Jump to content

Malwarebytes' Premium crashes during scan


Recommended Posts

Hello,

 

Malwarebytes' was just upgraded from 1.75 to 2.0.2.  I purchased and installed a license.  The software crashes during a scan.  Here is the Event Viewer report:

 

Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: mbamcore.dll, version: 1.0.11.0, time stamp: 0x536d8027
Exception code: 0xc0000005
Fault offset: 0x0001748f
Faulting process id: 0x820
Faulting application start time: 0x01cfa60dbd1f1059
Faulting application path: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes Anti-Malware\mbamcore.dll
Report Id: 5b4d4a61-120e-11e4-aff3-50e54965e50e
Faulting package full name:
Faulting package-relative application ID:

 

Please assist.  It repeatedly occurs.  I have rebooted and run malware scans with other software.  Your assistance is appreciated.

 

Thank you,

 

Silekonn

Link to post
Share on other sites

Hello and :welcome:

Let's try this first....

Thank You,

Firefox

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014
Ran by Used Car Factory (administrator) on UCF-REDMOON7416 on 23-07-2014 01:21:44
Running from C:\Users\Used Car Factory\Desktop
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(UltraVNC) C:\Program Files\InstantSupport\InstantSupportVNC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(UltraVNC) C:\Program Files\InstantSupport\InstantSupportVNC.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\Navionics World\NavService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Farbar) C:\Users\Used Car Factory\Desktop\Farbar Recovery Scan Tool (FRSTx86).exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-344367017-4139638870-138449692-1000\...\Run: [Google Update] => C:\Users\Used Car Factory\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-27] (Google Inc.)
HKU\S-1-5-21-344367017-4139638870-138449692-1000\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U147&ocid=U147DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA1D57D3A4682CE01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-search.net/search?sid=516&aid=0&itype=n&ver=12791&tm=412&src=ds&p={searchTerms}
SearchScopes: HKCU - F1119A7802D64EADAB96065438BE59FC URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-search.net/search?sid=516&aid=0&itype=n&ver=12791&tm=412&src=ds&p={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {1DCB41E4-22EA-44A6-BEC0-D54969EFBED9} https://dealers.autotrader.com/dc/media/inc/ImageUploader5.cab
DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://simulcast.manheim.com/simulcast_docs/av/LiveSound.dll
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} https://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {37E92FB8-76BF-445A-B12D-158D787680D4} http://dealers.carsforsale.com/WebResource.axd?d=TNzvII8hlLszymFkqZIZGZKSIQ81zdqUoJppnecIPdy6anJUF9p2-6BMe4IrBGqFzmr3t1R48IiIvLl3OfbwRnTyeGJeFRaZ3DxvyKQvvBC_OkiukJiKGs8lCO_K2ozgHaNnbPtPbXbkcK86F07TzKzKSKXgcfNmN5bo0BIa5h7V3zB-0&t=634774483848326139
DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} http://www.onlineringman.com/auctions/install/isetupml.cab
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} http://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634481451840000000
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://dealers.carsforsale.com/WebResource.axd?d=BN3gKf9vpuN_vWDV6sRu_8XGJ3px8qSGaj8xN7kTPkulTL5YS6PM1cIAh8lhLFYiHVUfTU_tfSV57OwHikwxgXBYKa_hCrNo3jCUNuVPLwF-7EjlTnXVAKHBS9RA7XyU0EaX8IvjgbugBeiXBqQwSonZWpIVkMJdiFVvdXkuAP_nhx680&t=633888709160000000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} http://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634293224640000000
Tcpip\Parameters: [DhcpNameServer] 68.115.71.53 24.247.15.53 24.217.0.5

FireFox:
========
FF ProfilePath: C:\Users\Used Car Factory\AppData\Roaming\Mozilla\Firefox\Profiles\ee6h2aoo.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com|hxxp://www.google.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U147DF&PC=U147&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Used Car Factory\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Used Car Factory\AppData\Local\Roblox\Versions\version-18d29ad623804580\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Used Car Factory\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Used Car Factory\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Used Car Factory\AppData\Roaming\Mozilla\Firefox\Profiles\ee6h2aoo.default\searchplugins\bingp.xml
FF Extension: Manheim Media Player - C:\Users\Used Car Factory\AppData\Roaming\Mozilla\Firefox\Profiles\ee6h2aoo.default\Extensions\mediaplayer@manheim.com [2013-06-03]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.msn.com/?pc=U147&ocid=U147DHP&dt=072213", "hxxp://www.google.com/"
CHR DefaultSearchKeyword: bing.com
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Roblox Launcher Plugin) - C:\Program Files\Roblox\Versions\version-21cdb2fff9fb4df2\\NPRobloxProxy.dll ( Roblox Corporation)
CHR Plugin: (Google Update) - C:\Users\Used Car Factory\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (YouTube) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27]
CHR Extension: (Google Search) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]
CHR Extension: (Google Wallet) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]
CHR Extension: (Browser_AppS 1.1) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefbdemjhadgpcckinpnimbnbecamaoj [2014-07-22]
CHR Extension: (Gmail) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]
CHR StartMenuInternet: Google Chrome - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [777016 2013-07-18] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3873784 2014-06-17] (Acronis)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-01-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-21] (Microsoft Corporation)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7142320 2014-02-04] (Acronis)
R2 uvnc_service; C:\Program Files\InstantSupport\InstantSupportVNC.exe [998912 2011-09-01] (UltraVNC) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-23] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-23] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] ()
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 tdrpman; C:\WINDOWS\system32\DRIVERS\tdrpman.sys [889888 2014-06-17] (Acronis International GmbH)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [736192 2014-06-17] (Acronis International GmbH)
R0 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [143648 2014-06-17] (Acronis International GmbH)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [187392 2013-08-21] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-21] (Microsoft Corporation)
U3 idsvc;
S1 MpKsl69345612; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{692313BA-FBD9-461D-AEB7-6C401F3D77F0}\MpKsl69345612.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 01:21 - 2014-07-23 01:22 - 00016207 _____ () C:\Users\Used Car Factory\Desktop\FRST.txt
2014-07-23 01:21 - 2014-07-23 01:21 - 00000000 ____D () C:\FRST
2014-07-23 01:21 - 2014-07-23 01:20 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Used Car Factory\Desktop\mbam-check-2.1.1.1001.exe
2014-07-23 01:21 - 2014-07-23 01:20 - 01080320 _____ (Farbar) C:\Users\Used Car Factory\Desktop\Farbar Recovery Scan Tool (FRSTx86).exe
2014-07-22 22:19 - 2014-07-23 01:19 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 22:19 - 2014-07-22 22:19 - 00001072 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-22 22:19 - 2014-07-22 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-22 22:19 - 2014-07-22 22:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 22:19 - 2014-07-22 22:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-22 22:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-22 22:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-22 22:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-22 19:32 - 2014-07-22 19:33 - 00403320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-22 18:16 - 2014-07-22 18:16 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9 Host.lnk
2014-07-22 18:16 - 2014-07-22 18:16 - 00001136 _____ () C:\Users\Public\Desktop\TeamViewer 9 Host.lnk
2014-07-22 17:31 - 2014-07-22 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 17:31 - 2014-07-22 17:31 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-22 17:31 - 2014-07-11 03:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-22 17:31 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-22 17:31 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-22 17:31 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-22 17:27 - 2014-07-22 17:27 - 00001015 _____ () C:\Users\Public\Desktop\Uninstall Instant Support.lnk
2014-07-22 17:27 - 2014-07-22 17:27 - 00000000 ____D () C:\Program Files\InstantSupport
2014-07-22 17:22 - 2014-07-22 17:22 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(13).EXE
2014-07-22 16:23 - 2014-07-22 16:23 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(12).EXE
2014-07-22 16:22 - 2014-07-22 16:22 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(11).EXE
2014-07-22 16:10 - 2014-07-22 16:10 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(10).EXE
2014-07-22 16:08 - 2014-07-22 16:08 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(9).EXE
2014-07-22 15:58 - 2014-07-22 15:58 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-22 15:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-22 13:31 - 2014-07-22 13:32 - 00814928 _____ (Frazer Computing, Inc.) C:\Users\Used Car Factory\Downloads\fz44886(3).exe
2014-07-22 12:36 - 2014-07-22 12:36 - 00814928 _____ (Frazer Computing, Inc.) C:\Users\Used Car Factory\Downloads\fz44886(2).exe
2014-07-19 10:04 - 2014-07-19 10:04 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(8).EXE
2014-07-18 13:16 - 2014-07-18 13:16 - 01385088 _____ () C:\Users\Used Car Factory\Downloads\Setup(19).exe
2014-07-18 13:16 - 2014-07-18 13:16 - 01385088 _____ () C:\Users\Used Car Factory\Downloads\Setup(18).exe
2014-07-15 11:09 - 2014-07-15 11:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-10 17:53 - 2014-07-10 17:53 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 09:16 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 09:16 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 09:16 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 09:16 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 09:16 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 09:16 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 09:16 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 09:16 - 2014-06-18 17:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 09:16 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 09:16 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 09:16 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 09:16 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 09:16 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 09:16 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 09:15 - 2014-06-30 17:46 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 09:15 - 2014-06-28 01:57 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 09:15 - 2014-06-28 01:27 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 09:15 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 09:15 - 2014-06-06 08:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 09:15 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 09:15 - 2014-05-29 22:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 09:15 - 2014-05-29 04:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 09:15 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 09:15 - 2014-05-28 23:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 08:10 - 2014-04-13 21:37 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 08:06 - 2014-05-31 03:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 08:06 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 08:06 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 08:06 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 08:06 - 2014-05-30 21:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 08:06 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 08:06 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 08:05 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 02:03 - 2014-07-09 02:03 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-02 11:58 - 2014-07-02 11:58 - 00000000 ____D () C:\Users\Used Car Factory\AppData\Local\Adobe
2014-07-01 15:14 - 2014-07-01 15:14 - 00001109 _____ () C:\Users\Used Car Factory\Desktop\printall - Shortcut.lnk
2014-07-01 14:49 - 2014-07-01 14:49 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(4).zip
2014-07-01 14:45 - 2014-07-01 14:45 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(3).zip
2014-06-28 11:25 - 2014-06-28 11:25 - 01257160 _____ () C:\Users\Used Car Factory\Downloads\Setup(17).exe
2014-06-26 13:23 - 2014-06-26 13:23 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Used Car Factory\Desktop\mbam-clean-2.0.2.0.exe
2014-06-24 16:58 - 2014-06-24 16:58 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(2).zip
2014-06-24 16:56 - 2014-06-24 16:56 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup.zip
2014-06-24 16:56 - 2014-06-24 16:56 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(1).zip

==================== One Month Modified Files and Folders =======

2014-07-23 01:22 - 2014-07-23 01:21 - 00016207 _____ () C:\Users\Used Car Factory\Desktop\FRST.txt
2014-07-23 01:21 - 2014-07-23 01:21 - 00000000 ____D () C:\FRST
2014-07-23 01:20 - 2014-07-23 01:21 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Used Car Factory\Desktop\mbam-check-2.1.1.1001.exe
2014-07-23 01:20 - 2014-07-23 01:21 - 01080320 _____ (Farbar) C:\Users\Used Car Factory\Desktop\Farbar Recovery Scan Tool (FRSTx86).exe
2014-07-23 01:19 - 2014-07-22 22:19 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 01:19 - 2014-01-29 22:22 - 00000000 __RDO () C:\Users\Used Car Factory\SkyDrive
2014-07-23 01:19 - 2011-12-27 15:30 - 00002480 _____ () C:\Users\Used Car Factory\Desktop\Google Chrome.lnk
2014-07-23 01:18 - 2013-08-22 02:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-23 01:17 - 2013-08-22 01:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-23 01:00 - 2013-08-22 03:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-23 00:54 - 2012-04-10 14:45 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-23 00:41 - 2011-12-27 15:26 - 00000952 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-344367017-4139638870-138449692-1000UA.job
2014-07-22 22:57 - 2014-01-29 21:26 - 01387324 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-22 22:36 - 2013-08-22 03:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-07-22 22:19 - 2014-07-22 22:19 - 00001072 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-22 22:19 - 2014-07-22 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-22 22:19 - 2014-07-22 22:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 22:19 - 2014-07-22 22:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-22 22:13 - 2013-11-14 00:30 - 00016258 _____ () C:\WINDOWS\PFRO.log
2014-07-22 20:56 - 2013-08-22 03:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-22 19:33 - 2014-07-22 19:32 - 00403320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-22 19:33 - 2013-06-21 16:17 - 00040448 ___SH () C:\Users\Used Car Factory\Desktop\Thumbs.db
2014-07-22 18:25 - 2012-07-26 01:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-22 18:16 - 2014-07-22 18:16 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9 Host.lnk
2014-07-22 18:16 - 2014-07-22 18:16 - 00001136 _____ () C:\Users\Public\Desktop\TeamViewer 9 Host.lnk
2014-07-22 18:15 - 2014-01-29 22:24 - 00000000 ____D () C:\Users\Used Car Factory\Desktop\Notes and Extras
2014-07-22 17:55 - 2014-05-23 11:39 - 00000000 __SHD () C:\ProgramData\m9dt734hfbjh
2014-07-22 17:53 - 2013-03-05 21:34 - 00001451 _____ () C:\Users\Used Car Factory\Desktop\Windows 8 Notes by Red Moon Computers - Shortcut.lnk
2014-07-22 17:52 - 2011-11-03 15:31 - 00000977 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-22 17:52 - 2011-07-20 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-22 17:52 - 2011-07-20 09:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-22 17:32 - 2014-01-29 22:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-22 17:31 - 2014-07-22 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 17:31 - 2014-07-22 17:31 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-22 17:31 - 2014-01-29 22:50 - 00000000 ____D () C:\Program Files\Java
2014-07-22 17:27 - 2014-07-22 17:27 - 00001015 _____ () C:\Users\Public\Desktop\Uninstall Instant Support.lnk
2014-07-22 17:27 - 2014-07-22 17:27 - 00000000 ____D () C:\Program Files\InstantSupport
2014-07-22 17:27 - 2013-06-01 09:10 - 00006962 _____ () C:\Users\Used Car Factory\Documents\Your Big File.htm
2014-07-22 17:27 - 2013-04-25 14:13 - 00453632 ___SH () C:\Users\Used Car Factory\Documents\Thumbs.db
2014-07-22 17:27 - 2013-04-03 10:01 - 00070358 _____ () C:\Users\Used Car Factory\Documents\CARFAX Vehicle History Report on 4M2ZU86K34ZJ02973.htm
2014-07-22 17:27 - 2011-11-03 13:12 - 01115521 _____ () C:\Users\Used Car Factory\Documents\Red Moon Computers ChunkVNC Instant Support.exe
2014-07-22 17:27 - 2011-07-20 10:53 - 00046986 _____ () C:\Users\Used Car Factory\Documents\rebatesCenter.htm
2014-07-22 17:27 - 2011-07-20 10:53 - 00000160 _____ () C:\Users\Used Car Factory\Documents\Attached Message Part.txt
2014-07-22 17:22 - 2014-07-22 17:22 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(13).EXE
2014-07-22 16:43 - 2014-06-04 15:08 - 00000000 ____D () C:\FrazerPrint
2014-07-22 16:43 - 2014-06-04 15:07 - 00000000 ____D () C:\Frazer30
2014-07-22 16:36 - 2013-08-22 01:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-22 16:23 - 2014-07-22 16:23 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(12).EXE
2014-07-22 16:22 - 2014-07-22 16:22 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(11).EXE
2014-07-22 16:10 - 2014-07-22 16:10 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(10).EXE
2014-07-22 16:08 - 2014-07-22 16:08 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(9).EXE
2014-07-22 15:58 - 2014-07-22 15:58 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-22 14:41 - 2011-12-27 15:26 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-344367017-4139638870-138449692-1000Core.job
2014-07-22 14:35 - 2014-06-02 12:43 - 00000000 ____D () C:\DeskMan
2014-07-22 13:32 - 2014-07-22 13:31 - 00814928 _____ (Frazer Computing, Inc.) C:\Users\Used Car Factory\Downloads\fz44886(3).exe
2014-07-22 13:31 - 2011-07-20 09:56 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-22 13:01 - 2014-01-29 21:11 - 00000000 ____D () C:\Users\Used Car Factory
2014-07-22 12:36 - 2014-07-22 12:36 - 00814928 _____ (Frazer Computing, Inc.) C:\Users\Used Car Factory\Downloads\fz44886(2).exe
2014-07-22 11:19 - 2011-07-20 10:52 - 00000000 ____D () C:\Century Software Systems
2014-07-22 10:22 - 2014-06-04 16:22 - 00000065 _____ () C:\WINDOWS\PCLT.INI
2014-07-22 10:17 - 2014-06-06 15:02 - 00000032 _____ () C:\boot.ini
2014-07-22 07:52 - 2013-08-22 03:17 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-19 10:04 - 2014-07-19 10:04 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(8).EXE
2014-07-18 13:16 - 2014-07-18 13:16 - 01385088 _____ () C:\Users\Used Car Factory\Downloads\Setup(19).exe
2014-07-18 13:16 - 2014-07-18 13:16 - 01385088 _____ () C:\Users\Used Car Factory\Downloads\Setup(18).exe
2014-07-18 09:41 - 2013-11-14 00:37 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-15 18:57 - 2014-06-17 18:03 - 00000000 ____D () C:\ProgramData\Acronis
2014-07-15 11:09 - 2014-07-15 11:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-15 11:09 - 2011-07-20 09:51 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-13 20:00 - 2014-01-31 17:57 - 00477696 ___SH () C:\EUMONBMP.SYS
2014-07-11 17:28 - 2013-08-22 02:23 - 00294660 _____ () C:\WINDOWS\setupact.log
2014-07-11 05:31 - 2013-08-22 03:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 03:02 - 2014-07-22 17:31 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-11 02:56 - 2014-07-22 17:31 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-11 02:56 - 2014-07-22 17:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-11 02:55 - 2014-07-22 17:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-10 17:58 - 2013-08-22 03:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 17:58 - 2013-08-22 03:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 17:53 - 2014-07-10 17:53 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 17:53 - 2013-11-14 00:26 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 17:53 - 2013-08-22 03:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 17:53 - 2013-08-22 03:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 08:14 - 2011-07-28 16:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 02:03 - 2014-07-09 02:03 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-02 11:58 - 2014-07-02 11:58 - 00000000 ____D () C:\Users\Used Car Factory\AppData\Local\Adobe
2014-07-01 15:26 - 2014-06-12 03:00 - 00000000 ____D () C:\Users\Used Car Factory\AppData\Roaming\gnupg
2014-07-01 15:14 - 2014-07-01 15:14 - 00001109 _____ () C:\Users\Used Car Factory\Desktop\printall - Shortcut.lnk
2014-07-01 14:49 - 2014-07-01 14:49 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(4).zip
2014-07-01 14:45 - 2014-07-01 14:45 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(3).zip
2014-07-01 03:00 - 2014-06-12 03:00 - 00000332 _____ () C:\WINDOWS\AutomaticFrazerBackupTPS.INI
2014-06-30 17:46 - 2014-07-09 09:15 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-28 11:25 - 2014-06-28 11:25 - 01257160 _____ () C:\Users\Used Car Factory\Downloads\Setup(17).exe
2014-06-28 01:57 - 2014-07-09 09:15 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 01:27 - 2014-07-09 09:15 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-26 15:55 - 2014-06-14 09:18 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-26 15:55 - 2014-06-14 09:18 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-26 13:23 - 2014-06-26 13:23 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Used Car Factory\Desktop\mbam-clean-2.0.2.0.exe
2014-06-24 16:58 - 2014-06-24 16:58 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(2).zip
2014-06-24 16:56 - 2014-06-24 16:56 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup.zip
2014-06-24 16:56 - 2014-06-24 16:56 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(1).zip

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-22 22:35

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-07-2014
Ran by Used Car Factory at 2014-07-23 01:22:51
Running from C:\Users\Used Car Factory\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Acronis True Image 2014 (HKLM\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (Version: 17.0.6673 - Acronis) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1A0052B5-5006-5137-A489-4E1DAD4E836F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2013.0115.1551.28388 - Advanced Micro Devices, Inc.) Hidden
AMD USB Filter Driver (Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
Auction Client (HKLM\...\{22D9B90E-5975-4C44-B0B2-F02A97BE030D}) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2013.0115.1551.28388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0115.1551.28388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0115.1551.28388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0115.1550.28388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0115.1550.28388 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0115.1550.28388 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0115.1550.28388 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0115.1550.28388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0115.1550.28388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0115.1550.28388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0115.1550.28388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0115.1550.28388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0115.1550.28388 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0115.1551.28388 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2568 - CDBurnerXP)
Citrix Online Launcher (HKLM\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
ContactAtOnce (HKLM\...\{652BD9A6-EE53-400F-99BD-221AB0ED41A0}) (Version: 3.0.0 - ContactAtOnce!)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
EPSON Remote Configuration Manager (HKLM\...\EPSON Remote Configuration Manager) (Version:  - )
ESWIN_USB 0.6j (HKLM\...\ESWIN_USB) (Version: 0.6j - SAMSUNG ELECTRONICS)
Finance & Insurance (HKLM\...\Century Software Systems_is1) (Version:  - Century Software Systems)
Frazer Software for the Used Car Dealer (HKLM\...\{7783A050-23C5-11DA-6784-01412D6F18BE}) (Version:  - Frazer Computing, Inc.)
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.65.2.WIN.FullTilt.COM - )
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
GoToMeeting 5.7.0.1172 (HKCU\...\GoToMeeting) (Version: 5.7.0.1172 - CitrixOnline)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MPC-HC 1.7.5 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.5 - MPC-HC Team)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Navionics World (HKLM\...\Navionics World 1.2.3) (Version: 1.2.3 - Navionics)
ON_OFF Charge B11.0110.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Roblox (HKLM\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Used Car Factory (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Simulcast Video Plugin (Internet Explorer) (HKLM\...\Simulcast Video Plugin (Internet Explorer)) (Version: 1.0 - Manheim)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 Host (HKLM\...\TeamViewer 9 Host) (Version: 9.0.29947 - TeamViewer)
The Lord of the Rings FREE Trial  (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
update (HKLM\...\update_is1) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

02-07-2014 16:11:41 Scheduled Checkpoint
09-07-2014 13:08:38 Windows Update
13-07-2014 09:19:55 Windows Update
16-07-2014 14:36:33 Windows Update
19-07-2014 16:11:13 Windows Update
22-07-2014 22:30:45 Installed Java 7 Update 65

==================== Hosts content: ==========================

2013-08-22 01:13 - 2013-08-22 01:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {00EC09D2-7409-4729-908A-B25C6042DB9C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {0155F409-05CF-4727-A040-B60D6D280562} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {0A8DB3FE-E4DF-4B0C-8F06-93EDF3CC91D5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {10D66420-1E27-48EE-9AFD-83CAF6CD5DBC} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {19EAEEFE-64BF-4C03-B563-41DEE25EA6AC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2B7CB082-CB3A-479A-B736-27A94457A4FE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {3047079E-0129-47B5-899D-14A89A8314F3} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {35AF4C90-901E-403E-B02B-C112506C89DE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {41095B38-692B-4485-A4FF-B3DF8D32373C} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {470AD29E-1923-4304-BEF7-A34F48C4C47B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49FA4F8D-B78E-40FE-82EA-E3DB29A17EF4} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {4E8D2FD2-A92B-4FED-9718-6C504F4074BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {4F0B832C-62A7-45AB-9E32-EFD2C21874EA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {5B36A9B6-BA1B-4B9C-A1DD-72CF5B08DEB6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6BF2B4DE-CDFC-4FD1-9405-EF5350D61B22} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6CF3E0E7-84EB-4D53-938A-6C08DF0FE60B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {6ECDB6AA-2E7A-42AD-9CD3-321A40CAE235} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-344367017-4139638870-138449692-1000UA => C:\Users\Used Car Factory\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27] (Google Inc.)
Task: {721D884E-A9E3-4882-862A-A88970C2203C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {763C19D8-16BD-42BD-B4F4-E056C2AE943A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7B04E324-F695-4621-8984-F68AE0E8BE62} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {828436D2-A1F2-4A86-BDE8-7754C3EFAC39} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8552DD9C-9399-4E5B-A902-E9DA8D51082A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {97D9B8EA-E79C-44EB-8B09-0CCF14635935} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {9D115891-0BBC-4F95-BF22-432D5ED8818F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {B3C8F649-DFD8-411F-B191-0A623F68405A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C47E4AC8-115B-4B35-B2C7-9BD83F6771DB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C9DBE08F-212E-41E4-BCB3-F81DAEDAED12} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {D50CD9C0-E059-4E49-AAE4-9340052D0239} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E027CABB-301E-4AB4-B850-CE067C8B639C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {E045EE29-972D-4E3F-A667-C90C29C769CF} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {F2FE625C-4213-4EED-8DDA-DE6499D7BBFB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-14] (Microsoft Corporation)
Task: {F38CFFED-388E-4297-9648-C9DDC3A85345} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {F3B7C4E5-9E46-4B99-8696-0A00C3288060} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F706A953-0138-48CB-ABA3-A340A39F642C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F7739369-D472-4CBD-BBA0-C2A6EF25E4FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-344367017-4139638870-138449692-1000Core => C:\Users\Used Car Factory\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27] (Google Inc.)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-344367017-4139638870-138449692-1000Core.job => C:\Users\Used Car Factory\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-344367017-4139638870-138449692-1000UA.job => C:\Users\Used Car Factory\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-01 10:26 - 2013-10-01 10:26 - 02627672 _____ () C:\Program Files\Acronis\TrueImageHome\tishell.dll
2013-10-01 11:00 - 2013-10-01 11:00 - 00022336 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2014-07-22 17:27 - 2010-11-26 14:32 - 00412104 _____ () C:\Program Files\InstantSupport\SecureVNCPlugin.dsm
2012-07-09 17:22 - 2012-06-18 05:17 - 00047272 _____ () C:\Program Files\Navionics World\NavService.exe
2012-07-09 17:22 - 2011-10-11 05:46 - 08179712 _____ () C:\Program Files\Navionics World\QtGui4.dll
2012-07-09 17:22 - 2011-10-11 05:34 - 02203648 _____ () C:\Program Files\Navionics World\QtCore4.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files\Common Files\Acronis\Home\thread_pool.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files\Common Files\Acronis\Home\ulxmlrpcpp.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Used Car Factory\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Used Car Factory\Documents\PICKUP _ DELIVERY INFORMATION.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2014 10:45:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: mbamcore.dll, version: 1.0.11.0, time stamp: 0x536d8027
Exception code: 0xc0000005
Fault offset: 0x0001748f
Faulting process id: 0x1ec
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (07/22/2014 09:09:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: mbamcore.dll, version: 1.0.11.0, time stamp: 0x536d8027
Exception code: 0xc0000005
Fault offset: 0x0001748f
Faulting process id: 0x820
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (07/22/2014 07:27:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: mbamcore.dll, version: 1.0.11.0, time stamp: 0x536d8027
Exception code: 0xc0000005
Fault offset: 0x0001748f
Faulting process id: 0x1274
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (07/22/2014 06:15:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: mbamcore.dll, version: 1.0.11.0, time stamp: 0x536d8027
Exception code: 0xc0000005
Fault offset: 0x0001748f
Faulting process id: 0x368
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (07/22/2014 05:30:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/22/2014 05:23:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0xcc0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5


System errors:
=============
Error: (07/23/2014 01:19:01 AM) (Source: DCOM) (EventID: 10016) (User: UCF-REDMOON7416)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}UCF-RedMoon7416Used Car FactoryS-1-5-21-344367017-4139638870-138449692-1000LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/23/2014 01:19:01 AM) (Source: DCOM) (EventID: 10016) (User: UCF-REDMOON7416)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}UCF-RedMoon7416Used Car FactoryS-1-5-21-344367017-4139638870-138449692-1000LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/23/2014 01:17:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053

Error: (07/23/2014 01:17:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.

Error: (07/23/2014 01:16:56 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Acronis Nonstop Backup Service service did not shut down properly after receiving a preshutdown control.

Error: (07/23/2014 01:16:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

Error: (07/22/2014 10:13:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053

Error: (07/22/2014 10:13:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.

Error: (07/22/2014 10:12:54 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Acronis Nonstop Backup Service service did not shut down properly after receiving a preshutdown control.

Error: (07/22/2014 10:12:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.


Microsoft Office Sessions:
=========================
Error: (07/22/2014 10:45:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532mbamcore.dll1.0.11.0536d8027c00000050001748f1ec01cfa624e9fdcf5dC:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\mbamcore.dlld2f8bff4-121b-11e4-aff5-50e54965e50e

Error: (07/22/2014 09:09:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532mbamcore.dll1.0.11.0536d8027c00000050001748f82001cfa60dbd1f1059C:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\mbamcore.dll5b4d4a61-120e-11e4-aff3-50e54965e50e

Error: (07/22/2014 07:27:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532mbamcore.dll1.0.11.0536d8027c00000050001748f127401cfa604bb55068dC:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\mbamcore.dll1aeb796e-1200-11e4-aff2-50e54965e50e

Error: (07/22/2014 06:15:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532mbamcore.dll1.0.11.0536d8027c00000050001748f36801cfa5fc7af9734fC:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\mbamcore.dll09634bd4-11f6-11e4-aff2-50e54965e50e

Error: (07/22/2014 05:30:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (07/22/2014 05:23:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bcc001cfa5fb73a83d6eC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllcd6408c8-11ee-11e4-aff2-50e54965e50e


CodeIntegrity Errors:
===================================
  Date: 2014-07-22 22:37:26.827
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 21:46:29.882
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 19:45:39.742
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 18:28:06.546
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 16:29:44.037
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 13:26:32.492
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 13:02:37.392
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Settings Manager\systemk\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 13:01:44.752
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-07-21 12:12:58.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-21 12:12:58.217
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 1789.53 MB
Available physical RAM: 946.71 MB
Total Pagefile: 3581.53 MB
Available Pagefile: 2459.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1864.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:421.17 GB) NTFS
Drive d: () (Fixed) (Total:74.52 GB) (Free:7.96 GB) NTFS
Drive f: (SAMSUNG) (Fixed) (Total:298 GB) (Free:215.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 34D78074)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 40AA40AA)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 298 GB) (Disk ID: DDEE2843)
Partition 1: (Active) - (Size=298 GB) - (Type=0C)

==================== End Of Log ============================

 

 

CheckResults.txt

Link to post
Share on other sites

Already did.  Have clean removed with all reg entries prior to reinstalling.  The problem persists.

Did you run the mbam-clean tool as your install shows that it was installed on Installed On: 2014/07/22

Also there is no need to remove any reg entries manually, the mbam-clean tool will do that.

You also show that you are running the Trial version and not the full licensed version.

Please re-run the steps in my post # 2 above.

Link to post
Share on other sites

The clean tool was used.  The product was uninstalled, the registry entries were deleted, and then mbam-clean-2.0.2.0 was used.  The system was rebooted prior to reinstallation.  I will complete it again if you feel it is necessary.  Yesterday was the 22nd and that is when it occured.  Should this be completed in a different order?  Do the logs show anything?

Link to post
Share on other sites

Crash occurs yet.

----

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-07-2014 01
Ran by Used Car Factory (administrator) on UCF-REDMOON7416 on 23-07-2014 12:50:23
Running from C:\Users\Used Car Factory\Desktop\Anti-Malware Fix
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(UltraVNC) C:\Program Files\InstantSupport\InstantSupportVNC.exe
(UltraVNC) C:\Program Files\InstantSupport\InstantSupportVNC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\Navionics World\NavService.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-344367017-4139638870-138449692-1000\...\Run: [Google Update] => C:\Users\Used Car Factory\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-27] (Google Inc.)
HKU\S-1-5-21-344367017-4139638870-138449692-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-344367017-4139638870-138449692-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Used Car Factory\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-27] (Google Inc.)
HKU\S-1-5-21-344367017-4139638870-138449692-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U147&ocid=U147DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA1D57D3A4682CE01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-search.net/search?sid=516&aid=0&itype=n&ver=12791&tm=412&src=ds&p={searchTerms}
SearchScopes: HKCU - F1119A7802D64EADAB96065438BE59FC URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-search.net/search?sid=516&aid=0&itype=n&ver=12791&tm=412&src=ds&p={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {1DCB41E4-22EA-44A6-BEC0-D54969EFBED9} https://dealers.autotrader.com/dc/media/inc/ImageUploader5.cab
DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://simulcast.manheim.com/simulcast_docs/av/LiveSound.dll
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} https://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {37E92FB8-76BF-445A-B12D-158D787680D4} http://dealers.carsforsale.com/WebResource.axd?d=TNzvII8hlLszymFkqZIZGZKSIQ81zdqUoJppnecIPdy6anJUF9p2-6BMe4IrBGqFzmr3t1R48IiIvLl3OfbwRnTyeGJeFRaZ3DxvyKQvvBC_OkiukJiKGs8lCO_K2ozgHaNnbPtPbXbkcK86F07TzKzKSKXgcfNmN5bo0BIa5h7V3zB-0&t=634774483848326139
DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} http://www.onlineringman.com/auctions/install/isetupml.cab
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} http://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634481451840000000
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://dealers.carsforsale.com/WebResource.axd?d=BN3gKf9vpuN_vWDV6sRu_8XGJ3px8qSGaj8xN7kTPkulTL5YS6PM1cIAh8lhLFYiHVUfTU_tfSV57OwHikwxgXBYKa_hCrNo3jCUNuVPLwF-7EjlTnXVAKHBS9RA7XyU0EaX8IvjgbugBeiXBqQwSonZWpIVkMJdiFVvdXkuAP_nhx680&t=633888709160000000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} http://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634293224640000000
Tcpip\Parameters: [DhcpNameServer] 68.115.71.53 24.247.15.53 24.217.0.5

FireFox:
========
FF ProfilePath: C:\Users\Used Car Factory\AppData\Roaming\Mozilla\Firefox\Profiles\ee6h2aoo.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com|hxxp://www.google.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U147DF&PC=U147&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Used Car Factory\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Used Car Factory\AppData\Local\Roblox\Versions\version-18d29ad623804580\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Used Car Factory\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Used Car Factory\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Used Car Factory\AppData\Roaming\Mozilla\Firefox\Profiles\ee6h2aoo.default\searchplugins\bingp.xml
FF Extension: Manheim Media Player - C:\Users\Used Car Factory\AppData\Roaming\Mozilla\Firefox\Profiles\ee6h2aoo.default\Extensions\mediaplayer@manheim.com [2013-06-03]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.msn.com/?pc=U147&ocid=U147DHP&dt=072213", "hxxp://www.google.com/"
CHR DefaultSearchKeyword: bing.com
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Roblox Launcher Plugin) - C:\Program Files\Roblox\Versions\version-21cdb2fff9fb4df2\\NPRobloxProxy.dll ( Roblox Corporation)
CHR Plugin: (Google Update) - C:\Users\Used Car Factory\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (YouTube) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27]
CHR Extension: (Google Search) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]
CHR Extension: (Google Wallet) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]
CHR Extension: (Browser_AppS 1.1) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefbdemjhadgpcckinpnimbnbecamaoj [2014-07-22]
CHR Extension: (Gmail) - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]
CHR StartMenuInternet: Google Chrome - C:\Users\Used Car Factory\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [777016 2013-07-18] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3873784 2014-06-17] (Acronis)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-01-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-21] (Microsoft Corporation)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7142320 2014-02-04] (Acronis)
R2 uvnc_service; C:\Program Files\InstantSupport\InstantSupportVNC.exe [998912 2011-09-01] (UltraVNC) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-23] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-23] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] ()
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 tdrpman; C:\WINDOWS\system32\DRIVERS\tdrpman.sys [889888 2014-06-17] (Acronis International GmbH)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [736192 2014-06-17] (Acronis International GmbH)
R0 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [143648 2014-06-17] (Acronis International GmbH)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [187392 2013-08-21] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-21] (Microsoft Corporation)
U3 idsvc;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 12:16 - 2014-07-23 12:18 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 12:16 - 2014-07-23 12:16 - 00001072 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 12:16 - 2014-07-23 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 12:16 - 2014-07-23 12:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 12:16 - 2014-07-23 12:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-23 12:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-23 12:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-23 12:16 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-23 09:58 - 2014-07-23 09:58 - 00814928 _____ (Frazer Computing, Inc.) C:\Users\Used Car Factory\Downloads\fz44886(5).exe
2014-07-23 09:34 - 2014-07-23 09:34 - 00814928 _____ (Frazer Computing, Inc.) C:\Users\Used Car Factory\Downloads\fz44886(4).exe
2014-07-23 01:34 - 2014-07-23 12:50 - 00000000 ____D () C:\Users\Used Car Factory\Desktop\Anti-Malware Fix
2014-07-23 01:21 - 2014-07-23 12:50 - 00000000 ____D () C:\FRST
2014-07-22 19:32 - 2014-07-22 19:33 - 00403320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-22 18:16 - 2014-07-22 18:16 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9 Host.lnk
2014-07-22 17:31 - 2014-07-22 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 17:31 - 2014-07-22 17:31 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-22 17:31 - 2014-07-11 03:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-22 17:31 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-22 17:31 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-22 17:31 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-22 17:27 - 2014-07-22 17:27 - 00001015 _____ () C:\Users\Public\Desktop\Uninstall Instant Support.lnk
2014-07-22 17:27 - 2014-07-22 17:27 - 00000000 ____D () C:\Program Files\InstantSupport
2014-07-22 17:22 - 2014-07-22 17:22 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(13).EXE
2014-07-22 16:23 - 2014-07-22 16:23 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(12).EXE
2014-07-22 16:22 - 2014-07-22 16:22 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(11).EXE
2014-07-22 16:10 - 2014-07-22 16:10 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(10).EXE
2014-07-22 16:08 - 2014-07-22 16:08 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(9).EXE
2014-07-22 15:58 - 2014-07-22 15:58 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-22 15:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-22 13:31 - 2014-07-22 13:32 - 00814928 _____ (Frazer Computing, Inc.) C:\Users\Used Car Factory\Downloads\fz44886(3).exe
2014-07-22 12:36 - 2014-07-22 12:36 - 00814928 _____ (Frazer Computing, Inc.) C:\Users\Used Car Factory\Downloads\fz44886(2).exe
2014-07-19 10:04 - 2014-07-19 10:04 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(8).EXE
2014-07-18 13:16 - 2014-07-18 13:16 - 01385088 _____ () C:\Users\Used Car Factory\Downloads\Setup(19).exe
2014-07-18 13:16 - 2014-07-18 13:16 - 01385088 _____ () C:\Users\Used Car Factory\Downloads\Setup(18).exe
2014-07-15 11:09 - 2014-07-15 11:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-10 17:53 - 2014-07-10 17:53 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 09:16 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 09:16 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 09:16 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 09:16 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 09:16 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 09:16 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 09:16 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 09:16 - 2014-06-18 17:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 09:16 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 09:16 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 09:16 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 09:16 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 09:16 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 09:16 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 09:15 - 2014-06-30 17:46 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 09:15 - 2014-06-28 01:57 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 09:15 - 2014-06-28 01:27 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 09:15 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 09:15 - 2014-06-06 08:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 09:15 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 09:15 - 2014-05-29 22:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 09:15 - 2014-05-29 04:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 09:15 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 09:15 - 2014-05-28 23:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 08:10 - 2014-04-13 21:37 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 08:06 - 2014-05-31 03:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 08:06 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 08:06 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 08:06 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 08:06 - 2014-05-30 21:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 08:06 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 08:06 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 08:05 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 02:03 - 2014-07-09 02:03 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-02 11:58 - 2014-07-02 11:58 - 00000000 ____D () C:\Users\Used Car Factory\AppData\Local\Adobe
2014-07-01 15:14 - 2014-07-01 15:14 - 00001109 _____ () C:\Users\Used Car Factory\Desktop\printall - Shortcut.lnk
2014-07-01 14:49 - 2014-07-01 14:49 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(4).zip
2014-07-01 14:45 - 2014-07-01 14:45 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(3).zip
2014-06-28 11:25 - 2014-06-28 11:25 - 01257160 _____ () C:\Users\Used Car Factory\Downloads\Setup(17).exe
2014-06-24 16:58 - 2014-06-24 16:58 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(2).zip
2014-06-24 16:56 - 2014-06-24 16:56 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup.zip
2014-06-24 16:56 - 2014-06-24 16:56 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(1).zip

==================== One Month Modified Files and Folders =======

2014-07-23 12:50 - 2014-07-23 01:34 - 00000000 ____D () C:\Users\Used Car Factory\Desktop\Anti-Malware Fix
2014-07-23 12:50 - 2014-07-23 01:21 - 00000000 ____D () C:\FRST
2014-07-23 12:41 - 2011-12-27 15:26 - 00000952 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-344367017-4139638870-138449692-1000UA.job
2014-07-23 12:18 - 2014-07-23 12:16 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 12:16 - 2014-07-23 12:16 - 00001072 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 12:16 - 2014-07-23 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 12:16 - 2014-07-23 12:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 12:16 - 2014-07-23 12:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-23 12:12 - 2014-01-29 22:22 - 00000000 __RDO () C:\Users\Used Car Factory\SkyDrive
2014-07-23 12:12 - 2011-12-27 15:30 - 00002480 _____ () C:\Users\Used Car Factory\Desktop\Google Chrome.lnk
2014-07-23 12:11 - 2013-11-14 00:30 - 00044638 _____ () C:\WINDOWS\PFRO.log
2014-07-23 12:11 - 2013-08-22 02:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-23 12:09 - 2014-01-29 21:26 - 01563383 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-23 12:00 - 2013-08-22 03:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-23 11:54 - 2012-04-10 14:45 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-23 11:52 - 2014-06-04 15:08 - 00000000 ____D () C:\FrazerPrint
2014-07-23 11:52 - 2014-06-04 15:07 - 00000000 ____D () C:\Frazer30
2014-07-23 10:32 - 2013-08-22 03:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-07-23 10:27 - 2014-06-06 15:02 - 00000032 _____ () C:\boot.ini
2014-07-23 10:25 - 2014-06-04 16:22 - 00000065 _____ () C:\WINDOWS\PCLT.INI
2014-07-23 10:07 - 2012-07-26 01:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-23 09:58 - 2014-07-23 09:58 - 00814928 _____ (Frazer Computing, Inc.) C:\Users\Used Car Factory\Downloads\fz44886(5).exe
2014-07-23 09:53 - 2014-01-29 21:11 - 00000000 ____D () C:\Users\Used Car Factory
2014-07-23 09:53 - 2012-12-06 17:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-23 09:34 - 2014-07-23 09:34 - 00814928 _____ (Frazer Computing, Inc.) C:\Users\Used Car Factory\Downloads\fz44886(4).exe
2014-07-23 09:33 - 2014-05-10 09:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-23 08:25 - 2013-08-22 03:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-23 01:36 - 2013-08-22 01:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-22 19:33 - 2014-07-22 19:32 - 00403320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-22 19:33 - 2013-06-21 16:17 - 00040448 ___SH () C:\Users\Used Car Factory\Desktop\Thumbs.db
2014-07-22 18:16 - 2014-07-22 18:16 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9 Host.lnk
2014-07-22 18:15 - 2014-01-29 22:24 - 00000000 ____D () C:\Users\Used Car Factory\Desktop\Notes and Extras
2014-07-22 17:55 - 2014-05-23 11:39 - 00000000 __SHD () C:\ProgramData\m9dt734hfbjh
2014-07-22 17:53 - 2013-03-05 21:34 - 00001451 _____ () C:\Users\Used Car Factory\Desktop\Windows 8 Notes by Red Moon Computers - Shortcut.lnk
2014-07-22 17:52 - 2011-11-03 15:31 - 00000977 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-22 17:52 - 2011-07-20 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-22 17:52 - 2011-07-20 09:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-22 17:32 - 2014-01-29 22:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-22 17:31 - 2014-07-22 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 17:31 - 2014-07-22 17:31 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-22 17:31 - 2014-01-29 22:50 - 00000000 ____D () C:\Program Files\Java
2014-07-22 17:27 - 2014-07-22 17:27 - 00001015 _____ () C:\Users\Public\Desktop\Uninstall Instant Support.lnk
2014-07-22 17:27 - 2014-07-22 17:27 - 00000000 ____D () C:\Program Files\InstantSupport
2014-07-22 17:27 - 2013-06-01 09:10 - 00006962 _____ () C:\Users\Used Car Factory\Documents\Your Big File.htm
2014-07-22 17:27 - 2013-04-25 14:13 - 00453632 ___SH () C:\Users\Used Car Factory\Documents\Thumbs.db
2014-07-22 17:27 - 2013-04-03 10:01 - 00070358 _____ () C:\Users\Used Car Factory\Documents\CARFAX Vehicle History Report on 4M2ZU86K34ZJ02973.htm
2014-07-22 17:27 - 2011-11-03 13:12 - 01115521 _____ () C:\Users\Used Car Factory\Documents\Red Moon Computers ChunkVNC Instant Support.exe
2014-07-22 17:27 - 2011-07-20 10:53 - 00046986 _____ () C:\Users\Used Car Factory\Documents\rebatesCenter.htm
2014-07-22 17:27 - 2011-07-20 10:53 - 00000160 _____ () C:\Users\Used Car Factory\Documents\Attached Message Part.txt
2014-07-22 17:22 - 2014-07-22 17:22 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(13).EXE
2014-07-22 16:36 - 2013-08-22 01:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-22 16:23 - 2014-07-22 16:23 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(12).EXE
2014-07-22 16:22 - 2014-07-22 16:22 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(11).EXE
2014-07-22 16:10 - 2014-07-22 16:10 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(10).EXE
2014-07-22 16:08 - 2014-07-22 16:08 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(9).EXE
2014-07-22 15:58 - 2014-07-22 15:58 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-22 14:41 - 2011-12-27 15:26 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-344367017-4139638870-138449692-1000Core.job
2014-07-22 14:35 - 2014-06-02 12:43 - 00000000 ____D () C:\DeskMan
2014-07-22 13:32 - 2014-07-22 13:31 - 00814928 _____ (Frazer Computing, Inc.) C:\Users\Used Car Factory\Downloads\fz44886(3).exe
2014-07-22 13:31 - 2011-07-20 09:56 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-22 12:36 - 2014-07-22 12:36 - 00814928 _____ (Frazer Computing, Inc.) C:\Users\Used Car Factory\Downloads\fz44886(2).exe
2014-07-22 11:19 - 2011-07-20 10:52 - 00000000 ____D () C:\Century Software Systems
2014-07-22 07:52 - 2013-08-22 03:17 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-19 10:04 - 2014-07-19 10:04 - 02192016 _____ (Microsoft Corporation) C:\Users\Used Car Factory\Downloads\DefaultPack(8).EXE
2014-07-18 13:16 - 2014-07-18 13:16 - 01385088 _____ () C:\Users\Used Car Factory\Downloads\Setup(19).exe
2014-07-18 13:16 - 2014-07-18 13:16 - 01385088 _____ () C:\Users\Used Car Factory\Downloads\Setup(18).exe
2014-07-18 09:41 - 2013-11-14 00:37 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-15 18:57 - 2014-06-17 18:03 - 00000000 ____D () C:\ProgramData\Acronis
2014-07-15 11:09 - 2014-07-15 11:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-15 11:09 - 2011-07-20 09:51 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-13 20:00 - 2014-01-31 17:57 - 00477696 ___SH () C:\EUMONBMP.SYS
2014-07-11 17:28 - 2013-08-22 02:23 - 00294660 _____ () C:\WINDOWS\setupact.log
2014-07-11 05:31 - 2013-08-22 03:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 03:02 - 2014-07-22 17:31 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-11 02:56 - 2014-07-22 17:31 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-11 02:56 - 2014-07-22 17:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-11 02:55 - 2014-07-22 17:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-10 17:58 - 2013-08-22 03:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 17:58 - 2013-08-22 03:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 17:53 - 2014-07-10 17:53 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 17:53 - 2013-11-14 00:26 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 17:53 - 2013-08-22 03:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 17:53 - 2013-08-22 03:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 08:14 - 2011-07-28 16:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 02:03 - 2014-07-09 02:03 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-02 11:58 - 2014-07-02 11:58 - 00000000 ____D () C:\Users\Used Car Factory\AppData\Local\Adobe
2014-07-01 15:26 - 2014-06-12 03:00 - 00000000 ____D () C:\Users\Used Car Factory\AppData\Roaming\gnupg
2014-07-01 15:14 - 2014-07-01 15:14 - 00001109 _____ () C:\Users\Used Car Factory\Desktop\printall - Shortcut.lnk
2014-07-01 14:49 - 2014-07-01 14:49 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(4).zip
2014-07-01 14:45 - 2014-07-01 14:45 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(3).zip
2014-07-01 03:00 - 2014-06-12 03:00 - 00000332 _____ () C:\WINDOWS\AutomaticFrazerBackupTPS.INI
2014-06-30 17:46 - 2014-07-09 09:15 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-28 11:25 - 2014-06-28 11:25 - 01257160 _____ () C:\Users\Used Car Factory\Downloads\Setup(17).exe
2014-06-28 01:57 - 2014-07-09 09:15 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 01:27 - 2014-07-09 09:15 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-26 15:55 - 2014-06-14 09:18 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-26 15:55 - 2014-06-14 09:18 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-24 16:58 - 2014-06-24 16:58 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(2).zip
2014-06-24 16:56 - 2014-06-24 16:56 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup.zip
2014-06-24 16:56 - 2014-06-24 16:56 - 00396317 _____ () C:\Users\Used Car Factory\Downloads\setup(1).zip

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-23 10:31

==================== End Of Log ============================

CheckResults.txt

Link to post
Share on other sites

Lets see if we can collect a crash dump so we can submit it for review from the Dev team.

Create a Full Crash Dump using Sysinternals Process Explorer:

  • Please download Sysinternals Process Explorer from here and save it to your desktop.
    • Note: If using Windows Vista or Windows 7 then you also need to do the following:
      • Right-click on ProcExp.exe and select Properties
      • Click on the Compatibility tab
      • Under Privilege Level check the box next to Run this program as an administrator
      • Click on Apply then click OK
  • Double-click ProcExp.exe to run it.
  • Once the crash happens, leave the error window open and find mbam.exe in the process list in Process Explorer and right-click on it and hover your mouse over Create Dump and select Create Full Dump...
  • Save the mbam.dmp file to your desktop and close Process Explorer
  • Right-click on the mbam.dmp file you just created and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the ZIP file you just created to your next reply if it is small enough. If it isn't then please upload it to a file sharing service such as WeTransfer and provide the download link for the file in your next reply
  • Let me know how big the file is and if you need instructions for WeTransfer....
Link to post
Share on other sites

I will let the developers know you posted the dump, in the meantime here are the instructions for WeTransfer

Upload File(s) to WeTransfer:

  • Visit WeTransfer.com
  • Click on I Agree

    4ENbg3P.png

  • Click on the icon on the lower left indicated in the below image

    qKOjzXD.png

  • Select the Link option

    Cyzhcx1.png

  • Click on +Add Files

    CvZMyrC.png

  • Browse to the location of the file and double-click on it or click once on it and select Open

    S5Ty834.png

  • Click on Transfer

    8eYfZGi.png

  • Once the transfer completes, click on Copy link

    fkb0tkR.png

  • Once you receive the Copied! message as indicated below, paste the link into your next reply

    ndpEstA.png

Link to post
Share on other sites

The clean tool was used.  The product was uninstalled, the registry entries were deleted, and then mbam-clean-2.0.2.0 was used.  The system was rebooted prior to reinstallation.  I will complete it again if you feel it is necessary.  Yesterday was the 22nd and that is when it occured.  Should this be completed in a different order?  Do the logs show anything?

 

Can you perform the following steps?

1. Reinstall MBAM 2.0.   http://www.malwarebytes.org/getmbam

2. Run MBAM Clean. http://downloads.malwarebytes.org/file/mbam_clean

3. Reinstall MBAM 2.0.   http://www.malwarebytes.org/getmbam

4. See if the issue persists.

 

Explanation:

There is a current bug that MBAM Clean does not work correctly when MBAM 2.0 is not currently installed.

 

Please reply here with your findings. Thank you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.