Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Script errors, invalid destination errors, adobe flash crashing even w

Started by sheyennelilly , Dec 02 2014 01:10 PM

  • This topic is locked This topic is locked

#46
sheyennelilly
Posted 12 December 2014 - 10:09 AM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Thank you for sticking with this with me.  It doesn't bother me that it's taking a long time at all.  You are the one dealing with my problems, not vice versa, so if anyone should be annoyed it would be you.  I really appreciate your help. 

 

ComboFix 14-12-10.03 - Sheyenne Alvarez 12/12/2014   9:08.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2365 [GMT -6:00]
Running from: c:\users\Sheyenne Alvarez\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\data\i74o4dd40bl0h4p_o\us_sres.data
c:\program files (x86)\LP
c:\program files (x86)\LP\9D51\645E.tmp
c:\program files (x86)\LP\9D51\AE86.tmp
c:\program files (x86)\LP\9D51\B347.tmp
c:\users\SHEYEN~1\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
c:\users\Sheyenne Alvarez\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
c:\users\Sheyenne Alvarez\Documents\~WRL0003.tmp
c:\users\Sheyenne Alvarez\Documents\~WRL0730.tmp
c:\users\Sheyenne Alvarez\Documents\~WRL1193.tmp
c:\users\Sheyenne Alvarez\Documents\~WRL3298.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system64
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-12 to 2014-12-12  )))))))))))))))))))))))))))))))
.
.
2014-12-12 15:31 . 2014-11-02 04:20    11632448    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55E6130B-4879-43B7-840F-A403E73B0EDB}\mpengine.dll
2014-12-12 15:18 . 2014-12-12 15:18    --------    d-----w-    c:\users\Roman\AppData\Local\temp
2014-12-12 15:18 . 2014-12-12 15:18    --------    d-----w-    c:\users\Gabriella\AppData\Local\temp
2014-12-11 09:47 . 2014-11-02 04:20    11632448    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-10 09:32 . 2014-12-10 09:32    --------    d-----w-    c:\windows\system32\appraiser
2014-12-10 09:05 . 2014-10-18 02:05    4121600    ----a-w-    c:\windows\system32\mf.dll
2014-12-10 09:05 . 2014-10-18 01:33    3209728    ----a-w-    c:\windows\SysWow64\mf.dll
2014-12-09 21:02 . 2014-12-04 02:50    192000    ----a-w-    c:\windows\system32\aepic.dll
2014-12-09 21:02 . 2014-12-01 23:28    1232040    ----a-w-    c:\windows\system32\aitstatic.exe
2014-12-09 21:02 . 2014-12-04 02:50    413184    ----a-w-    c:\windows\system32\generaltel.dll
2014-12-09 21:02 . 2014-12-04 02:50    741376    ----a-w-    c:\windows\system32\invagent.dll
2014-12-09 21:02 . 2014-12-04 02:50    396800    ----a-w-    c:\windows\system32\devinv.dll
2014-12-09 21:02 . 2014-12-04 02:50    227328    ----a-w-    c:\windows\system32\aepdu.dll
2014-12-09 21:02 . 2014-12-04 02:44    1083392    ----a-w-    c:\windows\system32\aeinv.dll
2014-12-08 13:11 . 2014-12-08 19:19    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-12-08 13:11 . 2014-12-08 13:11    --------    d-----w-    c:\programdata\RogueKiller
2014-12-06 14:22 . 2014-09-16 20:28    1188440    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5636ABFB-1807-4AE6-82C7-CBF078036B9B}\gapaengine.dll
2014-12-05 15:55 . 2014-12-09 17:34    --------    d-----w-    C:\FRST
2014-12-05 15:48 . 2014-12-05 15:48    --------    d-----w-    c:\windows\ERUNT
2014-12-05 15:26 . 2014-12-05 15:37    --------    d-----w-    C:\AdwCleaner
2014-12-05 13:15 . 2014-12-05 13:15    --------    d-sh--w-    c:\users\Dario Jr\AppData\Local\EmieBrowserModeList
2014-12-04 21:51 . 2014-12-04 21:45    24064    ----a-w-    c:\windows\zoek-delete.exe
2014-12-04 21:51 . 2014-12-12 15:32    --------    d-----w-    c:\users\Sheyenne Alvarez\AppData\Local\Temp
2014-12-04 18:42 . 2014-12-09 22:56    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-04 18:42 . 2014-12-09 22:56    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-04 16:13 . 2014-12-04 16:46    --------    d-----w-    C:\zoek_backup
2014-12-04 15:39 . 2014-12-04 15:39    --------    d-----w-    C:\_OTL
2014-12-03 06:31 . 2014-12-03 06:31    227048    ----a-w-    c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2014-12-03 06:31 . 2014-12-03 06:31    227048    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-11-25 19:59 . 2014-11-25 19:59    18638520    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-19 16:27 . 2014-11-11 03:08    241152    ----a-w-    c:\windows\system32\pku2u.dll
2014-11-19 16:27 . 2014-11-11 03:08    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-19 16:27 . 2014-11-11 02:44    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2014-11-19 16:27 . 2014-11-11 02:44    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-11-19 10:31 . 2014-11-19 10:31    1217192    ----a-w-    c:\windows\SysWow64\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-12 15:32 . 2014-09-03 00:34    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-10 09:06 . 2011-08-03 20:15    112710672    ----a-w-    c:\windows\system32\MRT.exe
2014-12-06 06:27 . 2014-10-31 06:44    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-12-06 06:27 . 2014-10-31 06:44    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-12-04 07:36 . 2011-11-05 21:37    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-12-04 07:35 . 2011-11-05 21:37    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-12-04 06:35 . 2011-11-05 21:37    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-11-21 12:14 . 2014-09-03 00:33    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-21 12:14 . 2014-09-03 00:33    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 12:14 . 2012-12-24 14:55    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-05 15:15 . 2013-12-18 00:37    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-10-30 11:25 . 2011-09-26 13:09    275080    ------w-    c:\windows\system32\MpSigStub.exe
2014-10-30 06:10 . 2011-12-05 05:22    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-10-25 01:57 . 2014-11-12 11:40    77824    ----a-w-    c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 11:40    67584    ----a-w-    c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 11:39    861696    ----a-w-    c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 11:39    571904    ----a-w-    c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 11:41    155064    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 11:41    683520    ----a-w-    c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 11:40    3241984    ----a-w-    c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 11:41    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 11:41    146432    ----a-w-    c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 11:41    681984    ----a-w-    c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 11:41    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 11:40    2363904    ----a-w-    c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 11:41    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 11:41    146432    ----a-w-    c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 11:41    681984    ----a-w-    c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 11:40    3198976    ----a-w-    c:\windows\system32\win32k.sys
2014-10-07 09:06 . 2014-05-25 01:59    590536    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-10-03 02:12 . 2014-11-12 11:40    500224    ----a-w-    c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 11:40    284672    ----a-w-    c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 11:40    680960    ----a-w-    c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 11:40    440832    ----a-w-    c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 11:40    296448    ----a-w-    c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 11:40    442880    ----a-w-    c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 11:40    374784    ----a-w-    c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 11:40    195584    ----a-w-    c:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08 . 2014-10-01 08:37    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 08:37    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-19 09:42 . 2014-11-12 11:40    210944    ----a-w-    c:\windows\system32\wdigest.dll
2014-09-19 09:42 . 2014-11-12 11:40    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2014-09-19 09:42 . 2014-11-12 11:40    342016    ----a-w-    c:\windows\system32\schannel.dll
2014-09-19 09:42 . 2014-11-12 11:40    309760    ----a-w-    c:\windows\system32\ncrypt.dll
2014-09-19 09:42 . 2014-11-12 11:40    314880    ----a-w-    c:\windows\system32\msv1_0.dll
2014-09-19 09:42 . 2014-11-12 11:40    22016    ----a-w-    c:\windows\system32\credssp.dll
2014-09-19 09:23 . 2014-11-12 11:40    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2014-09-19 09:23 . 2014-11-12 11:40    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23 . 2014-11-12 11:40    248832    ----a-w-    c:\windows\SysWow64\schannel.dll
2014-09-19 09:23 . 2014-11-12 11:40    221184    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23 . 2014-11-12 11:40    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23 . 2014-11-12 11:40    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2014-09-16 20:28 . 2012-02-11 02:51    1188440    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-14 16:29    1729752    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-14 16:29    1729752    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-14 16:29    1729752    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2013-08-20 2013]
"DKab1err"="c:\program files (x86)\Dell\ErrorApp\DKab1err.exe" [2012-11-08 644456]
"DKADGmon"="c:\program files (x86)\Dell V520 Series\DKADGmon.exe" [2012-11-08 951656]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-05-19 3414560]
"Amazon Music"="c:\users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-10-15 6281024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"BackupNowEZtray"="c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" [2013-02-05 581624]
"DKADGmon"="c:\program files (x86)\Dell V520 Series\DKADGmon.exe" [2012-11-08 951656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-27 152392]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-05-19 3414560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
c:\users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Cloud Drive.appref-ms [2014-12-11 408]
Dropbox.lnk - c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2014-1-29 144384]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-11-28 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\Drivers\usbethmp.sys;c:\windows\SYSNATIVE\Drivers\usbethmp.sys [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x64.sys;c:\windows\SYSNATIVE\Drivers\WLRAWMp50x64.sys [x]
R3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x64.sys;c:\windows\SYSNATIVE\Drivers\WLRAWSp50x64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S3 ZCinema_TSHD_x64;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_amd64.sys;c:\windows\SYSNATIVE\drivers\ZCinema_SRS_amd64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-04 22:56]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-30 01:11]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-30 01:11]
.
2014-12-12 c:\windows\Tasks\HPCeeScheduleForSheyenne Alvarez.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-11-15 c:\windows\Tasks\HPCeeScheduleForSHEYENNEALVAREZ$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-14 18:27    2334928    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-14 18:27    2334928    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-14 18:27    2334928    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"DKADGmon"="c:\program files (x86)\Dell V520 Series\DKADGmon.exe" [2012-11-08 951656]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Yahoo! Companion - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-Yahoo! Mail Advisor - c:\progra~2\Yahoo!\Common\UNINST~1.EXE
AddRemove-Yahoo! Software Update - c:\progra~2\Yahoo!\SOFTWA~1\UNINST~1.EXE
AddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_ž\00\00ž\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~ž\00\00ž\00\00\00\00~\00\00\00\00\00\00\00\00‘’“"
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\01\05\06\02\05\04s"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Completion time: 2014-12-12  09:38:53 - machine was rebooted
ComboFix-quarantined-files.txt  2014-12-12 15:38
.
Pre-Run: 153,495,797,760 bytes free
Post-Run: 153,139,044,352 bytes free
.
- - End Of File - - A8098E08C4BE86BE71CA275BC1BC065A
B6B4AD0DA5D0CE8F18DC149EF6FF08F4
 


  • 0

Advertisements

#47
Biscuithd
Posted 15 December 2014 - 08:46 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,
 
I spent quite a bit of time reviewing your logs yestarday and this morning and I'm leaning strongly Operating System and Installed Program issues rather than Malware Issues. Although I want to quickly add that, yes, you aboslutely did have malware issues when you arrived here. However, I think for the most part, they are resolved.
 
My suspicion is the the Pop-Ups you describe are more Systematic in nature than Malware Pop-ups. Note the following; you use Cloud Services and other Off Line Services. In and of itself there is no issue with that, however, when the service is unavailable, it errors out. And, I can see many of those in your logs.
 
Next, you have quite a few Installed programs. At least one is know for adding untoward extra programs and nearly qualifies as Malware and that one is flyff. On the surface I believe that flyff is a game, but it is causing errors on your system and perhaps more. Would you be comfortable uninstalling it? At least until we see if it's removal helps alleviate the issues? Also, I have a list below of your installed program. It would be a good thing if you would review the list and ininstall the programs that you are no longer using. I'm going to highlight the ones that I question most in Blue, but please check them all. Don't remove anything that you are unsure about. Also, please uninstall all verions of Flash and Java (indicated by ***) so we can make sure they are all gone and then we'll install the most current one from the correct source. That we if we still get Update PopUps, we'll know they come from an untoward source and not a valid, but expired source.
 
ABBYY FineReader 6.0 Sprint
ABBYY FineReader 9.0 Sprint
ActiveCheck component for HP Active Support Library
***Adobe AIR (uninstall and we'll re-install later)
***Adobe Flash Player 15 ActiveX (uninstall and we'll re-install later)
***Adobe Flash Player 15 Plugin (uninstall and we'll re-install later)
Adobe Reader XI (11.0.09)
Amazon Cloud Drive
Amazon MP3 Downloader 1.0.17
Amazon Music
Amazon Music Importer
Apple Application Support
Apple Mobile Device Support
ATI Catalyst Install Manager
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDDRV_Installer
ClipGrab 3.4.7
CyberLink DVD Suite Deluxe
CyberLink PowerDirector 11
DVD Menu Pack for HP MediaSmart Video
FamilySearch Indexing 3.24.2
Firebird SQL Server - MAGIX Edition
Fitbit Connect
Flyff
Free Realms
Google Earth
Google Update Helper
Google+ Auto Backup
GoPro Studio 2.0.1
iCloud
Intel® Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel® Architecture
Internet TV for Windows Media Center
iTunes
Java 7 Update 67
Java Auto Updater
Junk Mail filter update
KhalInstallWrapper
Kobo
LabelPrint
LightScribe System Software
Logitech Alert Commander
Logitech SetPoint
Macromedia Director 7
MAGIX Speed 2 (MSI)
Malwarebytes Anti-Malware version 2.0.4.1028
Media Player Codec Pack 4.2.0
MotoCast
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 33.1 (x86 en-US)
Mozilla Maintenance Service
Netflix in Windows Media Center
Newblue Art Effects for PowerDirector
Norton Online Backup
NTI Backup Now EZ
Pantech PCSuite
PDF Complete Special Edition
PhotoNow
Picasa 3
PictureMover
PL-2303 Vista Driver Installer
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Power2Go
PressReader
QuickTime 7
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
Riverpoint Writer
SmartSound Quicktracks 5
Spybot - Search & Destroy
SpyroPortalDriver
swMSM
The Imagination Station (remove only)
Wizard101
Yahoo BrowserPlus 2.9.8
Yahoo Install Manager
Yahoo Internet Mail
Yahoo Mail Advisor
Yahoo Software Update
Yahoo Toolbar
Z Cinema
Zinio Reader 4

 

Once you are done, please re-run FRST and post the log for me. I'd like to assess the list and see how the error log looks.

 

 


  • 0

#48
sheyennelilly
Posted 15 December 2014 - 09:37 AM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Okay, I uninstalled all the programs you had marked in blue or red, but I didn't find the Bing one listed on my programs.  That's something I installed to get points for searching to get gift cards.  Flyff is a game both of my boys love to play, but if it's causing problems then they will just have to live without it.  Also, when I went to uninstall Java, it told me that a program called motocast.exe was using it and I had to stop it before I could uninstall.  I told it to go ahead with that.

After I did all that, I restarted the computer (isn't that what I'm supposed to do to finish removal of all the programs?)  I did it just in case, and it wouldn't shut down again because it said it was waiting on explorer.exe.  I forced a shutdown, because I know from the past that it will wait and wait and never shut down on it's own with that.

 

Here is the log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Sheyenne Alvarez (administrator) on SHEYENNEALVAREZ on 15-12-2014 09:18:50
Running from C:\Users\Sheyenne Alvarez\Desktop
Loaded Profile: Sheyenne Alvarez (Available profiles: Sheyenne Alvarez & Gabriella & Dario Jr & Roman)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
() C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
() C:\Program Files (x86)\Dell\ErrorApp\dkab1err.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
() C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music Helper.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [DKADGmon] => C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe [951656 2012-11-07] ()
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation)
HKLM-x32\...\Run: [DKADGmon] => C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe [951656 2012-11-07] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3854915487-3061028145-266851286-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3854915487-3061028145-266851286-1000\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2013 2013-08-19] ()
HKU\S-1-5-21-3854915487-3061028145-266851286-1000\...\Run: [DKab1err] => C:\Program Files (x86)\Dell\ErrorApp\DKab1err.exe [644456 2012-11-07] ()
HKU\S-1-5-21-3854915487-3061028145-266851286-1000\...\Run: [DKADGmon] => C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe [951656 2012-11-07] ()
HKU\S-1-5-21-3854915487-3061028145-266851286-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-3854915487-3061028145-266851286-1000\...\Run: [Amazon Music] => C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-18\...\RunOnce: [panda2_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda2_0dn_XP] => reg.exe delete "HKCU\Software\panda2_0dn" /f
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
Startup: C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3854915487-3061028145-266851286-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3854915487-3061028145-266851286-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3854915487-3061028145-266851286-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-21-3854915487-3061028145-266851286-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-3854915487-3061028145-266851286-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll ()
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Bing
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.652 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3854915487-3061028145-266851286-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Sheyenne Alvarez\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3854915487-3061028145-266851286-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-18]

Chrome:
=======
CHR Profile: C:\Users\Sheyenne Alvarez\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3377568 2014-05-25] (INCA Internet Co., Ltd.)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 A_USBETHMP; C:\Windows\System32\Drivers\usbethmp.sys [32280 2009-07-09] (Intellon Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-13] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-08] ()
S3 WLRAWMp50x64; C:\Windows\System32\Drivers\WLRAWMp50x64.sys [35352 2013-10-31] (Logitech, Inc.)
S3 WLRAWMp50x64; C:\Windows\SysWOW64\Drivers\WLRAWMp50x64.sys [35352 2013-10-31] (Logitech, Inc.)
S3 WLRAWSp50x64; C:\Windows\System32\Drivers\WLRAWSp50x64.sys [34328 2013-10-31] (Logitech, Inc.)
S3 WLRAWSp50x64; C:\Windows\SysWOW64\Drivers\WLRAWSp50x64.sys [34328 2013-10-31] (Logitech, Inc.)
R3 ZCinema_TSHD_x64; C:\Windows\System32\drivers\ZCinema_SRS_amd64.sys [21648 2007-08-22] (SRS Labs, Inc.)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 androidusb; System32\Drivers\lgandadb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 18:13 - 2014-12-14 18:13 - 00000000 __SHD () C:\Users\Roman\AppData\Local\EmieUserList
2014-12-14 18:13 - 2014-12-14 18:13 - 00000000 __SHD () C:\Users\Roman\AppData\Local\EmieSiteList
2014-12-14 18:13 - 2014-12-14 18:13 - 00000000 __SHD () C:\Users\Roman\AppData\Local\EmieBrowserModeList
2014-12-12 09:38 - 2014-12-12 09:38 - 00031548 _____ () C:\ComboFix.txt
2014-12-12 09:05 - 2014-12-12 09:38 - 00000000 ____D () C:\Qoobox
2014-12-12 09:05 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-12 09:05 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-12 09:05 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-12 09:05 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-12 09:05 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-12 09:05 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-12 09:05 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-12 09:05 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-12 09:04 - 2014-12-12 09:36 - 00000000 ____D () C:\Windows\erdnt
2014-12-12 09:01 - 2014-12-12 09:02 - 05600944 ____R (Swearware) C:\Users\Sheyenne Alvarez\Desktop\ComboFix.exe
2014-12-10 03:32 - 2014-12-10 03:32 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:05 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:05 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 15:02 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 15:02 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 15:02 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 15:02 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 15:02 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 15:02 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 15:02 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 15:02 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 15:01 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 15:01 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 15:01 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 15:01 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 15:01 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 15:01 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 15:01 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 15:01 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 15:01 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 15:01 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 15:01 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 15:01 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 15:01 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 15:01 - 2014-11-21 20:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 15:01 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 15:01 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 15:01 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 15:01 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 15:01 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 15:01 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 15:01 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 15:01 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 15:01 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 15:01 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 15:01 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 15:01 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 15:01 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 15:01 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 15:01 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 15:01 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 15:01 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 15:01 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 15:01 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 15:01 - 2014-11-21 19:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 15:01 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 15:01 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 15:01 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 15:01 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 15:01 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 15:01 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 15:01 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 15:01 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 15:01 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 15:01 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 15:01 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 15:01 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 15:01 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 15:01 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 15:01 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 15:01 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 15:01 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 15:01 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 15:01 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 15:01 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 15:01 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 15:01 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 15:01 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 15:01 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 15:01 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 15:01 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 15:01 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 15:01 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 15:01 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 15:01 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 15:01 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 15:01 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 15:01 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 15:01 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 15:01 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 15:01 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 15:01 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 15:01 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 15:01 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 13:07 - 2014-12-09 21:54 - 00431861 _____ () C:\Users\Sheyenne Alvarez\Documents\My Assistant Presentation.pptx
2014-12-09 07:05 - 2014-12-15 09:18 - 00000000 ____D () C:\Users\Sheyenne Alvarez\Desktop\FRST-OlderVersion
2014-12-08 07:29 - 2014-12-08 07:29 - 00852487 _____ () C:\Users\Sheyenne Alvarez\Desktop\SecurityCheck (2).exe
2014-12-08 07:11 - 2014-12-08 13:19 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-08 07:11 - 2014-12-08 07:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-08 07:10 - 2014-12-08 07:11 - 15201368 _____ () C:\Users\Sheyenne Alvarez\Desktop\RogueKiller.exe
2014-12-05 09:57 - 2014-12-05 09:57 - 00052612 _____ () C:\Users\Sheyenne Alvarez\Desktop\Addition.txt
2014-12-05 09:55 - 2014-12-15 09:18 - 02119168 _____ (Farbar) C:\Users\Sheyenne Alvarez\Desktop\FRST64.exe
2014-12-05 09:55 - 2014-12-15 09:18 - 00022073 _____ () C:\Users\Sheyenne Alvarez\Desktop\FRST.txt
2014-12-05 09:55 - 2014-12-15 09:18 - 00000000 ____D () C:\FRST
2014-12-05 09:52 - 2014-12-05 09:52 - 00002326 _____ () C:\Users\Sheyenne Alvarez\Desktop\JRT.txt
2014-12-05 09:48 - 2014-12-05 09:48 - 00000000 ____D () C:\Windows\ERUNT
2014-12-05 09:47 - 2014-12-05 09:47 - 01707646 _____ (Thisisu) C:\Users\Sheyenne Alvarez\Desktop\JRT.exe
2014-12-05 09:26 - 2014-12-05 09:37 - 00000000 ____D () C:\AdwCleaner
2014-12-05 09:26 - 2014-12-05 09:36 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-05 09:25 - 2014-12-05 09:25 - 02153472 _____ () C:\Users\Sheyenne Alvarez\Desktop\AdwCleaner(1).exe
2014-12-05 09:17 - 2014-12-05 09:18 - 00002362 _____ () C:\Users\Sheyenne Alvarez\Desktop\FixExec.txt
2014-12-05 09:10 - 2014-12-05 09:10 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\Sheyenne Alvarez\Downloads\FixExec.exe
2014-12-05 07:15 - 2014-12-05 07:15 - 00000000 __SHD () C:\Users\Dario Jr\AppData\Local\EmieBrowserModeList
2014-12-04 15:51 - 2014-12-04 15:45 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-12-04 15:48 - 2014-12-04 10:56 - 00091099 _____ () C:\zoek-results2014-12-04-165605.log
2014-12-04 14:41 - 2014-12-04 14:41 - 00186431 _____ () C:\Users\Sheyenne Alvarez\Documents\bookmarks.html
2014-12-04 13:07 - 2014-12-04 13:08 - 00244104 _____ () C:\Users\Sheyenne Alvarez\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-04 10:18 - 2014-12-04 15:53 - 00090828 _____ () C:\zoek-results.log
2014-12-04 10:13 - 2014-12-04 10:46 - 00000000 ____D () C:\zoek_backup
2014-12-04 10:09 - 2014-12-04 10:09 - 01295360 _____ () C:\Users\Sheyenne Alvarez\Desktop\zoek.exe
2014-12-04 09:39 - 2014-12-04 09:39 - 00000000 ____D () C:\_OTL
2014-12-02 13:09 - 2014-12-02 13:09 - 00102176 _____ () C:\Users\Sheyenne Alvarez\Downloads\Extras.Txt
2014-12-02 13:08 - 2014-12-02 13:08 - 00145552 _____ () C:\Users\Sheyenne Alvarez\Downloads\OTL.Txt
2014-12-02 12:47 - 2014-12-02 12:47 - 00602112 _____ (OldTimer Tools) C:\Users\Sheyenne Alvarez\Downloads\OTL.exe
2014-12-02 09:23 - 2014-12-02 09:23 - 00011484 _____ () C:\Users\Sheyenne Alvarez\Documents\My Assistant Start-Up Costs.xlsx
2014-12-01 21:52 - 2014-12-01 21:52 - 00137540 _____ () C:\Users\Sheyenne Alvarez\Documents\Sheyenne Resume for Bus. Plan class.dotx
2014-11-29 16:28 - 2014-11-29 16:41 - 00054376 _____ () C:\Users\Sheyenne Alvarez\Downloads\Result.txt
2014-11-29 16:26 - 2014-11-29 16:26 - 00401920 _____ (Farbar) C:\Users\Sheyenne Alvarez\Downloads\MiniToolBox.exe
2014-11-25 14:25 - 2014-11-25 14:27 - 13087456 _____ (Microsoft Corporation) C:\Users\Sheyenne Alvarez\Downloads\Silverlight_x64(3).exe
2014-11-23 17:31 - 2014-11-23 19:48 - 00170563 _____ () C:\Users\Sheyenne Alvarez\Documents\OB PRESENTATION-1-1 edits by Sheyenne.pptx
2014-11-23 17:26 - 2014-11-23 17:26 - 00178464 _____ () C:\Users\Sheyenne Alvarez\Downloads\OB PRESENTATION-1-1.pptx
2014-11-21 14:55 - 2014-11-21 14:55 - 01120240 _____ () C:\Users\Sheyenne Alvarez\Downloads\Calendar_Sheyenne_Alvarez.ics
2014-11-20 16:24 - 2014-11-20 16:25 - 01174891 _____ () C:\Users\Sheyenne Alvarez\Downloads\finalized presentation.pptx
2014-11-20 13:27 - 2014-11-20 13:27 - 00077536 _____ () C:\Users\Sheyenne Alvarez\Downloads\yahoo_contacts.csv
2014-11-20 10:06 - 2014-11-20 10:06 - 00039066 _____ () C:\Users\Sheyenne Alvarez\Documents\My Assistant Financials - Income and Balance.xlsx
2014-11-20 10:04 - 2014-11-20 10:04 - 00037767 _____ () C:\Users\Sheyenne Alvarez\Downloads\Financials - Income and Balance.xlsx
2014-11-20 10:04 - 2014-11-20 10:04 - 00032615 _____ () C:\Users\Sheyenne Alvarez\Downloads\Financials - Cash Flow.xlsx
2014-11-19 10:27 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:27 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 10:27 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 10:27 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2014-11-18 14:20 - 2014-11-18 14:20 - 00029187 _____ () C:\Users\Sheyenne Alvarez\Documents\My Assistant Financials.xlsx
2014-11-18 12:51 - 2014-11-18 14:13 - 00029172 _____ () C:\Users\Sheyenne Alvarez\Downloads\Financials.xlsx
2014-11-17 11:22 - 2014-11-17 11:22 - 01173439 _____ () C:\Users\Sheyenne Alvarez\Documents\finalized presentation - suggestions from Sheyenne.pptx
2014-11-17 10:52 - 2014-11-17 10:52 - 00126043 _____ () C:\Users\Sheyenne Alvarez\Documents\OB PRESENTATION - suggestions by Sheyenne.pptx
2014-11-17 09:26 - 2014-11-17 09:26 - 00123651 _____ () C:\Users\Sheyenne Alvarez\Documents\OB PRESENTATION.pptx
2014-11-17 09:21 - 2014-11-17 09:21 - 00126234 _____ () C:\Users\Sheyenne Alvarez\Downloads\OB PRESENTATION.pptx
2014-11-16 15:46 - 2014-11-16 15:52 - 00035328 _____ () C:\Users\Sheyenne Alvarez\Documents\My Assistant SimplyMap by Sheyenne.xls
2014-11-16 15:41 - 2014-11-16 15:41 - 00010752 _____ () C:\Users\Sheyenne Alvarez\Downloads\standard_report.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 09:18 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-15 09:18 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-15 09:14 - 2011-02-18 21:54 - 01413478 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 09:12 - 2013-12-16 19:02 - 00000000 ___RD () C:\Users\Sheyenne Alvarez\Dropbox
2014-12-15 09:12 - 2013-12-16 18:55 - 00000000 ____D () C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox
2014-12-15 09:11 - 2014-03-29 19:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 09:11 - 2012-01-17 14:15 - 00000000 ____D () C:\TEMP
2014-12-15 09:10 - 2012-08-18 09:35 - 00124398 _____ () C:\Windows\setupact.log
2014-12-15 09:10 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 09:04 - 2011-05-08 18:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-15 08:57 - 2012-05-20 07:51 - 00000000 ____D () C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-15 08:54 - 2014-08-21 21:28 - 00000000 ____D () C:\Users\Sheyenne Alvarez\AppData\Local\Adobe
2014-12-15 08:46 - 2014-03-29 19:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 08:37 - 2013-08-19 19:08 - 00000000 ____D () C:\Users\Sheyenne Alvarez\.gstreamer-0.10
2014-12-15 08:37 - 2013-08-19 19:04 - 00000000 ____D () C:\Users\Sheyenne Alvarez\AppData\Roaming\MotoCast
2014-12-15 08:36 - 2011-08-05 12:42 - 00000000 ____D () C:\Users\Sheyenne Alvarez\AppData\Local\Deployment
2014-12-15 06:51 - 2012-12-22 13:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-15 06:51 - 2012-12-22 13:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-14 23:15 - 2014-09-29 16:29 - 00000376 _____ () C:\Windows\Tasks\HPCeeScheduleForSheyenne Alvarez.job
2014-12-14 18:37 - 2011-05-25 08:06 - 00003232 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSHEYENNEALVAREZ$
2014-12-14 18:37 - 2011-05-25 08:06 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForSHEYENNEALVAREZ$.job
2014-12-14 18:12 - 2012-03-29 15:14 - 00156656 _____ () C:\Users\Roman\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-14 18:12 - 2012-03-29 15:13 - 00000008 __RSH () C:\Users\Roman\ntuser.pol
2014-12-14 18:12 - 2012-03-29 15:13 - 00000000 ____D () C:\Users\Roman
2014-12-14 03:03 - 2012-12-22 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 18:36 - 2014-09-02 18:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 09:14 - 2014-10-07 08:11 - 00000000 ____D () C:\Users\Sheyenne Alvarez\Documents\Adoption forms and documentation
2014-12-13 09:14 - 2013-02-02 16:13 - 00250561 _____ () C:\ProgramData\DKADGscan.log
2014-12-13 08:25 - 2011-08-05 12:42 - 00000000 ____D () C:\Users\Sheyenne Alvarez\AppData\Local\Apps\2.0
2014-12-12 09:38 - 2009-07-13 21:20 - 00000000 ___RD () C:\Users\Default
2014-12-12 09:32 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-12 09:20 - 2011-02-19 01:01 - 01205210 _____ () C:\Windows\PFRO.log
2014-12-10 04:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 03:32 - 2014-04-30 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:15 - 2011-03-06 20:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:13 - 2013-08-14 00:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:06 - 2011-08-03 14:15 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 11:43 - 2012-12-24 15:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-07 14:53 - 2011-02-18 22:24 - 00157858 _____ () C:\Windows\DirectX.log
2014-12-07 14:48 - 2012-02-23 08:31 - 00000000 ____D () C:\Users\Sheyenne Alvarez\Documents\Gabby's stuff
2014-12-05 07:14 - 2012-03-14 08:22 - 00156656 _____ () C:\Users\Dario Jr\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 07:14 - 2012-03-14 08:22 - 00000008 __RSH () C:\Users\Dario Jr\ntuser.pol
2014-12-05 07:14 - 2012-03-14 08:22 - 00000000 ____D () C:\Users\Dario Jr
2014-12-04 13:12 - 2014-11-10 08:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-04 13:12 - 2012-07-18 19:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-04 13:09 - 2012-07-18 19:14 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-04 13:09 - 2012-07-18 19:14 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-04 10:54 - 2012-03-10 00:18 - 00000008 __RSH () C:\Users\Sheyenne Alvarez\ntuser.pol
2014-12-04 10:54 - 2011-03-05 23:03 - 00000000 ____D () C:\Users\Sheyenne Alvarez
2014-12-04 10:39 - 2009-07-13 21:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-04 10:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-12-04 10:02 - 2012-05-08 13:55 - 00000000 ____D () C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla
2014-12-04 09:33 - 2013-01-04 16:58 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-12-04 09:30 - 2011-03-20 13:02 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-12-04 09:28 - 2011-03-06 16:38 - 00000000 ____D () C:\Users\Sheyenne Alvarez\AppData\Local\Google
2014-12-04 09:24 - 2014-01-14 16:08 - 00000000 ____D () C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-12-02 12:50 - 2014-09-02 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-02 12:50 - 2014-09-02 18:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-02 12:50 - 2012-12-24 08:55 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-01 17:15 - 2014-09-29 16:29 - 00003252 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSheyenne Alvarez
2014-11-30 21:04 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-11-29 12:32 - 2011-02-18 22:02 - 00000000 ____D () C:\ProgramData\Temp
2014-11-29 01:27 - 2011-03-06 20:06 - 00000000 ____D () C:\Users\Sheyenne Alvarez\AppData\Local\Microsoft Help
2014-11-29 01:27 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-11-28 14:18 - 2009-07-13 23:13 - 02223910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 16:54 - 2011-03-24 17:29 - 00000000 ____D () C:\Users\Sheyenne Alvarez\AppData\Local\CrashDumps
2014-11-23 19:48 - 2012-02-01 08:24 - 00511488 ___SH () C:\Users\Sheyenne Alvarez\Documents\Thumbs.db
2014-11-23 19:47 - 2012-01-25 17:24 - 01224704 ___SH () C:\Users\Sheyenne Alvarez\Downloads\Thumbs.db
2014-11-21 06:14 - 2014-09-02 18:33 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-09-02 18:33 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2012-12-24 08:55 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-16 04:58 - 2014-05-24 19:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15

Files to move or delete:
====================
C:\Users\Sheyenne Alvarez\jobq.dat


Some content of TEMP:
====================
C:\Users\Sheyenne Alvarez\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmjrpfn.dll
C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna1703843045614165700.dll
C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna3733208294659740389.dll
C:\Users\Sheyenne Alvarez\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Sheyenne Alvarez\AppData\Local\Temp\Uninstaller-5004.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 07:21

==================== End Of Log ============================


  • 0

#49
Biscuithd
Posted 15 December 2014 - 02:09 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
I absolutely understand about flyFF and once we get this machine straightened out, reinstall and see how it goes.

Ok, I'm starting to think that this problem is quite a bit deeper than I thought, so I'm going to have you run an additional scan that checks some specific files. If you've still got OTL downloaded, you don't have to re-download it. Just skip that part, paste in the Custom Scan part, etc. etc. etc. :)



51a5d669693dd-icon_OTL.png Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.
  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure that Scan All Users, LOP check and Purity check are ticked.
  • For 64-bit systems only - make sure that Include 64-bit option is also ticked.
  • Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
  • Section Extra Registry is also set to Use Safelist.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
netsvcs
user32.*
netsvcs.*
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
rpcss.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C
  • Push Run Scan and wait patiently.
  • Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).
Please include the content of both logfiles in your next reply.
  • 0

#50
sheyennelilly
Posted 15 December 2014 - 05:44 PM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

I don't see an extras log anywhere.  Should I have to search for it?  Here is the one that popped up:

 

 

OTL logfile created on: 12/15/2014 4:47:01 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sheyenne Alvarez\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 42.49% Memory free
7.50 Gb Paging File | 5.37 Gb Available in Paging File | 71.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.50 Gb Total Space | 149.69 Gb Free Space | 16.30% Space Free | Partition Type: NTFS
Drive E: | 12.92 Gb Total Space | 1.59 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive K: | 465.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32
 
Computer Name: SHEYENNEALVAREZ | User Name: Sheyenne Alvarez | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/03 00:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/02 12:47:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sheyenne Alvarez\Desktop\OTL.exe
PRC - [2014/11/14 12:41:15 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/13 00:58:58 | 035,419,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/10/14 23:35:26 | 006,281,024 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music Helper.exe
PRC - [2014/05/19 15:05:10 | 003,414,560 | R--- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
PRC - [2014/05/19 15:05:10 | 001,436,192 | R--- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
PRC - [2013/02/05 09:10:48 | 000,581,624 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
PRC - [2013/02/05 09:10:46 | 000,046,072 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
PRC - [2012/11/07 21:54:39 | 000,644,456 | ---- | M] () -- C:\Program Files (x86)\Dell\ErrorApp\dkab1err.exe
PRC - [2012/11/07 21:54:06 | 000,951,656 | ---- | M] () -- C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
PRC - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/09/07 20:36:46 | 000,087,992 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/15 09:12:06 | 000,043,008 | ---- | M] () -- c:\Users\Sheyenne Alvarez\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmjrpfn.dll
MOD - [2014/11/13 00:49:58 | 003,610,624 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/10/14 23:35:26 | 006,281,024 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music Helper.exe
MOD - [2014/04/23 15:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 15:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/23 13:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/02/05 09:11:18 | 000,465,824 | ---- | M] () -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
MOD - [2012/11/07 21:54:39 | 000,644,456 | ---- | M] () -- C:\Program Files (x86)\Dell\ErrorApp\dkab1err.exe
MOD - [2012/11/07 21:54:06 | 000,951,656 | ---- | M] () -- C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
MOD - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2012/08/22 05:05:46 | 001,490,944 | ---- | M] () -- C:\Program Files (x86)\Dell V520 Series\DKabdrs.dll
MOD - [2012/08/07 06:37:29 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\Dell\ErrorApp\dkab1err.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 20:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/30 01:24:10 | 002,443,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/11 22:14:40 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/05/11 09:16:12 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2014/12/03 00:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/26 10:40:37 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/25 06:23:00 | 003,377,568 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2014/05/19 15:05:10 | 001,436,192 | R--- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/05 09:10:46 | 000,046,072 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/09/07 20:36:46 | 000,087,992 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/05/06 09:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/08/20 19:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/13 18:36:19 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/08 13:19:25 | 000,035,064 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/01/07 07:42:08 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/10/31 10:47:18 | 000,035,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WLRAWMp50x64.sys -- (WLRAWMp50x64)
DRV:64bit: - [2013/10/31 10:47:18 | 000,034,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WLRAWSp50x64.sys -- (WLRAWSp50x64)
DRV:64bit: - [2013/08/06 14:13:30 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/03/18 15:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/13 14:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/09/03 00:59:26 | 000,349,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/21 21:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/05/11 09:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 08:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/09 16:31:36 | 000,032,280 | ---- | M] (Intellon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbethmp.sys -- (A_USBETHMP)
DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 15:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 15:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/08/22 14:26:32 | 000,021,648 | ---- | M] (SRS Labs, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZCinema_SRS_amd64.sys -- (ZCinema_TSHD_x64)
DRV:64bit: - [2007/02/12 16:56:08 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2007/01/12 18:43:40 | 000,037,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2013/10/31 10:47:18 | 000,035,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WLRAWMp50x64.sys -- (WLRAWMp50x64)
DRV - [2013/10/31 10:47:18 | 000,034,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WLRAWSp50x64.sys -- (WLRAWSp50x64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\..\SearchScopes\{A95C09AC-0593-4FEF-898E-A147C363BCAB}: "URL" = http://www.google.co...&rlz=1I7ADSA_en
IE - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...ogle Search&q="
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..keyword.URL: "http://www.google.co...ogle Search&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Sheyenne Alvarez\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/18 22:23:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/10 08:38:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/09 11:43:09 | 000,000,000 | ---D | M]
 
[2014/12/04 10:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Extensions
[2014/12/05 10:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions
[2014/12/04 13:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/04 13:09:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/12/12 09:32:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [DKADGmon] C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe (NTI Corporation)
O4 - HKLM..\Run: [DKADGmon] C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe ()
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000..\Run: [Amazon Music] C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
O4 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000..\Run: [DKab1err] C:\Program Files (x86)\Dell\ErrorApp\DKab1err.exe ()
O4 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000..\Run: [DKADGmon] C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe ()
O4 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000..\Run: [MotoCast] C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - Startup: C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
O4 - Startup: C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3854915487-3061028145-266851286-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D516469-D24C-4900-82CF-A21B89F6B1CB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF58AFA-1D29-46DA-BB69-5A747894F98C}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/12 09:32:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/12/12 09:05:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/12/12 09:05:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/12/12 09:05:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/12/12 09:05:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/12/12 09:04:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/12/12 09:01:57 | 005,600,944 | R--- | C] (Swearware) -- C:\Users\Sheyenne Alvarez\Desktop\ComboFix.exe
[2014/12/10 03:32:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/10 03:05:00 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014/12/10 03:05:00 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/12/09 15:02:04 | 001,232,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2014/12/09 15:02:04 | 000,830,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2014/12/09 15:02:04 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014/12/09 15:02:03 | 001,083,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/12/09 15:02:03 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2014/12/09 15:02:03 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/12/09 15:02:03 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014/12/09 15:02:03 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/12/09 15:01:56 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/12/09 15:01:50 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/12/09 15:01:50 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/12/09 15:01:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/12/09 15:01:50 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/12/09 15:01:50 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/12/09 15:01:49 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/12/09 15:01:49 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/12/09 15:01:49 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/12/09 15:01:48 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/12/09 15:01:47 | 002,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/12/09 15:01:47 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/12/09 15:01:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/12/09 15:01:46 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/12/09 15:01:46 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/12/09 15:01:46 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/12/09 15:01:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/12/09 15:01:46 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/12/09 15:01:46 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/12/09 15:01:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/12/09 15:01:45 | 002,125,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/12/09 15:01:45 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/12/09 15:01:45 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/12/09 15:01:44 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/12/09 15:01:44 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/12/09 15:01:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/12/09 15:01:44 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/12/09 15:01:43 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/12/09 15:01:43 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/12/09 15:01:43 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/12/09 15:01:43 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/12/09 15:01:43 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/12/09 15:01:42 | 006,039,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/12/09 15:01:42 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/12/09 15:01:42 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/12/09 15:01:42 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/12/09 15:01:19 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe
[2014/12/09 15:01:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2014/12/09 15:01:18 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2014/12/09 15:01:18 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2014/12/09 15:01:18 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2014/12/09 15:01:18 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2014/12/09 15:01:18 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2014/12/09 15:01:18 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2014/12/09 15:01:18 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2014/12/09 15:01:18 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2014/12/09 07:05:42 | 000,000,000 | ---D | C] -- C:\Users\Sheyenne Alvarez\Desktop\FRST-OlderVersion
[2014/12/08 07:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/12/05 09:55:50 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/05 09:55:15 | 002,119,168 | ---- | C] (Farbar) -- C:\Users\Sheyenne Alvarez\Desktop\FRST64.exe
[2014/12/05 09:48:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/05 09:47:33 | 001,707,646 | ---- | C] (Thisisu) -- C:\Users\Sheyenne Alvarez\Desktop\JRT.exe
[2014/12/05 09:26:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/04 15:51:19 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/12/04 15:51:19 | 000,000,000 | ---D | C] -- C:\Users\Sheyenne Alvarez\AppData\Local\Temp
[2014/12/04 10:13:04 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/12/04 09:39:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/12/02 12:47:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sheyenne Alvarez\Desktop\OTL.exe
[2014/11/19 04:31:16 | 001,217,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FM20.DLL
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/15 16:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/15 12:55:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/15 11:15:02 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSheyenne Alvarez.job
[2014/12/15 09:18:46 | 002,119,168 | ---- | M] (Farbar) -- C:\Users\Sheyenne Alvarez\Desktop\FRST64.exe
[2014/12/15 09:18:15 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/15 09:18:15 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/15 09:10:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/15 09:09:51 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/14 18:37:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSHEYENNEALVAREZ$.job
[2014/12/13 18:36:19 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/13 09:00:23 | 000,322,976 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Documents\Alvarez change email address.PDF
[2014/12/12 09:32:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/12/12 09:02:06 | 005,600,944 | R--- | M] (Swearware) -- C:\Users\Sheyenne Alvarez\Desktop\ComboFix.exe
[2014/12/11 09:50:16 | 000,000,408 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms
[2014/12/08 13:19:25 | 000,035,064 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/12/08 07:29:32 | 000,852,487 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Desktop\SecurityCheck (2).exe
[2014/12/08 07:11:05 | 015,201,368 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Desktop\RogueKiller.exe
[2014/12/05 09:47:37 | 001,707,646 | ---- | M] (Thisisu) -- C:\Users\Sheyenne Alvarez\Desktop\JRT.exe
[2014/12/05 09:25:22 | 002,153,472 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Desktop\AdwCleaner(1).exe
[2014/12/04 15:45:14 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/12/04 14:41:11 | 000,186,431 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Documents\bookmarks.html
[2014/12/04 13:09:05 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/12/04 10:54:42 | 000,000,008 | RHS- | M] () -- C:\Users\Sheyenne Alvarez\ntuser.pol
[2014/12/04 10:09:19 | 001,295,360 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Desktop\zoek.exe
[2014/12/03 20:50:55 | 000,413,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/12/03 20:50:45 | 000,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2014/12/03 20:50:40 | 000,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014/12/03 20:50:38 | 000,830,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2014/12/03 20:50:37 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/12/03 20:50:37 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014/12/03 20:44:48 | 001,083,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/12/02 12:50:13 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/02 12:47:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sheyenne Alvarez\Desktop\OTL.exe
[2014/12/01 21:52:22 | 000,137,540 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Documents\Sheyenne Resume for Bus. Plan class.dotx
[2014/12/01 17:28:44 | 001,232,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2014/11/28 14:18:57 | 006,558,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/28 14:18:57 | 002,223,910 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/28 14:18:57 | 002,137,818 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/21 21:06:11 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/11/21 20:50:39 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/11/21 20:50:10 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/11/21 20:49:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/11/21 20:48:20 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/11/21 20:40:41 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/11/21 20:37:10 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/11/21 20:35:43 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/11/21 20:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/11/21 20:34:51 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/11/21 20:34:07 | 006,039,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/11/21 20:26:31 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/11/21 20:22:40 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/11/21 20:14:16 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/11/21 20:09:12 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/11/21 20:08:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/11/21 20:07:17 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/11/21 20:06:32 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/11/21 20:05:02 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/11/21 20:05:01 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/11/21 19:58:54 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/11/21 19:56:40 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/11/21 19:55:16 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/11/21 19:54:30 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/11/21 19:49:29 | 000,718,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/11/21 19:49:28 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/11/21 19:47:10 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/11/21 19:46:58 | 002,125,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/11/21 19:40:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/11/21 19:36:14 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/11/21 19:35:24 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/11/21 19:22:49 | 002,052,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/11/21 19:21:57 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/11/21 19:03:42 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/11/21 18:54:44 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/19 04:31:16 | 001,217,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\FM20.DLL
[2014/11/17 13:50:32 | 000,011,479 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Documents\Numbers.jpg
 
========== Files Created - No Company Name ==========
 
[2014/12/13 09:00:23 | 000,322,976 | ---- | C] () -- C:\Users\Sheyenne Alvarez\Documents\Alvarez change email address.PDF
[2014/12/12 09:05:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/12/12 09:05:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/12/12 09:05:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/12/12 09:05:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/12/12 09:05:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/12/08 07:29:26 | 000,852,487 | ---- | C] () -- C:\Users\Sheyenne Alvarez\Desktop\SecurityCheck (2).exe
[2014/12/08 07:11:39 | 000,035,064 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/12/08 07:10:53 | 015,201,368 | ---- | C] () -- C:\Users\Sheyenne Alvarez\Desktop\RogueKiller.exe
[2014/12/05 09:25:17 | 002,153,472 | ---- | C] () -- C:\Users\Sheyenne Alvarez\Desktop\AdwCleaner(1).exe
[2014/12/04 15:51:20 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/12/04 14:41:10 | 000,186,431 | ---- | C] () -- C:\Users\Sheyenne Alvarez\Documents\bookmarks.html
[2014/12/04 10:09:11 | 001,295,360 | ---- | C] () -- C:\Users\Sheyenne Alvarez\Desktop\zoek.exe
[2014/12/01 21:52:16 | 000,137,540 | ---- | C] () -- C:\Users\Sheyenne Alvarez\Documents\Sheyenne Resume for Bus. Plan class.dotx
[2014/11/17 13:50:31 | 000,011,479 | ---- | C] () -- C:\Users\Sheyenne Alvarez\Documents\Numbers.jpg
[2014/07/20 13:55:04 | 000,000,110 | ---- | C] () -- C:\Users\Sheyenne Alvarez\jobq.dat
[2014/01/17 09:33:02 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/10/12 21:42:05 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lexlog.dll
[2012/03/10 00:18:51 | 000,000,008 | RHS- | C] () -- C:\Users\Sheyenne Alvarez\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/05/15 14:38:43 | 000,000,000 | ---D | M] -- C:\Users\Dario Jr\AppData\Roaming\com.jakks.spynet
[2013/12/19 18:30:35 | 000,000,000 | ---D | M] -- C:\Users\Dario Jr\AppData\Roaming\Motorola Mobility
[2012/03/14 08:22:46 | 000,000,000 | ---D | M] -- C:\Users\Dario Jr\AppData\Roaming\V715w
[2013/12/18 13:12:47 | 000,000,000 | ---D | M] -- C:\Users\Gabriella\AppData\Roaming\Motorola Mobility
[2012/07/07 14:18:18 | 000,000,000 | ---D | M] -- C:\Users\Gabriella\AppData\Roaming\Pantech
[2012/03/14 10:31:17 | 000,000,000 | ---D | M] -- C:\Users\Gabriella\AppData\Roaming\V715w
[2012/06/05 20:14:06 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\com.jakks.spynet
[2013/09/21 05:39:58 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Motorola Mobility
[2012/03/29 15:14:28 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\V715w
[2013/12/15 14:31:33 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\.mono
[2014/04/21 13:41:25 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\1O1L1I1PtF1F1C1N
[2011/06/11 10:00:33 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Amazon
[2012/01/13 09:51:37 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Azureus
[2012/09/01 14:00:57 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\com.amazon.music.uploader
[2011/12/27 12:45:27 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\com.jakks.spynet
[2014/12/15 09:12:28 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox
[2014/05/19 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\GoPro
[2011/08/20 14:00:00 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\InstallJammer Registry
[2012/01/01 23:07:15 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\iPodder
[2011/11/05 15:28:54 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Leadertech
[2014/01/17 10:31:55 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\McGraw-HillLicensing
[2014/12/15 08:37:16 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\MotoCast
[2013/08/19 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Motorola
[2013/08/19 19:06:42 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Motorola Mobility
[2011/05/25 23:34:46 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\MyPublisher
[2013/06/29 22:05:29 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Oracle
[2014/04/21 14:21:11 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\OverDrive
[2012/02/02 22:12:12 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Panda Security
[2011/03/05 23:08:08 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\PictureMover
[2011/08/18 17:08:28 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\PlayFirst
[2011/08/20 16:07:43 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Riverpoint Writer
[2011/05/14 09:28:49 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Unity
[2011/03/07 08:30:33 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\V715w
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 07:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/11 20:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2014/07/06 20:06:31 | 000,187,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2014/07/06 19:40:07 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 07:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 06:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 07:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014/04/11 20:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 07:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 07:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/04/11 20:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 07:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 07:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 06:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 07:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 07:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 06:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 07:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2014/10/02 20:11:51 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2014/10/02 20:11:51 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 07:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 07:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 07:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 07:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 06:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2014/05/14 10:23:46 | 002,477,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 07:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/18 22:39:07 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/18 22:39:44 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/18 22:39:07 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2011/02/18 22:38:16 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/02/18 22:39:44 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/02/18 22:38:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/02/18 22:39:44 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/02/18 22:38:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/02/18 22:39:44 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/18 22:39:07 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/02/18 22:38:16 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011/02/18 22:39:07 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: QMGR.DLL  >
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 19:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
 
< MD5 for: RPCSS.DLL  >
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/13 19:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
 
< MD5 for: SERVICES  >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2014/12/03 00:31:22 | 000,559,635 | ---- | M] () MD5=AFFD91B51B9B97B2E93DA3216E291977 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.DLL  >
[2010/10/21 10:11:14 | 004,465,432 | ---- | M] (SmartSound Software Inc.) MD5=09CFB48DF9A22C5B02A249778546422C -- C:\Program Files (x86)\SmartSound Software\Quicktracks 5\Services.dll
[2010/10/21 10:11:14 | 004,465,432 | ---- | M] (SmartSound Software Inc.) MD5=09CFB48DF9A22C5B02A249778546422C -- C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SmartSound Software\Quicktracks 5\Services.dll
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.HEARSTMAGS[1].XML  >
[2012/07/23 13:16:31 | 000,000,013 | ---- | M] () MD5=C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 -- C:\Users\Gabriella\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6GWDWRON\services.hearstmags[1].xml
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.SBS  >
[2013/07/16 11:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USER32.AMX  >
[2010/11/20 03:50:58 | 000,342,524 | ---- | M] () MD5=2FFFCC20E95D9DF2A4046328F6BB7AEC -- C:\Windows\SysNative\manifeststore\user32.amx
[2010/11/20 03:50:58 | 000,342,524 | ---- | M] () MD5=2FFFCC20E95D9DF2A4046328F6BB7AEC -- C:\Windows\winsxs\amd64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_fbf16a81c9f1ea8f\user32.amx
[2009/07/13 17:38:36 | 000,342,512 | ---- | M] () MD5=3B091A3E23D263AD36787541F528B59C -- C:\Windows\winsxs\amd64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7600.16385_none_f9c056b9cd0366f5\user32.amx
[2010/11/20 03:06:58 | 000,367,164 | ---- | M] () MD5=DE03DD1A689B53FB2B4A5E480AC7AA4F -- C:\Windows\SysWOW64\manifeststore\user32.amx
[2010/11/20 03:06:58 | 000,367,164 | ---- | M] () MD5=DE03DD1A689B53FB2B4A5E480AC7AA4F -- C:\Windows\winsxs\wow64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_064614d3fe52ac8a\user32.amx
[2009/07/13 17:25:11 | 000,367,152 | ---- | M] () MD5=EB5C28C6794A89EF22CB20FB92980C19 -- C:\Windows\winsxs\wow64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7600.16385_none_0415010c016428f0\user32.amx
 
< MD5 for: USER32.DLL  >
[2010/11/20 06:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010/11/20 06:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 06:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 19:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 19:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 07:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010/11/20 07:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 07:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USER32.DLL.MUI  >
[2010/11/20 05:59:20 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=6B63EA7979F501C37FC55A26CA162ACD -- C:\Windows\SysWOW64\en-US\user32.dll.mui
[2010/11/20 05:59:20 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=6B63EA7979F501C37FC55A26CA162ACD -- C:\Windows\winsxs\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_a678a78b761d8649\user32.dll.mui
[2009/07/13 20:26:16 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=7CA57982056C7BCED0B96A892F595802 -- C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99f2e97144ce40b4\user32.dll.mui
[2009/07/13 20:03:48 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=D448B52149F95F1250100F9BD0ED7152 -- C:\Windows\winsxs\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a44793c3792f02af\user32.dll.mui
[2010/11/20 06:58:48 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=EF9BC0D92F9AF6A446CA3179EFDA0CE0 -- C:\Windows\SysNative\en-US\user32.dll.mui
[2010/11/20 06:58:48 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=EF9BC0D92F9AF6A446CA3179EFDA0CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9c23fd3941bcc44e\user32.dll.mui
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2014/03/04 05:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 05:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 03:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/03/04 03:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/07/16 20:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014/07/16 20:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\erdnt\cache64\winlogon.exe
[2014/07/16 20:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014/07/16 20:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014/07/15 21:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[2014/07/15 21:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[2011/02/18 22:39:44 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/02/18 22:39:44 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is 1C47-EEB7
 Directory of C:\
07/13/2009  11:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  11:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  11:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  11:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/13/2009  11:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  11:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  11:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  11:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Dario Jr
03/14/2012  08:22 AM    <JUNCTION>     Application Data [C:\Users\Dario Jr\AppData\Roaming]
03/14/2012  08:22 AM    <JUNCTION>     Cookies [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Cookies]
03/14/2012  08:22 AM    <JUNCTION>     Local Settings [C:\Users\Dario Jr\AppData\Local]
03/14/2012  08:22 AM    <JUNCTION>     My Documents [C:\Users\Dario Jr\Documents]
03/14/2012  08:22 AM    <JUNCTION>     NetHood [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/14/2012  08:22 AM    <JUNCTION>     PrintHood [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/14/2012  08:22 AM    <JUNCTION>     Recent [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Recent]
03/14/2012  08:22 AM    <JUNCTION>     SendTo [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\SendTo]
03/14/2012  08:22 AM    <JUNCTION>     Start Menu [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Start Menu]
03/14/2012  08:22 AM    <JUNCTION>     Templates [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Dario Jr\AppData\Local
03/14/2012  08:22 AM    <JUNCTION>     Application Data [C:\Users\Dario Jr\AppData\Local]
03/14/2012  08:22 AM    <JUNCTION>     History [C:\Users\Dario Jr\AppData\Local\Microsoft\Windows\History]
03/14/2012  08:22 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Dario Jr\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Dario Jr\AppData\LocalLow
09/15/2012  12:12 PM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\Dario Jr\Documents
03/14/2012  08:22 AM    <JUNCTION>     My Music [C:\Users\Dario Jr\Music]
03/14/2012  08:22 AM    <JUNCTION>     My Pictures [C:\Users\Dario Jr\Pictures]
03/14/2012  08:22 AM    <JUNCTION>     My Videos [C:\Users\Dario Jr\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  11:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  11:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  11:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  11:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  11:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  11:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  11:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  11:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  11:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/13/2009  11:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  11:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  11:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Gabriella
03/14/2012  10:30 AM    <JUNCTION>     Application Data [C:\Users\Gabriella\AppData\Roaming]
03/14/2012  10:30 AM    <JUNCTION>     Cookies [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Cookies]
03/14/2012  10:30 AM    <JUNCTION>     Local Settings [C:\Users\Gabriella\AppData\Local]
03/14/2012  10:30 AM    <JUNCTION>     My Documents [C:\Users\Gabriella\Documents]
03/14/2012  10:30 AM    <JUNCTION>     NetHood [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/14/2012  10:30 AM    <JUNCTION>     PrintHood [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/14/2012  10:30 AM    <JUNCTION>     Recent [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Recent]
03/14/2012  10:30 AM    <JUNCTION>     SendTo [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\SendTo]
03/14/2012  10:30 AM    <JUNCTION>     Start Menu [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu]
03/14/2012  10:30 AM    <JUNCTION>     Templates [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Gabriella\AppData\Local
03/14/2012  10:30 AM    <JUNCTION>     Application Data [C:\Users\Gabriella\AppData\Local]
03/14/2012  10:30 AM    <JUNCTION>     History [C:\Users\Gabriella\AppData\Local\Microsoft\Windows\History]
03/14/2012  10:30 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Gabriella\AppData\LocalLow
08/03/2012  11:58 AM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\Gabriella\Documents
03/14/2012  10:30 AM    <JUNCTION>     My Music [C:\Users\Gabriella\Music]
03/14/2012  10:30 AM    <JUNCTION>     My Pictures [C:\Users\Gabriella\Pictures]
03/14/2012  10:30 AM    <JUNCTION>     My Videos [C:\Users\Gabriella\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/13/2009  11:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  11:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  11:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Roman
03/29/2012  03:13 PM    <JUNCTION>     Application Data [C:\Users\Roman\AppData\Roaming]
03/29/2012  03:13 PM    <JUNCTION>     Cookies [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Cookies]
03/29/2012  03:13 PM    <JUNCTION>     Local Settings [C:\Users\Roman\AppData\Local]
03/29/2012  03:13 PM    <JUNCTION>     My Documents [C:\Users\Roman\Documents]
03/29/2012  03:13 PM    <JUNCTION>     NetHood [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/29/2012  03:13 PM    <JUNCTION>     PrintHood [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/29/2012  03:13 PM    <JUNCTION>     Recent [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Recent]
03/29/2012  03:13 PM    <JUNCTION>     SendTo [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\SendTo]
03/29/2012  03:13 PM    <JUNCTION>     Start Menu [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu]
03/29/2012  03:13 PM    <JUNCTION>     Templates [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Roman\AppData\Local
03/29/2012  03:13 PM    <JUNCTION>     Application Data [C:\Users\Roman\AppData\Local]
03/29/2012  03:13 PM    <JUNCTION>     History [C:\Users\Roman\AppData\Local\Microsoft\Windows\History]
03/29/2012  03:13 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Roman\Documents
03/29/2012  03:13 PM    <JUNCTION>     My Music [C:\Users\Roman\Music]
03/29/2012  03:13 PM    <JUNCTION>     My Pictures [C:\Users\Roman\Pictures]
03/29/2012  03:13 PM    <JUNCTION>     My Videos [C:\Users\Roman\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Sheyenne Alvarez
03/05/2011  11:03 PM    <JUNCTION>     Application Data [C:\Users\Sheyenne Alvarez\AppData\Roaming]
03/05/2011  11:03 PM    <JUNCTION>     Cookies [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Cookies]
03/05/2011  11:03 PM    <JUNCTION>     Local Settings [C:\Users\Sheyenne Alvarez\AppData\Local]
03/05/2011  11:03 PM    <JUNCTION>     My Documents [C:\Users\Sheyenne Alvarez\Documents]
03/05/2011  11:03 PM    <JUNCTION>     NetHood [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/05/2011  11:03 PM    <JUNCTION>     PrintHood [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/05/2011  11:03 PM    <JUNCTION>     Recent [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Recent]
03/05/2011  11:03 PM    <JUNCTION>     SendTo [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\SendTo]
03/05/2011  11:03 PM    <JUNCTION>     Start Menu [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu]
03/05/2011  11:03 PM    <JUNCTION>     Templates [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Sheyenne Alvarez\AppData\Local
03/05/2011  11:03 PM    <JUNCTION>     Application Data [C:\Users\Sheyenne Alvarez\AppData\Local]
03/05/2011  11:03 PM    <JUNCTION>     History [C:\Users\Sheyenne Alvarez\AppData\Local\Microsoft\Windows\History]
03/05/2011  11:03 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Sheyenne Alvarez\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Sheyenne Alvarez\Documents
03/05/2011  11:03 PM    <JUNCTION>     My Music [C:\Users\Sheyenne Alvarez\Music]
03/05/2011  11:03 PM    <JUNCTION>     My Pictures [C:\Users\Sheyenne Alvarez\Pictures]
03/05/2011  11:03 PM    <JUNCTION>     My Videos [C:\Users\Sheyenne Alvarez\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
04/04/2011  08:26 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
04/04/2011  08:26 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
04/04/2011  08:26 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
04/04/2011  08:26 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
04/04/2011  08:26 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
04/04/2011  08:26 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
04/04/2011  08:26 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
04/04/2011  08:26 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
04/04/2011  08:26 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
04/04/2011  08:26 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
             109 Dir(s)  160,734,810,112 bytes free

< End of report >
 


  • 0

#51
Biscuithd
Posted 16 December 2014 - 09:02 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Now that Flash and Java are uninstalled are you still getting those notifications?

 

Also, is Explorer still an issue? I see some small oddities with Explorer, but not the huge issue that I'd hoped for. i.e. the one that would fix the problem in one fell swoop. So, let me know the full status of things and I think I'm going to call in one of my Instructors for a second opionion as I'm absolutely missing something here :(

 

BTW...I'm not passing you off, just asking for a second opinion. I'll still be with you. :thumbsup:


  • 0

#52
sheyennelilly
Posted 16 December 2014 - 12:36 PM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

I am still getting invalid destination popups.  I haven't gotten any script errors, but haven't been on the internet for an extended period.  I shut down my computer again and did not get the explorer.exe message, but that doesn't happen every time anyway.  It only happens sporadically.


  • 0

#53
sheyennelilly
Posted 16 December 2014 - 02:01 PM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

I'm also having issues with my sound now.  It started yesterday, but restarting the computer fixed it.  I thought maybe it was a side effect of uninstalling those programs, but I was just on YouTube watching some video and the sound was playing fine for quite a few videos and then I went to another one and it turned off.  I tried a couple more and same thing.  I went back to one I was watching with no problems and the sound wouldn't work on that anymore either.


  • 0

#54
Biscuithd
Posted 18 December 2014 - 08:31 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

Ok, after some consultation it is as I suspected. Your machine is Malware free and the issues are not malware related. The consensus is, that you need a repair Install. It is possible that a  Windows Repair (All In One) might suffice. It is at least worth a try since the Repair Install is signifficantly more involved. The suggestion is that since you and I have done many of the pre-steps, you could just skip to the Default Repairs, etc. If it isn't clear how to do that, it doesn't hurt to work through everything you see.

 

At this point you are right at the edge of my expertise. I am a very good Malware person and just an "ok" Hardware/Operating System person. I will guide you as well as I can, but we may need to refer you back to the Hardware/Operating System side of things (where you started) if things get complicated. Rest assured that you had signification malware infecting your machine (Zero Access infection among the worst), so your time here was well spent. Protracted, and you have my apologies for that, but well spent. :thumbsup:


  • 0

#55
sheyennelilly
Posted 18 December 2014 - 03:08 PM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Thank you for continuing to help me.  I really appreciate your time and efforts on my behalf.  I ran the Windows Repair (All in One) and I'm still seeing the invalid destination popup.  I haven't seen the script errors since I uninstalled all the programs you told me to the other day.


  • 0

Advertisements

#56
Biscuithd
Posted 19 December 2014 - 07:02 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Looks like you are going to need to do the Repair Install. To do that you'll need the original disk or perhaps a copy is in a different partition on your Hard Drive. Have a look at your original documentation.


  • 0

#57
sheyennelilly
Posted 19 December 2014 - 09:10 AM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

I don't think I have the original stuff.  I did find a disk that says Windows Anytime Upgrade, but it says Windows Vista.  The copyright is from 2006.


  • 0

#58
Biscuithd
Posted 19 December 2014 - 12:51 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

That sounds like you got to Windows 7 via an Upgrade from Vista. In any case, without the disk(s) I'm not sure there's not a lot you can do immediately. However, we are absolutely out of my area of expertise. I recommend that you open a Topic here and see what those folks have to say. :)


  • 0

#59
sheyennelilly
Posted 19 December 2014 - 01:01 PM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Okay, I will do that.  Thanks so much for your help.


  • 0

#60
Biscuithd
Posted 19 December 2014 - 01:02 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

You are very welcome! I'll keep this topic open for a few days in case you have any questions or if the W7 folks do.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP