Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pop ups after malwarebytes/security essentials run showed nothing :(


  • Please log in to reply

#1
love2teach956

love2teach956

    Member

  • Member
  • PipPipPip
  • 132 posts

Help! My daughter's Dell laptop seems infected with something that I can't find. I ran her Microsoft Security Essentials scan and it showed nothing. I downloaded from yor site, the Malwarebytes program and it showed lots and I deleted all that. She's still getting rerouted on her pages and pop ups.

 

She has a Dell latop running Windows 7 Home Premium with Service Pack 1 with Intel Core 2 Duo processor 2.20GHz and 4.00 GB of RAM. system type is 64-bit Operating System.

 

She needs her laptop for homework for college. What has she gotten in to!

 

Thanks!!


Edited by love2teach956, 07 April 2014 - 12:07 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.




Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs.  Please copy and paste both of them.

Ron
  • 0

#3
love2teach956

love2teach956

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

hope all this makes sense for you...

 

 

 

 

 

# AdwCleaner v3.023 - Report created 08/04/2014 at 21:44:33
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ellery - ELLERY-PC
# Running from : C:\Users\Ellery\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moozy
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Moozy
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\SavingsbullFilter
Folder Deleted : C:\Users\Ellery\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Ellery\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Ellery\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\Ellery\AppData\Roaming\Ask.com
Folder Deleted : C:\Users\Ellery\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Ellery\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Ellery\Documents\Optimizer Pro
Folder Deleted : C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
File Deleted : C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\PC Optimizer Pro.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Ask.xml
File Deleted : C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilWebSparkle_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilWebSparkle_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro
Key Deleted : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v11.0 (en-US)

[ File : C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://start.iminent.com/?ref=NewTab&appId=00000000-0000-0000-0000-000000000000");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "f6b44434000000000000701a04aae7d1");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "f6b44434000000000000701a04aae7d1");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15534");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:01:46");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.dynconff.cache.cleanpc365.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1263_1521_1717\">\r\n  <content id=\"MB_P1\">\r\n    <newjs><![CDATA[(function() {\r\n[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.mysearchdial.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1722_1169_1263_1348_1482_1521_1668_1717\">\r\n  <content id=\"MB_P1\">\r\n    <n[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.mysearchdial.com.expires", "1395287948788");
Line Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.1.9,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:3.1.0.20130818030116,wecarer[email protected]:4.1.23.4,{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}:9.5.3,[...]
Line Deleted : user_pref("extensions.iminent.admin", false);
Line Deleted : user_pref("extensions.iminent.aflt", "orgnl");
Line Deleted : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Line Deleted : user_pref("extensions.iminent.autoRvrt", "false");
Line Deleted : user_pref("extensions.iminent.dfltLng", "");
Line Deleted : user_pref("extensions.iminent.excTlbr", false);
Line Deleted : user_pref("extensions.iminent.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.iminent.id", "f6b44434000000000000701a04aae7d1");
Line Deleted : user_pref("extensions.iminent.instlDay", "16116");
Line Deleted : user_pref("extensions.iminent.instlRef", "");
Line Deleted : user_pref("extensions.iminent.newTab", false);
Line Deleted : user_pref("extensions.iminent.prdct", "iminent");
Line Deleted : user_pref("extensions.iminent.prtnrId", "iminent");
Line Deleted : user_pref("extensions.iminent.rvrt", "false");
Line Deleted : user_pref("extensions.iminent.smplGrp", "none");
Line Deleted : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Line Deleted : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Line Deleted : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Line Deleted : user_pref("extensions.iminent.vrsnTs", "1.8.28.321:13:01");
Line Deleted : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Line Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\[...]
Line Deleted : user_pref("iminent.LayoutId", "1");
Line Deleted : user_pref("iminent.adapters", "{\"onlinefullmovie\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924412725181814400\"},\"cltrks\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Sta[...]
Line Deleted : user_pref("iminent.enabledAds", "false");
Line Deleted : user_pref("iminent.newtabredirect", "true");
Line Deleted : user_pref("iminent.nomsi", "true");
Line Deleted : user_pref("iminent.registerToolbarEvent101", "1396639996461");
Line Deleted : user_pref("iminent.registerToolbarEvent102", "1395598359044");
Line Deleted : user_pref("iminent.registerToolbarEvent140", "1392450336317");
Line Deleted : user_pref("iminent.searchindex", "1");
Line Deleted : user_pref("iminent.version", "8.4.3.1");
Line Deleted : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.4.3.1\",\"InstallEventCTime\":1392441252016,\"InstallEvent\":\"True\"}");

*************************

AdwCleaner[R0].txt - [13419 octets] - [08/04/2014 21:43:05]
AdwCleaner[S0].txt - [13026 octets] - [08/04/2014 21:44:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13087 octets] ##########
 

  that was log from ADW cleanerl.

 

Farbar Recovery should be next:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Ellery (administrator) on ELLERY-PC on 08-04-2014 22:01:21
Running from C:\Users\Ellery\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-1458255248-4161178811-2998873453-1000\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\oovoo.exe [36247104 2014-03-25] (ooVoo LLC)
HKU\S-1-5-21-1458255248-4161178811-2998873453-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1458255248-4161178811-2998873453-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
URLSearchHook: HKCU - Search Results Toolbar - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default
FF Homepage: https://www.yahoo.com/?fr=fptb-yff80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Extension: Plus-HD-7.7 - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com [2014-04-08]
FF Extension: webbsaver - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] [2014-03-19]
FF Extension: BettErPeriCeChec - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] [2014-03-19]
FF Extension: Yahoo! Toolbar - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-04-08]
FF Extension: Iminent - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] [2014-04-08]
FF Extension: MySearchDial - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-28]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Ellery\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikbiigmbicdfpfkjgjjeiongjdhnikh [2014-02-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-19] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 22:01 - 2014-04-08 22:01 - 00007813 _____ () C:\Users\Ellery\Downloads\FRST.txt
2014-04-08 22:01 - 2014-04-08 22:01 - 00000000 ____D () C:\FRST
2014-04-08 22:00 - 2014-04-08 22:00 - 02157056 _____ (Farbar) C:\Users\Ellery\Downloads\FRST64.exe
2014-04-08 21:57 - 2014-04-08 21:57 - 00002305 _____ () C:\Users\Ellery\Desktop\JRT.txt
2014-04-08 21:50 - 2014-04-08 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 21:49 - 2014-04-08 21:49 - 01016261 _____ (Thisisu) C:\Users\Ellery\Downloads\JRT.exe
2014-04-08 21:47 - 2014-04-08 21:47 - 00013184 _____ () C:\Users\Ellery\Desktop\AdwCleaner[S0].txt
2014-04-08 21:39 - 2014-04-08 21:44 - 00000000 ____D () C:\AdwCleaner
2014-04-08 21:38 - 2014-04-08 21:38 - 01426178 _____ () C:\Users\Ellery\Downloads\AdwCleaner.exe
2014-04-04 13:01 - 2014-04-04 13:01 - 00001989 _____ () C:\Users\Ellery\Desktop\Paltalk Messenger.lnk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Paltalk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-04-04 12:41 - 2014-04-04 13:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 12:40 - 2014-04-04 12:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 12:40 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 12:40 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-04 12:40 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-04 12:37 - 2014-04-04 12:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ellery\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-19 20:02 - 2014-03-19 20:02 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-19 20:02 - 2014-03-19 20:02 - 00000000 ____D () C:\Program Files (x86)\BeetterPrricoeChec
2014-03-19 20:00 - 2014-04-04 12:57 - 00000000 ____D () C:\ProgramData\SaverPro
2014-03-19 19:53 - 2014-03-19 19:53 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-19 19:52 - 2014-03-19 19:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-19 19:52 - 2014-03-19 19:53 - 00000000 ____D () C:\Program Files\iTunes
2014-03-19 19:52 - 2014-03-19 19:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-19 19:52 - 2014-03-19 19:52 - 00000000 ____D () C:\Program Files\iPod
2014-03-19 19:50 - 2014-03-23 09:41 - 00000000 ____D () C:\ProgramData\BeetterPrricoeChec
2014-03-19 19:50 - 2014-03-19 20:02 - 00000000 ____D () C:\ProgramData\4f849e9bda014f7c
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\Users\Ellery\AppData\Local\Packages
2014-03-19 19:33 - 2014-03-19 19:33 - 00000000 ____D () C:\Users\Ellery\AppData\Local\Macromedia
2014-03-16 22:31 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 22:31 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 22:31 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 22:31 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 22:31 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 22:31 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 22:31 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 22:31 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 22:31 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 22:31 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 22:31 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 22:31 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 22:31 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-16 22:31 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 22:31 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 22:31 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-16 22:31 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 22:31 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 22:31 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-16 22:31 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-16 22:31 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 22:31 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 22:31 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-16 22:31 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 22:31 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-16 22:31 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 22:31 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-16 22:31 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 22:31 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 22:31 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-16 22:31 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 22:31 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 22:31 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 22:31 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 22:31 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 22:31 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 22:31 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 22:31 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 22:31 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 22:31 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-16 22:31 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 22:31 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 22:31 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-16 22:31 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-16 22:30 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 22:30 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 22:30 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-16 22:30 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-08 22:01 - 2014-04-08 22:01 - 00007813 _____ () C:\Users\Ellery\Downloads\FRST.txt
2014-04-08 22:01 - 2014-04-08 22:01 - 00000000 ____D () C:\FRST
2014-04-08 22:00 - 2014-04-08 22:00 - 02157056 _____ (Farbar) C:\Users\Ellery\Downloads\FRST64.exe
2014-04-08 21:58 - 2012-02-07 22:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-08 21:57 - 2014-04-08 21:57 - 00002305 _____ () C:\Users\Ellery\Desktop\JRT.txt
2014-04-08 21:53 - 2009-07-13 21:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 21:53 - 2009-07-13 21:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 21:51 - 2009-07-13 22:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 21:50 - 2014-04-08 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 21:49 - 2014-04-08 21:49 - 01016261 _____ (Thisisu) C:\Users\Ellery\Downloads\JRT.exe
2014-04-08 21:49 - 2012-02-07 20:54 - 01818022 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 21:47 - 2014-04-08 21:47 - 00013184 _____ () C:\Users\Ellery\Desktop\AdwCleaner[S0].txt
2014-04-08 21:47 - 2014-01-03 17:07 - 00000296 _____ () C:\Windows\Tasks\AffiliatedUpdate.job
2014-04-08 21:47 - 2012-03-28 23:54 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Skype
2014-04-08 21:45 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 21:45 - 2009-07-13 21:51 - 00035205 _____ () C:\Windows\setupact.log
2014-04-08 21:44 - 2014-04-08 21:39 - 00000000 ____D () C:\AdwCleaner
2014-04-08 21:38 - 2014-04-08 21:38 - 01426178 _____ () C:\Users\Ellery\Downloads\AdwCleaner.exe
2014-04-07 11:06 - 2012-07-22 14:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 16:24 - 2010-11-20 20:47 - 00181828 _____ () C:\Windows\PFRO.log
2014-04-04 15:37 - 2012-05-17 07:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-04 15:37 - 2012-02-07 22:27 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-04 15:37 - 2012-02-07 22:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-04 13:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SchCache
2014-04-04 13:02 - 2014-04-04 12:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 13:01 - 2014-04-04 13:01 - 00001989 _____ () C:\Users\Ellery\Desktop\Paltalk Messenger.lnk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Paltalk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-04-04 13:01 - 2012-04-25 20:34 - 00001859 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2014-04-04 13:01 - 2012-04-25 20:34 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2014-04-04 13:01 - 2012-02-07 21:22 - 00000000 ___RD () C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-04 12:58 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Globalization
2014-04-04 12:57 - 2014-03-19 20:00 - 00000000 ____D () C:\ProgramData\SaverPro
2014-04-04 12:57 - 2014-01-03 17:07 - 00000000 ____D () C:\Users\Ellery\FLV Player
2014-04-04 12:40 - 2014-04-04 12:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 12:37 - 2014-04-04 12:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ellery\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-04 12:36 - 2009-07-13 19:34 - 00000603 _____ () C:\Windows\win.ini
2014-03-23 10:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-03-23 09:41 - 2014-03-19 19:50 - 00000000 ____D () C:\ProgramData\BeetterPrricoeChec
2014-03-19 21:53 - 2012-03-28 23:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-19 21:53 - 2012-03-28 23:53 - 00000000 ____D () C:\ProgramData\Skype
2014-03-19 21:52 - 2013-10-31 21:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 21:51 - 2012-02-07 21:40 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 20:06 - 2012-07-22 14:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-19 20:06 - 2012-07-22 14:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-19 20:06 - 2012-02-07 22:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-19 20:02 - 2014-03-19 20:02 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-19 20:02 - 2014-03-19 20:02 - 00000000 ____D () C:\Program Files (x86)\BeetterPrricoeChec
2014-03-19 20:02 - 2014-03-19 19:50 - 00000000 ____D () C:\ProgramData\4f849e9bda014f7c
2014-03-19 19:58 - 2012-02-07 21:22 - 00000000 ____D () C:\Users\Ellery
2014-03-19 19:53 - 2014-03-19 19:53 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-19 19:53 - 2014-03-19 19:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-19 19:53 - 2014-03-19 19:52 - 00000000 ____D () C:\Program Files\iTunes
2014-03-19 19:53 - 2014-03-19 19:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-19 19:52 - 2014-03-19 19:52 - 00000000 ____D () C:\Program Files\iPod
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\Users\Ellery\AppData\Local\Packages
2014-03-19 19:48 - 2012-07-22 14:51 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-03-19 19:42 - 2012-02-16 17:40 - 00000000 ____D () C:\ProgramData\Apple
2014-03-19 19:33 - 2014-03-19 19:33 - 00000000 ____D () C:\Users\Ellery\AppData\Local\Macromedia
2014-03-19 19:28 - 2009-07-13 21:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 19:27 - 2012-08-07 17:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 19:27 - 2012-08-07 17:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 09:52 - 2011-04-27 16:25 - 00133928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys

Some content of TEMP:
====================
C:\Users\Ellery\AppData\Local\Temp\1E97.exe
C:\Users\Ellery\AppData\Local\Temp\41877uninstall.exe
C:\Users\Ellery\AppData\Local\Temp\ApnStub.exe
C:\Users\Ellery\AppData\Local\Temp\contentDATs.exe
C:\Users\Ellery\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-1.exe
C:\Users\Ellery\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Ellery\AppData\Local\Temp\ICReinstall_setup.exe
C:\Users\Ellery\AppData\Local\Temp\plugin.part.2.exe
C:\Users\Ellery\AppData\Local\Temp\Quarantine.exe
C:\Users\Ellery\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Ellery\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-23 10:03

==================== End Of Log ============================

 

  Second Lof is the Addition.txt log;

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Ellery at 2014-04-08 22:02:30
Running from C:\Users\Ellery\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CWA Reminder by We-Care.com v4.1.24.3 (HKLM-x32\...\{0228288D-975E-42F7-9993-E91A82E6BBD9}) (Version: 4.1.24.3 - We-Care.com)
Extended Update (HKCU\...\AffiliatedUpdate) (Version:  - )
Free PDF Tablet 0.1 (HKLM-x32\...\Free PDF Tablet) (Version: 0.1 - )
Freecorder Torrent 8 (8.0.1.11) (HKLM-x32\...\Freecorder Torrent 8) (Version: 8.0.1.11 - Applian Technologies)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 11.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 11.0 (x86 en-US)) (Version: 11.0 - Mozilla)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.4001 - ooVoo LLC.)
Paltalk Messenger  11.2 (HKLM-x32\...\Paltalk Messenger) (Version: 11.2.0 - AVM Software Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Restore Points  =========================

28-01-2014 21:29:56 Windows Update
01-02-2014 02:13:55 Windows Update
05-02-2014 23:19:32 Windows Update
10-02-2014 22:06:15 Windows Update
10-02-2014 22:09:10 Installed Microsoft Office Word Viewer 2003
14-02-2014 18:01:04 Windows Update
15-02-2014 21:36:37 Windows Modules Installer
17-02-2014 23:41:51 Windows Update
23-02-2014 02:42:40 Windows Update
17-03-2014 05:35:24 Windows Update
17-03-2014 05:39:20 Windows Update
20-03-2014 02:57:50 Removed BabylonObjectInstaller
20-03-2014 02:59:58 Removed SavingsbullFilter
20-03-2014 04:50:28 Windows Update
23-03-2014 16:51:01 Windows Update
04-04-2014 19:40:39 Windows Update
04-04-2014 22:36:48 Windows Update
09-04-2014 04:43:33 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0BB05A7C-1729-44E8-A37E-31A1A37068F4} - System32\Tasks\AffiliatedUpdate => C:\Users\Ellery\AppData\Roaming\AffiliatedUpdate\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {1E1EF43B-9B75-4591-AF9B-D66183603BE4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {48814CF2-7137-4DB4-A45B-CDAE251C4ADF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AffiliatedUpdate.job => C:\Users\Ellery\AppData\Roaming\AFFILI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-11 17:49 - 2013-11-11 17:49 - 00051272 _____ () C:\Program Files (x86)\Paltalk Messenger\ctrlkey.dll
2013-11-11 17:49 - 2013-11-11 17:49 - 02218568 _____ () C:\Program Files (x86)\Paltalk Messenger\Images.dll
2012-07-22 14:52 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2012-02-07 22:47 - 2012-04-07 12:59 - 01969080 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-19 19:30 - 2014-03-19 19:30 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 4056.36 MB
Available physical RAM: 2409.47 MB
Total Pagefile: 8110.91 MB
Available Pagefile: 6389.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:358.17 GB) NTFS
Drive d: (Apr 07 2014) (CDROM) (Total:4.38 GB) (Free:4.37 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 983F7C98)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

       One of my OTL logs:

 

OTL logfile created on: 4/8/2014 10:07:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ellery\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 63.18% Memory free
7.92 Gb Paging File | 6.41 Gb Available in Paging File | 80.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 358.16 Gb Free Space | 79.40% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 4.37 Gb Free Space | 99.88% Space Free | Partition Type: UDF
 
Computer Name: ELLERY-PC | User Name: Ellery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/08 22:05:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ellery\Downloads\OTL.exe
PRC - [2014/03/25 17:01:28 | 036,247,104 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2014/03/19 19:30:53 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2013/11/11 17:49:20 | 009,925,728 | ---- | M] (AVM Software Inc.) -- C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
PRC - [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/19 19:30:51 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/11/11 17:49:22 | 002,218,568 | ---- | M] () -- C:\Program Files (x86)\Paltalk Messenger\Images.dll
MOD - [2013/11/11 17:49:22 | 000,051,272 | ---- | M] () -- C:\Program Files (x86)\Paltalk Messenger\ctrlkey.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/04/07 12:59:18 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 17:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/03/19 20:06:49 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/19 20:02:14 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLib64.sys -- (wStLib64)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/30 12:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 12:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {fa63398e-322b-4833-9af3-15837ad12138} - SOFTWARE\Classes\CLSID\{fa63398e-322b-4833-9af3-15837ad12138}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.com/?fr=fptb-yff80"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/07 12:59:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/02/07 22:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Extensions
[2014/04/08 22:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions
[2014/04/08 21:47:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/04/08 21:47:42 | 000,000,000 | ---D | M] ("Plus-HD-7.7") -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]126239776.com
[2014/03/19 20:01:06 | 000,000,000 | ---D | M] (webbsaver) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]
[2014/03/19 19:57:28 | 000,000,000 | ---D | M] (BettErPeriCeChec) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]
[2014/04/08 22:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\staged
[2014/04/08 21:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]126239776.com\extensionData
[2014/04/08 21:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]126239776.com\extensionData\plugins
[2014/04/08 21:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]126239776.com\extensionData\userCode
[2014/04/08 22:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\staged\[email protected]126239776.com\extensionData
[2014/04/08 22:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\staged\[email protected]126239776.com\extensionData\plugins
[2014/04/08 22:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\staged\[email protected]126239776.com\extensionData\userCode
[2014/04/08 21:47:43 | 000,626,396 | ---- | M] () (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]
[2014/04/08 21:47:44 | 000,353,958 | ---- | M] () (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
[2014/04/08 22:05:02 | 000,626,396 | ---- | M] () (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\staged\[email protected]
[2014/04/08 22:05:05 | 000,353,958 | ---- | M] () (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
[2014/02/14 22:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/28 23:54:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/07 22:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/02/07 22:47:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\ELLERY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F9X19H3A.DEFAULT\EXTENSIONS\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
File not found (No name found) -- C:\USERS\ELLERY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F9X19H3A.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\ELLERY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F9X19H3A.DEFAULT\EXTENSIONS\[email protected]
[2012/04/07 12:59:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/07 12:59:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/07 12:59:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0A9191E-6422-49AE-9016-C6767BAB15A5}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/08 22:01:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/08 21:50:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/08 21:39:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/04 13:01:48 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
[2014/04/04 13:01:45 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Paltalk
[2014/04/04 13:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paltalk Messenger
[2014/04/04 12:41:22 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/04 12:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/04 12:40:33 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/04 12:40:33 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/04 12:40:33 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/04 12:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/04 12:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/19 21:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/19 20:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BeetterPrricoeChec
[2014/03/19 20:02:14 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLib64.sys
[2014/03/19 20:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SaverPro
[2014/03/19 19:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/19 19:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/19 19:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/19 19:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/19 19:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/03/19 19:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\4f849e9bda014f7c
[2014/03/19 19:50:18 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Local\Packages
[2014/03/19 19:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\BeetterPrricoeChec
[2014/03/19 19:33:30 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Local\Macromedia
[2014/03/16 22:31:47 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/16 22:31:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/16 22:31:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/16 22:31:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/03/16 22:31:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/03/16 22:31:30 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/16 22:31:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/16 22:31:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/16 22:31:29 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/03/16 22:31:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/03/16 22:31:28 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/16 22:31:27 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/16 22:31:26 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/16 22:31:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/16 22:31:25 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/16 22:31:25 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/16 22:31:24 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/03/16 22:31:23 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/16 22:31:23 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/03/16 22:31:22 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/16 22:31:20 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/16 22:31:20 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/03/16 22:31:20 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/16 22:31:19 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/03/16 22:31:18 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/16 22:31:18 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/16 22:30:17 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/16 22:30:17 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/16 22:30:16 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/08 22:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/08 21:53:10 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/08 21:53:10 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/08 21:51:41 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/08 21:51:41 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/08 21:51:41 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/08 21:47:02 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\AffiliatedUpdate.job
[2014/04/08 21:45:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/08 21:45:23 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/04 15:37:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/04 13:02:55 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/04 13:01:49 | 000,002,033 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
[2014/04/04 13:01:48 | 000,002,013 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\Paltalk Messenger.lnk
[2014/04/04 13:01:48 | 000,001,989 | ---- | M] () -- C:\Users\Ellery\Desktop\Paltalk Messenger.lnk
[2014/04/04 13:01:46 | 000,001,228 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\Upgrade to Paltalk Extreme.lnk
[2014/04/04 13:01:14 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2014/04/04 12:40:47 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/19 20:06:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/19 20:06:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/19 20:02:14 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLib64.sys
[2014/03/19 19:53:47 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/19 19:28:24 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys
 
========== Files Created - No Company Name ==========
 
[2014/04/04 13:01:49 | 000,002,033 | ---- | C] () -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
[2014/04/04 13:01:48 | 000,002,013 | ---- | C] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\Paltalk Messenger.lnk
[2014/04/04 13:01:48 | 000,001,989 | ---- | C] () -- C:\Users\Ellery\Desktop\Paltalk Messenger.lnk
[2014/04/04 13:01:46 | 000,001,228 | ---- | C] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\Upgrade to Paltalk Extreme.lnk
[2014/04/04 12:40:47 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/19 19:53:47 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/03 18:07:01 | 000,000,162 | ---- | C] () -- C:\Users\Ellery\AppData\Roaming\WB.CFG
[2012/07/12 21:01:58 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/07/12 21:01:57 | 000,107,036 | ---- | C] () -- C:\Windows\unins000.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000BEVT-75ZAT0 ATA Device
Partitions: 3
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Multi-Card USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 451.00GB
Starting Offset: 15770583040
Hidden sectors: 0
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\assembly\GAC_32\*.ini >
 
< %systemroot%\assembly\GAC_64\*.ini >
 
< %SYSTEMDRIVE%\*.exe >
 
< %ALLUSERSPROFILE%\Application Data\*.exe >
 
< %APPDATA%\*. >
[2012/02/07 22:22:38 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Adobe
[2014/01/03 17:07:42 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\AffiliatedUpdate
[2012/06/02 14:04:59 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Apple Computer
[2012/07/12 21:02:29 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Easy MP3 Recorder
[2012/04/27 21:20:17 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Free PDF Tablet
[2012/02/07 21:22:27 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Identities
[2012/02/07 22:22:38 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Macromedia
[2010/11/21 00:16:41 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Media Center Programs
[2014/03/19 19:33:30 | 000,000,000 | --SD | M] -- C:\Users\Ellery\AppData\Roaming\Microsoft
[2012/02/07 22:48:03 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Mozilla
[2012/04/25 20:37:29 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\ooVoo Details
[2014/04/04 13:01:45 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Paltalk
[2014/04/08 21:47:30 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Skype
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
 
< MD5 for: CSRSS.EXE  >
[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows.old\Windows\System32\csrss.exe
[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows.old\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows.old\Windows\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | -H-- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/12/21 11:06:58 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/12/21 11:06:58 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | -H-- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/12/21 11:06:58 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/12/21 11:06:58 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: MSWSOCK.DLL  >
[2009/07/13 18:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows.old\Windows\ERDNT\cache86\mswsock.dll
[2009/07/13 18:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows.old\Windows\SysWOW64\mswsock.dll
[2009/07/13 18:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 06:27:12 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 06:27:10 | 000,326,144 | -H-- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 20:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2013/09/06 19:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/20 05:19:58 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2010/11/20 05:19:56 | 000,232,448 | -H-- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2010/11/20 20:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
[2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[2013/09/06 19:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
[2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
[2009/07/13 18:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows.old\Windows\ERDNT\cache64\mswsock.dll
[2009/07/13 18:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows.old\Windows\System32\mswsock.dll
[2009/07/13 18:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll
 
< MD5 for: NAPINSP.DLL  >
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows.old\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows.old\Windows\System32\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
 
< MD5 for: NLAAPI.DLL  >
[2009/07/13 18:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows.old\Windows\SysWOW64\nlaapi.dll
[2009/07/13 18:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 05:20:32 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010/11/20 05:20:30 | 000,052,224 | -H-- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010/11/20 20:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 09:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 06:27:24 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2010/11/20 06:27:22 | 000,070,656 | -H-- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2010/11/20 20:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2009/07/13 18:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows.old\Windows\System32\nlaapi.dll
[2009/07/13 18:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
[2012/10/03 10:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll
 
< MD5 for: PNRPNSP.DLL  >
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows.old\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows.old\Windows\System32\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
 
< MD5 for: PRINTISOLATIONHOST.EXE  >
[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows.old\Windows\System32\PrintIsolationHost.exe
[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\ERDNT\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\System32\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2011/11/19 21:16:56 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=09C94B61F065EB545A46566D3960E2DB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014/03/05 09:24:36 | 000,742,200 | ---- | M] (MalwareBytes) MD5=87829A6F3529D772FA8BF0C2C238D1C6 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USER32.DLL  >
[2010/11/20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 05:08:57 | 000,833,024 | -H-- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 18:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows.old\Windows\ERDNT\cache64\user32.dll
[2009/07/13 18:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows.old\Windows\System32\user32.dll
[2009/07/13 18:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows.old\Windows\ERDNT\cache86\user32.dll
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows.old\Windows\SysWOW64\user32.dll
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010/11/20 06:27:27 | 001,008,128 | -H-- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010/11/20 20:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 20:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | -H-- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | -H-- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/05 09:24:36 | 000,742,200 | ---- | M] (MalwareBytes) MD5=87829A6F3529D772FA8BF0C2C238D1C6 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old\Windows\ERDNT\cache64\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINRNR.DLL  >
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows.old\Windows\System32\winrnr.dll
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows.old\Windows\SysWOW64\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
 
< MD5 for: WSHELPER.DLL  >
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows.old\Windows\SysWOW64\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows.old\Windows\System32\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
 
< C:\Windows\assembly\tmp\U\*.* /s >
 
< %systemroot%\*. /mp /s >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/07 12:59:15 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/07 12:59:15 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/07 12:59:15 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/04/07 12:59:15 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/04/07 12:59:15 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/04/07 12:59:15 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/02/28 21:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/02/28 21:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/02/28 21:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation)
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 20:24:51 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 18:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2010/11/21 00:06:24 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 18:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 14:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 14:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 14:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 14:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 14:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 14:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 14:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2010/11/21 00:06:18 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

 

OTL logfile created on: 4/8/2014 10:07:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ellery\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 63.18% Memory free
7.92 Gb Paging File | 6.41 Gb Available in Paging File | 80.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 358.16 Gb Free Space | 79.40% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 4.37 Gb Free Space | 99.88% Space Free | Partition Type: UDF
 
Computer Name: ELLERY-PC | User Name: Ellery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/08 22:05:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ellery\Downloads\OTL.exe
PRC - [2014/03/25 17:01:28 | 036,247,104 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2014/03/19 19:30:53 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2013/11/11 17:49:20 | 009,925,728 | ---- | M] (AVM Software Inc.) -- C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
PRC - [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/19 19:30:51 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/11/11 17:49:22 | 002,218,568 | ---- | M] () -- C:\Program Files (x86)\Paltalk Messenger\Images.dll
MOD - [2013/11/11 17:49:22 | 000,051,272 | ---- | M] () -- C:\Program Files (x86)\Paltalk Messenger\ctrlkey.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/04/07 12:59:18 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 17:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/03/19 20:06:49 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/19 20:02:14 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLib64.sys -- (wStLib64)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/30 12:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 12:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {fa63398e-322b-4833-9af3-15837ad12138} - SOFTWARE\Classes\CLSID\{fa63398e-322b-4833-9af3-15837ad12138}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.com/?fr=fptb-yff80"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/07 12:59:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/02/07 22:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Extensions
[2014/04/08 22:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions
[2014/04/08 21:47:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/04/08 21:47:42 | 000,000,000 | ---D | M] ("Plus-HD-7.7") -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]126239776.com
[2014/03/19 20:01:06 | 000,000,000 | ---D | M] (webbsaver) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]
[2014/03/19 19:57:28 | 000,000,000 | ---D | M] (BettErPeriCeChec) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]
[2014/04/08 22:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\staged
[2014/04/08 21:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]126239776.com\extensionData
[2014/04/08 21:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]126239776.com\extensionData\plugins
[2014/04/08 21:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]126239776.com\extensionData\userCode
[2014/04/08 22:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\staged\[email protected]126239776.com\extensionData
[2014/04/08 22:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\staged\[email protected]126239776.com\extensionData\plugins
[2014/04/08 22:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\staged\[email protected]126239776.com\extensionData\userCode
[2014/04/08 21:47:43 | 000,626,396 | ---- | M] () (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\[email protected]
[2014/04/08 21:47:44 | 000,353,958 | ---- | M] () (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
[2014/04/08 22:05:02 | 000,626,396 | ---- | M] () (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\staged\[email protected]
[2014/04/08 22:05:05 | 000,353,958 | ---- | M] () (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
[2014/02/14 22:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/28 23:54:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/07 22:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/02/07 22:47:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\ELLERY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F9X19H3A.DEFAULT\EXTENSIONS\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
File not found (No name found) -- C:\USERS\ELLERY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F9X19H3A.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\ELLERY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F9X19H3A.DEFAULT\EXTENSIONS\[email protected]
[2012/04/07 12:59:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/07 12:59:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/07 12:59:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0A9191E-6422-49AE-9016-C6767BAB15A5}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/08 22:01:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/08 21:50:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/08 21:39:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/04 13:01:48 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
[2014/04/04 13:01:45 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Paltalk
[2014/04/04 13:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paltalk Messenger
[2014/04/04 12:41:22 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/04 12:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/04 12:40:33 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/04 12:40:33 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/04 12:40:33 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/04 12:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/04 12:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/19 21:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/19 20:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BeetterPrricoeChec
[2014/03/19 20:02:14 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLib64.sys
[2014/03/19 20:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SaverPro
[2014/03/19 19:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/19 19:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/19 19:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/19 19:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/19 19:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/03/19 19:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\4f849e9bda014f7c
[2014/03/19 19:50:18 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Local\Packages
[2014/03/19 19:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\BeetterPrricoeChec
[2014/03/19 19:33:30 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Local\Macromedia
[2014/03/16 22:31:47 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/16 22:31:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/16 22:31:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/16 22:31:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/03/16 22:31:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/03/16 22:31:30 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/16 22:31:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/16 22:31:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/16 22:31:29 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/03/16 22:31:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/03/16 22:31:28 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/16 22:31:27 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/16 22:31:26 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/16 22:31:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/16 22:31:25 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/16 22:31:25 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/16 22:31:24 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/03/16 22:31:23 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/16 22:31:23 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/03/16 22:31:22 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/16 22:31:20 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/16 22:31:20 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/03/16 22:31:20 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/16 22:31:19 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/03/16 22:31:18 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/16 22:31:18 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/16 22:30:17 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/16 22:30:17 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/16 22:30:16 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/08 22:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/08 21:53:10 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/08 21:53:10 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/08 21:51:41 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/08 21:51:41 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/08 21:51:41 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/08 21:47:02 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\AffiliatedUpdate.job
[2014/04/08 21:45:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/08 21:45:23 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/04 15:37:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/04 13:02:55 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/04 13:01:49 | 000,002,033 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
[2014/04/04 13:01:48 | 000,002,013 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\Paltalk Messenger.lnk
[2014/04/04 13:01:48 | 000,001,989 | ---- | M] () -- C:\Users\Ellery\Desktop\Paltalk Messenger.lnk
[2014/04/04 13:01:46 | 000,001,228 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\Upgrade to Paltalk Extreme.lnk
[2014/04/04 13:01:14 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2014/04/04 12:40:47 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/19 20:06:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/19 20:06:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/19 20:02:14 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLib64.sys
[2014/03/19 19:53:47 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/19 19:28:24 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys
 
========== Files Created - No Company Name ==========
 
[2014/04/04 13:01:49 | 000,002,033 | ---- | C] () -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
[2014/04/04 13:01:48 | 000,002,013 | ---- | C] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\Paltalk Messenger.lnk
[2014/04/04 13:01:48 | 000,001,989 | ---- | C] () -- C:\Users\Ellery\Desktop\Paltalk Messenger.lnk
[2014/04/04 13:01:46 | 000,001,228 | ---- | C] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\Upgrade to Paltalk Extreme.lnk
[2014/04/04 12:40:47 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/19 19:53:47 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/03 18:07:01 | 000,000,162 | ---- | C] () -- C:\Users\Ellery\AppData\Roaming\WB.CFG
[2012/07/12 21:01:58 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/07/12 21:01:57 | 000,107,036 | ---- | C] () -- C:\Windows\unins000.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000BEVT-75ZAT0 ATA Device
Partitions: 3
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Multi-Card USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 451.00GB
Starting Offset: 15770583040
Hidden sectors: 0
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\assembly\GAC_32\*.ini >
 
< %systemroot%\assembly\GAC_64\*.ini >
 
< %SYSTEMDRIVE%\*.exe >
 
< %ALLUSERSPROFILE%\Application Data\*.exe >
 
< %APPDATA%\*. >
[2012/02/07 22:22:38 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Adobe
[2014/01/03 17:07:42 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\AffiliatedUpdate
[2012/06/02 14:04:59 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Apple Computer
[2012/07/12 21:02:29 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Easy MP3 Recorder
[2012/04/27 21:20:17 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Free PDF Tablet
[2012/02/07 21:22:27 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Identities
[2012/02/07 22:22:38 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Macromedia
[2010/11/21 00:16:41 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Media Center Programs
[2014/03/19 19:33:30 | 000,000,000 | --SD | M] -- C:\Users\Ellery\AppData\Roaming\Microsoft
[2012/02/07 22:48:03 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Mozilla
[2012/04/25 20:37:29 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\ooVoo Details
[2014/04/04 13:01:45 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Paltalk
[2014/04/08 21:47:30 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Skype
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
 
< MD5 for: CSRSS.EXE  >
[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows.old\Windows\System32\csrss.exe
[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows.old\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows.old\Windows\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | -H-- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/12/21 11:06:58 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/12/21 11:06:58 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | -H-- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/12/21 11:06:58 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/12/21 11:06:58 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: MSWSOCK.DLL  >
[2009/07/13 18:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows.old\Windows\ERDNT\cache86\mswsock.dll
[2009/07/13 18:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows.old\Windows\SysWOW64\mswsock.dll
[2009/07/13 18:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 06:27:12 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 06:27:10 | 000,326,144 | -H-- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 20:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2013/09/06 19:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/20 05:19:58 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2010/11/20 05:19:56 | 000,232,448 | -H-- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2010/11/20 20:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
[2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[2013/09/06 19:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
[2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
[2009/07/13 18:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows.old\Windows\ERDNT\cache64\mswsock.dll
[2009/07/13 18:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows.old\Windows\System32\mswsock.dll
[2009/07/13 18:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll
 
< MD5 for: NAPINSP.DLL  >
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows.old\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows.old\Windows\System32\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
 
< MD5 for: NLAAPI.DLL  >
[2009/07/13 18:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows.old\Windows\SysWOW64\nlaapi.dll
[2009/07/13 18:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 05:20:32 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010/11/20 05:20:30 | 000,052,224 | -H-- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010/11/20 20:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 09:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 06:27:24 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2010/11/20 06:27:22 | 000,070,656 | -H-- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2010/11/20 20:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2009/07/13 18:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows.old\Windows\System32\nlaapi.dll
[2009/07/13 18:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
[2012/10/03 10:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll
 
< MD5 for: PNRPNSP.DLL  >
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows.old\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows.old\Windows\System32\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
 
< MD5 for: PRINTISOLATIONHOST.EXE  >
[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows.old\Windows\System32\PrintIsolationHost.exe
[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\ERDNT\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\System32\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2011/11/19 21:16:56 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=09C94B61F065EB545A46566D3960E2DB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014/03/05 09:24:36 | 000,742,200 | ---- | M] (MalwareBytes) MD5=87829A6F3529D772FA8BF0C2C238D1C6 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USER32.DLL  >
[2010/11/20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 05:08:57 | 000,833,024 | -H-- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 18:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows.old\Windows\ERDNT\cache64\user32.dll
[2009/07/13 18:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows.old\Windows\System32\user32.dll
[2009/07/13 18:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows.old\Windows\ERDNT\cache86\user32.dll
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows.old\Windows\SysWOW64\user32.dll
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010/11/20 06:27:27 | 001,008,128 | -H-- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010/11/20 20:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 20:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | -H-- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\fe3d63f94b115c321a8bfacbac52b5\e607d175a671fc9c01285624bb888b\f58b8c6d3b92adb5f718eb4880c3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | -H-- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/05 09:24:36 | 000,742,200 | ---- | M] (MalwareBytes) MD5=87829A6F3529D772FA8BF0C2C238D1C6 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old\Windows\ERDNT\cache64\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINRNR.DLL  >
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows.old\Windows\System32\winrnr.dll
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows.old\Windows\SysWOW64\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
 
< MD5 for: WSHELPER.DLL  >
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows.old\Windows\SysWOW64\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows.old\Windows\System32\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
 
< C:\Windows\assembly\tmp\U\*.* /s >
 
< %systemroot%\*. /mp /s >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/07 12:59:15 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/07 12:59:15 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/07 12:59:15 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/04/07 12:59:15 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/04/07 12:59:15 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/04/07 12:59:15 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/04/07 12:59:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/02/28 21:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/02/28 21:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/02/28 21:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation)
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 20:24:51 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 18:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2010/11/21 00:06:24 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 18:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 14:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 14:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 14:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 14:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 14:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 14:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 14:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2010/11/21 00:06:18 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >


 


  • 0

#4
love2teach956

love2teach956

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

No real rush, but any news for me?

 


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Uninstall:

 

McAfee Security Scan Plus
Skype Click to Call

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then you should be able to boot into regular mode.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

 

How is it doing now?


  • 0

#6
love2teach956

love2teach956

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Probably a stupid question, but what do I do with the .txt you want me to download? what is the purpose of the text?


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

The fixlist removes the following lines from your PS:

 

ppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
URLSearchHook: HKCU - Search Results Toolbar - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Extension: Plus-HD-7.7 - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com [2014-04-08]
FF Extension: webbsaver - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] [2014-03-19]
FF Extension: BettErPeriCeChec - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] [2014-03-19]
FF Extension: Iminent - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] [2014-04-08]
FF Extension: MySearchDial - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-28]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-19] (StdLib)
2014-03-19 20:02 - 2014-03-19 20:02 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-19 20:02 - 2014-03-19 20:02 - 00000000 ____D () C:\Program Files (x86)\BeetterPrricoeChec
2014-03-19 20:00 - 2014-04-04 12:57 - 00000000 ____D () C:\ProgramData\SaverPro
2014-03-19 19:50 - 2014-03-23 09:41 - 00000000 ____D () C:\ProgramData\BeetterPrricoeChec
2014-03-19 19:50 - 2014-03-19 20:02 - 00000000 ____D () C:\ProgramData\4f849e9bda014f7c
2014-04-08 21:47 - 2014-01-03 17:07 - 00000296 _____ () C:\Windows\Tasks\AffiliatedUpdate.job
2014-03-23 09:41 - 2014-03-19 19:50 - 00000000 ____D () C:\ProgramData\BeetterPrricoeChec
2014-03-19 20:02 - 2014-03-19 20:02 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-19 20:02 - 2014-03-19 20:02 - 00000000 ____D () C:\Program Files (x86)\BeetterPrricoeChec
2014-03-19 20:02 - 2014-03-19 19:50 - 00000000 ____D () C:\ProgramData\4f849e9bda014f7c
C:\Users\Ellery\AppData\Local\Temp\1E97.exe
C:\Users\Ellery\AppData\Local\Temp\41877uninstall.exe
C:\Users\Ellery\AppData\Local\Temp\ApnStub.exe
C:\Users\Ellery\AppData\Local\Temp\contentDATs.exe
C:\Users\Ellery\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-1.exe
C:\Users\Ellery\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Ellery\AppData\Local\Temp\ICReinstall_setup.exe
C:\Users\Ellery\AppData\Local\Temp\plugin.part.2.exe
C:\Users\Ellery\AppData\Local\Temp\Quarantine.exe
C:\Users\Ellery\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Ellery\AppData\Local\Temp\Sqlite3.dll
Task: {0BB05A7C-1729-44E8-A37E-31A1A37068F4} - System32\Tasks\AffiliatedUpdate => C:\Users\Ellery\AppData\Roaming\AffiliatedUpdate\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: C:\Windows\Tasks\AffiliatedUpdate.job => C:\Users\Ellery\AppData\Roaming\AFFILI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 

 

Mostly just some adware and some remnants.  You save it to the same folder where FRST lives then run FRST and hit the Fix button.


  • 0

#8
love2teach956

love2teach956

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Ellery (administrator) on ELLERY-PC on 08-04-2014 22:01:21
Running from C:\Users\Ellery\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-1458255248-4161178811-2998873453-1000\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\oovoo.exe [36247104 2014-03-25] (ooVoo LLC)
HKU\S-1-5-21-1458255248-4161178811-2998873453-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1458255248-4161178811-2998873453-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
URLSearchHook: HKCU - Search Results Toolbar - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default
FF Homepage: https://www.yahoo.com/?fr=fptb-yff80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Extension: Plus-HD-7.7 - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com [2014-04-08]
FF Extension: webbsaver - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] [2014-03-19]
FF Extension: BettErPeriCeChec - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] [2014-03-19]
FF Extension: Yahoo! Toolbar - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-04-08]
FF Extension: Iminent - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] [2014-04-08]
FF Extension: MySearchDial - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-28]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Ellery\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikbiigmbicdfpfkjgjjeiongjdhnikh [2014-02-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-19] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 22:01 - 2014-04-08 22:01 - 00007813 _____ () C:\Users\Ellery\Downloads\FRST.txt
2014-04-08 22:01 - 2014-04-08 22:01 - 00000000 ____D () C:\FRST
2014-04-08 22:00 - 2014-04-08 22:00 - 02157056 _____ (Farbar) C:\Users\Ellery\Downloads\FRST64.exe
2014-04-08 21:57 - 2014-04-08 21:57 - 00002305 _____ () C:\Users\Ellery\Desktop\JRT.txt
2014-04-08 21:50 - 2014-04-08 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 21:49 - 2014-04-08 21:49 - 01016261 _____ (Thisisu) C:\Users\Ellery\Downloads\JRT.exe
2014-04-08 21:47 - 2014-04-08 21:47 - 00013184 _____ () C:\Users\Ellery\Desktop\AdwCleaner[S0].txt
2014-04-08 21:39 - 2014-04-08 21:44 - 00000000 ____D () C:\AdwCleaner
2014-04-08 21:38 - 2014-04-08 21:38 - 01426178 _____ () C:\Users\Ellery\Downloads\AdwCleaner.exe
2014-04-04 13:01 - 2014-04-04 13:01 - 00001989 _____ () C:\Users\Ellery\Desktop\Paltalk Messenger.lnk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Paltalk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-04-04 12:41 - 2014-04-04 13:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 12:40 - 2014-04-04 12:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 12:40 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 12:40 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-04 12:40 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-04 12:37 - 2014-04-04 12:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ellery\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-19 20:02 - 2014-03-19 20:02 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-19 20:02 - 2014-03-19 20:02 - 00000000 ____D () C:\Program Files (x86)\BeetterPrricoeChec
2014-03-19 20:00 - 2014-04-04 12:57 - 00000000 ____D () C:\ProgramData\SaverPro
2014-03-19 19:53 - 2014-03-19 19:53 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-19 19:52 - 2014-03-19 19:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-19 19:52 - 2014-03-19 19:53 - 00000000 ____D () C:\Program Files\iTunes
2014-03-19 19:52 - 2014-03-19 19:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-19 19:52 - 2014-03-19 19:52 - 00000000 ____D () C:\Program Files\iPod
2014-03-19 19:50 - 2014-03-23 09:41 - 00000000 ____D () C:\ProgramData\BeetterPrricoeChec
2014-03-19 19:50 - 2014-03-19 20:02 - 00000000 ____D () C:\ProgramData\4f849e9bda014f7c
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\Users\Ellery\AppData\Local\Packages
2014-03-19 19:33 - 2014-03-19 19:33 - 00000000 ____D () C:\Users\Ellery\AppData\Local\Macromedia
2014-03-16 22:31 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 22:31 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 22:31 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 22:31 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 22:31 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 22:31 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 22:31 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 22:31 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 22:31 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 22:31 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 22:31 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 22:31 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 22:31 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-16 22:31 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 22:31 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 22:31 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-16 22:31 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 22:31 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 22:31 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-16 22:31 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-16 22:31 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 22:31 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 22:31 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-16 22:31 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 22:31 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-16 22:31 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 22:31 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-16 22:31 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 22:31 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 22:31 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-16 22:31 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 22:31 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 22:31 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 22:31 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 22:31 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 22:31 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 22:31 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 22:31 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 22:31 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 22:31 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-16 22:31 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 22:31 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 22:31 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-16 22:31 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-16 22:30 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 22:30 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 22:30 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-16 22:30 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-08 22:01 - 2014-04-08 22:01 - 00007813 _____ () C:\Users\Ellery\Downloads\FRST.txt
2014-04-08 22:01 - 2014-04-08 22:01 - 00000000 ____D () C:\FRST
2014-04-08 22:00 - 2014-04-08 22:00 - 02157056 _____ (Farbar) C:\Users\Ellery\Downloads\FRST64.exe
2014-04-08 21:58 - 2012-02-07 22:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-08 21:57 - 2014-04-08 21:57 - 00002305 _____ () C:\Users\Ellery\Desktop\JRT.txt
2014-04-08 21:53 - 2009-07-13 21:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 21:53 - 2009-07-13 21:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 21:51 - 2009-07-13 22:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 21:50 - 2014-04-08 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 21:49 - 2014-04-08 21:49 - 01016261 _____ (Thisisu) C:\Users\Ellery\Downloads\JRT.exe
2014-04-08 21:49 - 2012-02-07 20:54 - 01818022 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 21:47 - 2014-04-08 21:47 - 00013184 _____ () C:\Users\Ellery\Desktop\AdwCleaner[S0].txt
2014-04-08 21:47 - 2014-01-03 17:07 - 00000296 _____ () C:\Windows\Tasks\AffiliatedUpdate.job
2014-04-08 21:47 - 2012-03-28 23:54 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Skype
2014-04-08 21:45 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 21:45 - 2009-07-13 21:51 - 00035205 _____ () C:\Windows\setupact.log
2014-04-08 21:44 - 2014-04-08 21:39 - 00000000 ____D () C:\AdwCleaner
2014-04-08 21:38 - 2014-04-08 21:38 - 01426178 _____ () C:\Users\Ellery\Downloads\AdwCleaner.exe
2014-04-07 11:06 - 2012-07-22 14:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 16:24 - 2010-11-20 20:47 - 00181828 _____ () C:\Windows\PFRO.log
2014-04-04 15:37 - 2012-05-17 07:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-04 15:37 - 2012-02-07 22:27 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-04 15:37 - 2012-02-07 22:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-04 13:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SchCache
2014-04-04 13:02 - 2014-04-04 12:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 13:01 - 2014-04-04 13:01 - 00001989 _____ () C:\Users\Ellery\Desktop\Paltalk Messenger.lnk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Paltalk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-04-04 13:01 - 2012-04-25 20:34 - 00001859 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2014-04-04 13:01 - 2012-04-25 20:34 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2014-04-04 13:01 - 2012-02-07 21:22 - 00000000 ___RD () C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-04 12:58 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Globalization
2014-04-04 12:57 - 2014-03-19 20:00 - 00000000 ____D () C:\ProgramData\SaverPro
2014-04-04 12:57 - 2014-01-03 17:07 - 00000000 ____D () C:\Users\Ellery\FLV Player
2014-04-04 12:40 - 2014-04-04 12:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 12:37 - 2014-04-04 12:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ellery\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-04 12:36 - 2009-07-13 19:34 - 00000603 _____ () C:\Windows\win.ini
2014-03-23 10:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-03-23 09:41 - 2014-03-19 19:50 - 00000000 ____D () C:\ProgramData\BeetterPrricoeChec
2014-03-19 21:53 - 2012-03-28 23:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-19 21:53 - 2012-03-28 23:53 - 00000000 ____D () C:\ProgramData\Skype
2014-03-19 21:52 - 2013-10-31 21:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 21:51 - 2012-02-07 21:40 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 20:06 - 2012-07-22 14:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-19 20:06 - 2012-07-22 14:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-19 20:06 - 2012-02-07 22:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-19 20:02 - 2014-03-19 20:02 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-19 20:02 - 2014-03-19 20:02 - 00000000 ____D () C:\Program Files (x86)\BeetterPrricoeChec
2014-03-19 20:02 - 2014-03-19 19:50 - 00000000 ____D () C:\ProgramData\4f849e9bda014f7c
2014-03-19 19:58 - 2012-02-07 21:22 - 00000000 ____D () C:\Users\Ellery
2014-03-19 19:53 - 2014-03-19 19:53 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-19 19:53 - 2014-03-19 19:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-19 19:53 - 2014-03-19 19:52 - 00000000 ____D () C:\Program Files\iTunes
2014-03-19 19:53 - 2014-03-19 19:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-19 19:52 - 2014-03-19 19:52 - 00000000 ____D () C:\Program Files\iPod
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\Users\Ellery\AppData\Local\Packages
2014-03-19 19:48 - 2012-07-22 14:51 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-03-19 19:42 - 2012-02-16 17:40 - 00000000 ____D () C:\ProgramData\Apple
2014-03-19 19:33 - 2014-03-19 19:33 - 00000000 ____D () C:\Users\Ellery\AppData\Local\Macromedia
2014-03-19 19:28 - 2009-07-13 21:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 19:27 - 2012-08-07 17:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 19:27 - 2012-08-07 17:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 09:52 - 2011-04-27 16:25 - 00133928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys

Some content of TEMP:
====================
C:\Users\Ellery\AppData\Local\Temp\1E97.exe
C:\Users\Ellery\AppData\Local\Temp\41877uninstall.exe
C:\Users\Ellery\AppData\Local\Temp\ApnStub.exe
C:\Users\Ellery\AppData\Local\Temp\contentDATs.exe
C:\Users\Ellery\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-1.exe
C:\Users\Ellery\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Ellery\AppData\Local\Temp\ICReinstall_setup.exe
C:\Users\Ellery\AppData\Local\Temp\plugin.part.2.exe
C:\Users\Ellery\AppData\Local\Temp\Quarantine.exe
C:\Users\Ellery\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Ellery\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-23 10:03

==================== End Of Log ============================


  • 0

#9
love2teach956

love2teach956

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

sorry, been working lots of overtime and couldn't get to computer. posted the first log.

 

Then, I did the scan again and here are the two logs:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2014
Ran by Ellery at 2014-04-19 22:55:02
Running from C:\Users\Ellery\Downloads\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CWA Reminder by We-Care.com v4.1.24.3 (HKLM-x32\...\{0228288D-975E-42F7-9993-E91A82E6BBD9}) (Version: 4.1.24.3 - We-Care.com)
Extended Update (HKCU\...\AffiliatedUpdate) (Version:  - )
Free PDF Tablet 0.1 (HKLM-x32\...\Free PDF Tablet) (Version: 0.1 - )
Freecorder Torrent 8 (8.0.1.11) (HKLM-x32\...\Freecorder Torrent 8) (Version: 8.0.1.11 - Applian Technologies)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 11.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 11.0 (x86 en-US)) (Version: 11.0 - Mozilla)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.4001 - ooVoo LLC.)
Paltalk Messenger  11.2 (HKLM-x32\...\Paltalk Messenger) (Version: 11.2.0 - AVM Software Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Restore Points  =========================

10-02-2014 22:06:15 Windows Update
10-02-2014 22:09:10 Installed Microsoft Office Word Viewer 2003
14-02-2014 18:01:04 Windows Update
15-02-2014 21:36:37 Windows Modules Installer
17-02-2014 23:41:51 Windows Update
23-02-2014 02:42:40 Windows Update
17-03-2014 05:35:24 Windows Update
17-03-2014 05:39:20 Windows Update
20-03-2014 02:57:50 Removed BabylonObjectInstaller
20-03-2014 02:59:58 Removed SavingsbullFilter
20-03-2014 04:50:28 Windows Update
23-03-2014 16:51:01 Windows Update
04-04-2014 19:40:39 Windows Update
04-04-2014 22:36:48 Windows Update
09-04-2014 04:43:33 Windows Update
09-04-2014 05:09:10 OTL Restore Point - 4/8/2014 10:09:08 PM
20-04-2014 05:40:08 Removed Skype Click to Call
20-04-2014 05:43:37 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1E1EF43B-9B75-4591-AF9B-D66183603BE4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {48814CF2-7137-4DB4-A45B-CDAE251C4ADF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-11 17:49 - 2013-11-11 17:49 - 00051272 _____ () C:\Program Files (x86)\Paltalk Messenger\ctrlkey.dll
2013-11-11 17:49 - 2013-11-11 17:49 - 02218568 _____ () C:\Program Files (x86)\Paltalk Messenger\Images.dll
2012-07-22 14:52 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2012-02-07 22:47 - 2012-04-07 12:59 - 01969080 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-19 19:30 - 2014-03-19 19:30 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2014 10:35:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 00:12:03 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 11.0.0.4454 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c8

Start Time: 01cf53b068e91bbe

Termination Time: 80

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 328d1add-bfb6-11e3-b856-a4badb95ab88


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (04/19/2014 10:35:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 00:12:03 AM) (Source: Application Hang)(User: )
Description: firefox.exe11.0.0.4454c801cf53b068e91bbe80C:\Program Files (x86)\Mozilla Firefox\firefox.exe328d1add-bfb6-11e3-b856-a4badb95ab88


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 4056.36 MB
Available physical RAM: 2093.17 MB
Total Pagefile: 8110.91 MB
Available Pagefile: 5972.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:358.43 GB) NTFS
Drive d: (Apr 07 2014) (CDROM) (Total:4.38 GB) (Free:4.37 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 983F7C98)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

                THAT WAS THE ADDITIONS LOG AND HERE IS THE NEW FRST LOG:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Ellery (administrator) on ELLERY-PC on 19-04-2014 22:53:44
Running from C:\Users\Ellery\Downloads\FRST-OlderVersion
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-1458255248-4161178811-2998873453-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36247104 2014-03-25] (ooVoo LLC)
HKU\S-1-5-21-1458255248-4161178811-2998873453-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1458255248-4161178811-2998873453-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default
FF Homepage: https://www.yahoo.com/?fr=fptb-yff80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Extension: Plus-HD-7.7 - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com [2014-04-19]
FF Extension: Yahoo! Toolbar - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-04-19]
FF Extension: MySearchDial - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-19]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Ellery\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikbiigmbicdfpfkjgjjeiongjdhnikh [2014-02-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-19 22:43 - 2014-04-19 22:53 - 00000000 ____D () C:\Users\Ellery\Downloads\FRST-OlderVersion
2014-04-19 22:39 - 2014-02-14 10:42 - 00000426 _____ () C:\AVScanner.ini
2014-04-08 23:57 - 2014-04-08 23:57 - 00189470 _____ () C:\Users\Ellery\Desktop\OTL.Txt
2014-04-08 23:47 - 2014-04-08 23:47 - 00189470 _____ () C:\Users\Ellery\Downloads\OTL.Txt
2014-04-08 23:47 - 2014-04-08 23:47 - 00049342 _____ () C:\Users\Ellery\Downloads\Extras.Txt
2014-04-08 22:05 - 2014-04-08 22:05 - 00602112 _____ (OldTimer Tools) C:\Users\Ellery\Downloads\OTL.exe
2014-04-08 22:03 - 2014-04-08 22:03 - 00024436 _____ () C:\Users\Ellery\Desktop\FRST.txt
2014-04-08 22:03 - 2014-04-08 22:03 - 00008792 _____ () C:\Users\Ellery\Desktop\Addition.txt
2014-04-08 22:02 - 2014-04-08 22:02 - 00008792 _____ () C:\Users\Ellery\Downloads\Addition.txt
2014-04-08 22:01 - 2014-04-19 22:53 - 00000000 ____D () C:\FRST
2014-04-08 22:01 - 2014-04-08 22:02 - 00024436 _____ () C:\Users\Ellery\Downloads\FRST.txt
2014-04-08 22:00 - 2014-04-19 22:43 - 02055680 _____ (Farbar) C:\Users\Ellery\Downloads\FRST64.exe
2014-04-08 21:57 - 2014-04-08 21:57 - 00002305 _____ () C:\Users\Ellery\Desktop\JRT.txt
2014-04-08 21:50 - 2014-04-08 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 21:49 - 2014-04-08 21:49 - 01016261 _____ (Thisisu) C:\Users\Ellery\Downloads\JRT.exe
2014-04-08 21:47 - 2014-04-08 21:47 - 00013184 _____ () C:\Users\Ellery\Desktop\AdwCleaner[S0].txt
2014-04-08 21:39 - 2014-04-08 21:44 - 00000000 ____D () C:\AdwCleaner
2014-04-08 21:38 - 2014-04-08 21:38 - 01426178 _____ () C:\Users\Ellery\Downloads\AdwCleaner.exe
2014-04-04 13:01 - 2014-04-04 13:01 - 00001989 _____ () C:\Users\Ellery\Desktop\Paltalk Messenger.lnk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Paltalk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-04-04 12:41 - 2014-04-04 13:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 12:40 - 2014-04-04 12:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 12:40 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 12:40 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-04 12:40 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-04 12:37 - 2014-04-04 12:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ellery\Downloads\mbam-setup-2.0.0.1000.exe

==================== One Month Modified Files and Folders =======

2014-04-19 22:53 - 2014-04-19 22:43 - 00000000 ____D () C:\Users\Ellery\Downloads\FRST-OlderVersion
2014-04-19 22:53 - 2014-04-08 22:01 - 00000000 ____D () C:\FRST
2014-04-19 22:53 - 2012-02-07 20:54 - 01949215 _____ () C:\Windows\WindowsUpdate.log
2014-04-19 22:49 - 2012-03-28 23:54 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Skype
2014-04-19 22:43 - 2014-04-08 22:00 - 02055680 _____ (Farbar) C:\Users\Ellery\Downloads\FRST64.exe
2014-04-19 22:41 - 2012-03-28 23:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-19 22:40 - 2009-07-13 22:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 22:39 - 2009-07-13 21:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 22:39 - 2009-07-13 21:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 22:33 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 22:33 - 2009-07-13 21:51 - 00035261 _____ () C:\Windows\setupact.log
2014-04-09 00:12 - 2012-02-07 22:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-09 00:06 - 2012-07-22 14:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 23:57 - 2014-04-08 23:57 - 00189470 _____ () C:\Users\Ellery\Desktop\OTL.Txt
2014-04-08 23:47 - 2014-04-08 23:47 - 00189470 _____ () C:\Users\Ellery\Downloads\OTL.Txt
2014-04-08 23:47 - 2014-04-08 23:47 - 00049342 _____ () C:\Users\Ellery\Downloads\Extras.Txt
2014-04-08 22:05 - 2014-04-08 22:05 - 00602112 _____ (OldTimer Tools) C:\Users\Ellery\Downloads\OTL.exe
2014-04-08 22:03 - 2014-04-08 22:03 - 00024436 _____ () C:\Users\Ellery\Desktop\FRST.txt
2014-04-08 22:03 - 2014-04-08 22:03 - 00008792 _____ () C:\Users\Ellery\Desktop\Addition.txt
2014-04-08 22:02 - 2014-04-08 22:02 - 00008792 _____ () C:\Users\Ellery\Downloads\Addition.txt
2014-04-08 22:02 - 2014-04-08 22:01 - 00024436 _____ () C:\Users\Ellery\Downloads\FRST.txt
2014-04-08 21:57 - 2014-04-08 21:57 - 00002305 _____ () C:\Users\Ellery\Desktop\JRT.txt
2014-04-08 21:50 - 2014-04-08 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 21:49 - 2014-04-08 21:49 - 01016261 _____ (Thisisu) C:\Users\Ellery\Downloads\JRT.exe
2014-04-08 21:47 - 2014-04-08 21:47 - 00013184 _____ () C:\Users\Ellery\Desktop\AdwCleaner[S0].txt
2014-04-08 21:44 - 2014-04-08 21:39 - 00000000 ____D () C:\AdwCleaner
2014-04-08 21:38 - 2014-04-08 21:38 - 01426178 _____ () C:\Users\Ellery\Downloads\AdwCleaner.exe
2014-04-04 16:24 - 2010-11-20 20:47 - 00181828 _____ () C:\Windows\PFRO.log
2014-04-04 15:37 - 2012-05-17 07:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-04 15:37 - 2012-02-07 22:27 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-04 15:37 - 2012-02-07 22:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-04 13:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SchCache
2014-04-04 13:02 - 2014-04-04 12:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 13:01 - 2014-04-04 13:01 - 00001989 _____ () C:\Users\Ellery\Desktop\Paltalk Messenger.lnk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Paltalk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-04-04 13:01 - 2012-04-25 20:34 - 00001859 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2014-04-04 13:01 - 2012-04-25 20:34 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2014-04-04 13:01 - 2012-02-07 21:22 - 00000000 ___RD () C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-04 12:58 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Globalization
2014-04-04 12:57 - 2014-01-03 17:07 - 00000000 ____D () C:\Users\Ellery\FLV Player
2014-04-04 12:40 - 2014-04-04 12:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 12:37 - 2014-04-04 12:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ellery\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-04 12:36 - 2009-07-13 19:34 - 00000603 _____ () C:\Windows\win.ini
2014-03-23 10:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Ellery\AppData\Local\Temp\ieframe.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-23 10:03

==================== End Of Log ============================


  • 0

#10
love2teach956

love2teach956

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

still am getting pop ups.


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

  • 0

#12
love2teach956

love2teach956

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Here is the Fix log first..

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2014 02
Ran by Ellery at 2014-04-20 19:06:42 Run:2
Running from C:\Users\Ellery\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
URLSearchHook: HKCU - Search Results Toolbar - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
FF Extension: webbsaver - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] [2014-03-19]
FF Extension: BettErPeriCeChec - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] [2014-03-19]
FF Extension: Yahoo! Toolbar - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-04-08]
FF Extension: Plus-HD-7.7 - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com [2014-04-08]
FF Extension: Iminent - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] [2014-04-08]
FF Extension: MySearchDial - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-28]
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-19] (StdLib)
C:\Windows\system32\Drivers\wStLib64.sys
C:\Program Files (x86)\BeetterPrricoeChec
C:\ProgramData\BeetterPrricoeChec
C:\ProgramData\4f849e9bda014f7c
C:\Users\Ellery\AppData\Local\Temp\1E97.exe
C:\Users\Ellery\AppData\Local\Temp\41877uninstall.exe
C:\Users\Ellery\AppData\Local\Temp\ApnStub.exe
C:\Users\Ellery\AppData\Local\Temp\contentDATs.exe
C:\Users\Ellery\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-1.exe
C:\Users\Ellery\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Ellery\AppData\Local\Temp\ICReinstall_setup.exe
C:\Users\Ellery\AppData\Local\Temp\plugin.part.2.exe
C:\Users\Ellery\AppData\Local\Temp\Quarantine.exe
C:\Users\Ellery\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Ellery\AppData\Local\Temp\Sqlite3.dll





*****************

"C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL" => Value Data not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fa63398e-322b-4833-9af3-15837ad12138} => Value not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key deleted successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] not found.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] not found.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => Moved successfully.

"C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com" directory move:

C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome.manifest => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\install.rdf => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\button1.png => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\29abb661-0efc-4f6[email protected]\skin\button2.png => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\button3.png => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\button4.png => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\button5.png => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\crossrider_statusbar.png => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\icon128.png => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\icon16.png => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\icon24.png => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\icon48.png => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\panelarrow-up.png => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\popup.html => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\skin.css => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\skin\update.css => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\locale\en-US\translations.dtd => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\manifest.xml => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins.json => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\userCode\background.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\userCode\extension.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\1.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\29abb661-0efc-4f64-8a89-b11430[email protected]\extensionData\plugins\102.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\102_dealply_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\103.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\103_intext_5_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\104.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\104_jollywallet_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\119.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\119_similar_web_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\123.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\123_intext_adv_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\13.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\13_CrossriderAppUtils.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\14.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\14_CrossriderUtils.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\155.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\155_ibario_pops_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\16.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\16_FFAppAPIWrapper.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\29abb661-[email protected].com\extensionData\plugins\17.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\177.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\177_crossriderDashboard.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\178.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\178_revizer_ws_dynamic_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\179.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\179_revizer_p_dynamic_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\17_jQuery.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\180.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\180_bpo_serp_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\182.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\182_openUrl.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\183.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\183_tabsWrapper.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\184.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\184_noproblemppc_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\190.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\190_pops_5_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\191.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\191_ciuvo_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\195.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\195_icm_convertmedia_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\1_base.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\207.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\207_dbWrapper.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\21.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\21_debug.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\22.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\220.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\220_icm_base_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\221.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\221_icm_downloads_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\223.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\223_imonomy_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\22_resources.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\246.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\246_setup.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\28.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\28_initializer.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\4.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\47.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\47_resources_background.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\4_jquery_1_7_1.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\64.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\64_appApiMessage.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\7.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\72.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\72_appApiValidation.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\78.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\78_CrossriderInfo.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\7_hooks.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\9.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\91.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\91_monetizationLoader.js.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\93.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\93_superfish_no_coupons_m.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\98.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\98_omniCommands.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\extensionData\plugins\9_search_engine_hook.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\defaults\preferences\prefs.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\background.html => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\baseObject.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\browser.xul => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\dialog.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\ffCoreFilesIndex.txt => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\main.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\options.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\options.xul => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\platformVersion.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\search_dialog.xul => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\addressBarChangeObserver.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\29abb661-0efc-4f64-8a89-b11430d4[email protected]\chrome\content\core\console.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\consts.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\delegate.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\extensionDataStore.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\folderIOWrapper.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\httpObserver.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\IDBWrapper.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\installer.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\logFile.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\prefs.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\progressListenerObserver.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\registry.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\reloadObserver.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\reports.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\requestObject.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\searchSettings.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\uninstallObserver.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\updateManager.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\29abb661-0efc-4[email protected]\chrome\content\core\utils.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\core\xhr.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\asyncDB.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\background.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\browserAction.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\contextMenu.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\dbManager.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\dom_bg.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\fileManager.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\firefox.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\firefoxNotifications.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\firefoxOmnibox.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\message.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\pageAction.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\request.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\tabs.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\webRequest.js => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com\chrome\content\api\windowsMessagingHandler.js => Moved successfully.
Could not move "C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\29abb661-0efc-4f64-8a89-b114[email protected]" directory. => Scheduled to move on reboot.

C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected] => Moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} not found.
wStLib64 => Service not found.
"C:\Windows\system32\Drivers\wStLib64.sys" => File/Directory not found.
"C:\Program Files (x86)\BeetterPrricoeChec" => File/Directory not found.
"C:\ProgramData\BeetterPrricoeChec" => File/Directory not found.
"C:\ProgramData\4f849e9bda014f7c" => File/Directory not found.
"C:\Users\Ellery\AppData\Local\Temp\1E97.exe" => File/Directory not found.
"C:\Users\Ellery\AppData\Local\Temp\41877uninstall.exe" => File/Directory not found.
"C:\Users\Ellery\AppData\Local\Temp\ApnStub.exe" => File/Directory not found.
"C:\Users\Ellery\AppData\Local\Temp\contentDATs.exe" => File/Directory not found.
"C:\Users\Ellery\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-1.exe" => File/Directory not found.
"C:\Users\Ellery\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe" => File/Directory not found.
"C:\Users\Ellery\AppData\Local\Temp\ICReinstall_setup.exe" => File/Directory not found.
"C:\Users\Ellery\AppData\Local\Temp\plugin.part.2.exe" => File/Directory not found.
"C:\Users\Ellery\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Ellery\AppData\Local\Temp\SecurityScan_Release.exe" => File/Directory not found.
"C:\Users\Ellery\AppData\Local\Temp\Sqlite3.dll" => File/Directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-20 19:35:06)<=

"C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com" => Directory could not move.

==== End of Fixlog ====

 

       HERE IS THE Additions Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 02
Ran by Ellery at 2014-04-20 19:38:07
Running from C:\Users\Ellery\Downloads\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CWA Reminder by We-Care.com v4.1.24.3 (HKLM-x32\...\{0228288D-975E-42F7-9993-E91A82E6BBD9}) (Version: 4.1.24.3 - We-Care.com)
Extended Update (HKCU\...\AffiliatedUpdate) (Version:  - )
Free PDF Tablet 0.1 (HKLM-x32\...\Free PDF Tablet) (Version: 0.1 - )
Freecorder Torrent 8 (8.0.1.11) (HKLM-x32\...\Freecorder Torrent 8) (Version: 8.0.1.11 - Applian Technologies)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 11.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 11.0 (x86 en-US)) (Version: 11.0 - Mozilla)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.4001 - ooVoo LLC.)
Paltalk Messenger  11.2 (HKLM-x32\...\Paltalk Messenger) (Version: 11.2.0 - AVM Software Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Restore Points  =========================

14-02-2014 18:01:04 Windows Update
15-02-2014 21:36:37 Windows Modules Installer
17-02-2014 23:41:51 Windows Update
23-02-2014 02:42:40 Windows Update
17-03-2014 05:35:24 Windows Update
17-03-2014 05:39:20 Windows Update
20-03-2014 02:57:50 Removed BabylonObjectInstaller
20-03-2014 02:59:58 Removed SavingsbullFilter
20-03-2014 04:50:28 Windows Update
23-03-2014 16:51:01 Windows Update
04-04-2014 19:40:39 Windows Update
04-04-2014 22:36:48 Windows Update
09-04-2014 04:43:33 Windows Update
09-04-2014 05:09:10 OTL Restore Point - 4/8/2014 10:09:08 PM
20-04-2014 05:40:08 Removed Skype Click to Call
20-04-2014 05:43:37 Windows Update
21-04-2014 01:59:18 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1E1EF43B-9B75-4591-AF9B-D66183603BE4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {48814CF2-7137-4DB4-A45B-CDAE251C4ADF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-11 17:49 - 2013-11-11 17:49 - 00051272 _____ () C:\Program Files (x86)\Paltalk Messenger\ctrlkey.dll
2013-11-11 17:49 - 2013-11-11 17:49 - 02218568 _____ () C:\Program Files (x86)\Paltalk Messenger\Images.dll
2012-07-22 14:52 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2012-02-07 22:47 - 2012-04-07 12:59 - 01969080 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2014 07:16:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2014 06:57:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 10:35:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 00:12:03 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 11.0.0.4454 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c8

Start Time: 01cf53b068e91bbe

Termination Time: 80

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 328d1add-bfb6-11e3-b856-a4badb95ab88


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (04/20/2014 07:16:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2014 06:57:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 10:35:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 00:12:03 AM) (Source: Application Hang)(User: )
Description: firefox.exe11.0.0.4454c801cf53b068e91bbe80C:\Program Files (x86)\Mozilla Firefox\firefox.exe328d1add-bfb6-11e3-b856-a4badb95ab88


==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 4056.36 MB
Available physical RAM: 2686.53 MB
Total Pagefile: 8110.91 MB
Available Pagefile: 6698.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:359.05 GB) NTFS
Drive d: (Apr 07 2014) (CDROM) (Total:4.38 GB) (Free:4.37 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 983F7C98)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

     HERE IS THE  FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by Ellery (administrator) on ELLERY-PC on 20-04-2014 19:37:22
Running from C:\Users\Ellery\Downloads\FRST-OlderVersion
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-1458255248-4161178811-2998873453-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36247104 2014-03-25] (ooVoo LLC)
HKU\S-1-5-21-1458255248-4161178811-2998873453-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1458255248-4161178811-2998873453-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default
FF Homepage: https://www.yahoo.com/?fr=fptb-yff80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Extension: No Name - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\f9x19h3a.default\Extensions\[email protected]126239776.com [2014-04-20]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Ellery\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikbiigmbicdfpfkjgjjeiongjdhnikh [2014-02-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-19 22:45 - 2014-03-30 18:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-19 22:45 - 2014-03-30 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-19 22:45 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-19 22:45 - 2014-03-30 16:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-19 22:45 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-19 22:45 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-19 22:45 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-19 22:45 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-19 22:45 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-19 22:44 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-19 22:44 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-19 22:44 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-19 22:44 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-19 22:44 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-19 22:44 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-19 22:44 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-19 22:44 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-19 22:44 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-19 22:44 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-19 22:44 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-19 22:43 - 2014-04-20 19:37 - 00000000 ____D () C:\Users\Ellery\Downloads\FRST-OlderVersion
2014-04-19 22:43 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-19 22:39 - 2014-02-14 10:42 - 00000426 _____ () C:\AVScanner.ini
2014-04-08 23:57 - 2014-04-08 23:57 - 00189470 _____ () C:\Users\Ellery\Desktop\OTL.Txt
2014-04-08 23:47 - 2014-04-08 23:47 - 00189470 _____ () C:\Users\Ellery\Downloads\OTL.Txt
2014-04-08 23:47 - 2014-04-08 23:47 - 00049342 _____ () C:\Users\Ellery\Downloads\Extras.Txt
2014-04-08 22:05 - 2014-04-08 22:05 - 00602112 _____ (OldTimer Tools) C:\Users\Ellery\Downloads\OTL.exe
2014-04-08 22:03 - 2014-04-08 22:03 - 00024436 _____ () C:\Users\Ellery\Desktop\FRST.txt
2014-04-08 22:03 - 2014-04-08 22:03 - 00008792 _____ () C:\Users\Ellery\Desktop\Addition.txt
2014-04-08 22:02 - 2014-04-08 22:02 - 00008792 _____ () C:\Users\Ellery\Downloads\Addition.txt
2014-04-08 22:01 - 2014-04-20 19:37 - 00000000 ____D () C:\FRST
2014-04-08 22:01 - 2014-04-08 22:02 - 00024436 _____ () C:\Users\Ellery\Downloads\FRST.txt
2014-04-08 22:00 - 2014-04-20 19:06 - 02056704 _____ (Farbar) C:\Users\Ellery\Downloads\FRST64.exe
2014-04-08 21:57 - 2014-04-08 21:57 - 00002305 _____ () C:\Users\Ellery\Desktop\JRT.txt
2014-04-08 21:50 - 2014-04-08 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 21:49 - 2014-04-08 21:49 - 01016261 _____ (Thisisu) C:\Users\Ellery\Downloads\JRT.exe
2014-04-08 21:47 - 2014-04-08 21:47 - 00013184 _____ () C:\Users\Ellery\Desktop\AdwCleaner[S0].txt
2014-04-08 21:39 - 2014-04-08 21:44 - 00000000 ____D () C:\AdwCleaner
2014-04-08 21:38 - 2014-04-08 21:38 - 01426178 _____ () C:\Users\Ellery\Downloads\AdwCleaner.exe
2014-04-04 13:01 - 2014-04-04 13:01 - 00001989 _____ () C:\Users\Ellery\Desktop\Paltalk Messenger.lnk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Paltalk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-04-04 12:41 - 2014-04-04 13:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 12:40 - 2014-04-04 12:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 12:40 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 12:40 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-04 12:40 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-04 12:37 - 2014-04-04 12:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ellery\Downloads\mbam-setup-2.0.0.1000.exe

==================== One Month Modified Files and Folders =======

2014-04-20 19:37 - 2014-04-19 22:43 - 00000000 ____D () C:\Users\Ellery\Downloads\FRST-OlderVersion
2014-04-20 19:37 - 2014-04-08 22:01 - 00000000 ____D () C:\FRST
2014-04-20 19:35 - 2012-02-07 20:54 - 02025039 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 19:22 - 2009-07-13 21:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 19:22 - 2009-07-13 21:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 19:19 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 19:15 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 19:14 - 2010-11-20 20:47 - 00282534 _____ () C:\Windows\PFRO.log
2014-04-20 19:14 - 2009-07-13 21:51 - 00035373 _____ () C:\Windows\setupact.log
2014-04-20 19:09 - 2012-02-07 22:26 - 00771580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-20 19:06 - 2014-04-08 22:00 - 02056704 _____ (Farbar) C:\Users\Ellery\Downloads\FRST64.exe
2014-04-20 19:06 - 2012-07-22 14:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 19:03 - 2013-10-31 21:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-20 19:01 - 2012-02-07 21:40 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-20 18:55 - 2012-03-28 23:54 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Skype
2014-04-19 22:41 - 2012-03-28 23:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-09 00:12 - 2012-02-07 22:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-08 23:57 - 2014-04-08 23:57 - 00189470 _____ () C:\Users\Ellery\Desktop\OTL.Txt
2014-04-08 23:47 - 2014-04-08 23:47 - 00189470 _____ () C:\Users\Ellery\Downloads\OTL.Txt
2014-04-08 23:47 - 2014-04-08 23:47 - 00049342 _____ () C:\Users\Ellery\Downloads\Extras.Txt
2014-04-08 22:05 - 2014-04-08 22:05 - 00602112 _____ (OldTimer Tools) C:\Users\Ellery\Downloads\OTL.exe
2014-04-08 22:03 - 2014-04-08 22:03 - 00024436 _____ () C:\Users\Ellery\Desktop\FRST.txt
2014-04-08 22:03 - 2014-04-08 22:03 - 00008792 _____ () C:\Users\Ellery\Desktop\Addition.txt
2014-04-08 22:02 - 2014-04-08 22:02 - 00008792 _____ () C:\Users\Ellery\Downloads\Addition.txt
2014-04-08 22:02 - 2014-04-08 22:01 - 00024436 _____ () C:\Users\Ellery\Downloads\FRST.txt
2014-04-08 21:57 - 2014-04-08 21:57 - 00002305 _____ () C:\Users\Ellery\Desktop\JRT.txt
2014-04-08 21:50 - 2014-04-08 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 21:49 - 2014-04-08 21:49 - 01016261 _____ (Thisisu) C:\Users\Ellery\Downloads\JRT.exe
2014-04-08 21:47 - 2014-04-08 21:47 - 00013184 _____ () C:\Users\Ellery\Desktop\AdwCleaner[S0].txt
2014-04-08 21:44 - 2014-04-08 21:39 - 00000000 ____D () C:\AdwCleaner
2014-04-08 21:38 - 2014-04-08 21:38 - 01426178 _____ () C:\Users\Ellery\Downloads\AdwCleaner.exe
2014-04-04 15:37 - 2012-05-17 07:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-04 15:37 - 2012-02-07 22:27 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-04 15:37 - 2012-02-07 22:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-04 13:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SchCache
2014-04-04 13:02 - 2014-04-04 12:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 13:01 - 2014-04-04 13:01 - 00001989 _____ () C:\Users\Ellery\Desktop\Paltalk Messenger.lnk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Paltalk
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-04-04 13:01 - 2014-04-04 13:01 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-04-04 13:01 - 2012-04-25 20:34 - 00001859 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2014-04-04 13:01 - 2012-04-25 20:34 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2014-04-04 13:01 - 2012-02-07 21:22 - 00000000 ___RD () C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-04 12:58 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Globalization
2014-04-04 12:57 - 2014-01-03 17:07 - 00000000 ____D () C:\Users\Ellery\FLV Player
2014-04-04 12:40 - 2014-04-04 12:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 12:40 - 2014-04-04 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 12:37 - 2014-04-04 12:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ellery\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-04 12:36 - 2009-07-13 19:34 - 00000603 _____ () C:\Windows\win.ini
2014-03-30 18:16 - 2014-04-19 22:45 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 18:13 - 2014-04-19 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 17:13 - 2014-04-19 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 16:57 - 2014-04-19 22:45 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-23 10:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Ellery\AppData\Local\Temp\ieframe.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-23 10:03

==================== End Of Log ============================


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Any better now?  FRST says it couldn't delete one file.  Open Firefox, click on Firefox in the upper left and then on Add-Ons then on Extensions.  If you see any extensions try to Disable them.


  • 0

#14
love2teach956

love2teach956

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

i deleted any extensions that were active.


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Do you still have popups?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP