Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Gremlins or hardware problem?

This is a discussion on Gremlins or hardware problem? within the Resolved HJT Threads forums, part of the Tech Support Forum category. Several symptoms, I can't tell if this is a hardwre or software problem 1. machine has become very slow, 2.


 
 
Thread Tools Search this Thread
Old 07-30-2015, 09:34 AM   #1
TSF Enthusiast
 
Join Date: Sep 2007
Location: Alberta Canada
Posts: 610
OS: Windows 7 Pro



Several symptoms, I can't tell if this is a hardwre or software problem

1. machine has become very slow,

2. Firefox freezes, when it starts it may open five or six tabs.

3. wireless mouse stops working, touch pad fails at the same time.

4. Sometimes freezes on the welcome screen, and mouse stops working. Have to power down and start over

5. Doesn't download from dropbox according seamlessly.

6. Had to start in safe mode with networking to post this.

Malwarebytes found nothing yesterday.

Avast free is running.

Tech specs:

Click image for larger version

Name:	Mach #2 specs.JPG
Views:	165
Size:	55.0 KB
ID:	246466


DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.51.2
Run by Diana at 10:25:07 on 2015-07-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2037.1221 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKE~1.LNK - C:\QUICKENW\QWDLLS.EXE
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{1A0DD12D-C6E3-4E55-816E-382188A5E019} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB} : DHCPNameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\25F6467756C6C6D27657563747 : DHCPNameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\3414D405D2D41494E4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\3427F677E65605C616A716D27457563747 : DHCPNameServer = 173.243.32.50 8.8.8.8
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\C49626271627970275962756C6563737 : DHCPNameServer = 4.2.2.2 4.2.2.3
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-9-27 31080]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-11-15 76912]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-21 65224]
S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-21 274808]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-21 1048856]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-21 447944]
S2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-8 28656]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-21 90968]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-9 150160]
S2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-7-27 146600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-16 136048]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-14 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-14 1133880]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-9-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-9-27 301680]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-9-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-9-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-9-27 156520]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-9-27 278640]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-16 136048]
S3 EUCR;EUCR;C:\Windows\System32\drivers\EUCR6SK.sys [2010-11-15 88912]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-15 114688]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-11-23 29184]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-2-16 25816]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-2-16 113880]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-14 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-1-19 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-1-19 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-9-27 52896]
S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-15 321104]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-18 868896]
S4 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-11-15 135560]
S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-15 13336]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-11-15 243232]
.
=============== Created Last 30 ================
.
2015-07-30 02:30:40 12222168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{44D88405-2854-453F-869E-1778C8F43EF5}\mpengine.dll
2015-07-28 05:09:19 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 05:09:18 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 05:09:18 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 05:09:18 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 05:09:18 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-28 05:09:18 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 05:09:17 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 05:09:17 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-27 16:29:58 -------- d-----w- C:\Users\Diana\AppData\Local\Dropbox
2015-07-27 09:34:12 43112 ----a-w- C:\Windows\avastSS.scr
2015-07-25 06:19:08 -------- d-----w- C:\Users\Diana\Dropbox
2015-07-20 18:00:49 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-20 18:00:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-20 18:00:48 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-20 18:00:48 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-20 18:00:48 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-20 18:00:48 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-20 18:00:48 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-20 18:00:48 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-20 18:00:48 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-20 18:00:48 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-19 17:12:42 -------- d-----w- C:\Users\Diana\Dropbox diana
2015-07-16 17:58:51 -------- d-----w- C:\Program Files (x86)\Dropbox
2015-07-15 10:36:31 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-15 10:35:58 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-15 10:34:42 429568 ----a-w- C:\Windows\System32\wksprt.exe
2015-07-15 10:33:51 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-15 10:32:59 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-07-15 10:32:59 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-07-15 10:32:59 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2015-07-15 10:32:59 25088 ----a-w- C:\Windows\System32\msimsg.dll
2015-07-10 13:43:51 -------- d-sh--w- C:\$RECYCLE.BIN
2015-07-10 1333 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-04 13:10:52 -------- d-----w- C:\AdwCleaner
.
==================== Find3M ====================
.
2015-07-30 16:08:55 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-27 16:03:20 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-27 16:03:20 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-27 09:34:17 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-07-27 09:34:17 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-07-27 09:34:17 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-07-27 09:34:17 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-07-27 09:34:17 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-07-27 09:34:17 150160 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-07-27 09:34:01 1048856 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-23 19:30:20 300704 ------w- C:\Windows\System32\MpSigStub.exe
2015-06-20 2050 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-18 14:41:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-06-18 14:41:44 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-18 14:41:40 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-06-15 21:50:42 112064 ----a-w- C:\Windows\System32\consent.exe
2015-06-15 21:45:42 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-06-15 21:45:34 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-06-15 21:44:47 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-06-15 21:43:35 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-06-15 21:43:35 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-06-15 21:43:24 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-06-15 21:42:49 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
.
============= FINISH: 10:27:07.94 ===============

attach.zip
Gene145 is offline  
Sponsored Links
Advertisement
 
Old 08-01-2015, 04:02 PM   #2
TSF Enthusiast
 
Join Date: Sep 2007
Location: Alberta Canada
Posts: 610
OS: Windows 7 Pro



And Thunderbird can't receive messages or show its folders, but it can send messages, in normal windows operating mode, i.e not safe.
Gene145 is offline  
Old 08-03-2015, 06:48 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Gene45. I'm not seeing any malware. What does an ESET Online Scanner find?

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 08-04-2015, 11:36 AM   #4
TSF Enthusiast
 
Join Date: Sep 2007
Location: Alberta Canada
Posts: 610
OS: Windows 7 Pro



ESET found no treats, as Malwarebytes and avast free scan did not.

ESET was run inside IE in safe mode. IE has the same issues as firefox.

I was not able to attach additon.txt, so I pasted it.

ADW log follows:

# AdwCleaner v4.208 - Logfile created 04/08/2015 at 08:24:13
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Diana - GENE-PC
# Running from : C:\Users\Diana\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccncljhbalbbkkfgopogabimepmfkmff
File Deleted : C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dchmpbaclbiioedakpcldenooikekokm
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****

Task Deleted : TweakBit\Driver Updater\Start Driver Updater ?n logon

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v44.0.2403.125


*************************

AdwCleaner[R0].txt - [1209 bytes] - [04/08/2015 08:14:03]
AdwCleaner[S0].txt - [1142 bytes] - [04/08/2015 08:24:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1201 bytes] ##########

FRST log follows.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Diana (administrator) on GENE-PC (04-08-2015 11:47:16)
Running from C:\Users\Diana\Desktop
Loaded Profiles: Diana (Available Profiles: Gene & Diana & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-27] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39179912 2015-07-23] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-724223114-981428568-4039481322-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2015-01-19]
ShortcutTarget: Quicken Startup.lnk -> C:\QUICKENW\QWDLLS.EXE (Intuit)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-27] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKU\S-1-5-21-724223114-981428568-4039481322-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\S-1-5-21-724223114-981428568-4039481322-1004\Software\Microsoft\Internet Explorer\Main,Start Page = Google
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-27] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-27] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} https://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2013-06-03] (Intuit, Inc.)
Tcpip\Parameters: [DhcpNameServer] 216.234.161.25 216.194.64.160
Tcpip\..\Interfaces\{1A0DD12D-C6E3-4E55-816E-382188A5E019}: [DhcpNameServer] 216.234.161.25 216.194.64.160
Tcpip\..\Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}: [DhcpNameServer] 216.234.161.25 216.194.64.160

FireFox:
========
FF ProfilePath: C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-27] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-09]
FF Extension: Flash and Video Download - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-07-24]
FF Extension: CookieKeeper - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\[email protected] [2015-01-22]
FF Extension: JavaScript Deobfuscator - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\[email protected]xpi [2015-05-26]
FF Extension: Adblock Plus - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-08]
FF Extension: QuickJava - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-05-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-10-21]

Chrome:
=======
CHR Profile: C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-09]
CHR HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Diana\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-20]
CHR HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-27] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-27] (Dropbox, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-06-03] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-27] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-27] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-27] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-27] (AVAST Software)
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [88912 2010-06-17] (ENE Technology Inc.)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-11-23] (libusb-win32 / Wiki / Home)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-11-23] (libusb-win32 / Wiki / Home)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S4 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34712 2000-05-31] (Marimba, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-04 11:47 - 2015-08-04 11:53 - 00017000 _____ C:\Users\Diana\Desktop\FRST.txt
2015-08-04 11:46 - 2015-08-04 11:48 - 00000000 ____D C:\FRST
2015-08-04 11:43 - 2015-08-04 11:44 - 02169856 _____ (Farbar) C:\Users\Diana\Desktop\FRST64.exe
2015-08-04 08:27 - 2015-08-04 08:27 - 00001281 _____ C:\Users\Diana\Desktop\AdwCleaner[S0].txt
2015-08-04 08:11 - 2015-08-04 08:11 - 02248704 _____ C:\Users\Diana\Desktop\AdwCleaner.exe
2015-08-01 11:06 - 2015-08-01 13:10 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\422E27AF.sys
2015-07-30 10:28 - 2015-07-30 10:28 - 00003030 _____ C:\Users\Diana\Desktop\attach.zip
2015-07-30 10:27 - 2015-07-30 10:27 - 00020076 _____ C:\Users\Diana\Desktop\dds.txt
2015-07-30 10:27 - 2015-07-30 10:27 - 00007861 _____ C:\Users\Diana\Desktop\attach.txt
2015-07-30 10:23 - 2015-07-30 10:23 - 00688992 ____R (Swearware) C:\Users\Diana\Desktop\dds.scr
2015-07-28 14:25 - 2015-08-04 11:26 - 00000504 _____ C:\Windows\setupact.log
2015-07-28 14:25 - 2015-07-28 14:25 - 00000000 _____ C:\Windows\setuperr.log
2015-07-28 09:15 - 2015-07-28 09:16 - 06609608 _____ (Piriform Ltd) C:\Users\Diana\Downloads\ccsetup508.exe
2015-07-27 23:09 - 2015-07-25 12:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-27 23:09 - 2015-07-25 12:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-27 23:09 - 2015-07-25 12:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-27 23:09 - 2015-07-25 12:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-27 23:09 - 2015-07-25 12:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-27 23:09 - 2015-07-25 12:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-27 23:09 - 2015-07-25 12:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-27 23:09 - 2015-07-25 11:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-27 12:26 - 2015-07-27 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-27 10:41 - 2015-07-27 10:41 - 00001230 _____ C:\Users\Diana\Desktop\Dropbox.lnk
2015-07-27 10:29 - 2015-08-04 11:31 - 00000000 ____D C:\Users\Diana\AppData\Local\Dropbox
2015-07-27 10:29 - 2015-07-27 10:29 - 00660960 _____ (Dropbox, Inc.) C:\Users\Diana\Downloads\DropboxInstaller(3).exe
2015-07-27 10:04 - 2015-07-27 10:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-07-27 10:04 - 2015-07-27 10:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-07-27 03:34 - 2015-07-27 03:34 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-27 03:34 - 2015-07-27 03:34 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-25 00:19 - 2015-08-04 11:35 - 00000000 ____D C:\Users\Diana\Dropbox
2015-07-24 23:55 - 2015-07-24 23:55 - 00000000 _____ C:\Users\Gene\AppData\Local\{572B0561-D153-4212-A123-91EF7713B9B8}
2015-07-22 18:01 - 2015-07-22 18:01 - 00000000 ____D C:\Users\Diana\Desktop\drppedNew folder
2015-07-21 09:32 - 2015-07-21 09:32 - 00660960 _____ (Dropbox, Inc.) C:\Users\Diana\Downloads\DropboxInstaller(2).exe
2015-07-20 12:00 - 2015-07-14 21:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 12:00 - 2015-07-14 21:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 12:00 - 2015-07-14 21:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 12:00 - 2015-07-14 21:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 12:00 - 2015-07-14 20:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 12:00 - 2015-07-14 20:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 12:00 - 2015-07-14 20:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-20 12:00 - 2015-07-14 20:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-20 12:00 - 2015-07-14 19:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 12:00 - 2015-07-14 19:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 11:57 - 2015-07-20 11:57 - 00003176 _____ C:\Windows\System32\Tasks\{D7E0D37D-AC96-4A3E-ACF6-FF79305DEB8A}
2015-07-20 11:40 - 2015-07-20 11:41 - 00000000 ____D C:\Users\Diana\Documents\recipe
2015-07-20 11:39 - 2015-07-20 12:16 - 00000000 ____D C:\Users\Diana\Documents\memorial
2015-07-20 11:37 - 2015-07-20 11:43 - 00000000 ____D C:\Users\Diana\Documents\Lists
2015-07-20 11:19 - 2015-07-20 12:14 - 00000000 ____D C:\Users\Diana\Documents\Medical
2015-07-19 13:50 - 2015-07-19 13:50 - 01260252 _____ C:\Users\Diana\Downloads\Scotia.zip
2015-07-19 13:47 - 2015-07-19 13:48 - 05836844 _____ C:\Users\Diana\Downloads\qdata97.zip
2015-07-19 12:30 - 2015-07-19 12:31 - 20428547 _____ C:\Users\Diana\Downloads\Gene's stuff (1).zip
2015-07-19 12:30 - 2015-07-19 12:30 - 00624128 _____ C:\Users\Diana\Downloads\Contact.backup_20150719_1230.epim
2015-07-19 11:37 - 2015-07-22 17:56 - 00000000 ____D C:\Users\Diana\Desktop\Gene's stuff (1)
2015-07-19 11:31 - 2015-07-19 14:07 - 02842624 _____ C:\Users\Diana\Downloads\Contact.EPIM
2015-07-19 11:12 - 2015-07-25 00:14 - 00000000 ____D C:\Users\Diana\Dropbox diana
2015-07-19 11:04 - 2015-07-19 11:04 - 00660960 _____ (Dropbox, Inc.) C:\Users\Diana\Downloads\DropboxInstaller(1).exe
2015-07-19 07:51 - 2015-07-19 07:52 - 01187008 _____ (Adobe Systems Incorporated) C:\Users\Diana\Downloads\flashplayer18_ha_install.exe
2015-07-17 11:09 - 2015-07-17 11:09 - 00002006 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-07-17 11:09 - 2015-07-17 11:09 - 00002004 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-07-17 11:09 - 2015-07-17 11:09 - 00001994 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-07-17 11:09 - 2015-07-17 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-17 11:04 - 2015-07-17 11:04 - 00931408 _____ (Google Inc.) C:\Users\Diana\Downloads\googledrivesync.exe
2015-07-16 21:10 - 2015-07-17 07:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-07-16 12:41 - 2015-07-16 12:42 - 11887352 _____ C:\Users\Diana\Downloads\EssentialPIM6.exe
2015-07-16 11:59 - 2015-08-04 11:27 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-16 11:59 - 2015-08-04 08:36 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-16 11:59 - 2015-07-27 10:31 - 00003902 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-16 11:59 - 2015-07-27 10:31 - 00003650 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-16 11:58 - 2015-07-27 12:26 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-07-16 11:58 - 2015-07-16 11:58 - 00660960 _____ (Dropbox, Inc.) C:\Users\Diana\Downloads\DropboxInstaller.exe
2015-07-15 04:37 - 2015-06-25 12:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 04:37 - 2015-06-25 11:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 04:37 - 2015-06-20 14:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 04:37 - 2015-06-20 13:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 04:37 - 2015-06-20 13:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 04:37 - 2015-06-20 13:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 04:37 - 2015-06-20 13:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 04:37 - 2015-06-20 13:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 04:37 - 2015-06-20 13:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 04:37 - 2015-06-20 13:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 04:37 - 2015-06-20 13:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 04:37 - 2015-06-20 13:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 04:37 - 2015-06-20 13:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 04:37 - 2015-06-20 13:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 04:37 - 2015-06-20 13:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 04:37 - 2015-06-20 13:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 04:37 - 2015-06-20 13:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 04:37 - 2015-06-20 13:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 04:37 - 2015-06-20 13:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 04:37 - 2015-06-20 12:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 04:37 - 2015-06-20 12:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 04:37 - 2015-06-20 12:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 04:37 - 2015-06-20 12:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 04:37 - 2015-06-20 12:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 04:37 - 2015-06-20 12:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 04:37 - 2015-06-19 12:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 04:37 - 2015-06-19 12:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 04:37 - 2015-06-19 12:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 04:37 - 2015-06-19 12:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 04:37 - 2015-06-19 12:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 04:37 - 2015-06-19 12:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 04:37 - 2015-06-19 12:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 04:37 - 2015-06-19 12:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 04:37 - 2015-06-19 12:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 04:37 - 2015-06-19 12:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 04:37 - 2015-06-19 11:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 04:37 - 2015-06-19 11:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 04:37 - 2015-06-19 11:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 04:37 - 2015-06-19 11:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 04:37 - 2015-06-19 11:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 04:37 - 2015-06-19 11:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 04:37 - 2015-06-19 11:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 04:37 - 2015-06-19 11:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 04:37 - 2015-06-19 11:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 04:36 - 2015-07-09 11:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 04:36 - 2015-07-09 11:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 04:36 - 2015-07-09 11:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 04:36 - 2015-07-09 11:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 04:36 - 2015-07-09 11:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 04:36 - 2015-07-09 11:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 04:36 - 2015-07-09 11:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 04:36 - 2015-07-04 12:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 04:36 - 2015-07-04 11:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 04:36 - 2015-06-25 02:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 04:36 - 2015-06-17 11:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 04:36 - 2015-06-17 11:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 04:36 - 2015-06-09 12:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 04:36 - 2015-06-09 12:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 04:36 - 2015-06-01 18:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 04:36 - 2015-06-01 17:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 04:35 - 2015-07-02 15:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 04:35 - 2015-07-02 15:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 04:35 - 2015-07-02 14:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 04:35 - 2015-07-02 14:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 04:35 - 2015-07-02 14:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 04:35 - 2015-07-02 14:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 04:35 - 2015-07-02 14:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 04:35 - 2015-07-02 14:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 04:35 - 2015-07-02 14:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 04:35 - 2015-07-02 13:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 04:35 - 2015-07-02 13:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 04:35 - 2015-07-02 12:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 04:35 - 2015-06-26 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 04:35 - 2015-06-26 20:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 04:35 - 2015-06-26 19:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 04:35 - 2015-06-26 19:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 04:34 - 2015-06-11 11:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 04:34 - 2015-06-11 11:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 04:34 - 2015-06-11 11:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 04:34 - 2015-06-11 11:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 04:34 - 2015-06-11 11:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 04:34 - 2015-06-11 11:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 04:34 - 2015-06-11 07:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 04:34 - 2015-04-27 13:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 04:34 - 2015-04-27 13:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 04:34 - 2015-04-27 13:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 04:34 - 2015-04-27 13:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 04:34 - 2015-04-27 13:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 04:34 - 2015-04-27 13:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 04:34 - 2015-04-27 13:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 04:34 - 2015-04-27 13:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 04:33 - 2015-07-01 14:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 04:33 - 2015-07-01 14:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 04:33 - 2015-07-01 14:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 04:33 - 2015-07-01 14:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 04:33 - 2015-07-01 14:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 04:33 - 2015-07-01 14:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 04:33 - 2015-07-01 14:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 04:33 - 2015-07-01 14:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 04:33 - 2015-07-01 14:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 04:33 - 2015-07-01 14:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 04:33 - 2015-07-01 14:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 04:33 - 2015-07-01 14:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 04:33 - 2015-07-01 14:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 04:33 - 2015-07-01 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 04:33 - 2015-07-01 14:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 04:33 - 2015-07-01 14:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 04:33 - 2015-07-01 13:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 04:33 - 2015-07-01 13:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 04:33 - 2015-07-01 13:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 04:33 - 2015-06-15 15:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 04:33 - 2015-06-15 15:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 04:33 - 2015-06-15 15:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 04:33 - 2015-06-15 15:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 04:33 - 2015-06-15 15:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 04:33 - 2015-06-15 15:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 04:33 - 2015-06-15 15:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 04:33 - 2015-06-15 15:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 04:32 - 2015-06-15 15:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 04:32 - 2015-06-15 15:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 04:32 - 2015-06-15 15:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 04:32 - 2015-06-15 15:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-11 08:09 - 2015-07-11 08:12 - 00001684 _____ C:\Users\Diana\Downloads\SystemLook.txt
2015-07-11 08:08 - 2015-07-11 08:08 - 00165376 _____ C:\Users\Diana\Downloads\SystemLook_x64.exe
2015-07-10 07:06 - 2015-07-21 07:58 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-10 07:05 - 2015-07-10 07:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-10 07:01 - 2015-07-10 07:01 - 00561248 _____ (Oracle Corporation) C:\Users\Diana\Downloads\jxpiinstall(3).exe
2015-07-10 06:59 - 2015-07-10 06:59 - 00003134 _____ C:\Windows\System32\Tasks\{5B690017-B640-4768-8620-B4808B5DB04A}
2015-07-10 06:57 - 2015-07-10 06:57 - 00561248 _____ (Oracle Corporation) C:\Users\Diana\Downloads\jxpiinstall(2).exe
2015-07-09 18:34 - 2015-07-09 18:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-09 18:34 - 2015-07-09 18:34 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-07-09 18:32 - 2015-07-27 10:04 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-09 18:22 - 2015-07-09 18:27 - 141015434 _____ C:\Users\Diana\Downloads\AdbeRdr11000_mui_Std(1).zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-04 11:33 - 2010-12-18 12:07 - 01620307 _____ C:\Windows\WindowsUpdate.log
2015-08-04 11:32 - 2011-10-21 09:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-04 11:28 - 2015-02-16 17:28 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-04 11:27 - 2011-10-21 09:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-04 11:26 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-04 08:37 - 2009-07-13 22:45 - 00009920 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-04 08:37 - 2009-07-13 22:45 - 00009920 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-04 08:24 - 2015-07-04 07:10 - 00000000 ____D C:\AdwCleaner
2015-08-04 07:58 - 2012-07-11 09:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-03 20:21 - 2012-07-24 08:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-01 13:45 - 2011-12-12 13:36 - 00000000 ____D C:\Users\Diana\AppData\Local\Thunderbird
2015-07-29 17:38 - 2010-11-15 01:56 - 00000000 ____D C:\OEM
2015-07-29 05:38 - 2013-08-30 10:50 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-28 11:58 - 2015-02-16 17:27 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-28 11:58 - 2014-12-14 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-28 11:58 - 2014-12-14 17:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-28 09:17 - 2011-11-18 15:31 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-28 09:17 - 2011-11-18 15:30 - 00000000 ____D C:\Program Files\CCleaner
2015-07-28 07:58 - 2012-01-07 21:44 - 00758948 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-28 07:58 - 2009-07-13 23:13 - 00758948 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-28 07:47 - 2014-05-07 03:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-27 10:04 - 2014-12-03 21:26 - 00000000 ____D C:\Users\Diana\AppData\Local\Adobe
2015-07-27 10:03 - 2012-07-24 08:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-27 10:03 - 2012-07-24 08:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-27 10:03 - 2011-11-04 10:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-27 03:34 - 2014-05-08 05:37 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-27 03:34 - 2014-01-09 10:06 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-27 03:34 - 2013-03-21 21:44 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-27 03:34 - 2013-03-21 21:44 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-27 03:34 - 2012-05-05 12:32 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-27 03:34 - 2011-10-21 09:30 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-27 03:34 - 2011-10-21 09:30 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-27 03:34 - 2011-10-21 09:30 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-25 00:19 - 2011-10-23 10:00 - 00000000 ____D C:\Users\Diana
2015-07-25 00:06 - 2011-10-25 14:48 - 00000000 ____D C:\Users\Gene\Dropbox
2015-07-24 23:58 - 2011-10-25 14:38 - 00000000 ____D C:\Users\Gene\AppData\Roaming\Dropbox
2015-07-24 23:57 - 2011-10-25 14:48 - 00001230 _____ C:\Users\Gene\Desktop\Dropbox.lnk
2015-07-24 23:55 - 2009-07-13 22:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-21 08:05 - 2014-01-23 21:54 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-21 03:20 - 2009-07-13 22:45 - 00311712 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 11:25 - 2015-01-20 09:05 - 00000000 ____D C:\Users\Diana\Documents\hp
2015-07-19 20:57 - 2013-07-28 21:37 - 00000000 ____D C:\Users\Diana\AppData\Roaming\Dropbox
2015-07-19 14:09 - 2013-07-28 21:38 - 00000000 ____D C:\Users\Diana\AppData\Roaming\EssentialPIM
2015-07-19 14:06 - 2012-09-26 21:52 - 00000000 ____D C:\Program Files (x86)\EssentialPIM
2015-07-19 10:33 - 2015-03-20 17:42 - 00000000 ___RD C:\Users\Diana\Google Drive
2015-07-17 11:09 - 2011-10-21 09:30 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-16 19:09 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 12:44 - 2012-09-26 21:52 - 00001019 _____ C:\Users\Public\Desktop\EssentialPIM.lnk
2015-07-16 07:40 - 2015-04-15 04:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 07:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 20:43 - 2013-08-17 22:40 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 14:27 - 2011-10-21 09:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 14:27 - 2011-10-21 09:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-10 07:42 - 2013-11-02 18:21 - 00000000 ____D C:\Windows\erdnt
2015-07-10 07:06 - 2013-11-05 17:17 - 00000000 ____D C:\ProgramData\Oracle
2015-07-08 07:48 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2015-07-07 07:55 - 2010-11-15 03:11 - 00000000 ____D C:\ProgramData\Adobe
2015-07-05 09:55 - 2015-02-08 09:58 - 00000000 ____D C:\Windows\SysWOW64\Adobe

==================== Files in the root of some directories =======

2013-07-28 21:36 - 2013-07-28 19:08 - 0019873 _____ () C:\Users\Diana\AppData\Roaming\nvModes.001
2013-07-28 21:36 - 2013-07-28 19:08 - 0019873 _____ () C:\Users\Diana\AppData\Roaming\nvModes.dat
2013-07-28 21:36 - 2009-03-02 18:48 - 0076407 _____ () C:\Users\Diana\AppData\Roaming\Smiley.ico
2013-07-28 21:36 - 2009-01-19 12:05 - 0024085 _____ () C:\Users\Diana\AppData\Roaming\UserTile.png
2015-01-22 17:48 - 2015-01-22 17:48 - 0000064 _____ () C:\Users\Diana\AppData\Local\99702da7916743162b70efa484f653d9
2013-07-28 22:04 - 2011-11-01 18:54 - 0000680 _____ () C:\Users\Diana\AppData\Local\d3d9caps.dat
2013-07-28 22:04 - 2012-03-10 08:55 - 0011776 _____ () C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-28 22:04 - 2012-05-28 10:19 - 0000000 _____ () C:\Users\Diana\AppData\Local\prvlcl.dat
2015-02-16 15:45 - 2015-02-16 15:45 - 0000000 _____ () C:\Users\Diana\AppData\Local\{5BB232F8-EB62-4A1C-AD6A-7307E5D22250}
2015-01-07 09:54 - 2015-01-07 09:54 - 0000000 _____ () C:\Users\Diana\AppData\Local\{74AB5C63-3AD1-45A8-8F28-4F13A9006F7A}
2015-01-19 15:02 - 2015-01-19 15:02 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Diana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgpx4w3.dll
C:\Users\Diana\AppData\Local\Temp\Quarantine.exe
C:\Users\Diana\AppData\Local\Temp\sqlite3.dll
C:\Users\Gene\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9z9nm_.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-02 00:32

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Diana (2015-08-04 12:04:01)
Running from C:\Users\Diana\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-724223114-981428568-4039481322-500 - Administrator - Disabled)
Diana (S-1-5-21-724223114-981428568-4039481322-1004 - Administrator - Enabled) => C:\Users\Diana
Gene (S-1-5-21-724223114-981428568-4039481322-1001 - Administrator - Enabled) => C:\Users\Gene
Guest (S-1-5-21-724223114-981428568-4039481322-501 - Limited - Enabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0416.2010 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-724223114-981428568-4039481322-1004\...\Amazon Kindle) (Version: - Amazon)
AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version: - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2223 - AVAST Software)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
calibre (HKLM-x32\...\{82E46C30-564D-4387-B218-AEC244B75258}) (Version: 0.9.39 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11200.0 - Cisco Consumer Products LLC)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
ENE USB Card Reader Driver (HKLM\...\B7EAB6FD2DB423A078E5CBB1F29508CAC2F4FA59) (Version: 5.89.0.70 - ENE)
EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 6.53 - Astonsoft Ltd)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
GenuTax Standard (HKLM-x32\...\{98C31986-E7EF-4696-BD11-E0188F55755E}) (Version: 1.37 - GenuSource Consulting Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.10.0 - Rakuten Kobo Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
magicJack (HKU\S-1-5-21-724223114-981428568-4039481322-1004\...\magicJack) (Version: 3.1.6970.4873 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 38.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.1.0 (x86 en-US)) (Version: 38.1.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickBooks (x32 Version: 22.0.4014.2206 - Intuit Canada ULC) Hidden
Quicken 2001 Deluxe (HKLM-x32\...\Quicken 2001 Deluxe) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6171 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skypeô 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-07-2015 07:31:29 Windows Update
28-07-2015 07:45:56 Windows Update
03-08-2015 21:07:31 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-02-16 21:27 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03535C77-730E-451E-BC2C-2AB9B8824266} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-27] (Adobe Systems Incorporated)
Task: {08ADD283-66A5-4ECE-8583-D0F9F1CA4F1D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-724223114-981428568-4039481322-1004
Task: {1CE69974-0533-4312-A448-F5476AEC3FE1} - System32\Tasks\{716A53B9-DC91-46DD-AF22-16F4B7B1DF64} => D:\DCWIN\DCWIN.EXE
Task: {1EE6FEB9-4EF8-4A65-882A-9C57702E7E11} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-27] (Dropbox, Inc.)
Task: {2BD9954C-862E-409D-BD8F-3C1E344230A0} - System32\Tasks\{D7E0D37D-AC96-4A3E-ACF6-FF79305DEB8A} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\OpenOffice 4\program\simpress.exe"
Task: {2CE8384C-E9DB-49B1-9699-49C9933E6E4D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-27] (Dropbox, Inc.)
Task: {3098688E-63AB-4C26-9CA3-3A30502BFE0F} - System32\Tasks\Process Explorer-Gene-PC-Diana => C:\USERS\DIANA\DOWNLOADS\PROCEXP.EXE [2015-01-22] (Sysinternals - www.sysinternals.com)
Task: {3F1ED94A-9D08-46B3-9F8F-68593B9F30CC} - System32\Tasks\{B805562B-2AF1-4477-8218-9E3BAFDFD3BB} => D:\DCWIN\SETUP.EXE
Task: {42B993A0-7F34-4820-84DC-E99BA6E9BA83} - System32\Tasks\{00728DB9-2E13-4B2B-A983-772A9A64A6DA} => Firefox.exe Downloading and setting up Skype
Task: {4CB2E8C7-8D34-4149-83FD-29BD90E5638D} - System32\Tasks\{A4197181-CFC8-4A2B-9CC0-BEFDA17176C5} => D:\DCWIN\DCWIN.EXE
Task: {50B88235-83B1-4DFD-BF5E-246599E408B1} - System32\Tasks\{CA640FEC-5992-463D-A079-B632DAD83057} => D:\DCWIN\DCWIN.EXE
Task: {6EED1FBD-1286-4BA4-93F0-3F2B2EF019B8} - System32\Tasks\{E10DD55E-9FAD-4938-8E4E-1B6285A4406E} => pcalua.exe -a "C:\Users\Gene\Desktop\OpenOffice 4.1.1 (en-US) Installation Files\setup.exe" -d "C:\Users\Gene\Desktop\OpenOffice 4.1.1 (en-US) Installation Files"
Task: {77297CD6-7B2F-4543-BE2D-1C69930CA373} - System32\Tasks\{5B690017-B640-4768-8620-B4808B5DB04A} => pcalua.exe -a C:\Users\Diana\Downloads\jxpiinstall(2).exe -d C:\Users\Diana\Downloads
Task: {892B7A0D-F448-4430-8147-F890B059F469} - System32\Tasks\{D8DD5EA3-F88F-44ED-80D2-7BE4A2E9EEEE} => D:\DCWIN\SETUP.EXE
Task: {9382F4C6-11C8-4073-85C5-C05EA08B482B} - System32\Tasks\{011FC7FB-130B-4728-9D67-9396E1FEF0CC} => D:\DCWIN\DCWIN.EXE
Task: {947524E1-4BE2-417D-B227-06E684DA729D} - System32\Tasks\{62CA4387-F28B-4D87-84E4-1C31F49899F9} => pcalua.exe -a D:\QBCA2012R1\Setup.exe -d D:\QBCA2012R1
Task: {9BA7EC93-FBFE-4ACD-B736-57DA6B55E23D} - System32\Tasks\{235B4255-F086-4991-891B-5FB5556C4B5B} => D:\DCWIN\DCWIN.EXE
Task: {ABE1C112-6B92-4BA3-956A-C5D4AEF6E1DE} - System32\Tasks\{110D67F2-E46B-4325-9444-4C7F3E6AA39C} => D:\DCWIN\SETUP.EXE
Task: {AE76F6C4-D1D8-4D00-9BB8-3F7725077F88} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-27] (AVAST Software)
Task: {AFF5BFFB-D0B4-4175-ADC4-A2C910BD55F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)
Task: {B5FB95A9-F3CE-411B-871D-5AD0CDEA3CB8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {BFC83FCA-086B-4A43-81FB-329F17407FAC} - System32\Tasks\{FE72C6EC-2D64-43B7-914D-B2F8F7FC68CC} => D:\SETUP.EXE
Task: {CFE16C97-A4D8-429B-A3C0-9CAC74B6BE22} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {DFC6C486-DC08-4197-96E7-13316CB8A353} - System32\Tasks\{93F4F70F-C224-4E1D-981B-7A926AE47AC5} => D:\DCWIN\DCWIN.EXE
Task: {E9F3B001-B624-4EF5-8560-4CFB042FCAA4} - System32\Tasks\{51273A80-1C68-4799-8934-69FC57209D9B} => D:\DCWIN\DCWIN.EXE
Task: {EE678311-3937-4FB6-BC49-2DC0DE4A5236} - System32\Tasks\{9D57F4A6-1E58-427A-9CEA-342D63C39656} => D:\DCWIN\DCWIN.EXE
Task: {F0888F8F-7E90-4E3B-B661-B0ED1EF11293} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)
Task: {F0B0133F-DE94-426D-817E-6C08AC98B75C} - System32\Tasks\{35082807-ED97-4CD4-B069-796A48920747} => D:\DCWIN\DCWIN.EXE

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-27 10:03 - 2015-07-27 10:03 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Diana\Desktop\Gene's stuff (1):com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0Scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> 1000gratisproben.com¬*-¬*This website is for sale!¬*-¬*1000gratisproben Resources and Information.
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com¬*-¬*This website is for sale!¬*-¬*Sexlinks Resources and Information.
IE restricted site: HKU\.DEFAULT\...\10sek.com -> Gadgets And More
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> Aktien handeln mit dem Aktiendepot - Ein Haustier mit dem Aktiendepot kaufen
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> 123 Movies | Stream Movies Online & Watch TV Series
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> 123Simsen-Projekte

There are 7865 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-724223114-981428568-4039481322-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 216.234.161.25 - 216.194.64.160
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MWLService => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Updater Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Billminder.lnk => C:\Windows\pss\Billminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk => C:\Windows\pss\QuickBooks 2002 Delivery Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Diana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: cdloader => "C:\Users\Diana\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{24B882CA-54EC-4833-9945-37C8E0A7EAC8}C:\users\gene\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\gene\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{25CC3435-85FF-4949-AF3A-9EDF2AE8DE16}C:\users\gene\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\gene\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{B2AC4ABE-F60B-4835-857B-6600D0F18EE2}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe] => (Block) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe
FirewallRules: [UDP Query User{28F2C831-F8F0-4C12-AFE8-D5E60C15A5AB}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe] => (Block) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe
FirewallRules: [TCP Query User{46B6E592-873F-4602-AD2E-2A9DCD402734}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe] => (Allow) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe
FirewallRules: [UDP Query User{540FDD3D-629F-4262-8472-E3BADE893797}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe] => (Allow) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe
FirewallRules: [TCP Query User{9E1EBDD4-BDC5-4B55-B076-CA103299094D}C:\users\diana\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\diana\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{46D7225C-4BC9-4ED2-81E3-3DCCD48E413D}C:\users\diana\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\diana\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{87CF4A87-D1F3-4E50-995F-810587A9780E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4EF9EB3D-57B4-47BE-8047-B9B834241F35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AF1FCBA3-6C6F-492C-BE0B-679F5600155E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8FD4FE3A-34B3-4C39-9A2D-16B8A605D0C7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{68A017BF-F697-4D14-92C9-247F09157E7C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{53C09E6F-56DD-4AD5-B1B5-52300FD4DE46}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8F718740-A82A-4E95-8550-F55C44891C95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2015 11:35:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f9c

Start Time: 01d0cedb43d5e5b6

Termination Time: 48

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/04/2015 11:28:01 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (1616) WebCacheLocal: An attempt to open the file "C:\Users\Diana\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp" for read only access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/03/2015 11:35:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11f0

Start Time: 01d0ce12a3a17daf

Termination Time: 63

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/01/2015 08:27:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 39.0.0.5659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: aa0

Start Time: 01d0ccaec1f119d2

Termination Time: 87

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: f71b1f37-38bd-11e5-9852-06659dbe33ab

Error: (08/01/2015 0224 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 39.0.0.5659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1144

Start Time: 01d0cc94e0fda9bc

Termination Time: 47

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: b3191e5f-3888-11e5-9852-06659dbe33ab

Error: (07/27/2015 01:26:43 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/25/2015 12:10:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2015 0232 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EssentialPIM.exe version 6.5.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 464

Start Time: 01d0c25dff4c1fe8

Termination Time: 44

Application Path: C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe

Report Id: a2caac1d-2e51-11e5-912a-1c7508a2fec7

Error: (07/19/2015 12:59:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program avastui.exe version 10.2.2218.944 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 55c

Start Time: 01d0bfcf45f60849

Termination Time: 60000

Application Path: C:\Program Files\AVAST Software\Avast\avastui.exe

Report Id: 1399fc25-2e48-11e5-912a-1c7508a2fec7

Error: (07/19/2015 10:29:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/04/2015 12:15:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2015 12:15:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2015 12:15:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2015 12:13:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2015 12:13:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2015 12:13:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2015 12:13:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2015 12:13:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2015 12:13:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2015 12:11:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (08/04/2015 11:35:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17909f9c01d0cedb43d5e5b648C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (08/04/2015 11:28:01 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost1616WebCacheLocal: C:\Users\Diana\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (08/03/2015 11:35:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1790911f001d0ce12a3a17daf63C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (08/01/2015 08:27:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe39.0.0.5659aa001d0ccaec1f119d287C:\Program Files (x86)\Mozilla Firefox\firefox.exef71b1f37-38bd-11e5-9852-06659dbe33ab

Error: (08/01/2015 0224 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe39.0.0.5659114401d0cc94e0fda9bc47C:\Program Files (x86)\Mozilla Firefox\firefox.exeb3191e5f-3888-11e5-9852-06659dbe33ab

Error: (07/27/2015 01:26:43 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/25/2015 12:10:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Diana\Downloads\vcredist_arm.exe

Error: (07/19/2015 0232 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EssentialPIM.exe6.5.3.046401d0c25dff4c1fe844C:\Program Files (x86)\EssentialPIM\EssentialPIM.exea2caac1d-2e51-11e5-912a-1c7508a2fec7

Error: (07/19/2015 12:59:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avastui.exe10.2.2218.94455c01d0bfcf45f6084960000C:\Program Files\AVAST Software\Avast\avastui.exe1399fc25-2e48-11e5-912a-1c7508a2fec7

Error: (07/19/2015 10:29:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Diana\Downloads\vcredist_arm.exe


CodeIntegrity:
===================================
Date: 2015-02-10 20:47:22.158
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-10 20:47:20.879
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-10 20:47:19.584
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-10 20:47:18.367
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-06 12:57:29.387
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-06 12:57:27.483
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-06 12:57:25.580
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-06 12:57:23.708
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-02 18:49:29.399
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-02 18:49:27.433
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Percentage of memory in use: 44%
Total physical RAM: 2037.1 MB
Available physical RAM: 1123.2 MB
Total Virtual: 4074.2 MB
Available Virtual: 3237.57 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:147.56 GB) NTFS
Drive z: (Elements) (Network) (Total:931.51 GB) (Free:809.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 96A2AF34)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.8 GB) - (Type=07 NTFS)

==================== End of log ============================
Gene145 is offline  
Old 08-04-2015, 01:12 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Gene45. See how the machine behaves after this fix.
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-04-2015, 04:28 PM   #6
TSF Enthusiast
 
Join Date: Sep 2007
Location: Alberta Canada
Posts: 610
OS: Windows 7 Pro



Could not run FRST in normal mode. produced the following error:

Click image for larger version

Name:	error.png
Views:	84
Size:	50.3 KB
ID:	247594

Odd? I could not attach "addition" before.

In normal mode FRST did not appear as the proper icon, but it ws the correct application.

Ran it in safe mode,

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Diana (2015-08-04 16:58:34) Run:1
Running from C:\Users\Diana\Desktop
Loaded Profiles: Diana (Available Profiles: Gene & Diana & Guest)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
start
createrestorepoint:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
EmptyTemp:
end
*****************

Error: Restore point can only be created in normal mode.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
AppMgmt => service removed successfully
EmptyTemp: => 171.5 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 16:59:35 ====

Rebooted to normal mode.

Thunderbird still did not show its folders or could not get mail.

Firefox would do nothing. It had lost it bookmarks, and the startup page could not get techsupport, even by typing in the address bar,

Rebooted to safe mode . Thunderbird got the mail, and FF still had it bookmarks. It seemed slower than before to respond to the keyboard or mouse.

Typing here seems to be normal speed.
Signing in was very slow.
Gene145 is offline  
Old 08-05-2015, 05:13 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Gene45. Have you tried 'Startup Repair' from the System Recovery Options menu under 'Repair your computer'?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment /s
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-05-2015, 07:44 AM   #8
TSF Enthusiast
 
Join Date: Sep 2007
Location: Alberta Canada
Posts: 610
OS: Windows 7 Pro



I have not tried the system repair, I searched for info on it, and there is lots of claims of great wonders, but no hint as to how to get into it .

System look:


SystemLook 30.07.11 by jpshortstuff
Log created at 08:41 on 05/08/2015 by Diana
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
@="Smart card readers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]
"OptionValue"= 0x0000000002 (2)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ComSpec"="%SystemRoot%\system32\cmd.exe"
"FP_NO_HOST_CHECK"="NO"
"NUMBER_OF_PROCESSORS"="2"
"OS"="Windows_NT"
"Path"="C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\EgisTec MyWinLocker\x86;C:\Program Files (x86)\EgisTec MyWinLocker\x64;c:\Program Files\Sysinternals;C:\Program Files (x86)\Calibre2"
"PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"
"PROCESSOR_ARCHITECTURE"="AMD64"
"PROCESSOR_IDENTIFIER"="Intel64 Family 6 Model 28 Stepping 10, GenuineIntel"
"PROCESSOR_LEVEL"="6"
"PROCESSOR_REVISION"="1c0a"
"PSModulePath"="%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\"
"TEMP"="%SystemRoot%\TEMP"
"TMP"="%SystemRoot%\TEMP"
"USERNAME"="SYSTEM"
"windir"="%SystemRoot%"
"SAFEBOOT_OPTION"="NETWORK"


-= EOF =-
Gene145 is offline  
Old 08-05-2015, 08:27 AM   #9
TSF Enthusiast
 
Join Date: Sep 2007
Location: Alberta Canada
Posts: 610
OS: Windows 7 Pro



After posting, I restarted and held the F8 button during startup.
Machine stalled, and started a continuous howl from its feeble speakers.

The only way I could see how to get it to stop was to hold the start switch until it stopped.

On startup it went to startup repair, one iteration only.

It seemed faster. I am posting this in FF normal mode. It looks more or less normal, but is slow to respond to the wireless keyboard .

Thunderbird still does not work. It appears to need the account setup, but it fails as the" incoming server already exists". It works in safe mode.

Somewhere in this process my network name changed from the one I gave it to the name of the router.

I wanted to another system look but can't get the download to work in normal mode.
Gene145 is offline  
Old 08-05-2015, 08:39 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Gene45. Please run FRST64 again, and post/attach the logs as before. Make sure Addition.txt is ticked.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-05-2015, 03:51 PM   #11
TSF Enthusiast
 
Join Date: Sep 2007
Location: Alberta Canada
Posts: 610
OS: Windows 7 Pro



I was working on thread with Chemist this morning. Had to takea break for medical appt. Now I can't find the thread. No idea why .

To answer the questions:

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Diana (administrator) on GENE-PC (05-08-2015 10:21:13)
Running from C:\Users\Diana\Desktop
Loaded Profiles: Diana (Available Profiles: Gene & Diana & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Diana\Desktop\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-27] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39179912 2015-07-23] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-724223114-981428568-4039481322-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2015-01-19]
ShortcutTarget: Quicken Startup.lnk -> C:\QUICKENW\QWDLLS.EXE (Intuit)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-27] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKU\S-1-5-21-724223114-981428568-4039481322-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\S-1-5-21-724223114-981428568-4039481322-1004\Software\Microsoft\Internet Explorer\Main,Start Page = Google
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-27] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-27] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} https://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2013-06-03] (Intuit, Inc.)
Tcpip\Parameters: [DhcpNameServer] 216.234.161.25 216.194.64.160
Tcpip\..\Interfaces\{1A0DD12D-C6E3-4E55-816E-382188A5E019}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}: [DhcpNameServer] 216.234.161.25 216.194.64.160

FireFox:
========
FF ProfilePath: C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-27] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-09]
FF Extension: Flash and Video Download - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-07-24]
FF Extension: CookieKeeper - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\[email protected] [2015-01-22]
FF Extension: JavaScript Deobfuscator - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\[email protected] [2015-05-26]
FF Extension: Adblock Plus - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-08]
FF Extension: QuickJava - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-05-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-10-21]

Chrome:
=======
CHR Profile: C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-09]
CHR HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Diana\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-20]
CHR HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-27] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-27] (Dropbox, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-06-03] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-27] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-27] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-27] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-27] (AVAST Software)
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [88912 2010-06-17] (ENE Technology Inc.)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-11-23] (libusb-win32 / Wiki / Home)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-11-23] (libusb-win32 / Wiki / Home)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S4 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34712 2000-05-31] (Marimba, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 10:19 - 2015-08-05 10:20 - 02169856 _____ (Farbar) C:\Users\Diana\Desktop\FRST64(1).exe
2015-08-05 10:19 - 2015-08-05 10:19 - 02169856 _____ (Farbar) C:\Users\Diana\Downloads\FRST64.exe
2015-08-05 10:18 - 2015-08-05 10:20 - 02169856 _____ (Farbar) C:\Users\Diana\Downloads\FRST64(2).exe
2015-08-05 09:15 - 2015-08-05 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-05 09:07 - 2015-07-27 03:34 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-05 08:41 - 2015-08-05 08:41 - 00039718 _____ C:\Users\Diana\Desktop\SystemLook.txt
2015-08-04 12:04 - 2015-08-04 12:23 - 00040190 _____ C:\Users\Diana\Desktop\Addition.txt
2015-08-04 11:47 - 2015-08-05 10:23 - 00016577 _____ C:\Users\Diana\Desktop\FRST.txt
2015-08-04 11:46 - 2015-08-05 10:21 - 00000000 ____D C:\FRST
2015-08-04 08:27 - 2015-08-04 08:27 - 00001281 _____ C:\Users\Diana\Desktop\AdwCleaner[S0].txt
2015-08-01 11:06 - 2015-08-01 13:10 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\422E27AF.sys
2015-07-30 10:28 - 2015-07-30 10:28 - 00003030 _____ C:\Users\Diana\Desktop\attach.zip
2015-07-30 10:27 - 2015-07-30 10:27 - 00020076 _____ C:\Users\Diana\Desktop\dds.txt
2015-07-30 10:27 - 2015-07-30 10:27 - 00007861 _____ C:\Users\Diana\Desktop\attach.txt
2015-07-30 10:23 - 2015-07-30 10:23 - 00688992 ____R (Swearware) C:\Users\Diana\Desktop\dds.scr
2015-07-28 14:25 - 2015-08-05 08:53 - 00000392 _____ C:\Windows\setupact.log
2015-07-28 14:25 - 2015-07-28 14:25 - 00000000 _____ C:\Windows\setuperr.log
2015-07-28 09:15 - 2015-07-28 09:16 - 06609608 _____ (Piriform Ltd) C:\Users\Diana\Downloads\ccsetup508.exe
2015-07-27 23:09 - 2015-07-25 12:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-27 23:09 - 2015-07-25 12:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-27 23:09 - 2015-07-25 12:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-27 23:09 - 2015-07-25 12:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-27 23:09 - 2015-07-25 12:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-27 23:09 - 2015-07-25 12:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-27 23:09 - 2015-07-25 12:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-27 23:09 - 2015-07-25 11:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-27 12:26 - 2015-07-27 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-27 10:41 - 2015-07-27 10:41 - 00001230 _____ C:\Users\Diana\Desktop\Dropbox.lnk
2015-07-27 10:29 - 2015-08-05 09:05 - 00000000 ____D C:\Users\Diana\AppData\Local\Dropbox
2015-07-27 10:29 - 2015-07-27 10:29 - 00660960 _____ (Dropbox, Inc.) C:\Users\Diana\Downloads\DropboxInstaller(3).exe
2015-07-27 10:04 - 2015-07-27 10:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-07-27 10:04 - 2015-07-27 10:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-07-27 03:34 - 2015-07-27 03:34 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-25 00:19 - 2015-08-05 09:59 - 00000000 ____D C:\Users\Diana\Dropbox
2015-07-24 23:55 - 2015-07-24 23:55 - 00000000 _____ C:\Users\Gene\AppData\Local\{572B0561-D153-4212-A123-91EF7713B9B8}
2015-07-22 18:01 - 2015-07-22 18:01 - 00000000 ____D C:\Users\Diana\Desktop\drppedNew folder
2015-07-21 09:32 - 2015-07-21 09:32 - 00660960 _____ (Dropbox, Inc.) C:\Users\Diana\Downloads\DropboxInstaller(2).exe
2015-07-20 12:00 - 2015-07-14 21:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 12:00 - 2015-07-14 21:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 12:00 - 2015-07-14 21:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 12:00 - 2015-07-14 21:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 12:00 - 2015-07-14 20:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 12:00 - 2015-07-14 20:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 12:00 - 2015-07-14 20:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-20 12:00 - 2015-07-14 20:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-20 12:00 - 2015-07-14 19:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 12:00 - 2015-07-14 19:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 11:57 - 2015-07-20 11:57 - 00003176 _____ C:\Windows\System32\Tasks\{D7E0D37D-AC96-4A3E-ACF6-FF79305DEB8A}
2015-07-20 11:40 - 2015-07-20 11:41 - 00000000 ____D C:\Users\Diana\Documents\recipe
2015-07-20 11:39 - 2015-07-20 12:16 - 00000000 ____D C:\Users\Diana\Documents\memorial
2015-07-20 11:37 - 2015-07-20 11:43 - 00000000 ____D C:\Users\Diana\Documents\Lists
2015-07-20 11:19 - 2015-07-20 12:14 - 00000000 ____D C:\Users\Diana\Documents\Medical
2015-07-19 13:50 - 2015-07-19 13:50 - 01260252 _____ C:\Users\Diana\Downloads\Scotia.zip
2015-07-19 13:47 - 2015-07-19 13:48 - 05836844 _____ C:\Users\Diana\Downloads\qdata97.zip
2015-07-19 12:30 - 2015-07-19 12:31 - 20428547 _____ C:\Users\Diana\Downloads\Gene's stuff (1).zip
2015-07-19 12:30 - 2015-07-19 12:30 - 00624128 _____ C:\Users\Diana\Downloads\Contact.backup_20150719_1230.epim
2015-07-19 11:37 - 2015-07-22 17:56 - 00000000 ____D C:\Users\Diana\Desktop\Gene's stuff (1)
2015-07-19 11:31 - 2015-07-19 14:07 - 02842624 _____ C:\Users\Diana\Downloads\Contact.EPIM
2015-07-19 11:12 - 2015-07-25 00:14 - 00000000 ____D C:\Users\Diana\Dropbox diana
2015-07-19 11:04 - 2015-07-19 11:04 - 00660960 _____ (Dropbox, Inc.) C:\Users\Diana\Downloads\DropboxInstaller(1).exe
2015-07-19 07:51 - 2015-07-19 07:52 - 01187008 _____ (Adobe Systems Incorporated) C:\Users\Diana\Downloads\flashplayer18_ha_install.exe
2015-07-17 11:09 - 2015-07-17 11:09 - 00002006 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-07-17 11:09 - 2015-07-17 11:09 - 00002004 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-07-17 11:09 - 2015-07-17 11:09 - 00001994 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-07-17 11:09 - 2015-07-17 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-17 11:04 - 2015-07-17 11:04 - 00931408 _____ (Google Inc.) C:\Users\Diana\Downloads\googledrivesync.exe
2015-07-16 21:10 - 2015-07-17 07:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-07-16 12:41 - 2015-07-16 12:42 - 11887352 _____ C:\Users\Diana\Downloads\EssentialPIM6.exe
2015-07-16 11:59 - 2015-08-05 09:37 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-16 11:59 - 2015-08-05 08:54 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-16 11:59 - 2015-07-27 10:31 - 00003902 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-16 11:59 - 2015-07-27 10:31 - 00003650 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-16 11:58 - 2015-07-27 12:26 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-07-16 11:58 - 2015-07-16 11:58 - 00660960 _____ (Dropbox, Inc.) C:\Users\Diana\Downloads\DropboxInstaller.exe
2015-07-15 04:37 - 2015-06-25 12:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 04:37 - 2015-06-25 11:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 04:37 - 2015-06-20 14:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 04:37 - 2015-06-20 13:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 04:37 - 2015-06-20 13:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 04:37 - 2015-06-20 13:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 04:37 - 2015-06-20 13:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 04:37 - 2015-06-20 13:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 04:37 - 2015-06-20 13:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 04:37 - 2015-06-20 13:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 04:37 - 2015-06-20 13:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 04:37 - 2015-06-20 13:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 04:37 - 2015-06-20 13:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 04:37 - 2015-06-20 13:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 04:37 - 2015-06-20 13:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 04:37 - 2015-06-20 13:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 04:37 - 2015-06-20 13:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 04:37 - 2015-06-20 13:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 04:37 - 2015-06-20 13:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 04:37 - 2015-06-20 12:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 04:37 - 2015-06-20 12:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 04:37 - 2015-06-20 12:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 04:37 - 2015-06-20 12:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 04:37 - 2015-06-20 12:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 04:37 - 2015-06-20 12:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 04:37 - 2015-06-19 12:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 04:37 - 2015-06-19 12:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 04:37 - 2015-06-19 12:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 04:37 - 2015-06-19 12:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 04:37 - 2015-06-19 12:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 04:37 - 2015-06-19 12:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 04:37 - 2015-06-19 12:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 04:37 - 2015-06-19 12:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 04:37 - 2015-06-19 12:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 04:37 - 2015-06-19 12:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 04:37 - 2015-06-19 11:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 04:37 - 2015-06-19 11:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 04:37 - 2015-06-19 11:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 04:37 - 2015-06-19 11:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 04:37 - 2015-06-19 11:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 04:37 - 2015-06-19 11:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 04:37 - 2015-06-19 11:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 04:37 - 2015-06-19 11:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 04:37 - 2015-06-19 11:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 04:36 - 2015-07-09 11:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 04:36 - 2015-07-09 11:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 04:36 - 2015-07-09 11:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 04:36 - 2015-07-09 11:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 04:36 - 2015-07-09 11:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 04:36 - 2015-07-09 11:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 04:36 - 2015-07-09 11:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 04:36 - 2015-07-04 12:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 04:36 - 2015-07-04 11:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 04:36 - 2015-06-25 02:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 04:36 - 2015-06-17 11:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 04:36 - 2015-06-17 11:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 04:36 - 2015-06-09 12:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 04:36 - 2015-06-09 12:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 04:36 - 2015-06-01 18:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 04:36 - 2015-06-01 17:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 04:35 - 2015-07-02 15:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 04:35 - 2015-07-02 15:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 04:35 - 2015-07-02 14:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 04:35 - 2015-07-02 14:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 04:35 - 2015-07-02 14:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 04:35 - 2015-07-02 14:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 04:35 - 2015-07-02 14:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 04:35 - 2015-07-02 14:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 04:35 - 2015-07-02 14:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 04:35 - 2015-07-02 13:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 04:35 - 2015-07-02 13:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 04:35 - 2015-07-02 12:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 04:35 - 2015-06-26 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 04:35 - 2015-06-26 20:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 04:35 - 2015-06-26 19:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 04:35 - 2015-06-26 19:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 04:34 - 2015-06-11 11:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 04:34 - 2015-06-11 11:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 04:34 - 2015-06-11 11:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 04:34 - 2015-06-11 11:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 04:34 - 2015-06-11 11:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 04:34 - 2015-06-11 11:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 04:34 - 2015-06-11 07:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 04:34 - 2015-04-27 13:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 04:34 - 2015-04-27 13:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 04:34 - 2015-04-27 13:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 04:34 - 2015-04-27 13:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 04:34 - 2015-04-27 13:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 04:34 - 2015-04-27 13:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 04:34 - 2015-04-27 13:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 04:34 - 2015-04-27 13:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 04:33 - 2015-07-01 14:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 04:33 - 2015-07-01 14:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 04:33 - 2015-07-01 14:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 04:33 - 2015-07-01 14:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 04:33 - 2015-07-01 14:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 04:33 - 2015-07-01 14:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 04:33 - 2015-07-01 14:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 04:33 - 2015-07-01 14:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 04:33 - 2015-07-01 14:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 04:33 - 2015-07-01 14:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 04:33 - 2015-07-01 14:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 04:33 - 2015-07-01 14:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 04:33 - 2015-07-01 14:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 04:33 - 2015-07-01 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 04:33 - 2015-07-01 14:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 04:33 - 2015-07-01 14:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 04:33 - 2015-07-01 13:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 04:33 - 2015-07-01 13:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 04:33 - 2015-07-01 13:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 04:33 - 2015-06-15 15:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 04:33 - 2015-06-15 15:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 04:33 - 2015-06-15 15:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 04:33 - 2015-06-15 15:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 04:33 - 2015-06-15 15:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 04:33 - 2015-06-15 15:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 04:33 - 2015-06-15 15:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 04:33 - 2015-06-15 15:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 04:32 - 2015-06-15 15:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 04:32 - 2015-06-15 15:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 04:32 - 2015-06-15 15:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 04:32 - 2015-06-15 15:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-11 08:09 - 2015-07-11 08:12 - 00001684 _____ C:\Users\Diana\Downloads\SystemLook.txt
2015-07-11 08:08 - 2015-07-11 08:08 - 00165376 _____ C:\Users\Diana\Downloads\SystemLook_x64.exe
2015-07-10 07:06 - 2015-07-21 07:58 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-10 07:05 - 2015-07-10 07:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-10 07:01 - 2015-07-10 07:01 - 00561248 _____ (Oracle Corporation) C:\Users\Diana\Downloads\jxpiinstall(3).exe
2015-07-10 06:59 - 2015-07-10 06:59 - 00003134 _____ C:\Windows\System32\Tasks\{5B690017-B640-4768-8620-B4808B5DB04A}
2015-07-10 06:57 - 2015-07-10 06:57 - 00561248 _____ (Oracle Corporation) C:\Users\Diana\Downloads\jxpiinstall(2).exe
2015-07-09 18:34 - 2015-07-09 18:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-09 18:34 - 2015-07-09 18:34 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-07-09 18:32 - 2015-07-27 10:04 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-09 18:22 - 2015-07-09 18:27 - 141015434 _____ C:\Users\Diana\Downloads\AdbeRdr11000_mui_Std(1).zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 10:52 - 2011-10-23 10:00 - 00000000 ____D C:\Users\Diana
2015-08-05 10:52 - 2011-10-22 14:34 - 00000000 ____D C:\Users\Guest
2015-08-05 10:52 - 2011-10-21 07:59 - 00000000 ____D C:\Users\Gene
2015-08-05 10:52 - 2009-07-14 01:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-05 10:52 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-08-05 09:49 - 2015-02-16 17:28 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-05 09:34 - 2011-10-21 09:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-05 09:22 - 2012-07-24 08:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-05 09:15 - 2014-11-25 13:38 - 00001886 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-05 09:08 - 2012-07-11 09:02 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-05 09:08 - 2009-07-13 22:45 - 00009920 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-05 09:08 - 2009-07-13 22:45 - 00009920 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-05 09:05 - 2010-12-18 12:07 - 01616208 _____ C:\Windows\WindowsUpdate.log
2015-08-05 08:54 - 2011-10-21 09:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-05 08:54 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-04 08:24 - 2015-07-04 07:10 - 00000000 ____D C:\AdwCleaner
2015-08-01 13:45 - 2011-12-12 13:36 - 00000000 ____D C:\Users\Diana\AppData\Local\Thunderbird
2015-07-29 17:38 - 2010-11-15 01:56 - 00000000 ____D C:\OEM
2015-07-29 05:38 - 2013-08-30 10:50 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-28 11:58 - 2015-02-16 17:27 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-28 11:58 - 2014-12-14 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-28 11:58 - 2014-12-14 17:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-28 09:17 - 2011-11-18 15:31 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-28 09:17 - 2011-11-18 15:30 - 00000000 ____D C:\Program Files\CCleaner
2015-07-28 07:58 - 2012-01-07 21:44 - 00758948 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-28 07:58 - 2009-07-13 23:13 - 00758948 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-28 07:47 - 2014-05-07 03:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-27 10:04 - 2014-12-03 21:26 - 00000000 ____D C:\Users\Diana\AppData\Local\Adobe
2015-07-27 10:03 - 2012-07-24 08:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-27 10:03 - 2012-07-24 08:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-27 10:03 - 2011-11-04 10:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-27 03:34 - 2014-05-08 05:37 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-27 03:34 - 2014-01-09 10:06 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-27 03:34 - 2013-03-21 21:44 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-27 03:34 - 2013-03-21 21:44 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-27 03:34 - 2012-05-05 12:32 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-27 03:34 - 2011-10-21 09:30 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-27 03:34 - 2011-10-21 09:30 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-27 03:34 - 2011-10-21 09:30 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-25 00:06 - 2011-10-25 14:48 - 00000000 ____D C:\Users\Gene\Dropbox
2015-07-24 23:58 - 2011-10-25 14:38 - 00000000 ____D C:\Users\Gene\AppData\Roaming\Dropbox
2015-07-24 23:57 - 2011-10-25 14:48 - 00001230 _____ C:\Users\Gene\Desktop\Dropbox.lnk
2015-07-24 23:55 - 2009-07-13 22:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-21 08:05 - 2014-01-23 21:54 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-21 03:20 - 2009-07-13 22:45 - 00311712 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 11:25 - 2015-01-20 09:05 - 00000000 ____D C:\Users\Diana\Documents\hp
2015-07-19 20:57 - 2013-07-28 21:37 - 00000000 ____D C:\Users\Diana\AppData\Roaming\Dropbox
2015-07-19 14:09 - 2013-07-28 21:38 - 00000000 ____D C:\Users\Diana\AppData\Roaming\EssentialPIM
2015-07-19 14:06 - 2012-09-26 21:52 - 00000000 ____D C:\Program Files (x86)\EssentialPIM
2015-07-19 10:33 - 2015-03-20 17:42 - 00000000 ___RD C:\Users\Diana\Google Drive
2015-07-17 11:09 - 2011-10-21 09:30 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-16 19:09 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 12:44 - 2012-09-26 21:52 - 00001019 _____ C:\Users\Public\Desktop\EssentialPIM.lnk
2015-07-16 07:40 - 2015-04-15 04:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 07:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 20:43 - 2013-08-17 22:40 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 14:27 - 2011-10-21 09:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 14:27 - 2011-10-21 09:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-10 07:42 - 2013-11-02 18:21 - 00000000 ____D C:\Windows\erdnt
2015-07-10 07:06 - 2013-11-05 17:17 - 00000000 ____D C:\ProgramData\Oracle
2015-07-08 07:48 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2015-07-07 07:55 - 2010-11-15 03:11 - 00000000 ____D C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2013-07-28 21:36 - 2013-07-28 19:08 - 0019873 _____ () C:\Users\Diana\AppData\Roaming\nvModes.001
2013-07-28 21:36 - 2013-07-28 19:08 - 0019873 _____ () C:\Users\Diana\AppData\Roaming\nvModes.dat
2013-07-28 21:36 - 2009-03-02 18:48 - 0076407 _____ () C:\Users\Diana\AppData\Roaming\Smiley.ico
2013-07-28 21:36 - 2009-01-19 12:05 - 0024085 _____ () C:\Users\Diana\AppData\Roaming\UserTile.png
2015-01-22 17:48 - 2015-01-22 17:48 - 0000064 _____ () C:\Users\Diana\AppData\Local\99702da7916743162b70efa484f653d9
2013-07-28 22:04 - 2011-11-01 18:54 - 0000680 _____ () C:\Users\Diana\AppData\Local\d3d9caps.dat
2013-07-28 22:04 - 2012-03-10 08:55 - 0011776 _____ () C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-28 22:04 - 2012-05-28 10:19 - 0000000 _____ () C:\Users\Diana\AppData\Local\prvlcl.dat
2015-02-16 15:45 - 2015-02-16 15:45 - 0000000 _____ () C:\Users\Diana\AppData\Local\{5BB232F8-EB62-4A1C-AD6A-7307E5D22250}
2015-01-07 09:54 - 2015-01-07 09:54 - 0000000 _____ () C:\Users\Diana\AppData\Local\{74AB5C63-3AD1-45A8-8F28-4F13A9006F7A}
2015-01-19 15:02 - 2015-01-19 15:02 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Diana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfzhoxr.dll
C:\Users\Diana\AppData\Local\Temp\PROCEXP64.exe
C:\Users\Gene\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9z9nm_.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Addition.txt
Gene145 is offline  
Old 08-05-2015, 04:46 PM   #12
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,824
OS: Windows 7 Professional SP1

My System


Please bear with us, there appears to be a problem with the site.

Admins are working on the issue and hopefully it won't be long before all is back to normal.
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 08-05-2015, 09:44 PM   #13
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hi Gene. There was an issue that has since been fixed. Your thread is here.

I've merged the two together.

Carry on, please.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 08-06-2015, 06:16 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Thanks, tetonbob.

Hello again, Gene45.

Quote:
I am posting this in FF normal mode
I wanted you to run FRST64 again in Normal Mode. Sorry I wasn't clear on that. Are you able to run it in Normal Mode?

Also, it appears your Addition.txt log is blank, except for the header.

It appears your problems are beyond malware. You will probably have to seek help in our Windows Vista/Windows 7 Forum or Hardware Support Forum

First, are you booting to Safe Mode via F8, or via msconfig?

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

msconfig

Click on "Boot". Is "Safe boot" ticked?

If so, untick "Safe boot" and select "Make all boot settings permanent", then reboot your machine.

Did it boot to Normal Mode? Reboot again. Does it go to Normal Mode again?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-06-2015, 07:08 AM   #15
TSF Enthusiast
 
Join Date: Sep 2007
Location: Alberta Canada
Posts: 610
OS: Windows 7 Pro



First, are you booting to Safe Mode via F8, or via msconfig?

Neither. The only way I knew was to hold the power button until it stops, then re-start, via the power button, and the screen that comesup is a choice of how to boot.

Normal restart is a normal boot, to get to safe mode with networking I used the power button. Did not know about the msconfig route.

In a previous attempt to run FRST in normal mode, I downloaded it in normal mode and it would not run. I posted the error message.

This time I tried the FRST that was on the normal desktop, (properties sad it was an application, but the image is not correct.) It would not run.

I copied one from the download folder that was downloaded in safe mode, to the normal desktop, and ran it.

Addition is longer:
I can't attache addition, so I pasted it.
Does it need to be zipped to attach?

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Diana (administrator) on GENE-PC (06-08-2015 07:42:01)
Running from C:\Users\Diana\Desktop
Loaded Profiles: Diana (Available Profiles: Gene & Diana & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Sysinternals - www.sysinternals.com) C:\Users\Diana\Downloads\procexp.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Sysinternals - www.sysinternals.com) C:\Users\Diana\AppData\Local\Temp\PROCEXP64.exe
(Intuit) C:\QUICKENW\QWDLLS.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\Temp\E8E2605F-3303-475F-9A67-146E6616E357\DismHost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Farbar) C:\Users\Diana\Desktop\FRST64(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-27] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39179912 2015-07-23] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-724223114-981428568-4039481322-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2015-01-19]
ShortcutTarget: Quicken Startup.lnk -> C:\QUICKENW\QWDLLS.EXE (Intuit)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-27] (AVAST Software)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKU\S-1-5-21-724223114-981428568-4039481322-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\S-1-5-21-724223114-981428568-4039481322-1004\Software\Microsoft\Internet Explorer\Main,Start Page = Google
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-27] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-27] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} https://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2013-06-03] (Intuit, Inc.)
Tcpip\Parameters: [DhcpNameServer] 216.234.161.25 216.194.64.160
Tcpip\..\Interfaces\{1A0DD12D-C6E3-4E55-816E-382188A5E019}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}: [DhcpNameServer] 216.234.161.25 216.194.64.160

FireFox:
========
FF ProfilePath: C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-27] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-09]
FF Extension: Flash and Video Download - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-07-24]
FF Extension: CookieKeeper - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\[email protected] [2015-01-22]
FF Extension: JavaScript Deobfuscator - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\jsde[email protected] [2015-05-26]
FF Extension: Adblock Plus - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-08]
FF Extension: QuickJava - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-05-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-10-21]

Chrome:
=======
CHR Profile: C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-09]
CHR HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Diana\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-20]
CHR HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-27] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-27] (Dropbox, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-06-03] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-27] (AVAST Software)
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [88912 2010-06-17] (ENE Technology Inc.)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-11-23] (libusb-win32 / Wiki / Home)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-11-23] (libusb-win32 / Wiki / Home)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S4 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34712 2000-05-31] (Marimba, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-06 07:42 - 2015-08-06 07:43 - 00014783 _____ C:\Users\Diana\Desktop\FRST.txt
2015-08-06 07:41 - 2015-08-05 10:20 - 02169856 _____ (Farbar) C:\Users\Diana\Desktop\FRST64(2).exe
2015-08-06 07:30 - 2015-08-06 07:30 - 00000000 _____ C:\Users\Gene\AppData\Local\{AFC7E757-D3C2-425D-B337-F366DFD1A36F}
2015-08-05 10:19 - 2015-08-05 10:20 - 02169856 _____ (Farbar) C:\Users\Diana\Desktop\FRST64(1).exe
2015-08-05 10:19 - 2015-08-05 10:19 - 02169856 _____ (Farbar) C:\Users\Diana\Downloads\FRST64.exe
2015-08-05 10:18 - 2015-08-05 10:20 - 02169856 _____ (Farbar) C:\Users\Diana\Downloads\FRST64(2).exe
2015-08-05 09:15 - 2015-08-05 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-05 09:07 - 2015-07-27 03:34 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-05 08:41 - 2015-08-05 08:41 - 00039718 _____ C:\Users\Diana\Desktop\SystemLook.txt
2015-08-04 11:46 - 2015-08-06 07:42 - 00000000 ____D C:\FRST
2015-08-04 08:27 - 2015-08-04 08:27 - 00001281 _____ C:\Users\Diana\Desktop\AdwCleaner[S0].txt
2015-08-01 11:06 - 2015-08-01 13:10 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\422E27AF.sys
2015-07-30 10:23 - 2015-07-30 10:23 - 00688992 ____R (Swearware) C:\Users\Diana\Desktop\dds.scr
2015-07-28 14:25 - 2015-08-06 07:24 - 00000448 _____ C:\Windows\setupact.log
2015-07-28 14:25 - 2015-07-28 14:25 - 00000000 _____ C:\Windows\setuperr.log
2015-07-28 09:15 - 2015-07-28 09:16 - 06609608 _____ (Piriform Ltd) C:\Users\Diana\Downloads\ccsetup508.exe
2015-07-27 23:09 - 2015-07-25 12:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-27 23:09 - 2015-07-25 12:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-27 23:09 - 2015-07-25 12:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-27 23:09 - 2015-07-25 12:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-27 23:09 - 2015-07-25 12:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-27 23:09 - 2015-07-25 12:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-27 23:09 - 2015-07-25 12:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-27 23:09 - 2015-07-25 11:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-27 12:26 - 2015-07-27 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-27 10:41 - 2015-07-27 10:41 - 00001230 _____ C:\Users\Diana\Desktop\Dropbox.lnk
2015-07-27 10:29 - 2015-08-06 07:32 - 00000000 ____D C:\Users\Diana\AppData\Local\Dropbox
2015-07-27 10:29 - 2015-07-27 10:29 - 00660960 _____ (Dropbox, Inc.) C:\Users\Diana\Downloads\DropboxInstaller(3).exe
2015-07-27 10:04 - 2015-07-27 10:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-07-27 10:04 - 2015-07-27 10:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-07-27 03:34 - 2015-07-27 03:34 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-25 00:19 - 2015-08-06 07:41 - 00000000 ____D C:\Users\Diana\Dropbox
2015-07-24 23:55 - 2015-07-24 23:55 - 00000000 _____ C:\Users\Gene\AppData\Local\{572B0561-D153-4212-A123-91EF7713B9B8}
2015-07-22 18:01 - 2015-07-22 18:01 - 00000000 ____D C:\Users\Diana\Desktop\drppedNew folder
2015-07-21 09:32 - 2015-07-21 09:32 - 00660960 _____ (Dropbox, Inc.) C:\Users\Diana\Downloads\DropboxInstaller(2).exe
2015-07-20 12:00 - 2015-07-14 21:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 12:00 - 2015-07-14 21:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 12:00 - 2015-07-14 21:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 12:00 - 2015-07-14 21:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 12:00 - 2015-07-14 20:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 12:00 - 2015-07-14 20:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 12:00 - 2015-07-14 20:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-20 12:00 - 2015-07-14 20:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-20 12:00 - 2015-07-14 19:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 12:00 - 2015-07-14 19:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 11:57 - 2015-07-20 11:57 - 00003176 _____ C:\Windows\System32\Tasks\{D7E0D37D-AC96-4A3E-ACF6-FF79305DEB8A}
2015-07-20 11:40 - 2015-07-20 11:41 - 00000000 ____D C:\Users\Diana\Documents\recipe
2015-07-20 11:39 - 2015-07-20 12:16 - 00000000 ____D C:\Users\Diana\Documents\memorial
2015-07-20 11:37 - 2015-07-20 11:43 - 00000000 ____D C:\Users\Diana\Documents\Lists
2015-07-20 11:19 - 2015-07-20 12:14 - 00000000 ____D C:\Users\Diana\Documents\Medical
2015-07-19 13:50 - 2015-07-19 13:50 - 01260252 _____ C:\Users\Diana\Downloads\Scotia.zip
2015-07-19 13:47 - 2015-07-19 13:48 - 05836844 _____ C:\Users\Diana\Downloads\qdata97.zip
2015-07-19 12:30 - 2015-07-19 12:31 - 20428547 _____ C:\Users\Diana\Downloads\Gene's stuff (1).zip
2015-07-19 12:30 - 2015-07-19 12:30 - 00624128 _____ C:\Users\Diana\Downloads\Contact.backup_20150719_1230.epim
2015-07-19 11:37 - 2015-07-22 17:56 - 00000000 ____D C:\Users\Diana\Desktop\Gene's stuff (1)
2015-07-19 11:31 - 2015-07-19 14:07 - 02842624 _____ C:\Users\Diana\Downloads\Contact.EPIM
2015-07-19 11:12 - 2015-07-25 00:14 - 00000000 ____D C:\Users\Diana\Dropbox diana
2015-07-19 11:04 - 2015-07-19 11:04 - 00660960 _____ (Dropbox, Inc.) C:\Users\Diana\Downloads\DropboxInstaller(1).exe
2015-07-19 07:51 - 2015-07-19 07:52 - 01187008 _____ (Adobe Systems Incorporated) C:\Users\Diana\Downloads\flashplayer18_ha_install.exe
2015-07-17 11:09 - 2015-07-17 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-17 11:04 - 2015-07-17 11:04 - 00931408 _____ (Google Inc.) C:\Users\Diana\Downloads\googledrivesync.exe
2015-07-16 21:10 - 2015-07-17 07:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-07-16 12:41 - 2015-07-16 12:42 - 11887352 _____ C:\Users\Diana\Downloads\EssentialPIM6.exe
2015-07-16 11:59 - 2015-08-06 07:37 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-16 11:59 - 2015-08-06 07:29 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-16 11:59 - 2015-07-27 10:31 - 00003902 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-16 11:59 - 2015-07-27 10:31 - 00003650 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-16 11:58 - 2015-07-27 12:26 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-07-16 11:58 - 2015-07-16 11:58 - 00660960 _____ (Dropbox, Inc.) C:\Users\Diana\Downloads\DropboxInstaller.exe
2015-07-15 04:37 - 2015-06-25 12:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 04:37 - 2015-06-25 11:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 04:37 - 2015-06-20 14:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 04:37 - 2015-06-20 13:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 04:37 - 2015-06-20 13:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 04:37 - 2015-06-20 13:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 04:37 - 2015-06-20 13:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 04:37 - 2015-06-20 13:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 04:37 - 2015-06-20 13:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 04:37 - 2015-06-20 13:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 04:37 - 2015-06-20 13:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 04:37 - 2015-06-20 13:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 04:37 - 2015-06-20 13:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 04:37 - 2015-06-20 13:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 04:37 - 2015-06-20 13:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 04:37 - 2015-06-20 13:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 04:37 - 2015-06-20 13:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 04:37 - 2015-06-20 13:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 04:37 - 2015-06-20 13:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 04:37 - 2015-06-20 12:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 04:37 - 2015-06-20 12:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 04:37 - 2015-06-20 12:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 04:37 - 2015-06-20 12:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 04:37 - 2015-06-20 12:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 04:37 - 2015-06-20 12:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 04:37 - 2015-06-19 12:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 04:37 - 2015-06-19 12:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 04:37 - 2015-06-19 12:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 04:37 - 2015-06-19 12:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 04:37 - 2015-06-19 12:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 04:37 - 2015-06-19 12:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 04:37 - 2015-06-19 12:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 04:37 - 2015-06-19 12:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 04:37 - 2015-06-19 12:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 04:37 - 2015-06-19 12:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 04:37 - 2015-06-19 11:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 04:37 - 2015-06-19 11:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 04:37 - 2015-06-19 11:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 04:37 - 2015-06-19 11:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 04:37 - 2015-06-19 11:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 04:37 - 2015-06-19 11:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 04:37 - 2015-06-19 11:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 04:37 - 2015-06-19 11:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 04:37 - 2015-06-19 11:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 04:36 - 2015-07-09 11:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 04:36 - 2015-07-09 11:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 04:36 - 2015-07-09 11:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 04:36 - 2015-07-09 11:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 04:36 - 2015-07-09 11:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 04:36 - 2015-07-09 11:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 04:36 - 2015-07-09 11:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 04:36 - 2015-07-09 11:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 04:36 - 2015-07-04 12:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 04:36 - 2015-07-04 11:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 04:36 - 2015-06-25 02:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 04:36 - 2015-06-17 11:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 04:36 - 2015-06-17 11:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 04:36 - 2015-06-09 12:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 04:36 - 2015-06-09 12:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 04:36 - 2015-06-01 18:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 04:36 - 2015-06-01 17:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 04:35 - 2015-07-02 15:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 04:35 - 2015-07-02 15:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 04:35 - 2015-07-02 14:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 04:35 - 2015-07-02 14:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 04:35 - 2015-07-02 14:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 04:35 - 2015-07-02 14:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 04:35 - 2015-07-02 14:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 04:35 - 2015-07-02 14:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 04:35 - 2015-07-02 14:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 04:35 - 2015-07-02 13:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 04:35 - 2015-07-02 13:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 04:35 - 2015-07-02 12:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 04:35 - 2015-06-26 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 04:35 - 2015-06-26 20:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 04:35 - 2015-06-26 19:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 04:35 - 2015-06-26 19:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 04:34 - 2015-06-11 11:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 04:34 - 2015-06-11 11:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 04:34 - 2015-06-11 11:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 04:34 - 2015-06-11 11:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 04:34 - 2015-06-11 11:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 04:34 - 2015-06-11 11:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 04:34 - 2015-06-11 07:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 04:34 - 2015-04-27 13:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 04:34 - 2015-04-27 13:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 04:34 - 2015-04-27 13:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 04:34 - 2015-04-27 13:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 04:34 - 2015-04-27 13:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 04:34 - 2015-04-27 13:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 04:34 - 2015-04-27 13:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 04:34 - 2015-04-27 13:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 04:33 - 2015-07-01 14:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 04:33 - 2015-07-01 14:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 04:33 - 2015-07-01 14:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 04:33 - 2015-07-01 14:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 04:33 - 2015-07-01 14:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 04:33 - 2015-07-01 14:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 04:33 - 2015-07-01 14:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 04:33 - 2015-07-01 14:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 04:33 - 2015-07-01 14:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 04:33 - 2015-07-01 14:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 04:33 - 2015-07-01 14:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 04:33 - 2015-07-01 14:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 04:33 - 2015-07-01 14:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 04:33 - 2015-07-01 14:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 04:33 - 2015-07-01 14:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 04:33 - 2015-07-01 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 04:33 - 2015-07-01 14:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 04:33 - 2015-07-01 14:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 04:33 - 2015-07-01 13:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 04:33 - 2015-07-01 13:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 04:33 - 2015-07-01 13:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 04:33 - 2015-06-15 15:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 04:33 - 2015-06-15 15:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 04:33 - 2015-06-15 15:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 04:33 - 2015-06-15 15:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 04:33 - 2015-06-15 15:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 04:33 - 2015-06-15 15:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 04:33 - 2015-06-15 15:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 04:33 - 2015-06-15 15:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 04:32 - 2015-06-15 15:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 04:32 - 2015-06-15 15:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 04:32 - 2015-06-15 15:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 04:32 - 2015-06-15 15:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-11 08:09 - 2015-07-11 08:12 - 00001684 _____ C:\Users\Diana\Downloads\SystemLook.txt
2015-07-11 08:08 - 2015-07-11 08:08 - 00165376 _____ C:\Users\Diana\Downloads\SystemLook_x64.exe
2015-07-10 07:06 - 2015-07-21 07:58 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-10 07:05 - 2015-07-10 07:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-10 07:01 - 2015-07-10 07:01 - 00561248 _____ (Oracle Corporation) C:\Users\Diana\Downloads\jxpiinstall(3).exe
2015-07-10 06:59 - 2015-07-10 06:59 - 00003134 _____ C:\Windows\System32\Tasks\{5B690017-B640-4768-8620-B4808B5DB04A}
2015-07-10 06:57 - 2015-07-10 06:57 - 00561248 _____ (Oracle Corporation) C:\Users\Diana\Downloads\jxpiinstall(2).exe
2015-07-09 18:34 - 2015-07-09 18:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-09 18:34 - 2015-07-09 18:34 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-07-09 18:32 - 2015-07-27 10:04 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-09 18:22 - 2015-07-09 18:27 - 141015434 _____ C:\Users\Diana\Downloads\AdbeRdr11000_mui_Std(1).zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-06 07:41 - 2010-12-18 12:07 - 01635244 _____ C:\Windows\WindowsUpdate.log
2015-08-06 07:37 - 2012-07-11 09:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-06 07:34 - 2011-10-21 09:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-06 07:34 - 2009-07-13 22:45 - 00009920 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-06 07:34 - 2009-07-13 22:45 - 00009920 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-06 07:30 - 2011-10-21 09:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-06 07:27 - 2015-02-16 17:28 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-06 07:24 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-05 16:36 - 2013-07-28 18:51 - 00000000 ____D C:\Users\Diana\AppData\Local\CrashDumps
2015-08-05 10:52 - 2011-10-23 10:00 - 00000000 ____D C:\Users\Diana
2015-08-05 10:52 - 2011-10-22 14:34 - 00000000 ____D C:\Users\Guest
2015-08-05 10:52 - 2011-10-21 07:59 - 00000000 ____D C:\Users\Gene
2015-08-05 10:52 - 2009-07-14 01:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-05 10:52 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-08-05 09:22 - 2012-07-24 08:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-05 09:15 - 2014-11-25 13:38 - 00001886 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-04 08:24 - 2015-07-04 07:10 - 00000000 ____D C:\AdwCleaner
2015-08-01 13:45 - 2011-12-12 13:36 - 00000000 ____D C:\Users\Diana\AppData\Local\Thunderbird
2015-07-29 17:38 - 2010-11-15 01:56 - 00000000 ____D C:\OEM
2015-07-29 05:38 - 2013-08-30 10:50 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-28 11:58 - 2015-02-16 17:27 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-28 11:58 - 2014-12-14 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-28 11:58 - 2014-12-14 17:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-28 09:17 - 2011-11-18 15:31 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-28 09:17 - 2011-11-18 15:30 - 00000000 ____D C:\Program Files\CCleaner
2015-07-28 07:58 - 2012-01-07 21:44 - 00758948 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-28 07:58 - 2009-07-13 23:13 - 00758948 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-28 07:47 - 2014-05-07 03:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-27 10:04 - 2014-12-03 21:26 - 00000000 ____D C:\Users\Diana\AppData\Local\Adobe
2015-07-27 10:03 - 2012-07-24 08:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-27 10:03 - 2012-07-24 08:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-27 10:03 - 2011-11-04 10:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-27 03:34 - 2014-05-08 05:37 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-27 03:34 - 2014-01-09 10:06 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-27 03:34 - 2013-03-21 21:44 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-27 03:34 - 2013-03-21 21:44 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-27 03:34 - 2012-05-05 12:32 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-27 03:34 - 2011-10-21 09:30 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-27 03:34 - 2011-10-21 09:30 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-27 03:34 - 2011-10-21 09:30 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-25 00:06 - 2011-10-25 14:48 - 00000000 ____D C:\Users\Gene\Dropbox
2015-07-24 23:58 - 2011-10-25 14:38 - 00000000 ____D C:\Users\Gene\AppData\Roaming\Dropbox
2015-07-24 23:57 - 2011-10-25 14:48 - 00001230 _____ C:\Users\Gene\Desktop\Dropbox.lnk
2015-07-24 23:55 - 2009-07-13 22:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-21 08:05 - 2014-01-23 21:54 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-21 03:20 - 2009-07-13 22:45 - 00311712 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 11:25 - 2015-01-20 09:05 - 00000000 ____D C:\Users\Diana\Documents\hp
2015-07-19 20:57 - 2013-07-28 21:37 - 00000000 ____D C:\Users\Diana\AppData\Roaming\Dropbox
2015-07-19 14:09 - 2013-07-28 21:38 - 00000000 ____D C:\Users\Diana\AppData\Roaming\EssentialPIM
2015-07-19 14:06 - 2012-09-26 21:52 - 00000000 ____D C:\Program Files (x86)\EssentialPIM
2015-07-19 10:33 - 2015-03-20 17:42 - 00000000 ___RD C:\Users\Diana\Google Drive
2015-07-17 11:09 - 2011-10-21 09:30 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-16 19:09 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 12:44 - 2012-09-26 21:52 - 00001019 _____ C:\Users\Public\Desktop\EssentialPIM.lnk
2015-07-16 07:40 - 2015-04-15 04:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 07:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 20:43 - 2013-08-17 22:40 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 14:27 - 2011-10-21 09:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 14:27 - 2011-10-21 09:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-10 07:42 - 2013-11-02 18:21 - 00000000 ____D C:\Windows\erdnt
2015-07-10 07:06 - 2013-11-05 17:17 - 00000000 ____D C:\ProgramData\Oracle
2015-07-08 07:48 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2015-07-07 07:55 - 2010-11-15 03:11 - 00000000 ____D C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2013-07-28 21:36 - 2013-07-28 19:08 - 0019873 _____ () C:\Users\Diana\AppData\Roaming\nvModes.001
2013-07-28 21:36 - 2013-07-28 19:08 - 0019873 _____ () C:\Users\Diana\AppData\Roaming\nvModes.dat
2013-07-28 21:36 - 2009-03-02 18:48 - 0076407 _____ () C:\Users\Diana\AppData\Roaming\Smiley.ico
2013-07-28 21:36 - 2009-01-19 12:05 - 0024085 _____ () C:\Users\Diana\AppData\Roaming\UserTile.png
2015-01-22 17:48 - 2015-01-22 17:48 - 0000064 _____ () C:\Users\Diana\AppData\Local\99702da7916743162b70efa484f653d9
2013-07-28 22:04 - 2011-11-01 18:54 - 0000680 _____ () C:\Users\Diana\AppData\Local\d3d9caps.dat
2013-07-28 22:04 - 2012-03-10 08:55 - 0011776 _____ () C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-28 22:04 - 2012-05-28 10:19 - 0000000 _____ () C:\Users\Diana\AppData\Local\prvlcl.dat
2015-02-16 15:45 - 2015-02-16 15:45 - 0000000 _____ () C:\Users\Diana\AppData\Local\{5BB232F8-EB62-4A1C-AD6A-7307E5D22250}
2015-01-07 09:54 - 2015-01-07 09:54 - 0000000 _____ () C:\Users\Diana\AppData\Local\{74AB5C63-3AD1-45A8-8F28-4F13A9006F7A}
2015-01-19 15:02 - 2015-01-19 15:02 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Diana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbkzfjt.dll
C:\Users\Diana\AppData\Local\Temp\PROCEXP64.exe
C:\Users\Gene\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7m1ifp.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-02 00:32

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Diana (2015-08-06 07:45:46)
Running from C:\Users\Diana\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-724223114-981428568-4039481322-500 - Administrator - Disabled)
Diana (S-1-5-21-724223114-981428568-4039481322-1004 - Administrator - Enabled) => C:\Users\Diana
Gene (S-1-5-21-724223114-981428568-4039481322-1001 - Administrator - Enabled) => C:\Users\Gene
Guest (S-1-5-21-724223114-981428568-4039481322-501 - Limited - Enabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0416.2010 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-724223114-981428568-4039481322-1004\...\Amazon Kindle) (Version: - Amazon)
AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version: - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2223 - AVAST Software)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
calibre (HKLM-x32\...\{82E46C30-564D-4387-B218-AEC244B75258}) (Version: 0.9.39 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11200.0 - Cisco Consumer Products LLC)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
ENE USB Card Reader Driver (HKLM\...\B7EAB6FD2DB423A078E5CBB1F29508CAC2F4FA59) (Version: 5.89.0.70 - ENE)
EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 6.53 - Astonsoft Ltd)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
GenuTax Standard (HKLM-x32\...\{98C31986-E7EF-4696-BD11-E0188F55755E}) (Version: 1.37 - GenuSource Consulting Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.10.0 - Rakuten Kobo Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
magicJack (HKU\S-1-5-21-724223114-981428568-4039481322-1004\...\magicJack) (Version: 3.1.6970.4873 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 38.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.1.0 (x86 en-US)) (Version: 38.1.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickBooks (x32 Version: 22.0.4014.2206 - Intuit Canada ULC) Hidden
Quicken 2001 Deluxe (HKLM-x32\...\Quicken 2001 Deluxe) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6171 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skypeô 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-07-2015 07:31:29 Windows Update
28-07-2015 07:45:56 Windows Update
03-08-2015 21:07:31 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-02-16 21:27 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03535C77-730E-451E-BC2C-2AB9B8824266} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-27] (Adobe Systems Incorporated)
Task: {08ADD283-66A5-4ECE-8583-D0F9F1CA4F1D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-724223114-981428568-4039481322-1004
Task: {1CE69974-0533-4312-A448-F5476AEC3FE1} - System32\Tasks\{716A53B9-DC91-46DD-AF22-16F4B7B1DF64} => D:\DCWIN\DCWIN.EXE
Task: {1EE6FEB9-4EF8-4A65-882A-9C57702E7E11} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-27] (Dropbox, Inc.)
Task: {2BD9954C-862E-409D-BD8F-3C1E344230A0} - System32\Tasks\{D7E0D37D-AC96-4A3E-ACF6-FF79305DEB8A} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\OpenOffice 4\program\simpress.exe"
Task: {2CE8384C-E9DB-49B1-9699-49C9933E6E4D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-27] (Dropbox, Inc.)
Task: {3098688E-63AB-4C26-9CA3-3A30502BFE0F} - System32\Tasks\Process Explorer-Gene-PC-Diana => C:\USERS\DIANA\DOWNLOADS\PROCEXP.EXE [2015-01-22] (Sysinternals - www.sysinternals.com)
Task: {3F1ED94A-9D08-46B3-9F8F-68593B9F30CC} - System32\Tasks\{B805562B-2AF1-4477-8218-9E3BAFDFD3BB} => D:\DCWIN\SETUP.EXE
Task: {42B993A0-7F34-4820-84DC-E99BA6E9BA83} - System32\Tasks\{00728DB9-2E13-4B2B-A983-772A9A64A6DA} => Firefox.exe Downloading and setting up Skype
Task: {4CB2E8C7-8D34-4149-83FD-29BD90E5638D} - System32\Tasks\{A4197181-CFC8-4A2B-9CC0-BEFDA17176C5} => D:\DCWIN\DCWIN.EXE
Task: {50B88235-83B1-4DFD-BF5E-246599E408B1} - System32\Tasks\{CA640FEC-5992-463D-A079-B632DAD83057} => D:\DCWIN\DCWIN.EXE
Task: {5D6D67DB-92F0-4374-A696-66C12CCDD7BE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-27] (AVAST Software)
Task: {6EED1FBD-1286-4BA4-93F0-3F2B2EF019B8} - System32\Tasks\{E10DD55E-9FAD-4938-8E4E-1B6285A4406E} => pcalua.exe -a "C:\Users\Gene\Desktop\OpenOffice 4.1.1 (en-US) Installation Files\setup.exe" -d "C:\Users\Gene\Desktop\OpenOffice 4.1.1 (en-US) Installation Files"
Task: {77297CD6-7B2F-4543-BE2D-1C69930CA373} - System32\Tasks\{5B690017-B640-4768-8620-B4808B5DB04A} => pcalua.exe -a C:\Users\Diana\Downloads\jxpiinstall(2).exe -d C:\Users\Diana\Downloads
Task: {892B7A0D-F448-4430-8147-F890B059F469} - System32\Tasks\{D8DD5EA3-F88F-44ED-80D2-7BE4A2E9EEEE} => D:\DCWIN\SETUP.EXE
Task: {9382F4C6-11C8-4073-85C5-C05EA08B482B} - System32\Tasks\{011FC7FB-130B-4728-9D67-9396E1FEF0CC} => D:\DCWIN\DCWIN.EXE
Task: {947524E1-4BE2-417D-B227-06E684DA729D} - System32\Tasks\{62CA4387-F28B-4D87-84E4-1C31F49899F9} => pcalua.exe -a D:\QBCA2012R1\Setup.exe -d D:\QBCA2012R1
Task: {9BA7EC93-FBFE-4ACD-B736-57DA6B55E23D} - System32\Tasks\{235B4255-F086-4991-891B-5FB5556C4B5B} => D:\DCWIN\DCWIN.EXE
Task: {ABE1C112-6B92-4BA3-956A-C5D4AEF6E1DE} - System32\Tasks\{110D67F2-E46B-4325-9444-4C7F3E6AA39C} => D:\DCWIN\SETUP.EXE
Task: {AFF5BFFB-D0B4-4175-ADC4-A2C910BD55F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)
Task: {B5FB95A9-F3CE-411B-871D-5AD0CDEA3CB8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {BFC83FCA-086B-4A43-81FB-329F17407FAC} - System32\Tasks\{FE72C6EC-2D64-43B7-914D-B2F8F7FC68CC} => D:\SETUP.EXE
Task: {CFE16C97-A4D8-429B-A3C0-9CAC74B6BE22} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {DFC6C486-DC08-4197-96E7-13316CB8A353} - System32\Tasks\{93F4F70F-C224-4E1D-981B-7A926AE47AC5} => D:\DCWIN\DCWIN.EXE
Task: {E9F3B001-B624-4EF5-8560-4CFB042FCAA4} - System32\Tasks\{51273A80-1C68-4799-8934-69FC57209D9B} => D:\DCWIN\DCWIN.EXE
Task: {EE678311-3937-4FB6-BC49-2DC0DE4A5236} - System32\Tasks\{9D57F4A6-1E58-427A-9CEA-342D63C39656} => D:\DCWIN\DCWIN.EXE
Task: {F0888F8F-7E90-4E3B-B661-B0ED1EF11293} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)
Task: {F0B0133F-DE94-426D-817E-6C08AC98B75C} - System32\Tasks\{35082807-ED97-4CD4-B069-796A48920747} => D:\DCWIN\DCWIN.EXE

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-10-28 14:56 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2013-06-09 19:36 - 2013-06-09 19:36 - 00089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2015-07-27 03:34 - 2015-07-27 03:34 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-27 03:34 - 2015-07-27 03:34 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-05 09:20 - 2015-08-05 09:20 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080501\algo.dll
2015-08-06 07:34 - 2015-08-06 07:34 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080601\algo.dll
2011-12-12 13:17 - 2000-08-08 14:38 - 00102400 _____ () C:\QUICKENW\QCOMUTIL.dll
2015-03-23 13:06 - 2015-03-23 13:06 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-06 07:30 - 2015-08-06 07:30 - 00071168 _____ () c:\users\diana\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbkzfjt.dll
2015-07-27 12:25 - 2015-07-16 18:31 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-07-27 12:25 - 2015-07-16 18:31 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-27 12:25 - 2015-07-16 18:31 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-27 12:25 - 2015-07-16 18:31 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Diana\Desktop\Gene's stuff (1):com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com¬*-¬*This website is for sale!¬*-¬*Sexlinks Resources and Information.
IE restricted site: HKU\.DEFAULT\...\10sek.com -> Gadgets And More
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> Aktien handeln mit dem Aktiendepot - Ein Haustier mit dem Aktiendepot kaufen
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> 123 Movies | Stream Movies Online & Watch TV Series
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> 123Simsen-Projekte

There are 7865 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-724223114-981428568-4039481322-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 216.234.161.25 - 216.194.64.160
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MWLService => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Updater Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Billminder.lnk => C:\Windows\pss\Billminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk => C:\Windows\pss\QuickBooks 2002 Delivery Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Diana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: cdloader => "C:\Users\Diana\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{24B882CA-54EC-4833-9945-37C8E0A7EAC8}C:\users\gene\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\gene\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{25CC3435-85FF-4949-AF3A-9EDF2AE8DE16}C:\users\gene\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\gene\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{B2AC4ABE-F60B-4835-857B-6600D0F18EE2}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe] => (Block) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe
FirewallRules: [UDP Query User{28F2C831-F8F0-4C12-AFE8-D5E60C15A5AB}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe] => (Block) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe
FirewallRules: [TCP Query User{46B6E592-873F-4602-AD2E-2A9DCD402734}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe] => (Allow) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe
FirewallRules: [UDP Query User{540FDD3D-629F-4262-8472-E3BADE893797}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe] => (Allow) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe
FirewallRules: [TCP Query User{9E1EBDD4-BDC5-4B55-B076-CA103299094D}C:\users\diana\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\diana\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{46D7225C-4BC9-4ED2-81E3-3DCCD48E413D}C:\users\diana\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\diana\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{87CF4A87-D1F3-4E50-995F-810587A9780E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4EF9EB3D-57B4-47BE-8047-B9B834241F35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AF1FCBA3-6C6F-492C-BE0B-679F5600155E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8FD4FE3A-34B3-4C39-9A2D-16B8A605D0C7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{68A017BF-F697-4D14-92C9-247F09157E7C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{53C09E6F-56DD-4AD5-B1B5-52300FD4DE46}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8F718740-A82A-4E95-8550-F55C44891C95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2015 10:28:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64(1).exe, version: 2.8.2015.1, time stamp: 0x55be5ed2
Faulting module name: FRST64(1).exe, version: 2.8.2015.1, time stamp: 0x55be5ed2
Exception code: 0xc0000005
Fault offset: 0x000000000002652a
Faulting process id: 0x5b0
Faulting application start time: 0xFRST64(1).exe0
Faulting application path: FRST64(1).exe1
Faulting module path: FRST64(1).exe2
Report Id: FRST64(1).exe3

Error: (08/05/2015 10:19:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/05/2015 09:04:52 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\AVAST Software\Avast\setup\New\instup.exe Files\AVAST Software\Avast\setup\New\instup.exe" /instop:repair /wait; Description = avast! antivirus system restore point; Error = 0x81000101).

Error: (08/05/2015 08:40:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/04/2015 04:59:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (08/04/2015 01:29:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 748

Start Time: 01d0ceeb599c8513

Termination Time: 140

Application Path: C:\Windows\Explorer.EXE

Report Id: 223da688-3adf-11e5-8448-1c7508a2fec7

Error: (08/04/2015 11:35:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f9c

Start Time: 01d0cedb43d5e5b6

Termination Time: 48

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/04/2015 11:28:01 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (1616) WebCacheLocal: An attempt to open the file "C:\Users\Diana\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp" for read only access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/03/2015 11:35:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11f0

Start Time: 01d0ce12a3a17daf

Termination Time: 63

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/01/2015 08:27:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 39.0.0.5659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: aa0

Start Time: 01d0ccaec1f119d2

Termination Time: 87

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: f71b1f37-38bd-11e5-9852-06659dbe33ab


System errors:
=============
Error: (08/06/2015 07:25:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/06/2015 07:22:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2015 07:22:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2015 07:22:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2015 07:20:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2015 07:20:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2015 07:20:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2015 07:15:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2015 07:15:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2015 07:15:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (08/05/2015 10:28:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64(1).exe2.8.2015.155be5ed2FRST64(1).exe2.8.2015.155be5ed2c0000005000000000002652a5b001d0cf9ab711b182C:\Users\Diana\Desktop\FRST64(1).exeC:\Users\Diana\Desktop\FRST64(1).exe0e31d0a8-3b8f-11e5-8c6d-06659dbe33ab

Error: (08/05/2015 10:19:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Diana\Downloads\vcredist_arm.exe

Error: (08/05/2015 09:04:52 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\AVAST Software\Avast\setup\New\instup.exe Files\AVAST Software\Avast\setup\New\instup.exe" /instop:repair /waitavast! antivirus system restore point0x81000101

Error: (08/05/2015 08:40:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Diana\Downloads\vcredist_arm.exe

Error: (08/04/2015 04:59:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (08/04/2015 01:29:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756774801d0ceeb599c8513140C:\Windows\Explorer.EXE223da688-3adf-11e5-8448-1c7508a2fec7

Error: (08/04/2015 11:35:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17909f9c01d0cedb43d5e5b648C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (08/04/2015 11:28:01 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost1616WebCacheLocal: C:\Users\Diana\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (08/03/2015 11:35:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1790911f001d0ce12a3a17daf63C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (08/01/2015 08:27:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe39.0.0.5659aa001d0ccaec1f119d287C:\Program Files (x86)\Mozilla Firefox\firefox.exef71b1f37-38bd-11e5-9852-06659dbe33ab


CodeIntegrity:
===================================
Date: 2015-02-10 20:47:22.158
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-10 20:47:20.879
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-10 20:47:19.584
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-10 20:47:18.367
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-06 12:57:29.387
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-06 12:57:27.483
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-06 12:57:25.580
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-06 12:57:23.708
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-02 18:49:29.399
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-02 18:49:27.433
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Percentage of memory in use: 65%
Total physical RAM: 2037.1 MB
Available physical RAM: 696.52 MB
Total Virtual: 4074.2 MB
Available Virtual: 2113.68 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:147.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 96A2AF34)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.8 GB) - (Type=07 NTFS)

==================== End of log ============================
Gene145 is offline  
Old 08-06-2015, 09:17 AM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Gene45. Sorry, I forgot about that error message.

Can you download SystemLook/ComboFix to a USB drive on another computer and run them on the affected machine from Normal Mode, as below?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment /s
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-06-2015, 10:52 AM   #17
TSF Enthusiast
 
Join Date: Sep 2007
Location: Alberta Canada
Posts: 610
OS: Windows 7 Pro



OK, Done.

SystemLook 30.07.11 by jpshortstuff
Log created at 10:25 on 06/08/2015 by Diana
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
@="Smart card readers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ComSpec"="%SystemRoot%\system32\cmd.exe"
"FP_NO_HOST_CHECK"="NO"
"NUMBER_OF_PROCESSORS"="2"
"OS"="Windows_NT"
"Path"="C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\EgisTec MyWinLocker\x86;C:\Program Files (x86)\EgisTec MyWinLocker\x64;c:\Program Files\Sysinternals;C:\Program Files (x86)\Calibre2"
"PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"
"PROCESSOR_ARCHITECTURE"="AMD64"
"PROCESSOR_IDENTIFIER"="Intel64 Family 6 Model 28 Stepping 10, GenuineIntel"
"PROCESSOR_LEVEL"="6"
"PROCESSOR_REVISION"="1c0a"
"PSModulePath"="%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\"
"TEMP"="%SystemRoot%\TEMP"
"TMP"="%SystemRoot%\TEMP"
"USERNAME"="SYSTEM"
"windir"="%SystemRoot%"


-= EOF =-

ComboFix 15-08-06.01 - Diana 08/06/2015 10:39:12.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2037.606 [GMT -6:00]
Running from: c:\users\Diana\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Diana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk9wjtp.dll
c:\users\Diana\WINDOWS
c:\users\Diana\WINDOWS\_default.pif
c:\users\Diana\WINDOWS\ACCWIZ.INI
c:\users\Diana\WINDOWS\ACCWIZ.KEY
c:\users\Diana\WINDOWS\Acer.ini
c:\users\Diana\WINDOWS\Acer.scr
c:\users\Diana\WINDOWS\Acer\acer_saver.swf
c:\users\Diana\WINDOWS\Acer\Blank.swf
c:\users\Diana\WINDOWS\Acer\FlashSaver.dat
c:\users\Diana\WINDOWS\Acer\FsMpegDll.dll
c:\users\Diana\WINDOWS\Acer\Install_Flash_Player_9_AX_9.0.28.0.exe
c:\users\Diana\WINDOWS\Acer\run_NB.exe
c:\users\Diana\WINDOWS\Acer\settings.sol
c:\users\Diana\WINDOWS\AlchemyXML.dll
c:\users\Diana\WINDOWS\ALVIS1006WWBIT.cfg
c:\users\Diana\WINDOWS\AppPatch\AcGenral.dll
c:\users\Diana\WINDOWS\AppPatch\AcLayers.dll
c:\users\Diana\WINDOWS\AppPatch\AcRedir.dll
c:\users\Diana\WINDOWS\AppPatch\AcRes.dll
c:\users\Diana\WINDOWS\AppPatch\AcSpecfc.dll
c:\users\Diana\WINDOWS\AppPatch\AcXtrnal.dll
c:\users\Diana\WINDOWS\AppPatch\apihex86.dll
c:\users\Diana\WINDOWS\AppPatch\drvmain.sdb
c:\users\Diana\WINDOWS\AppPatch\en-US\AcRes.dll.mui
c:\users\Diana\WINDOWS\AppPatch\iebrshim.dll
c:\users\Diana\WINDOWS\AppPatch\msimain.sdb
c:\users\Diana\WINDOWS\AppPatch\pcamain.sdb
c:\users\Diana\WINDOWS\AppPatch\sysmain.sdb
c:\users\Diana\WINDOWS\assembly\Desktop.ini
c:\users\Diana\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
c:\users\Diana\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
c:\users\Diana\WINDOWS\assembly\GAC\BCL.EasyConverterLib.Interop\1.2.0.0__481e0cb772795aa9\__AssemblyInfo__.ini
c:\users\Diana\WINDOWS\assembly\GAC\BCL.EasyConverterLib.Interop\1.2.0.0__481e0cb772795aa9\BCL.EasyConverterLib.Interop.dll
c:\users\Diana\WINDOWS\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
c:\users\Diana\WINDOWS\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\envdte80.dll
c:\users\Diana\WINDOWS\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\__AssemblyInfo__.ini
c:\users\Diana\WINDOWS\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\Microsoft.Ink.dll
c:\users\Diana\WINDOWS\assembly\PublisherPolicy.tme
c:\users\Diana\WINDOWS\assembly\pubpol14.dat
c:\users\Diana\WINDOWS\assembly\pubpol5.dat
c:\users\Diana\WINDOWS\bfsvc.exe
c:\users\Diana\WINDOWS\bootstat.dat
c:\users\Diana\WINDOWS\BROWSTAT.EXE
c:\users\Diana\WINDOWS\Capsule.dll
c:\users\Diana\WINDOWS\ComponentList.xml
c:\users\Diana\WINDOWS\csup.txt
c:\users\Diana\WINDOWS\DIFxAPI.dll
c:\users\Diana\WINDOWS\Factory.xml
c:\users\Diana\WINDOWS\fveupdate.exe
c:\users\Diana\WINDOWS\GridV.UNI
c:\users\Diana\WINDOWS\HelpPane.exe
c:\users\Diana\WINDOWS\hh.exe
c:\users\Diana\WINDOWS\HomeBasic.xml
c:\users\Diana\WINDOWS\iconv.dll
c:\users\Diana\WINDOWS\intuprof.ini
c:\users\Diana\WINDOWS\LaunApp.exe
c:\users\Diana\WINDOWS\libxml2.dll
c:\users\Diana\WINDOWS\LManager.UNI
c:\users\Diana\WINDOWS\mib.bin
c:\users\Diana\WINDOWS\msdfmap.ini
c:\users\Diana\WINDOWS\msxml4-KB954430-enu.LOG
c:\users\Diana\WINDOWS\notepad.exe
c:\users\Diana\WINDOWS\ocsetup_cbs_install_OEMHelpCustomization.dpx
c:\users\Diana\WINDOWS\ocsetup_cbs_install_OEMHelpCustomization.perf
c:\users\Diana\WINDOWS\ocsetup_install_OEMHelpCustomization.etl
c:\users\Diana\WINDOWS\PFRO.log
c:\users\Diana\WINDOWS\PLAUNCH1006.cfg
c:\users\Diana\WINDOWS\PreLaunch.exe
c:\users\Diana\WINDOWS\PreLaunch.ini
c:\users\Diana\WINDOWS\QDQICK.INI
c:\users\Diana\WINDOWS\QFNOADB.DAT
c:\users\Diana\WINDOWS\QfnOnl.ini
c:\users\Diana\WINDOWS\QFNWST16.EXE
c:\users\Diana\WINDOWS\QFS.INI
c:\users\Diana\WINDOWS\QUICKEN.INI
c:\users\Diana\WINDOWS\regedit.exe
c:\users\Diana\WINDOWS\RtHDVCpl.exe
c:\users\Diana\WINDOWS\RtlExUpd.dll
c:\users\Diana\WINDOWS\RtlUpd.exe
c:\users\Diana\WINDOWS\RUNXMLPL.EXE
c:\users\Diana\WINDOWS\system.ini
c:\users\Diana\WINDOWS\tmpcpyis.bat
c:\users\Diana\WINDOWS\tmpdelis.bat
c:\users\Diana\WINDOWS\twain.dll
c:\users\Diana\WINDOWS\twain_32.dll
c:\users\Diana\WINDOWS\twunk_16.exe
c:\users\Diana\WINDOWS\twunk_32.exe
c:\users\Diana\WINDOWS\uninst.exe
c:\users\Diana\WINDOWS\UNINST32.EXE
c:\users\Diana\WINDOWS\User.xml
c:\users\Diana\WINDOWS\win.ini
c:\users\Diana\WINDOWS\WindowsShell.Manifest
c:\users\Diana\WINDOWS\WindowsUpdate.log
c:\users\Diana\WINDOWS\winhlp32.exe
c:\users\Diana\WINDOWS\wininit.ini
c:\users\Diana\WINDOWS\winstart.bat
c:\users\Diana\WINDOWS\WMSysPr9.prx
.
.
((((((((((((((((((((((((( Files Created from 2015-07-06 to 2015-08-06 )))))))))))))))))))))))))))))))
.
.
2015-08-06 17:10 . 2015-08-06 17:10 -------- d-----w- c:\users\test\AppData\Local\temp
2015-08-06 17:10 . 2015-08-06 17:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-06 17:10 . 2015-08-06 17:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-08-06 17:10 . 2015-08-06 17:10 -------- d-----w- c:\users\Gene\AppData\Local\temp
2015-08-06 17:10 . 2015-08-06 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-06 17:10 . 2015-08-06 17:10 -------- d-----w- c:\users\CFO.Gene-PC\AppData\Local\temp
2015-08-05 15:07 . 2015-07-27 09:34 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-08-05 14:59 . 2015-07-21 13:25 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BA2FD83-7CC5-473E-BCB0-E5F3A3CDC25D}\mpengine.dll
2015-08-04 17:46 . 2015-08-06 13:48 -------- d-----w- C:\FRST
2015-08-01 17:06 . 2015-08-01 19:10 113880 ----a-w- c:\windows\system32\drivers\422E27AF.sys
2015-07-28 05:09 . 2015-07-25 18:04 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 05:09 . 2015-07-25 18:04 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 05:09 . 2015-07-25 18:03 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 05:09 . 2015-07-25 18:03 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 05:09 . 2015-07-25 18:03 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 05:09 . 2015-07-25 17:55 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-28 05:09 . 2015-07-25 18:07 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 05:09 . 2015-07-25 18:03 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-27 16:29 . 2015-08-06 14:43 -------- d-----w- c:\users\Diana\AppData\Local\Dropbox
2015-07-27 09:34 . 2015-07-27 09:34 43112 ----a-w- c:\windows\avastSS.scr
2015-07-25 06:19 . 2015-08-06 16:54 -------- d-----w- c:\users\Diana\Dropbox
2015-07-21 14:02 . 2015-07-21 14:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-07-20 18:00 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-20 18:00 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-20 18:00 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-20 18:00 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-20 18:00 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-20 18:00 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-20 18:00 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-20 18:00 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-20 18:00 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-20 18:00 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-19 17:12 . 2015-07-25 06:14 -------- d-----w- c:\users\Diana\Dropbox diana
2015-07-17 03:10 . 2015-07-17 13:37 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-07-16 17:58 . 2015-07-27 18:26 -------- d-----w- c:\program files (x86)\Dropbox
2015-07-15 10:36 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-15 10:35 . 2015-06-27 02:47 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-07-15 10:34 . 2015-06-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2015-07-15 10:33 . 2015-07-01 20:49 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-07-15 10:32 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-07-15 10:32 . 2015-06-15 21:45 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-07-15 10:32 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-07-15 10:32 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-07-10 13:06 . 2015-07-21 13:58 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-06 17:14 . 2015-02-16 23:28 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-27 16:03 . 2012-07-24 14:34 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-27 16:03 . 2011-11-04 16:06 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-27 09:34 . 2014-05-08 11:37 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-27 09:34 . 2014-01-09 16:06 150160 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-27 09:34 . 2013-03-22 03:44 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-27 09:34 . 2013-03-22 03:44 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-27 09:34 . 2012-05-05 18:32 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-27 09:34 . 2011-10-21 15:30 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-07-27 09:34 . 2011-10-21 15:30 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-27 09:34 . 2011-10-21 15:30 1048856 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-07-03 14:43 . 2011-11-14 17:04 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-06-23 19:30 . 2011-10-22 17:23 300704 ----a-w- c:\windows\system32\MpSigStub.exe
2015-06-18 14:41 . 2014-12-14 23:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 14:41 . 2015-02-16 23:27 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 14:41 . 2015-02-16 23:27 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-25 18:24 . 2015-06-10 04:23 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-10 04:23 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 04:23 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 04:23 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 04:23 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 04:23 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 04:23 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 04:23 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 04:23 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 04:23 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 04:23 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 04:23 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 04:23 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 04:23 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 04:23 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 04:23 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 04:23 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 04:23 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 04:23 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 04:23 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 04:23 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 04:23 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 04:23 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 04:23 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-10 04:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 04:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-10 04:23 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 04:23 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 04:23 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 04:23 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 04:23 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 04:23 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 04:23 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 04:23 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 04:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 04:23 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 04:23 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 04:23 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 04:23 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 04:23 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 04:23 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-10 04:23 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-10 04:23 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-10 04:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 04:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-07-17 8418584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-27 6109776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-09 334896]
"Dropbox"="c:\program files (x86)\Dropbox\Client\Dropbox.exe" [2015-07-24 39179912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2011-12-12 36864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS;c:\windows\SYSNATIVE\DRIVERS\EUCR6SK.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R4 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 mrtRate;mrtRate; [x]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-29 11:33 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 16:03]
.
2015-08-06 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-16 16:29]
.
2015-08-06 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-16 16:29]
.
2015-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 14:10]
.
2015-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 14:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-27 09:34 777544 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:50 226328 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:50 226328 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:50 226328 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:50 226328 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-02 385560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
TCP: DhcpNameServer = 216.234.161.25 216.194.64.160
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Toolbar-{eef3855c-fc2d-41e6-8d91-d368f51b3055} - (no file)
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\users\DIANA\DOWNLOADS\PROCEXP.EXE
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Completion time: 2015-08-06 11:32:31 - machine was rebooted
ComboFix-quarantined-files.txt 2015-08-06 17:32
.
Pre-Run: 157,576,810,496 bytes free
Post-Run: 157,124,014,080 bytes free
.
- - End Of File - - F275A1E6FF11E2A39435E54D75304D92
Gene145 is offline  
Old 08-06-2015, 01:01 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Gene45. Any improvement? I'm afraid there's not much else I can do. It appears your problems are beyond malware.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-724223114-981428568-4039481322-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-06-2015, 04:54 PM   #19
TSF Enthusiast
 
Join Date: Sep 2007
Location: Alberta Canada
Posts: 610
OS: Windows 7 Pro



Progress?

Prior to the last 'repair'

-Thunderbird could get the mail and display its folders in a normal looking manner.

-Firefox worked in normal mode but slower than normal. It might stop for while but would pick up again.

After the last repair,

-Thunderbird does not display its folders, but asks if I want to set up new account I tried to re-set the old account and failed because the old incoming server still exists. While I was trying that, the little pop up occurred to tell me that new messages had arrived. But I can't see them.

-Firefox looks like it runs but won't do anything. It can't display its bookmarks, and while the start page looked right, I typed 'techsupportforum' in and was prompted with the correct assistance, but it would not go there, hence I am posting the from another computer.

In previous start-ups, the machine would hang on a pale blue screen for about 2 minutes after the user was selected. It did so now as well.
This was in normal startup mode.

Through msconfig, I tried to do a diagnostic startup, it failed, before the "select user" screen, the screen went black, the hard drive light stopped flashing, and it was apparently dead.

I used the power button to crash it, told it to safe start with networking, with the same result.

I crashed it again and told it to safe start without networking, same result.
In all the time I typed this, (and I am slow), it is still stalled .

I did not try the command prompt start as I would not know what to do with it.

I'm becoming convinced that the issue is in the startup and some repair needed, but don't know how to get into the startup repair process, or how to get anything at all now.

If you are not the one to help, who should I ask, and what question to ask?


I
Gene145 is offline  
Old 08-06-2015, 08:31 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Gene45. Sorry I failed you.

Quote:
If you are not the one to help, who should I ask, and what question to ask?
Earlier I stated:

Quote:
It appears your problems are beyond malware. You will probably have to seek help in our Windows Vista/Windows 7 Forum or Hardware Support Forum
Your machine was stuck in Safe Mode. Hard to rule out gremlins in Safe Mode, so I tried to get your machine to Normal Mode. Guess I should have moved your thread there to begin with.

------------------------------------------------------

Quote:
Thunderbird could get the mail and display its folders in a normal looking manner
Yes, in Safe Mode.

Quote:
Rebooted to normal mode.

Thunderbird still did not show its folders or could not get mail
We haven't done anything to Thunderbird in any of the fixes.

------------------------------------------------------

Quote:
I'm becoming convinced that the issue is in the startup and some repair needed, but don't know how to get into the startup repair process, or how to get anything at all now.
Earlier you stated:

Quote:
After posting, I restarted and held the F8 button during startup.
Machine stalled, and started a continuous howl from its feeble speakers.

The only way I could see how to get it to stop was to hold the start switch until it stopped.

On startup it went to startup repair, one iteration only.
Appears you did a Startup Repair, no?

------------------------------------------------------
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • Select 'Repair your computer' and press 'Enter'.
  • On the System Recovery Options menu, select 'Startup Repair'.
  • Follow the prompts.
  • Did it detect a problem? Let me know.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirecter in my win 8.1 sync settings or ???
Ok so for some time now malware bytes is blocking my metro/modern/etc IE of windows 8.1 from redirecting to androrat.xx.xx (put x's for safety but it's co.cc) and to ncrypt.xx (it started with ncrypt but today i saw the androrat one and - kinda forgot about this one but i do know it might be .in or...
Medicated Virus/Trojan/Spyware Help 26 07-15-2015 07:04 PM
[SOLVED] Hardware Problem ... but what?
Well sir I'm having problems again with the AMD rig. I just replace the mobo ... listed in my sig ... not more than a month ago. It all started when I booted up and got the BSOD. These are the steps I have taken so far ... 1. Went into safe mode and ran Ace Utilities to make sure the...
spirittoo Other Hardware Support 16 05-16-2015 09:24 AM
Touchpad Pointer Freezing Problem - Is there a Solution Out There?
Touch pad Freezing Review (Updated 30/1/2014) Millions of "Solutions" out there?! Hi! I have posted this on several forums in the hope that someone might have a working solution to this problem? I have given a fairly detailed description of things I have tried, but have not found a solution...
John Wilkinson Windows 7 , Windows Vista Support 6 02-28-2014 11:54 AM
no audio after installing XP Pro SP3 to IBM T60
Sound worked fine before installing XP Pro SP3......after instal, no audio. No audio after installing XP Pro SP3 (from disc) on an IBM/Lenovo T60 ThinkPad. IBM/Lenovo drivers from Lenovo Support site for "Audio Device on High Definition Audio Bus" are not recognized when trying to install...
Ray G Windows XP Support 19 11-20-2012 07:15 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:39 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts