM-x32\...\Jawbone Updater) (Version: 0.1 - Jawbone)

Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)

Logitech Touch Mouse Server 1.0 (HKLM-x32\...\Logitech Touch Mouse Server) (Version: 1.0 - Logitech Inc.)

Magic DVD Ripper V7.0.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version:  - Magic DVD Software, Inc.)

MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MediaPortal (HKLM-x32\...\MediaPortal) (Version: 1.2.3 - Team MediaPortal)

MediaPortal TV Server / Client (HKLM-x32\...\MediaPortal TV Server) (Version: 1.2.3 - Team MediaPortal)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-0081-0409-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.4 - Minitab, Inc.)

Minitab Software Update Manager (HKLM-x32\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.)

Minitab16 (x32 Version: 16.2.4.0 - Minitab Inc) Hidden

Minitab16 (x32 Version: 16.2.4.0 - Minitab, Inc.) Hidden

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MySQL Server 5.1 (HKLM\...\{561AB451-B967-475C-80E0-3B6679C38B52}) (Version: 5.1.38 - MySQL AB)

NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)

NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden

ON_OFF Charge B10.0409.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)

Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)

RollerCoaster Tycoon Deluxe (HKLM-x32\...\{924EAD66-F854-4605-8493-696DD59A113B}) (Version: 1.00.000 - )

Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)

Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)

Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)

Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)

Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden

Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)

Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version:  - Firaxis Games)

Sid Meier's Railroads! (HKLM-x32\...\Steam App 7600) (Version:  - Firaxis Games)

Sid Meier's SimGolf (HKLM-x32\...\{8C4504A1-9280-11D5-9F7E-00902712427E}) (Version:  - )

SoftwareManager (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden

Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)

Splashtop Streamer (HKLM-x32\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 2.2.5.1 - Splashtop Inc.)

Splashtop Streamer (x32 Version: 2.2.5.1 - Splashtop Inc.) Hidden

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)

VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)

VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 1.3.6 - Vudu)

VUDU To Go (x32 Version: 1.3.6 - Vudu) Hidden

Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)

War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)

Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)

XviD MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - XviD Development Team)

 

==================== Restore Points  =========================

 

21-06-2014 11:17:03 Windows Update

22-06-2014 02:28:59 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

25-06-2014 12:22:08 Windows Update

03-07-2014 00:46:50 Windows Update

06-07-2014 16:13:57 Windows Update

06-07-2014 23:42:05 Installed Entrust IdentityGuard Soft Token 1.0 Patch 175434

09-07-2014 21:01:50 Windows Update

10-07-2014 19:00:19 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 22:34 - 2013-03-16 06:05 - 00000878 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {01222E10-EE97-4690-BF34-E1DC79557155} - System32\Tasks\GlaryOneClickOptimizer 4 => C:\Program Files (x86)\Glary Utilities 4\OneClickMaintenance.exe [2014-04-14] (Glarysoft Ltd)

Task: {0CE6C041-1077-4FED-B3AF-196C1B3EF632} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-12] (Google Inc.)

Task: {289C91A5-832B-4885-8E38-4818D0BF1F7D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {3B99206B-F478-4F60-B97A-880E8E5E3995} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe

Task: {3F03C3A2-CCC6-4B1F-BA0E-C0D6D6C6BBF4} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe

Task: {4228941A-7AA9-471E-B85F-510B51EFF13A} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [2013-03-01] (Futuredial Inc.)

Task: {52045144-15F1-421B-A836-9093E49EF01C} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14] (Glarysoft Ltd)

Task: {627BC15D-A903-4CDD-9A51-DB52671C8516} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {6B822B6F-2F64-4565-8B51-D54B3C8EC355} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {7F425EE7-2707-4848-A282-AA9D9ACE6B92} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {89164EA0-291F-4B69-A5BA-E723F5FCD091} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)

Task: {8B68018A-0BA5-4D17-9BD3-E939D47216B2} - System32\Tasks\Moo0 SystemMonitor 1.65 => C:\Program Files (x86)\Moo0\SystemMonitor 1.65\SystemMonitor.exe

Task: {A31C4303-C5F7-446E-BBAF-E798B236AD06} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-610881578-2129090853-3827563535-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {ADC2C6FF-DC8A-4E2C-880C-9B44B4B57714} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-610881578-2129090853-3827563535-1000Core => C:\Users\Jarrett\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)

Task: {B1F06247-9D54-4A8E-9DC3-DD4C544A2AD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-12] (Google Inc.)

Task: {B52EEDD9-7C2F-43D2-B977-86F041492965} - \GoforFilesUpdate No Task File <==== ATTENTION

Task: {BCFC020C-1E67-4987-A529-DAAA82EE6373} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-04-14] (Glarysoft Ltd)

Task: {CE08212A-871E-4D37-BA96-CADBACD9FEB7} - System32\Tasks\Minitab\Minitab Software Update Manager => C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2010-11-05] (Minitab)

Task: {DF380770-DAB2-4A9D-9A0B-AEBE7E2D6B82} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-610881578-2129090853-3827563535-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {EB3F88B4-E223-421B-8769-18513010B126} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {EE0D6D0B-0E72-43DE-B96F-C1A6AAB90CBA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-610881578-2129090853-3827563535-1000UA => C:\Users\Jarrett\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)

Task: {FA8A6596-0375-41F5-BDAA-818B943F3596} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe

Task: C:\Windows\Tasks\GlaryOneClickOptimizer 4.job => C:\Program Files (x86)\Glary Utilities 4\OneClickMaintenance.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-610881578-2129090853-3827563535-1000Core.job => C:\Users\Jarrett\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-610881578-2129090853-3827563535-1000UA.job => C:\Users\Jarrett\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-04-17 22:29 - 2014-04-17 22:29 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2012-10-04 18:09 - 2009-05-21 15:09 - 00172032 _____ () C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe

2009-09-17 18:40 - 2009-09-17 18:40 - 00075048 ____N () C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe

2012-08-28 22:51 - 2009-08-24 14:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE

2013-05-08 14:17 - 2013-05-08 14:17 - 00082144 _____ () C:\Program Files (x86)\HDD Regenerator\hrsrv.exe

2012-08-28 22:56 - 2010-01-18 22:31 - 00072304 ____R () C:\Windows\SysWOW64\XSrvSetup.exe

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2012-10-04 18:19 - 2010-04-06 15:33 - 00477184 _____ () C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe

2014-04-17 22:29 - 2014-04-17 22:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2009-08-18 21:09 - 2009-08-18 21:09 - 07599616 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\TEMP:B755D674

AlternateDataStreams: C:\ProgramData\TEMP:D78D6FF7

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== EXE Association (whitelisted) =============

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

MSCONFIG\startupfolder: C:^Users^Jarrett^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk => C:\Windows\pss\Logitech Touch Mouse Server.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Jarrett^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup

MSCONFIG\startupreg: ASUS Sync Loader => "C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe" -startup

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/13/2014 00:45:53 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x1674

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

 

Error: (07/13/2014 00:45:00 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x17d4

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

 

Error: (07/13/2014 00:44:53 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363

Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363

Exception code: 0x40000015

Fault offset: 0x0007da8a

Faulting process id: 0x114

Faulting application start time: 0xmbamservice.exe0

Faulting application path: mbamservice.exe1

Faulting module path: mbamservice.exe2

Report Id: mbamservice.exe3

 

Error: (07/13/2014 00:44:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x8b0

Faulting application start time: 0xmbamscheduler.exe0

Faulting application path: mbamscheduler.exe1

Faulting module path: mbamscheduler.exe2

Report Id: mbamscheduler.exe3

 

Error: (07/13/2014 00:27:35 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x1774

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

 

Error: (07/13/2014 00:26:57 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x15bc

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

 

Error: (07/13/2014 00:26:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x14c4

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

 

Error: (07/13/2014 00:25:54 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363

Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363

Exception code: 0x40000015

Fault offset: 0x0007da8a

Faulting process id: 0xa44

Faulting application start time: 0xmbamservice.exe0

Faulting application path: mbamservice.exe1

Faulting module path: mbamservice.exe2

Report Id: mbamservice.exe3

 

Error: (07/13/2014 00:25:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x92c

Faulting application start time: 0xmbamscheduler.exe0

Faulting application path: mbamscheduler.exe1

Faulting module path: mbamscheduler.exe2

Report Id: mbamscheduler.exe3

 

Error: (07/13/2014 00:24:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363

Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363

Exception code: 0x40000015

Fault offset: 0x0007da8a

Faulting process id: 0x1d50

Faulting application start time: 0xmbamservice.exe0

Faulting application path: mbamservice.exe1

Faulting module path: mbamservice.exe2

Report Id: mbamservice.exe3

 

 

System errors:

=============

Error: (07/13/2014 00:45:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The ASDR service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (07/13/2014 00:45:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The ATK Fast User Switch Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (07/13/2014 00:44:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (07/13/2014 00:44:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The NPVR Recording Service service failed to start due to the following error: 

%%2

 

Error: (07/13/2014 00:44:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMScheduler service failed to start due to the following error: 

%%1053

 

Error: (07/13/2014 00:44:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

 

Error: (07/13/2014 00:44:20 AM) (Source: mbamchameleon) (EventID: 28930) (User: )

Description: Mbamchameleon failed to initiate Object Manager filtering - C0000034

 

Error: (07/13/2014 00:44:20 AM) (Source: mbamchameleon) (EventID: 28929) (User: )

Description: Mbamchameleon failed to initiate File System filtering - C0000034

 

Error: (07/13/2014 00:44:20 AM) (Source: mbamchameleon) (EventID: 28930) (User: )

Description: Mbamchameleon failed to initiate Object Manager filtering - C0000034

 

Error: (07/13/2014 00:44:20 AM) (Source: mbamchameleon) (EventID: 28929) (User: )

Description: Mbamchameleon failed to initiate File System filtering - C0000034

 

 

Microsoft Office Sessions:

=========================

Error: (07/13/2014 00:45:53 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd167401cf9e5553fe7223C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll91b8c87f-0a48-11e4-8d99-6cf049e83ac1

 

Error: (07/13/2014 00:45:00 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd17d401cf9e5534848f8aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll723f62ac-0a48-11e4-8d99-6cf049e83ac1

 

Error: (07/13/2014 00:44:53 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a11401cf9e5527618486C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe6e071f4d-0a48-11e4-8d99-6cf049e83ac1

 

Error: (07/13/2014 00:44:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd8b001cf9e551e0fd3bbC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll64cb68df-0a48-11e4-8d99-6cf049e83ac1

 

Error: (07/13/2014 00:27:35 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd177401cf9e52c5562f9aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll030ea15c-0a46-11e4-a228-6cf049e83ac1

 

Error: (07/13/2014 00:26:57 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd15bc01cf9e52ae9a931bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllec55663d-0a45-11e4-a228-6cf049e83ac1

 

Error: (07/13/2014 00:26:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd14c401cf9e52a3806f40C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle1426682-0a45-11e4-a228-6cf049e83ac1

 

Error: (07/13/2014 00:25:54 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8aa4401cf9e528091c944C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exec737640b-0a45-11e4-a228-6cf049e83ac1

 

Error: (07/13/2014 00:25:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd92c01cf9e5276e6d644C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllbd9a1532-0a45-11e4-a228-6cf049e83ac1

 

Error: (07/13/2014 00:24:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a1d5001cf9e5249a625bfC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe876229d2-0a45-11e4-b615-6cf049e83ac1

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 27%

Total physical RAM: 8189.55 MB

Available physical RAM: 5965.73 MB

Total Pagefile: 16377.29 MB

Available Pagefile: 13454.21 MB

Total Virtual: 8192 MB

Available Virtual: 8191.79 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:119.24 GB) (Free:15.56 GB) NTFS

Drive x: (Backup) (Fixed) (Total:120 GB) (Free:66.79 GB) NTFS

Drive y: (Backup Deux) (Fixed) (Total:232.83 GB) (Free:50.35 GB) NTFS

Drive z: (Media) (Fixed) (Total:345.66 GB) (Free:30 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 33711F96)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=120 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=346 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 8FD18FD1)

Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 119 GB) (Disk ID: 7919CB3F)

Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

I had to reply with this because it said my other post was too long.  Anyways, this has been done on my account "Band-Aid" which is my back-door admin account, which hasn't worked on this one.  Should I do all remaining fixes on my other account or does it not matter?  Thanks again.

Link to post
Share on other sites

Hello and welcome aboard,

 

You mentioned BSOD.   Was there a STOP message with some codes ?

or was this just the program having an abnormal end?

 

Is the "database" version stuck on 2014.03.09 ?

 

Please take a few minutes and see if you got one of these types of message-windows as shown here

https://forums.malwarebytes.org/index.php?/topic/152047-what-to-do-runtime-error-database-stuck-on-20140304-program-stopped/

 

Let me know.

Link to post
Share on other sites

The program had an abnormal end and in turn caused my computer to abruptly shut down.  I can get the Windows Dump file info if that would make it easier.  Unfortunately I cannot check the database version because ever since the BSOD Malwarebytes has been unable to open, it says that "The Program has stopped working," as the stop messages you pointed me to.  I'll paste the error signature below.  To further the database issue, we've been having issues with our internet lately (Roommate spilled water on our router/modem) so if there was a database issue I figured it was attributed to our lack of connectivity, but after connectivity was around for a bit there didn't seem to be a problem.

 

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: mbam.exe
  Application Version: 1.0.0.532
  Application Timestamp: 53518532
  Fault Module Name: MSVCR100.dll
  Fault Module Version: 10.0.40219.325
  Fault Module Timestamp: 4df2be1e
  Exception Code: 40000015
  Exception Offset: 0008d6fd
  OS Version: 6.1.7601.2.1.0.256.1
  Locale ID: 1033
  Additional Information 1: 8374
  Additional Information 2: 83748d7ce6919cf452bf5c3838e036f3
  Additional Information 3: 2e01
  Additional Information 4: 2e01b10c887fd7f971b05773252074ee
Link to post
Share on other sites

But question is, you likely saw one of those "error messages".  

 

This tool will collect some information on the installation of Malwarebytes and create a report I need to review:

NOTE: You may need to temporarily turn off your antivirus if it interferes with this tool.

Download mbam-check.exe and save it to your desktop    from  http://downloads.malwarebytes.org/file/mbam_check
On Vista/Windows 7, 8, Right-click on **mbam-check-2.1.1.1001.exe** & select Run as Administrator & allow to Run when prompted by User Account Control.
On XP,Double-click on **mbam-check-2.1.1.1001.exe** to run it.

Do have patience while the tool runs.  It may take a while, and will flash a command prompt window.  And then it will start your text editor ( default is typically NOTEPAD).

It should then open a log file CheckResults.txt.  Just do a File >> Exit in NOTEPAD.
You should attach the CheckResults.txt  file located on your desktop  so that I can review.

Link to post
Share on other sites

I would say yes one of those error messages were received, my apologies for not answering the question per say.  I dled the app you pointed me towards, and followed the instructions, but when it tries to run, the same error pop-up occurs explaining that mbam-check has stopped working.  

Link to post
Share on other sites

Hello,

 

As we go forward, always just "attach"  log-reports instead of copying/pasting.   Thanks.

 

Please download Malwarebytes Anti-Rootkit (MBAR)  and save it to your desktop,
from here   
http://downloads.malwarebytes.org/file/mbar

•Be sure to print out ( if possible) and follow the instructions provided on that same page.

•Doubleclick on the MBAR file you downloaded and approve the UAC prompt in Vista and newer operating systems.
•Click **OK** on the next screen, to allow the package to extract the contents of the file to its own folder, mbar.
•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
•After reading the Introduction, click '**Next**' if you agree.
•On the Update Database screen, click on the '**Update**' button.
•Once you see 'Success: Database was successfully updated' click on 'Next'.
•Click the 'Scan' button.

With some infections, you may see two messages boxes.
  1.'Could not load protection driver'. Click 'OK'.
  2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, do **NOT** press the Cleanup button when the scan completes. Click EXIT.
Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

mbar-log-2014-07-13(xx-xx-xx).txt** (where xx-xx(xx-xx-xx) is the date and time of the scan)
+ also
system-log.txt

I need to have both of those files attached in your next reply.  Thanks.  **Send even if nothing is reported as detected. Always send these.**

Link to post
Share on other sites

That is a good result from MBAR.

 

 

Please download and SAVE RogueKiller 64 bit to your desktop from this next link
http://www.adlice.com/softs/roguekiller/RogueKillerX64.exe

Quit all running programs.

Do a right-click on the roguekiller64.exe , select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Please attach the report which should be located on your desktop:   RKreport[1].txt
 

Link to post
Share on other sites

Use your Internet Explorer browser to go Virustotal website   https://www.virustotal.com/

Click the **Choose File** button and then navigate to C:\Windows\GVTDrv64.sys, then click the **Scan it** button.
The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. 

 

Submit this file too

Click the **Choose File** button and then navigate to C:\Windows\etdrv.sys, then click the **Scan it** button.

 

Submit this file too

Click the **Choose File** button and then navigate to C:\Windows\gdrv.sys, then click the **Scan it** button.

 

Save the results, and post back here in a reply.

 

 

Step 2

 

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external storage drives from the computer before you run this scan!  i_arrow-l.gif
  • For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan finishes. i_arrow-l.gif
  • On the RogueKiller console, click the Registry tab.

    Put a check next to all of these and uncheck the rest: (if found)
     

     

    [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv
    [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv
    [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64
    [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv
    [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv
    [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64
    [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv
    [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv
    [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64


    UN-check any -other - lines shown on your screen that are not listed in the above list.

  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Attach the contents into next reply.

 

Link to post
Share on other sites

I did step one, and all three files said that they were Not Harmful.  If you would like a screenshot of those reports I would be happy to do so.  I ran RK and have two reports, one with them deleted and one after reboot.  Also Mbytes still isn't functional.  Would you suggest restoring to a previous point or will that not help?

RKreport_DEL_07132014_141008.log

RKreport_SCN_07132014_141756.log

Link to post
Share on other sites

Hi,

 

I rarely advise restoring to an earlier restore point, as that does not resolve rootkits ( if any are on board).

There's more work now and more for later.  There's not a single-button-fix when malwares are on board.

Please have lots of patience.

 

Please do these next.

1. Go Here and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.
 

 

Step 2

You will want to print out or copy these instructions to Notepad for offline reference!
These steps are for  member only. If you are a casual viewer, do NOT try this on your system!
If you are not  and have a similar problem, do NOT post here;  start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere.  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Have infinite patience during the run & scan by Combofix. It has many phases:  some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power  (AC power)or a UPS system


Important:  Have no other programs running.  Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts.  Accept the EULA and follow the prompts during the start phase of Combofix.

    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.  
 

A file will be created at => C:\Combofix.txt.  

Notes:
[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log
and tell me, How is the system now icon_question.gif

Re-enable your antivirus program.

 

 

Link to post
Share on other sites

ComboFix 14-07-14.01 - Band-Aid 07/14/2014  18:27:17.1.6 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8190.6325 [GMT -4:00]

Running from: c:\users\Band-Aid\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jarrett\AppData\Local\ws_updater.exe

c:\users\Jarrett\AppData\Roaming\0ad

c:\users\Jarrett\AppData\Roaming\0ad\config\user.cfg

.

.

(((((((((((((((((((((((((   Files Created from 2014-06-14 to 2014-07-14  )))))))))))))))))))))))))))))))

.

.

2014-07-14 22:32 . 2014-07-14 22:32 -------- d-----w- c:\users\Jarrett\AppData\Local\temp

2014-07-14 22:32 . 2014-07-14 22:32 -------- d-----w- c:\users\Home\AppData\Local\temp

2014-07-14 22:32 . 2014-07-14 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-07-14 22:22 . 2014-07-14 22:22 -------- d-----w- c:\program files (x86)\ERUNT

2014-07-14 22:17 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01252833-ABE7-4724-BEA8-7A3C2BD82183}\mpengine.dll

2014-07-14 09:11 . 2014-07-14 09:11 -------- d-----w- C:\CCE_Quarantine

2014-07-14 01:31 . 2014-07-14 01:31 -------- d-----w- c:\program files (x86)\NirSoft

2014-07-13 14:15 . 2014-07-13 18:12 30312 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2014-07-13 14:15 . 2014-07-15 02:15 -------- d-----w- c:\programdata\RogueKiller

2014-07-13 04:41 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll

2014-07-13 04:40 . 2014-07-13 04:43 -------- d-----w- C:\AdwCleaner

2014-07-13 04:31 . 2014-07-13 04:53 -------- d-----w- C:\FRST

2014-07-13 04:25 . 2014-07-14 22:17 -------- d-----w- c:\users\Band-Aid

2014-07-13 02:48 . 2014-07-13 14:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-07-11 21:23 . 2014-05-02 11:18 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C2CDC70-C2BC-481E-940F-9E528D2E5DAF}\gapaengine.dll

2014-07-11 21:23 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-07-10 18:57 . 2014-07-10 18:57 -------- d-sh--w- c:\users\Home\AppData\Local\EmieUserList

2014-07-10 18:57 . 2014-07-10 18:57 -------- d-sh--w- c:\users\Home\AppData\Local\EmieSiteList

2014-07-09 01:05 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2014-07-09 01:05 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2014-07-09 01:05 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2014-07-09 01:05 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2014-07-09 01:05 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2014-07-09 01:05 . 2014-06-18 02:19 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll

2014-07-09 01:05 . 2014-06-18 01:10 3157504 ----a-w- c:\windows\system32\win32k.sys

2014-07-06 23:43 . 2014-07-06 23:43 -------- d-----w- c:\users\Jarrett\AppData\Local\Entrust

2014-07-06 23:42 . 2014-07-06 23:42 -------- d-----w- c:\program files (x86)\Entrust

2014-06-22 02:32 . 2014-06-22 02:32 -------- d-----w- c:\programdata\ATI

2014-06-22 02:31 . 2014-06-22 02:31 -------- d-----w- c:\users\Jarrett\AppData\Roaming\library_dir

2014-06-22 02:31 . 2014-07-15 02:15 -------- d-----w- c:\program files (x86)\Raptr

2014-06-22 02:31 . 2014-07-13 04:19 -------- d-----w- c:\users\Jarrett\AppData\Roaming\Raptr

2014-06-22 02:30 . 2014-06-22 02:30 -------- d-----w- c:\program files (x86)\AMD AVT

2014-06-22 02:29 . 2014-06-22 02:29 -------- d-----w- c:\program files\AMD

2014-06-22 02:16 . 2014-06-22 02:16 -------- d-----w- c:\users\Jarrett\AppData\Local\Adobe

2014-06-21 05:48 . 2014-06-21 05:48 -------- d-----w- c:\users\Jarrett\AppData\Local\Blizzard Entertainment

2014-06-21 05:48 . 2014-07-11 00:01 -------- d-----w- c:\users\Jarrett\AppData\Local\Battle.net

2014-06-21 05:48 . 2014-06-21 05:50 -------- d-----w- c:\users\Jarrett\AppData\Roaming\Battle.net

2014-06-21 05:47 . 2014-07-15 02:15 -------- d-----w- c:\program files (x86)\Battle.net

2014-06-19 00:52 . 2014-07-13 13:59 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-06-19 00:51 . 2014-07-15 02:15 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-06-19 00:51 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-06-19 00:51 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-07-13 15:36 . 2012-08-29 03:04 25640 ----a-w- c:\windows\gdrv.sys

2014-07-13 04:26 . 2012-10-04 22:38 30528 ----a-w- c:\windows\GVTDrv64.sys

2014-07-09 21:03 . 2012-08-31 22:23 96441528 ----a-w- c:\windows\system32\MRT.exe

2014-07-08 23:47 . 2012-08-29 01:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-07-08 23:47 . 2012-08-29 01:10 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-05-16 17:08 . 2013-03-17 08:06 94432 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe

2014-05-12 11:25 . 2012-08-29 01:18 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-05-09 06:14 . 2014-05-14 10:51 477184 ----a-w- c:\windows\system32\aepdu.dll

2014-05-09 06:11 . 2014-05-14 10:51 424448 ----a-w- c:\windows\system32\aeinv.dll

2014-05-08 09:32 . 2014-06-11 23:35 3178496 ----a-w- c:\windows\system32\rdpcorets.dll

2014-05-08 09:32 . 2014-06-11 23:35 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2014-05-02 11:18 . 2012-10-03 07:12 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-04-25 02:34 . 2014-06-11 23:35 801280 ----a-w- c:\windows\system32\usp10.dll

2014-04-25 02:06 . 2014-06-11 23:35 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2014-04-18 02:43 . 2011-04-20 05:21 143304 ----a-w- c:\windows\system32\atiuxp64.dll

2014-04-18 02:42 . 2011-04-20 05:21 117584 ----a-w- c:\windows\system32\atiu9p64.dll

2014-04-18 02:42 . 2011-04-20 05:21 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2014-04-18 02:42 . 2011-04-20 06:07 1343272 ----a-w- c:\windows\system32\aticfx64.dll

2014-04-18 02:42 . 2011-04-20 06:09 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll

2014-04-18 02:42 . 2009-10-19 13:04 10335208 ----a-w- c:\windows\system32\atidxx64.dll

2014-04-18 02:42 . 2013-03-13 14:11 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll

2014-04-18 02:42 . 2013-03-13 14:11 6799688 ----a-w- c:\windows\SysWow64\atiumdag.dll

2014-04-18 02:42 . 2009-10-19 12:44 7520200 ----a-w- c:\windows\system32\atiumd6a.dll

2014-04-18 02:42 . 2009-10-19 12:50 8010968 ----a-w- c:\windows\system32\atiumd64.dll

2014-04-18 02:33 . 2014-04-18 02:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll

2014-04-18 02:28 . 2014-04-18 02:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2014-04-18 01:30 . 2013-03-13 14:11 442368 ----a-w- c:\windows\system32\atidemgy.dll

2014-04-18 01:09 . 2013-03-13 14:11 1177600 ----a-w- c:\windows\system32\atiadlxx.dll

2014-04-18 01:09 . 2013-03-13 14:11 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-05-25 393216]

"GoogleChromeAutoLaunch_A75927887A3D3A4D2ADD2ACDD091FEAF"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"Control Center"="c:\program files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe" [2009-05-21 544256]

"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSPanel.exe" [2012-01-18 740192]

"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2014-06-03 2368736]

"HDD Regenerator"="c:\program files (x86)\HDD Regenerator\Shell.exe" [2013-05-08 90336]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-18 767200]

.

c:\users\Jarrett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Launch Jawbone Updater.lnk - c:\program files (x86)\Jawbone\LaunchJU.exe [2014-1-6 64120]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2013-2-14 25214]

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-7-25 572000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk * \0BootDefrag.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

.

R2 AODDriver4.2;AODDriver4.2;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver2.sys;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver2.sys [x]

R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]

R2 ASWLCCSvc;ASUS Wireless Card Service;c:\program files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe;c:\program files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R2 NPVR Recording Service;NPVR Recording Service;c:\program files (x86)\NPVR\NRecord.exe;c:\program files (x86)\NPVR\NRecord.exe [x]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]

R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]

R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [x]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/04/2013,1.2.6.2;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 MWAC;MWAC;c:\windows\system32\drivers\;c:\windows\SYSNATIVE\drivers\ [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Moo0\SystemMonitor 1.65\WinRing0x64.sys;c:\program files (x86)\Moo0\SystemMonitor 1.65\WinRing0x64.sys [x]

R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]

R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]

R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]

R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]

R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]

S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]

S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AODDriver4.3.0;AODDriver4.3.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]

S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]

S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]

S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe [x]

S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [x]

S2 hddrsrv;hddrsrv;c:\program files (x86)\HDD Regenerator\hrsrv.exe;c:\program files (x86)\HDD Regenerator\hrsrv.exe [x]

S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]

S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [x]

S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]

S2 TVService;TVService;c:\program files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe;c:\program files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe [x]

S3 Angel;Angel MPEG Device;c:\windows\system32\DRIVERS\Angel.sys;c:\windows\SYSNATIVE\DRIVERS\Angel.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-06-13 00:13 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 23:47]

.

2014-07-14 c:\windows\Tasks\GlaryInitialize 4.job

- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14 08:01]

.

2014-06-23 c:\windows\Tasks\GlaryOneClickOptimizer 4.job

- c:\program files (x86)\Glary Utilities 4\OneClickMaintenance.exe [2014-04-14 08:02]

.

2014-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-12 17:56]

.

2014-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-12 17:56]

.

2014-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-610881578-2129090853-3827563535-1000Core.job

- c:\users\Jarrett\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30 23:53]

.

2014-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-610881578-2129090853-3827563535-1000UA.job

- c:\users\Jarrett\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30 23:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2012-01-18 02:25 1504608 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2012-01-18 02:25 1504608 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]

@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"

[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]

2012-01-18 02:25 1504608 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-26 13213840]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-Aimersoft Helper Compact.exe - c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

c:\users\Jarrett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Band-Aid\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-8461-7759-5462-8226 - c:\program files (x86)\Vuze\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MWAC]

"ImagePath"="\??\c:\windows\system32\drivers\"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,ee,12,84,8e,84,84,49,8a,e1,ae,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,ee,12,84,8e,84,84,49,8a,e1,ae,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-07-14  18:33:31

ComboFix-quarantined-files.txt  2014-07-14 22:33

.

Pre-Run: 17,040,105,472 bytes free

Post-Run: 16,866,349,056 bytes free

.

- - End Of File - - 8806B85761A145072CB2836FCD56A0B6

A36C5E4F47E84449FF07ED3517B43A31

 

Okay, so I followed everything, after having a hell of a time even getting my computer booted, and it restarted just fine.  As far as I know there isn't something booting with my other programs, because prior I was gaining a lot of lag between windows boot and ready to roll.  So in my mind as long as my computer boots fine after a short hiatus it shall have worked.  As far as opening Mbytes, that still has an appcrash issue.

Link to post
Share on other sites

Is the MBAM "appcrash" the same as discussed in my article here

https://forums.malwarebytes.org/index.php?/topic/152047-

 

If yes, do as suggested   ( at least one time)   and tell me the result.

 

But if the appcrash is during a Threat scan then that is a slightly different animal.

 

I am still a bit concerned that before this box did not let you finish the mbam-check tool run.   There is something just a bit odd here.

Link to post
Share on other sites

Unfortunately the NetConf fix did not do the trick, and it's still unable to be opened.  I agree that it's a bit odd, and that the whole program just got jacked up.  I don't recall if it was during a threat scan, but I wouldn't rule it out solely because I remember I ran the program in order to do a scan just because I don't believe I had done one in a bit.  I also agree that it's weird that the mbam-check tool wasn't allowed to finish.  I'll also no more tomorrow afternoon, around 5pm eastern, since the pc wasn't sitting well for long periods.  IDK how I was able to get it booted earlier today, but it finally took and unless you suggest otherwise I will shut down and turn back on tomorrow, and hopefully have windows loaded.

Link to post
Share on other sites

Hello,

 

How is it going?   How is the status with the Anti-Malware ?

 

If there are still issues and you still want to pursue a resolution, I will need other information.

( a) Set Windows 7 to Show all files  by doing this:
Press and hold **Windows-key+E key** on keyboard to start **Windows Explorer**   ( File Manager for Windows).
From the Windows Explorer menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck "Hide protected operating system files (Recommended).
Locate and click "Show hidden files and folders and drives. "
Click Apply > OK.

 

 

(b)

Download OTL by OldTimer to your desktop:
http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Then run OTL
(for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.

In the lower right corner, checkmark "LOP Check" and checkmark Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted.  It will take about 4 minutes or so.  In any event, have lots of infinite patience.

It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad.  Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: http://screen317.spywareinfoforum.org/SecurityCheck.exe
Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad.  We will need this log, too, so remember where you've saved it!

Then attach the following into your post
OTL.txt
Extras.txt
checkup.txt

Link to post
Share on other sites

Security risk advice on 2 out of date & insecure utility applications:

 Java 7 Update 25     <====   Java version out of Date!
 Adobe Reader 10.1.10   <===   Adobe Reader out of Date!

 

(a)

Java vulnerabilities are a never ending occurence. Bottom line is, if your system does not have an installed 3rd-party desktop-application that needs it, then uninstall it.
If you do have that dependency, then turn off Java in your browsers.
If somehow, you have a often-used website that needs Java to display all information, then just use a specific browser and only allow Java in that one.

A:  If you decide to keep Java:
The Java runtime components are typically located at
C:\Program Files (x86)\Java\jre7\bin
Locate "javacpl.exe"  the Java control panel.
Right click and select Open
Click on the Update tab
Put a checkmark at "Check for updates automatically"

On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
Checkmark (select) all boxes you can & Click OK on Delete Temporary Files Window.

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window

Click on the Advanced tab
Expand Miscellaneous:
Un-check "place Java icon in system tray"
Un-check "Java quick starter"

Exit/close

You need to remove older versions of Java runtime. Do this:
Download & Save to your Desktop or a new folder  http://sourceforge.net/projects/javara/files/javara/JavaRa/JavaRa.zip/download

Extract the contents of the zip file. Then double click Javara.exe to run it.
JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).


B:  If you want to disable Java in your browser:
How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse
Also see No, Seriously, Just Disable Java in Your Browser Right Now
 http://www.slate.com/blogs/future_tense/2013/01/14/java_zero_day_exploit_don_t_patch_just_disable_java_in_your_browser.html
 
As noted by Brian Krebs,
"Most consumers can get by without Java installed, or least not plugged into the browser. Because of the prevalence of threats targeting Java installations, I’d urge these users to remove Java or unplug it from the browser. If this is too much trouble, consider adopting a dual-browser approach, keeping Java unplugged from your main browser, and plugged in to a secondary browser that you only use to visit sites that require the plugin."

Also see How to protect your computer against dangerous Java Applets
http://blogs.technet.com/b/mmpc/archive/2013/04/16/how-to-protect-your-computer-against-dangerous-java-applets.aspx



 

 

 

(B) Your system has an old version (also insecure) of Adobe Reader. You need to uninstall Adobe Reader.
Consider getting an alternate tool like Sumatra PDF as mentioned by Corrine on her Security Garden blog.
http://securitygarden.blogspot.com/2013/02/replacing-adobe-reader-with-sumatra-pdf.html
 

 

( C) Get and install our Anti-Exploit to better protect your system for those types of risks.

http://www.malwarebytes.org/products/antiexploit/

 

Malwarebytes Anti-Exploit (MBAE) and Malwarebytes Anti-Exploit Premium (MBAE Premium) are different products from Malwarebytes Anti-Malware which provide additional protection alongside Malwarebytes Anti-Malware from "exploits" that can deposit malware on to your computer. Malwarebytes Anti-Malware focuses on malware detection and removal as well as blocking incoming or outgoing threats that have already been detected by our Research Team and thus are in our malware database which then is downloaded as updates to your computer.

MBAE and MBAE Premium prevent the introduction of malware into your computer through commonly exploited applications like Microsoft Office, Java and browsers as well as other applications.

I invite you to visit our website to read about the product and learn more about what "exploits" do in this article by our CEO which also includes a very informative video explaining what exploits are: http://blog.malwarebytes.org/news/2014/06/introducing-malwarebytes-anti-exploit/

 

I am going to make a follow-up post about the other issues.

Link to post
Share on other sites

To prepare for a new clean install of the Anti-Malware, first, close and exit out of any open program windows.

 

please follow the steps below. If you have purchased a Premium license, at the end of this process you will need to reactivate your license to enable the Premium features. Please have your ID and Key readily available. If you do not have your ID and Key, you may retrieve them from this webpage:

http://www.cleverbridge.com/342/?scope=cusecolp

Please note you will only be able to retrieve your ID and Key if you purchased Malwarebytes directly from our website or through an authorized reseller / affiliate. If you purchased a physical copy or from anywhere else, we will not have any record of your sale and cannot retrieve your ID and Key if lost.


NOTE: SAVE the downloads to your system first. Do not "run" them while in the browser program.
When presented with the option to Run or Save, you must select Save.


1: Please perform a clean uninstall before reinstalling the latest version.  Do not use Windows Add/Remove Programs.  Instead, please download and run "mbam-clean.exe" from the link below:

http://downloads.malwarebytes.org/file/mbam_clean

2: After running the program, it will ask to restart your computer.  Please allow it to do so (this is very important).

After the computer restarts, temporarily disable your Anti-Virus
If you need how-to guidance, see => How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
 http://www.bleepingcomputer.com/forums/index.php?showtopic=114351


3: Download and SAVE to your system  the latest version of Malwarebytes Anti-Malware from the link below:

https://www.malwarebytes.org/getmbam

Now run the setup:
IF your Windows is Vista / Windows 7 / 8, then do a Right-click on mbam-setup-2.0.2.1012.exe  and select   Run as Administrator and allow to run.
Answer YES _when prompted_ by User Account Control ( Windows ).



**When all finished, turn back ON your antivirus program.**

NOTE:
**Please always tell me the exact error message you get and the conditions of how it appears / how it happens.**
It is so important to get details from you each and every time  { and not just "error" or, <same as before> }.
 

Link to post
Share on other sites

Ok so I rebooted my computer today after being away for the weekend.  Had to boot from CD-ROM and then do a start-up repair, but after that my computer booted fine.  I uninstalled Java, and updated Adobe, but will end up getting that version that you had informed of as that sounds safer to use.  I uninstalled Mbytes per your specifications and exactly as you had told me to.  The uninstall went flawlessly and the reboot went without a hitch.  My reinstall of Mbytes also went flawlessly and I was able to retrieve the key from my registry before I deleted it (as I can't recall where I put the key).  I am currently running Malwarebytes Premium and it is working fine with no error messages.  Thank you for your help.  I guess the only lagging and nagging issue would be the inability to startup after a long break.  I'll try and tackle that tomorrow, but as far as getting Mbytes working again I thank you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.