M-Bytes crashed every time I try to scan.

brbas · May 16, 2014

Hi,

I was Malwarebytes premium until it began crashing every time I clicked to run a scan. I used the mbam-clean tool to uninstall Malwarebyted before reinstalling however once I'd done this the same problem kept occurring. Following the instructions the, What Do I Do Now? thread I used the farbar scan tool which output the logs I've posted below. Thank you for any help.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014

Ran by h (administrator) on DTC97-TOSH on 16-05-2014 16:17:07

Running from C:\Users\h\Desktop

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

() C:\Program Files\ShrewSoft\VPN Client\iked.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe

() C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe

(TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [335736 2011-07-11] (Alps Electric Co., Ltd.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-14] (Realtek Semiconductor)

HKLM\...\Run: [sRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] ()

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-17] (TOSHIBA Corporation)

HKLM\...\Run: [batteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [286632 2011-11-25] (TOSHIBA Corporation)

HKLM\...\Run: [TFPUPWDBankService] => C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe [976256 2012-03-16] (TOSHIBA)

HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe [896384 2012-03-16] (TOSHIBA)

HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-29] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)

HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-12] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)

HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-07-27] (Toshiba Europe GmbH)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1492264 2011-11-18] (Nero AG)

HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-29] (Intel Corporation)

HKLM-x32\...\Run: [iTSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()

HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)

HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)

HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2009-01-16] (McAfee, Inc.)

HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2009-04-29] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2720769786-3086496883-1267401994-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)

HKU\S-1-5-21-2720769786-3086496883-1267401994-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-02-20] (TrueCrypt Foundation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com

SearchScopes: HKLM - DefaultScope {34E3A4D4-B0E6-4B29-A179-3FE444BB4055} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MATMJS;

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {34E3A4D4-B0E6-4B29-A179-3FE444BB4055} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MATMJS;

SearchScopes: HKLM-x32 - DefaultScope {34E3A4D4-B0E6-4B29-A179-3FE444BB4055} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MATMJS;

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {34E3A4D4-B0E6-4B29-A179-3FE444BB4055} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MATMJS;

SearchScopes: HKCU - DefaultScope {34E3A4D4-B0E6-4B29-A179-3FE444BB4055} URL =

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

BHO-x32: TOSHIBA Fingerprint Utility Automatic Password Input - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll (TOSHIBA)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

BHO-x32: No Name - {82D2E569-25A7-4e4d-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll No File

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

Toolbar: HKLM-x32 - No Name - {945C8270-A848-11d5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{89DD8B8E-36AD-486E-A267-D3D72A0E8D34}: [NameServer]130.159.248.50,130.159.228.50

Tcpip\..\Interfaces\{ECEB9DDA-AAAF-4AD2-94CC-00487156D2A5}: [NameServer]130.159.248.50,130.159.228.50

FireFox:

========

FF ProfilePath: C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\hxim2csm.default-1381860742401

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml

FF Extension: British English Dictionary (Updated) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\hxim2csm.default-1381860742401\Extensions\en-gb@flyingtophat.co.uk [2013-10-22]

FF Extension: Adblock Plus - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\hxim2csm.default-1381860742401\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-15]

FF HKLM-x32\...\Firefox\Extensions: [{302BCF7B-E09E-4854-9F2F-8B2DA4EF70F9}] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin

FF Extension: TOSHIBA Fingerprint Utility Automatic Password Input - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin [2012-10-27]

Chrome:

=======

CHR DefaultSearchKeyword: google.co.uk

CHR Extension: (Google Docs) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-13]

CHR Extension: (Google Drive) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-13]

CHR Extension: (YouTube) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-13]

CHR Extension: (Adblock Plus) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-13]

CHR Extension: (Google Search) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-13]

CHR Extension: (TOSHIBA Fingerprint Utility Automatic Password Input) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog [2014-05-13]

CHR Extension: (Google Wallet) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-13]

CHR Extension: (Gmail) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-13]

CHR HKLM-x32\...\Chrome\Extension: [iniieblifogecdlkejbmonblijmdaiog] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\ChromeAddin\ChromeAddin.crx [2012-03-16]

==================== Services (Whitelisted) =================

R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-29] ()

R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)

S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-19] (IObit)

R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [19720 2009-04-29] (McAfee, Inc.)

R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-01-16] (McAfee, Inc.)

U2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [176872 2009-04-29] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [62800 2009-04-29] (McAfee, Inc.)

R2 mfevtp; C:\windows\system32\mfevtps.exe [78992 2009-04-29] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)

S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-10] (O2Micro)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-16] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [97704 2009-04-29] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [120096 2009-04-29] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [466944 2009-04-29] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [76696 2009-04-29] (McAfee, Inc.)

R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [83912 2009-04-29] (McAfee, Inc.)

R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-13] ()

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)

R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)

S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-16 16:17 - 2014-05-16 16:17 - 00020558 _____ () C:\Users\h\Desktop\FRST.txt

2014-05-16 16:17 - 2014-05-16 16:17 - 00000000 ____D () C:\FRST

2014-05-16 16:16 - 2014-05-16 16:16 - 02067456 _____ (Farbar) C:\Users\h\Desktop\FRST64.exe

2014-05-16 16:02 - 2014-05-16 16:02 - 00025194 _____ () C:\Users\h\Desktop\dds.txt

2014-05-16 16:02 - 2014-05-16 16:02 - 00010637 _____ () C:\Users\h\Desktop\attach.txt

2014-05-16 15:55 - 2014-05-16 15:55 - 00688992 ____R (Swearware) C:\Users\h\Desktop\dds.scr

2014-05-16 15:54 - 2014-05-16 15:54 - 00688992 _____ (Swearware) C:\Users\h\Desktop\dds.com

2014-05-16 15:51 - 2014-05-16 15:51 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-16 15:51 - 2014-05-16 15:51 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-16 15:51 - 2014-05-16 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-16 15:51 - 2014-05-16 15:51 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-16 15:51 - 2014-05-16 15:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-16 15:51 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-05-16 15:51 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2014-05-16 15:51 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2014-05-16 15:26 - 2014-05-16 15:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\h\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-16 15:21 - 2014-05-16 15:21 - 00315392 _____ (Malwarebytes Corporation) C:\Users\h\Downloads\mbam-clean-2.0.2.0.exe

2014-05-15 18:49 - 2014-05-15 18:49 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-15 18:49 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-05-15 18:49 - 2014-05-06 05:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-05-15 18:49 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-05-15 18:49 - 2014-05-06 04:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-05-15 18:49 - 2014-05-06 04:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-05-15 18:49 - 2014-05-06 03:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-05-15 13:12 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-05-15 13:12 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-05-15 13:12 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

2014-05-15 13:12 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll

2014-05-15 13:10 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2014-05-15 13:10 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2014-05-15 13:10 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2014-05-15 13:10 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2014-05-15 13:10 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2014-05-15 13:10 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2014-05-15 13:10 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2014-05-15 13:10 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2014-05-15 13:10 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2014-05-15 13:10 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2014-05-15 13:10 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2014-05-15 13:10 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll

2014-05-15 13:10 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

2014-05-15 13:10 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2014-05-15 13:10 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2014-05-15 13:10 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2014-05-15 13:10 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2014-05-15 13:10 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll

2014-05-15 13:10 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe

2014-05-15 13:10 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll

2014-05-15 13:10 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll

2014-05-15 13:10 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll

2014-05-15 13:10 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll

2014-05-15 13:10 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll

2014-05-15 13:10 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2014-05-15 13:10 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2014-05-15 13:10 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2014-05-15 13:10 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2014-05-15 13:10 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll

2014-05-15 13:10 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2014-05-15 13:10 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2014-05-15 13:10 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

2014-05-15 13:10 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2014-05-15 13:10 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll

2014-05-15 13:10 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll

2014-05-15 13:10 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll

2014-05-15 13:10 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll

2014-05-15 13:10 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll

2014-05-15 13:10 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll

2014-05-15 13:10 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2014-05-15 13:10 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

2014-05-13 12:19 - 2014-05-16 15:46 - 00000884 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-13 12:19 - 2014-05-16 15:24 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-13 12:19 - 2014-05-14 18:27 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-13 12:19 - 2014-05-13 12:19 - 00003884 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-13 12:19 - 2014-05-13 12:19 - 00003632 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-13 12:19 - 2014-05-13 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-05-13 12:18 - 2014-05-13 12:19 - 00000000 ____D () C:\Users\h\AppData\Local\Google

2014-05-13 12:18 - 2014-05-13 12:19 - 00000000 ____D () C:\Program Files (x86)\Google

2014-05-12 11:04 - 2014-05-12 11:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-08 16:53 - 2014-05-13 19:08 - 00000000 ____D () C:\Users\h\Desktop\Stuff needing read or noted

2014-05-07 16:12 - 2014-05-08 17:04 - 00327102 _____ () C:\Users\h\Documents\poster.pptx

2014-05-07 16:00 - 2014-05-07 15:57 - 00132696 _____ () C:\Users\h\Desktop\Poster_Template_New.pptx

2014-05-07 15:41 - 2014-05-12 10:54 - 00000000 ____D () C:\Users\h\Desktop\Posters

2014-04-30 14:03 - 2014-05-15 18:52 - 00000000 ___SD () C:\windows\system32\CompatTel

2014-04-22 12:16 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-04-22 12:16 - 2014-03-06 09:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-04-22 12:16 - 2014-03-06 09:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-04-22 12:16 - 2014-03-06 09:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-04-22 12:16 - 2014-03-06 09:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-04-22 12:16 - 2014-03-06 09:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-04-22 12:16 - 2014-03-06 09:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-04-22 12:16 - 2014-03-06 09:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-04-22 12:16 - 2014-03-06 09:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-04-22 12:16 - 2014-03-06 09:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-04-22 12:16 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-04-22 12:16 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-04-22 12:16 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-04-22 12:16 - 2014-03-06 08:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-04-22 12:16 - 2014-03-06 08:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-04-22 12:16 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-04-22 12:16 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-04-22 12:16 - 2014-03-06 08:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-04-22 12:16 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-04-22 12:16 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-04-22 12:16 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-04-22 12:16 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-04-22 12:16 - 2014-03-06 08:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-04-22 12:16 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-04-22 12:16 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-04-22 12:16 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-04-22 12:16 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-04-22 12:15 - 2014-03-06 09:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-04-22 12:15 - 2014-03-06 09:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-04-22 12:15 - 2014-03-06 09:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-04-22 12:15 - 2014-03-06 09:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-04-22 12:15 - 2014-03-06 09:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-04-22 12:15 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-04-22 12:15 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-04-22 12:15 - 2014-03-06 08:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-04-22 12:15 - 2014-03-06 07:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-04-22 12:15 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-04-22 12:15 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-04-22 12:15 - 2014-03-06 07:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-04-22 12:15 - 2014-03-06 06:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-04-22 12:15 - 2014-03-06 06:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-04-22 12:15 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-04-22 12:15 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-04-22 12:15 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-16 16:17 - 2014-05-16 16:17 - 00020558 _____ () C:\Users\h\Desktop\FRST.txt

2014-05-16 16:17 - 2014-05-16 16:17 - 00000000 ____D () C:\FRST

2014-05-16 16:16 - 2014-05-16 16:16 - 02067456 _____ (Farbar) C:\Users\h\Desktop\FRST64.exe

2014-05-16 16:04 - 2012-10-27 08:09 - 01648263 _____ () C:\windows\WindowsUpdate.log

2014-05-16 16:02 - 2014-05-16 16:02 - 00025194 _____ () C:\Users\h\Desktop\dds.txt

2014-05-16 16:02 - 2014-05-16 16:02 - 00010637 _____ () C:\Users\h\Desktop\attach.txt

2014-05-16 15:59 - 2012-07-27 00:47 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-05-16 15:55 - 2014-05-16 15:55 - 00688992 ____R (Swearware) C:\Users\h\Desktop\dds.scr

2014-05-16 15:54 - 2014-05-16 15:54 - 00688992 _____ (Swearware) C:\Users\h\Desktop\dds.com

2014-05-16 15:53 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-16 15:53 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-16 15:51 - 2014-05-16 15:51 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-16 15:51 - 2014-05-16 15:51 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-16 15:51 - 2014-05-16 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-16 15:51 - 2014-05-16 15:51 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-16 15:51 - 2014-05-16 15:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-16 15:50 - 2009-07-14 06:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI

2014-05-16 15:49 - 2013-10-04 16:37 - 00000538 _____ () C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job

2014-05-16 15:46 - 2014-05-13 12:19 - 00000884 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-16 15:46 - 2012-10-27 08:09 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

2014-05-16 15:45 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-05-16 15:45 - 2009-07-14 05:51 - 00098377 _____ () C:\windows\setupact.log

2014-05-16 15:37 - 2010-11-21 04:47 - 00137144 _____ () C:\windows\PFRO.log

2014-05-16 15:26 - 2014-05-16 15:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\h\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-16 15:24 - 2014-05-13 12:19 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-16 15:21 - 2014-05-16 15:21 - 00315392 _____ (Malwarebytes Corporation) C:\Users\h\Downloads\mbam-clean-2.0.2.0.exe

2014-05-16 12:22 - 2012-10-27 08:09 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

2014-05-15 18:55 - 2012-12-08 00:31 - 00000000 ___RD () C:\Users\h\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-15 18:55 - 2012-12-08 00:28 - 00000000 ___RD () C:\Users\h\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-15 18:52 - 2014-04-30 14:03 - 00000000 ___SD () C:\windows\system32\CompatTel

2014-05-15 18:52 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions

2014-05-15 18:51 - 2012-12-14 01:24 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-05-15 18:49 - 2014-05-15 18:49 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-15 18:44 - 2013-07-31 23:30 - 00000000 ____D () C:\windows\system32\MRT

2014-05-15 18:44 - 2012-12-14 02:50 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-05-15 16:39 - 2013-09-25 17:06 - 00000000 ____D () C:\Users\h\Documents\Prosody PreReading

2014-05-15 12:55 - 2013-01-21 21:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-14 18:27 - 2014-05-13 12:19 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-14 13:00 - 2012-07-27 00:47 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-05-14 13:00 - 2012-07-27 00:47 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-14 13:00 - 2012-07-27 00:47 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-05-13 19:08 - 2014-05-08 16:53 - 00000000 ____D () C:\Users\h\Desktop\Stuff needing read or noted

2014-05-13 12:19 - 2014-05-13 12:19 - 00003884 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-13 12:19 - 2014-05-13 12:19 - 00003632 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-13 12:19 - 2014-05-13 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-05-13 12:19 - 2014-05-13 12:18 - 00000000 ____D () C:\Users\h\AppData\Local\Google

2014-05-13 12:19 - 2014-05-13 12:18 - 00000000 ____D () C:\Program Files (x86)\Google

2014-05-13 11:49 - 2013-09-16 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2014-05-12 11:05 - 2014-05-12 11:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-12 10:54 - 2014-05-07 15:41 - 00000000 ____D () C:\Users\h\Desktop\Posters

2014-05-09 15:48 - 2014-03-19 16:50 - 00000000 ____D () C:\ProgramData\ProductData

2014-05-09 15:46 - 2009-07-14 05:45 - 00417416 _____ () C:\windows\system32\FNTCACHE.DAT

2014-05-09 07:14 - 2014-05-15 13:12 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-05-09 07:11 - 2014-05-15 13:12 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-05-08 17:04 - 2014-05-07 16:12 - 00327102 _____ () C:\Users\h\Documents\poster.pptx

2014-05-08 11:17 - 2012-12-08 00:31 - 00109280 _____ () C:\Users\h\AppData\Local\GDIPFONTCACHEV1.DAT

2014-05-07 18:25 - 2013-10-14 00:25 - 00000000 ____D () C:\Users\h\AppData\Roaming\vlc

2014-05-07 15:57 - 2014-05-07 16:00 - 00132696 _____ () C:\Users\h\Desktop\Poster_Template_New.pptx

2014-05-06 05:40 - 2014-05-15 18:49 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-05-06 05:17 - 2014-05-15 18:49 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-05-06 04:25 - 2014-05-15 18:49 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-05-06 04:07 - 2014-05-15 18:49 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-05-06 04:00 - 2014-05-15 18:49 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-05-06 03:10 - 2014-05-15 18:49 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-05-03 22:55 - 2013-06-30 21:24 - 00358552 _____ (Trusteer Ltd.) C:\windows\system32\Drivers\RapportKE64.sys

2014-04-22 23:30 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache

Some content of TEMP:

====================

C:\Users\h\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\h\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe

C:\Users\h\AppData\Local\Temp\install_reader11_uk_mssd_aih(1).exe

C:\Users\h\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\h\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\h\AppData\Local\Temp\ose00000.exe

C:\Users\h\AppData\Local\Temp\promote-upx.exe

C:\Users\h\AppData\Local\Temp\Risweb32.exe

C:\Users\h\AppData\Local\Temp\~tmp1381863745410.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe

[2014-05-15 13:10] - [2014-03-04 10:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-13 16:41

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014

Ran by h at 2014-05-16 16:17:54

Running from C:\Users\h\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.106.303.214 - ALPS ELECTRIC CO., LTD.)

AuthenTec WinBio FingerPrint Software (HKLM\...\{3CEE4431-D0DA-49AA-A78D-5D3B559446DF}) (Version: 3.2.3.1157 - AuthenTec, Inc.)

BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.0.7 - British Broadcasting Corp.)

BBC iPlayer Desktop (x32 Version: 3.0.7 - British Broadcasting Corp.) Hidden

Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.03(T) - TOSHIBA CORPORATION)

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F2CE207D-C146-4BFD-A1C2-219483C58819}) (Version: - Microsoft)

EndNote Plug-Ins (HKLM-x32\...\{1DFE388B-6FD3-4230-A47B-393AEA68C01D}) (Version: 3.7.0.3005 - Thomson Reuters)

EndNote X4 (HKLM-x32\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.0.4845 - Thomson Reuters)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

GStreamer SDK (x86) (HKLM-x32\...\{7314DDD8-A0B7-401B-BA16-3EA4B9F55472}) (Version: 20.13.6 - GStreamer Project)

High-Definition Video Playback (x32 Version: 11.1.10500.2.65 - Nero AG) Hidden

Intel PROSet Wireless (Version: - ) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)

Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)

Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )

Intel® PROSet/Wireless WiFi Software (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0875 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)

ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)

McAfee Agent (HKLM-x32\...\{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}) (Version: 4.0.0.1345 - McAfee, Inc.)

McAfee VirusScan Enterprise (HKLM-x32\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.0 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 29.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-GB)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Nero 11 Essentials (HKLM-x32\...\{F8635CF8-B797-4EFD-80BC-DE2D26C65D4F}) (Version: 11.0.00300 - Nero AG)

Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden

Nero BackItUp 11 (x32 Version: 6.0.18000.19.100 - Nero AG) Hidden

Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden

Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)

Nero BurnRights 11 (x32 Version: 5.0.10300.4.100 - Nero AG) Hidden

Nero BurnRights 11 Help (CHM) (x32 Version: 11.0.10100 - Nero AG) Hidden

Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27 - Nero AG) Hidden

Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden

Nero Core Components 11 (x32 Version: 11.0.15500.1.16 - Nero AG) Hidden

Nero Express 11 (x32 Version: 11.0.11900.24.100 - Nero AG) Hidden

Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden

Nero Kwik Media (x32 Version: 1.10.24800.146.100 - Nero AG) Hidden

Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden

Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden

Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden

Nero Update (x32 Version: 11.0.11400.27.0 - Nero AG) Hidden

nero.prerequisites.msi (x32 Version: 11.0.20008 - Nero AG) Hidden

O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{425FB23A-15A6-42FC-9DB7-E0DABD764A3F}) (Version: 2.1.4.207GS - O2Micro)

O2Micro OZ776 SCR Driver (Version: 2.1.4.207GS - O2Micro) Hidden

PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Rapport (x32 Version: 3.5.1307.76 - Trusteer) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.0 - Renesas Electronics Corporation) Hidden

ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)

RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)

Rock Scrobbler version 0.12 (HKLM-x32\...\{B58F468D-5033-480F-8210-2ECD28998338}_is1) (Version: 0.12 - Toastware)

Scrivener Update (HKLM-x32\...\Scrivener 1600) (Version: 1610 - Literature and Latte)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden

Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )

Slik Subversion 1.8.3.1 (x86) (HKLM-x32\...\{28244357-62F9-47B4-A6F7-A3204443ECEA}) (Version: 1.8.3.1 - SlikSvn & The SharpSvn Project)

SRS Premium Sound Control Panel (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)

TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)

TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.21.64 - TOSHIBA Corporation)

TOSHIBA Fingerprint Utility (HKLM\...\{62BBF381-D208-4EF0-B502-6CB6E5B9A161}) (Version: 2.0.0.6409 - TOSHIBA Corporation)

TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)

TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.14 - TOSHIBA Corporation)

TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.05 - TOSHIBA)

TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)

TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.17.64 - TOSHIBA Corporation)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)

TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.1.0.0 - TOSHIBA)

TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.1.0.0 - TOSHIBA) Hidden

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.4.01 - TOSHIBA Corporation)

TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA)

TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)

TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0024.000101 - TOSHIBA Corporation)

TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)

TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0027.640202 - TOSHIBA Corporation)

TOSHIBA Value Added Package (Version: 1.6.0027.640202 - TOSHIBA Corporation) Hidden

TOSHIBA Value Added Package (x32 Version: 1.6.0027.640202 - TOSHIBA Corporation) Hidden

TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)

TOSHIBA Web Camera Application (x32 Version: 2.0.3.33 - TOSHIBA Corporation) Hidden

TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)

TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.76 - Trusteer)

Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{E84E9B25-BEB6-4F2F-84BB-755CDA8E89C0}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version: - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)

VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)

welcome (x32 Version: 11.0.22500.0.0 - Nero AG) Hidden

==================== Restore Points =========================

22-04-2014 11:06:05 Windows Update

27-04-2014 13:56:01 Windows Update

30-04-2014 13:02:04 Windows Update

30-04-2014 20:41:07 Installed Rapport

08-05-2014 16:05:44 Windows Update

13-05-2014 10:47:38 Installed Rapport

13-05-2014 10:51:14 Windows Update

15-05-2014 17:40:43 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-11-29 16:38 - 00000856 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {060C82CF-E824-4376-950A-2DE6FA404768} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-13] (Google Inc.)

Task: {551D4A96-04BA-4A64-A4CF-6557AF14D899} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)

Task: {71326AE1-9BC9-47DD-9CE8-F6CB2700C7D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-13] (Google Inc.)

Task: {A01E5926-734E-4B93-B6FE-C877E5E50DA2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)

Task: {AB054A46-CBDA-4E8D-8F9E-FDFD8D93A95D} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-26] (TOSHIBA CORPORATION)

Task: {DE480A51-F575-4085-BD3B-55F98FC51532} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)

Task: {FC514CA5-3C80-40FC-B3B5-51207A3EE6EA} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

Task: C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) =============

2009-12-14 16:24 - 2009-12-14 16:24 - 00014848 _____ () C:\windows\System32\KOAZXJ_L.dll

2013-07-01 09:21 - 2013-07-01 09:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe

2013-07-01 00:16 - 2013-07-01 00:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll

2013-07-01 00:15 - 2013-07-01 00:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll

2013-07-01 00:15 - 2013-07-01 00:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll

2013-07-01 00:16 - 2013-07-01 00:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll

2013-07-01 00:16 - 2013-07-01 00:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll

2013-07-01 00:16 - 2013-07-01 00:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll

2013-07-01 00:17 - 2013-07-01 00:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll

2013-07-01 00:17 - 2013-07-01 00:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll

2013-07-01 00:17 - 2013-07-01 00:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll

2012-10-27 08:09 - 2012-02-29 01:20 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

2013-07-01 09:21 - 2013-07-01 09:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe

2009-04-29 21:07 - 2009-04-29 21:07 - 00140288 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\VsEvntUI.dll

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2012-03-16 18:25 - 2012-03-16 18:25 - 00476544 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUCommon.dll

2012-03-27 01:33 - 2012-03-27 01:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-03-03 00:08 - 2012-03-03 00:08 - 00595840 _____ () C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

2011-08-22 23:19 - 2011-08-22 23:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll

2010-12-15 23:19 - 2010-12-15 23:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll

2012-04-12 01:05 - 2012-04-12 01:05 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

2013-06-30 21:24 - 2014-05-13 11:51 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll

2005-08-22 16:38 - 2005-08-22 16:38 - 03264512 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll

2009-01-16 17:00 - 2009-01-16 17:00 - 00057344 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll

2009-04-29 21:07 - 2009-04-29 21:07 - 00148816 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsEvntUI.dll

2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2012-03-16 18:28 - 2012-03-16 18:28 - 00372608 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUCommon.dll

2012-03-16 18:28 - 2012-03-16 18:28 - 00415104 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUBrowserAddinRc.dll

2012-10-27 08:08 - 2012-02-21 20:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-05-14 18:27 - 2014-05-08 00:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-05-14 18:27 - 2014-05-08 00:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll

2014-05-14 18:27 - 2014-05-08 00:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll

2014-05-14 18:27 - 2014-05-08 00:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll

2014-05-14 18:27 - 2014-05-08 00:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll

2014-05-14 18:27 - 2014-05-08 00:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter

Description: Shrew Soft Virtual Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Shrew Soft

Service: vnet

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Shrew Soft Virtual Adapter #2

Description: Shrew Soft Virtual Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Shrew Soft

Service: vnet

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (05/16/2014 03:51:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x1084

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

Error: (05/16/2014 03:48:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: DTC97-TOSH)

Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/16/2014 03:46:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 03:37:34 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 03:14:23 PM) (Source: MsiInstaller) (EventID: 1024) (User: DTC97-TOSH)

Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/16/2014 03:11:48 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x101c

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

Error: (05/16/2014 03:09:16 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 01:35:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0xcdc

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

Error: (05/16/2014 01:33:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x1f9c

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

Error: (05/16/2014 01:30:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x1db8

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

System errors:

=============

Error: (05/16/2014 03:47:38 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

Error: (05/16/2014 03:08:58 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 14:07:35 on ‎16/‎05/‎2014 was unexpected.

Error: (05/15/2014 07:00:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (05/15/2014 06:55:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error:

%%1053

Error: (05/15/2014 06:55:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (05/15/2014 06:55:53 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/15/2014 06:40:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (05/15/2014 01:03:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (05/15/2014 00:56:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZeroConfigService service.

Error: (05/14/2014 10:34:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Microsoft Office Sessions:

=========================

Error: (05/16/2014 03:51:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd108401cf71165f8dbae5C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll9fcb4191-dd09-11e3-a294-e8e0b7208267

Error: (05/16/2014 03:48:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: DTC97-TOSH)

Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (05/16/2014 03:46:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 03:37:34 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 03:14:23 PM) (Source: MsiInstaller) (EventID: 1024) (User: DTC97-TOSH)

Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (05/16/2014 03:11:48 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd101c01cf7110790ef764C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll046f34d6-dd04-11e3-bb67-e8e0b7208267

Error: (05/16/2014 03:09:16 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 01:35:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdcdc01cf71035114b864C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll9d66c684-dcf6-11e3-8076-e8e0b7208267

Error: (05/16/2014 01:33:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1f9c01cf7102fcce4e1eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll4143c375-dcf6-11e3-8076-e8e0b7208267

Error: (05/16/2014 01:30:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1db801cf7102896576a2C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllcfc9f1fa-dcf5-11e3-8076-e8e0b7208267

==================== Memory info ===========================

Percentage of memory in use: 51%

Total physical RAM: 3974.17 MB

Available physical RAM: 1916.88 MB

Total Pagefile: 7946.52 MB

Available Pagefile: 5521 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI30947200A) (Fixed) (Total:286.01 GB) (Free:198.37 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 298 GB) (Disk ID: E9B9B306)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=11 GB) - (Type=17)

==================== End Of Log ============================

Andro1d · June 4, 2014

Hi there,

Are you still in need of assistance?

AdvancedSetup · June 10, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

M-Bytes crashed every time I try to scan.

Recommended Posts

brbas

Link to post

Share on other sites

Andro1d

Link to post

Share on other sites

AdvancedSetup

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information